Date post: | 23-Feb-2017 |
Category: |
Education |
Upload: | protik-roy |
View: | 35 times |
Download: | 0 times |
Computer Virus
Ashis TalukderLecturer
Department of MISUniversity of Dhaka
Presentation Outline1. Introduction: 2. VIRUS Definition and Naming:3. History of Computer Virus:4. Types of computer virus:5. Example of Virus6. To phases of virus:
Presentation Outline
Symptom of computer attacked by virus Special focus on: Trