+ All Categories
Home > Education > Presentation on virus

Presentation on virus

Date post: 23-Feb-2017
Category:
Upload: protik-roy
View: 35 times
Download: 0 times
Share this document with a friend
76
Computer Virus Ashis Talukder Lecturer Department of MIS University of Dhaka
Transcript
Page 1: Presentation on virus

Computer Virus

Ashis TalukderLecturer

Department of MISUniversity of Dhaka

Page 2: Presentation on virus

Presentation Outline1. Introduction: 2. VIRUS Definition and Naming:3. History of Computer Virus:4. Types of computer virus:5. Example of Virus6. To phases of virus:

Page 3: Presentation on virus

Presentation Outline

Symptom of computer attacked by virus Special focus on: Trojan, worm & phishing

site, Spyware Combating Viruses Anti viruses & Firewall What is not virus Conclusion

Page 4: Presentation on virus

Presentation Outline1. Introduction: 2. VIRUS Definition and Naming:3. History of Computer Virus:4. Types of computer virus:5. Example of Virus6. To phases of virus:

Page 5: Presentation on virus

Introduction to Computer VIRUS Almost every uses has faced virus

attack And loses some sort of computer

resources Computer VIRUS is not a biological

element rather computer program (s).

Page 6: Presentation on virus

Example Bullet Point Slide1. Introduction: 2. VIRUS Definition and Naming:3. History of Computer Virus:4. Types of computer virus:5. Example of Virus6. To phases of virus:

Page 7: Presentation on virus

VIRUS definition and NamingA virus is a program that reproduces its own code by attaching itself to other executable files in such a way that the virus code is executed when the infected executable file is executed.

virus must do this without the permission or knowledge of the user

What's in a name? That which we call a roseBy any other name would smell as sweet...

Page 8: Presentation on virus

Fred Cohen In 1983 was a doctoral candidate at

University of Southern California

For the first time he defined the "computer virus".

without his name discussion of virus must be incomplete

Page 9: Presentation on virus

Fred CohenHe stated that

a computer virus is a program that has a destructive nature and is able to "affect other computer programs by modifying them in such a way as to include a (possibly evolved) copy of itself."

VIRUS = Vital Information Resource Under Seize

Name implies the nature of VIRUS

Page 10: Presentation on virus

Presentation Outline1. Introduction: 2. VIRUS Definition and Naming:3. History of Computer Virus:4. Types of computer virus:5. Example of Virus6. To phases of virus:

Page 11: Presentation on virus

History of Computer Virus1945

Rear Admiral Grace Murray Hopper a moth that was stuck between relays in Navy

computer. She called the trapped moth a "bug" The procedure of fixing the problem with the

computer was called "debugging", 1949

A researcher from Hungary, named John Von Newman developed a theory of self-replicating programs.

He was the one to come up with a theoretical base for computers that store information in their "memory".

Page 12: Presentation on virus

History of Computer Virus1979

specialists at Xerox Palo Alto Research Center managed to develop a computer "worm" - a small software program that searched the network for idle processors.

The worm was created to improve computer use but back then no one knew that it would be the forerunner of modern worms, which are, in fact, computer viruses that users download without knowing it and destroy or alter information on computers.

1983 Fred Cohen was a doctoral candidate at University of Southern

California, for the first time defined the term "computer virus". He stated that a computer virus is a program that has a

destructive nature and is able to "affect other computer programs by modifying them in such a way as to include a (possibly evolved) copy of itself."

Page 13: Presentation on virus

History of Computer Virus1991

Symantec presents the Norton Anti-Virus software

1995 The software giant Microsoft released its

operating system Windows 95. Companies developing anti-virus programs worried that Windows OS will be resistant to computer viruses. The same year saw the appearance of advanced "macro" viruses that had the possibility to corrupt the system.

Page 14: Presentation on virus

History of Computer Virus1998

two teenagers from California managed to take control of over 500 computers systems from the military, government and private sector.

The cyber attack was dubbed "Solar Sunrise". 1999

the notorious computer virus, known as "Melissa", shows a record speed in infecting thousands of computers.

The damage caused by this computer virus was estimated at $80 million.

It also led to an increase in demand for anti-virus software. When downloaded, the computer virus started a program that

launches copies of itself to the first 50 names from the list in the Outlook e-mail address book of the recipient of the virus.

Page 15: Presentation on virus

History of Computer Virus2000

giants as Yahoo, eBay, Amazon and Datek along with a number of other Web sites were knocked offline for several hours following a chain of "distributed denial-of-service attacks."

It was later found that the DDOS attacks, which put out of action a target system simply by flooding traffic from hundreds of PC at the same time, were carried out when hackers infiltrated powerful computers at the University of California.

2001 A year later, President Bush appointed Richard Clarke as the first

cybersecurity chief in the United States. In 2002 2002

the 33-year-old developer of Melissa computer virus, David L. Smith, was sentenced to 20 months in federal prison.

Page 16: Presentation on virus

History of Computer Virus2003

in about 3 hours, the "Slammer" worm was able to infect hundreds of thousands of computers. It proved to be the fastest spreading worn, causing chaos on businesses around the globe, knocking cash machines offline as well as delaying airline flights.

2009 9 million computers running on Windows operating system were

hit with the new "downadup" worm, dubbed "Conficker" and "Kido".

The worm had the ability to infect USB sticks and corporate laptops. The malware spread via the Internet and the main tools that helped the worm spread were unpatched corporate networks and USB memory sticks that were attacked to infected computers.

Page 17: Presentation on virus

Presentation Outline1. Introduction: 2. VIRUS Definition and Naming:3. History of Computer Virus:4. Types of computer virus:5. Example of Virus6. To phases of virus:

Page 18: Presentation on virus

Types of Virus Viruses are categorized by HOW they

infect computers.

Some viruses fall into more than one of these categories.

Page 19: Presentation on virus

Types of VirusPolymorphic Viruses

Polymorphic viruses change characteristics as they infect a computer.

Stealth Viruses Stealth viruses actively try to hide themselves from

anti-virus and system software. Fast and Slow Infectors

Fast and Slow viruses infect a computer in a particular way to try to avoid being detected by anti-virus software.

Sparse Infectors Sparse Infectors don't infect very often.

Armored Viruses Armored viruses are programmed to make eradication

difficult.

Page 20: Presentation on virus

Types of VirusMultipartite Viruses

Multipartite Viruses are viruses that may fall into more than one of these categories.

Cavity (Spacefiller) Viruses Cavity (Spacefiller) viruses attempt to maintain a constant file

size when infecting a computer in order to try to avoid detection.

Tunneling Viruses Tunneling viruses try to "tunnel" under anti-virus software

while infecting. Camouflage Viruses

Camouflage viruses attempt to appear as a benign program. Virus Droppers

Virus Droppers are a special category of programs that place viruses on computers but are not by themselves an actual virus.

Page 21: Presentation on virus

Types of Virus Viruses are categorized by WHERE

they infect computers.

Page 22: Presentation on virus

Types of VirusFile infector viruses

File infector viruses infect program files. These viruses normally infect executable code, such

as .com and .exe files. The can infect other files when an infected program is

run from floppy, hard drive, or from the network. Many of these viruses are memory resident. After memory becomes infected, any noninfected

executable that runs becomes infected. Examples of known file infector viruses include

Jerusalem and Cascade.

Page 23: Presentation on virus

Types of VirusBoot sector viruses

Boot sector viruses infect the system area of a disk; that is, the boot record on floppy disks and hard disks.

All floppy disks and hard disks (including disks containing only data) contain a small program in the boot record that is run when the computer starts up.

Boot sector viruses attach themselves to this part of the disk and activate when the user attempts to start up from the infected disk.

These viruses are always memory resident in nature. Most were written for DOS, but, all PCs, regardless of the

operating system, are potential targets of this type of virus. All that is required to become infected is to attempt to start up

your computer with an infected floppy disk Thereafter, while the virus remains in memory, all floppy disks that are not write protected will become infected when the floppy disk is accessed.

Examples of boot sector viruses are Form, Disk Killer, Michelangelo, and Stoned.

Page 24: Presentation on virus

Types of VirusMaster Boot Record viruses

Master boot record viruses are memory-resident viruses that infect disks in the same manner as boot sector viruses.

The difference between these two virus types is where the viral code is located.

Master boot record infectors normally save a legitimate copy of the master boot record in an different location.

Windows NT computers that become infected by either boot sector viruses or master boot sector viruses will not boot.

This is due to the difference in how the operating system accesses its boot information, as compared to Windows 98/Me.

If your Windows NT systems is formatted with FAT partitions you can usually remove the virus by booting to DOS and using antivirus software.

If the boot partition is NTFS, the system must be recovered by using the three Windows NT Setup disks.

Examples of master boot record infectors are NYB, AntiExe, and Unashamed.

Page 25: Presentation on virus

Types of VirusMultipartite viruses

Multipartite (also known as polypartite) viruses infect both boot records and program files.

These are particularly difficult to repair. If the boot area is cleaned, but the files are not,

the boot area will be reinfected. The same holds true for cleaning infected files. If the virus is not removed from the boot area,

any files that you have cleaned will be reinfected.

Examples of multipartite viruses include One_Half, Emperor, Anthrax and Tequilla.

Page 26: Presentation on virus

Types of VirusMacro viruses

These types of viruses infect data files. They are the most common and have cost corporations the most

money and time trying to repair. With the advent of Visual Basic in Microsoft's Office 97, a macro

virus can be written that not only infects data files, but also can infect other files as well.

Macro viruses infect Microsoft Office Word, Excel, PowerPoint and Access files. Newer strains are now turning up in other programs as well.

All of these viruses use another program's internal programming language, which was created to allow users to automate certain tasks within that program. Because of the ease with which these viruses can be created, there are now thousands of them in circulation.

Examples of macro viruses include W97M.Melissa, WM.NiceDay and W97M.Groov.

Page 27: Presentation on virus

Types of VirusCompanion viruses

A special Type That add files that runs first on the disk

Cluster viruses A special Type That infects through directory

Batch File viruses These use text batch files to infect

Source Code viruses These add code to actual program code

Visual Basic Worms These add code to actual program code

Page 28: Presentation on virus

Types of VirusScreen Savers

These are not just pictures but executable code.

Vulnerability Problems in operating system or program code can be

exploited.

Page 29: Presentation on virus

Types of VirusA special Type:

Virus Dropper Programs that places viruses on the

system But they themselves are not virus (a

special form of Trojan)

Page 30: Presentation on virus

Presentation Outline1. Introduction: 2. VIRUS Definition and Naming:3. History of Computer Virus:4. Types of computer virus:5. Example of Virus6. To phases of virus:

Page 31: Presentation on virus

Example of Computer Viruses Jerusalem Cascade. Form Disk Killer Michelangelo Stoned. NYB AntiExe Unashamed. One_Half Emperor Anthrax

Tequilla. W97M.Melissa WM.NiceDay W97M.Groov. Malissa "Slammer" malware Viyena I Love You CIH Copa

Page 32: Presentation on virus

Presentation Outline1. Introduction: 2. VIRUS Definition and Naming:3. History of Computer Virus:4. Types of computer virus:5. Example of Virus6. To phases of virus

Page 33: Presentation on virus

Two Phases of VIRUS1. Reproduce Phase:

A virus reproduces, usually without permission or knowledge of the computer user. In general terms they have an infection phase where they reproduce widely

2. Attack phase: Where they do whatever damage they are

programmed to do (if any). There are a large number of virus types.

Page 34: Presentation on virus

Presentation Outline7. Symptom of computer attacked by virus8. Special focus on: Trojan, worm & Phishing

site, Spyware9. Combating Viruses10. Anti viruses & Firewall11. What is not virus12. Conclusion

Page 35: Presentation on virus

Two Phases of VIRUS1. Computer programs take longer to load than

normal. 2. The computer's hard drive constantly runs

out of free space. 3. The floppy disk drive or hard drive runs

when you are not using it. 4. New files keep appearing on the system and

you don't know where they came from. 5. Strange sounds or beeping noises come from

the computer or keyboard.

Page 36: Presentation on virus

Two Phases of VIRUS6. Strange graphics are displayed on your

computer monitor. 7. Files have strange names you don't

recognize. 8. You are unable to access the hard drive

when booting from the floppy drive. 9. Program sizes keep changing. 10. Conventional memory is less than it used to

be and you can't explain it. 11. Programs act erratically.

Page 37: Presentation on virus

Presentation Outline

Symptom of computer attacked by virus Special focus on: Trojan, worm & Phishing

site, Spyware Combating Viruses Anti viruses & Firewall What is not virus Conclusion

Page 38: Presentation on virus

Two column bullet points1. A Trojan Horse is

full of as much trickery as the mythological Trojan Horse it was named after.

Page 39: Presentation on virus

Trojans2. Trojan Horse, at first glance will appear to

be useful software but will actually do damage once installed or run on your computer.

3. Those on the receiving end of a Trojan Horse are usually tricked into opening them because they appear to be receiving legitimate software or files from a legitimate source. 

Page 40: Presentation on virus

Worms1. A worm is similar to a virus by design and

is considered to be a sub-class of a virus.2. Worms spread from computer to computer,

but unlike a virus, it has the capability to travel without any human action.

3. A worm takes advantage of file or information transport features on your system, which is what allows it to travel unaided.

Page 41: Presentation on virus

Worms1. A worm is similar to a virus by design and

is considered to be a sub-class of a virus.2. Worms spread from computer to computer,

but unlike a virus, it has the capability to travel without any human action.

3. A worm takes advantage of file or information transport features on your system, which is what allows it to travel unaided.

Page 42: Presentation on virus

Worms4. The biggest danger with a worm is its capability to

replicate itself on your system,

5. so rather than your computer sending out a single worm, it could send out hundreds or thousands of copies of itself, creating a huge devastating effect.

6. One example would be for a worm to send a copy of itself to everyone listed in your e-mail address book. Then, the worm replicates and sends itself out to everyone listed in each of the receiver's address book, and the manifest continues on down the line. 

Page 43: Presentation on virus

Differences: Virus, Trojans, Worm1. Worms are programs that replicate

themselves from system to system without the use of a host file.

2. This is in contrast to viruses, which requires the spreading of an infected host file.

Page 44: Presentation on virus

Differences: Virus, Trojans, Worm3. A very important distinction between

Trojan horse programs and true viruses is that they do not replicate themselves.

4. Another very important distinction between Trojan horse programs and worms or viruses is that Trojans need user activation of programs (Like: opening infected attach files)

Page 45: Presentation on virus

Phishing Site

Designed to fraudulently obtain private information.

Page 46: Presentation on virus

Phishing Site Generally, phishing does not involve personal contact

however; instead, legitimate looking E-mail, websites, or other electronic means are involved in phishing attacks.

The term phishing is a variant of fishing which might be used to describe the process of "fishing" for information.

The "ph" in place of the "f" was probably influenced by phreaking.

Page 47: Presentation on virus

Spyware Spyware is a type of malware that is installed on computers

and collects little bits of information at a time about users without their knowledge.

The presence of spyware is typically hidden from the user, and can be difficult to detect.

Typically, spyware is secretly installed on the user's personal computer. Sometimes, however, spywares such as keyloggers are installed by the owner of a shared, corporate, or public computer on purpose in order to secretly monitor other users.

While the term spyware suggests that software that secretly monitors the user's computing, the functions of spyware extend well beyond simple monitoring.

Page 48: Presentation on virus

Spyware Spyware programs can collect various types of personal

information, such as Internet surfing habits and sites that have been visited, but can also interfere with user control of the computer in other ways, such as installing additional software and redirecting Web browser activity.

Spyware is known to change computer settings, resulting in slow connection speeds, different home pages, and/or loss of Internet or functionality of other programs.

In an attempt to increase the understanding of spyware, a more formal classification of its included software types is captured under the term privacy-invasive software.

Page 49: Presentation on virus

Presentation Outline

Symptom of computer attacked by virus Special focus on: Trojan, worm & Phishing

Site, Spyware Combating Viruses Anti viruses & Firewall What is not virus Conclusion

Page 50: Presentation on virus

Combating Viruses1. Scanning2. Integrity Checking3. Interception4. AV Product Use

Guidelines5. File Extensions6. Safe Computing

Practices (Safe Hex)

7. Update Update Update

8. Outlook and Outlook Express

9. Disable Scripting10.Backup Strategy11.On-going Virus

Information

Page 51: Presentation on virus

Scanning Scanning looks for known viruses by a signature or

characteristics that make new viruses similar to existing viruses.

This requires that ANTI-VIRUS makers and users keep products up to date.

The major disadvantages of scanners is that they sometimes false alarm and need constant updating which, even so, is always "after-the-fact" protection.

Scanners allow you to check programs before execution.

Page 52: Presentation on virus

Scanning Scanning looks for known viruses by a signature or

characteristics that make new viruses similar to existing viruses.

This requires that ANTI-VIRUS makers and users keep products up to date.

The major disadvantages of scanners is that they sometimes false alarm and need constant updating which, even so, is always "after-the-fact" protection.

Scanners allow you to check programs before execution.

Page 53: Presentation on virus

Integrity Checking Integrity products record information

about your system for later comparison in order to detect changes.

Just detecting changes is not enough, however; the detection must have some "intelligence" behind it to avoid confusion.

While using an integrity checker is an excellent way to monitor changes to your system.

Page 54: Presentation on virus

Interception Monitoring for system-level routines that perform

destructive acts can help, but such monitoring is fairly easily bypassed. Do not depend on it alone.

Interceptors (also known as resident monitors) are particularly useful for deflecting logic bombs and Trojans.

The interceptor monitors operating system requests that write to disk or do other things that the program considers threatening (such as installing itself as a resident program). If it finds such a request, the interceptor generally pops up and asks you if you want to allow the request to continue.

Page 55: Presentation on virus

Anti-Virus Product Use guideline First, understand how your anti-virus product works. Then,

start with a known-clean computer and follow specific steps to assure good virus detection/protection. Do research on specific products before purchase.

Understand your anti-virus product and what you can expect from it.

Check setup to be certain you are booting from the floppy disk and then cold boot from a known-clean, write-protected diskette.

Scan only with the latest version of any scanner. Check all new software and all data diskettes before use and

again after the installation. Install any scan-on-use component your anti-virus product

may have. Do a bit of research and look for certification when you

purchase anti-virus software.

Page 56: Presentation on virus

File Extensions There is currently a big push toward relying heavily on

recognizing "bad" file extensions and acting solely on this knowledge. That's not necessarily a good thing as extensions can be misleading.

While extensions are often touted as being accurate indicators of files that can be infected, history shows they are not. Additionally, they can be spoofed in a variety of ways.

Page 57: Presentation on virus

Safe Computing Practices Update AV

Software Safe Boot Disk Hard Disk Boot Use RTF Not DOC Consider

Alternate Software

Don't Open Attachments

Turn off Preview

Disable Scripting Show Extensions Protect Floppies Don't Boot from

Unknown Devices

Keep Up Get Info Backup

Page 58: Presentation on virus

Update Update Update It would be highly

unusual to find any modern software with no bugs or security holes in it.

When found, software makers will often offer patches to update the software.

Unless these patches are applied you may be at risk if you use the software.

Page 59: Presentation on virus

Outlook and Outlook Express Despite the similar names, Outlook and Outlook

Express are two different programs with two different development histories.

So, in general, when you see a worm/virus description talk about "Outlook" you can generally assume it means the Outlook program and not the Outlook Express program.

But, as with everything, there is at least one (and in the future more?) caveat. The “KAK worm” specifically targets Outlook Express by changing the default signature to one containing JavaScript code that acts as a worm.

Page 60: Presentation on virus

Two column bullet points The Windows

Scripting Host (WSH) is used by few but makes many avenues of mischief available to malicious software. Consider removing or deactivating it.

Page 61: Presentation on virus

Back up Once damage is done to files on your computer (no

matter what the cause) it's often too late. A comprehensive backup strategy is a vital component in your computer security arsenal (and don't forget to test the restore routines!).

Develop a backup strategy based on how much work you are willing to do to reenter information.

Keep at least one backup copy off-site.

Test your ability to restore from your backup before you have to and be certain to store the recovery program with the back.

Page 62: Presentation on virus

On Going Virus Information Anti-virus vendor sites are a good

source of continuing information.

Follow discussions on the newsgroups with great care.

Know the qualifications of sources from which you get information.

Page 63: Presentation on virus

Presentation Outline

Symptom of computer attacked by virus Special focus on: Trojan, worm & Phishing

Site, Spyware Combating Viruses Anti viruses & Firewall What is not virus Conclusion

Page 64: Presentation on virus

Anti-VirusesA

A-squared Anti-MalwareAlwilAOL Active Virus ShieldAuthentiumAVG (software)Avira security software

BBitDefender

CCentral Point Anti-VirusClam AntiVirusClamWinComodo GroupComodo Internet Security

DDisinfectant (software)Dr Solomon's AntivirusDr. WebDriveSentry

EEICAREliashim (anti virus)ESET NOD32Ewido Networks

FF-SecureFRISK Software International

Page 65: Presentation on virus

Safe Computing PracticesG

Gateway Anti-VirusGraugon AntiVirusGwava

HHeuristic analysisHouseCall

IIAntivirusINCA InternetImmunet Protect

KKaspersky Anti-HackerKaspersky Anti-VirusKaspersky Internet

SecurityKaspersky LabKingsoft internet security

Page 66: Presentation on virus

Safe Computing PracticesL

LinuxShieldM

MSAVMalwarebytes' Anti-MalwareMcAfee VirusScanMicrosoft Security EssentialsTemplate:Microsoft Security ProductMoon Secure AV

NNProtect GameGuard Personal 2007Norman (company)Norton 360Norton AntiVirusNorton Download InsightNorton InsightNorton Internet Security

OOn-demand scanOnline Armor Personal Firewall

PPanda Cloud AntivirusPanda SecurityPC Tools (company)Prevx

QQuarantine technology

RRising AntiVirus

Page 67: Presentation on virus

Safe Computing PracticesS

SpamfighterStopzillaSymantec Endpoint Protection

TTrend Micro Internet Security

VVba32 AntiVirusVirusBarrier X6VirusTotal.com

WWhitelistWindows Live OneCare

ZZoneAlarm

Page 68: Presentation on virus

Firewall

Page 69: Presentation on virus

Firewall A firewall is a part of a computer system or network that is

designed to block unauthorized access while permitting authorized communications. It is a device or set of devices which is configured to permit or deny computer applications based upon a set of rules and other criteria.

Firewalls can be implemented in either hardware or software, or a combination of both.

Firewalls are frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet, especially intranets. All messages entering or leaving the intranet pass through the firewall, which examines each message and blocks those that do not meet the specified security criteria.

Page 70: Presentation on virus

Types of Firewall Packet filter:

Packet filtering inspects each packet passing through the network and accepts or rejects it based on user-defined rules. Although difficult to configure, it is fairly effective and mostly transparent to its users. It is susceptible to IP spoofing.

Application gateway: Applies security mechanisms to specific applications, such as FTP

and Telnet servers. This is very effective, but can impose a performance degradation.

Circuit-level gateway: Applies security mechanisms when a TCP or UDP connection is

established. Once the connection has been made, packets can flow between the hosts without further checking.

Proxy server: Intercepts all messages entering and leaving the network. The proxy

server effectively hides the true network addresses.

Page 71: Presentation on virus

Presentation Outline

Symptom of computer attacked by virus Special focus on: Trojan, worm & Phishing

Site, Spyware Combating Viruses Anti viruses & Firewall What is not virus Conclusion

Page 72: Presentation on virus

What is not Virus Because of the publicity that viruses

have received, it is easy to blame any computer problem on a virus.

The following are not likely to be caused by a virus or other malicious code:

Page 73: Presentation on virus

What is not VirusHardware problems No viruses can physically damage computer hardware, such

as chips, boards, and monitors.

The computer beeps at startup with no screen display

This is usually caused by a hardware problem during the boot process. Consult your computer documentation for the meaning of the beep codes.

The computer does not register 640 KB of conventional memory

This can be a sign of a virus, but it is not conclusive. Some hardware drivers such as those for the monitor or SCSI card can use some of this memory. Consult with your computer manufacturer or hardware vendor to determine if this is the case.

You have two antivirus programs installed and one of them reports a virus

This might be a virus, but it can also be caused by one antivirus program detect the other program's signatures in memory.

Page 74: Presentation on virus

What is not VirusMicrosoft Word warns

you that a document contains a macro

This does not mean that the macro is a virus.

You cannot open a particular document

This is not necessarily an indication of a virus. Try opening another document or a backup of the document in question. If other documents open correctly, the document may be damaged.

The label on a hard drive has changed

Every disk is allowed to have a label. You can assign a label to a disk by using the DOS Label command of from within Windows.

Page 75: Presentation on virus

Question…???

Page 76: Presentation on virus

Thank You


Recommended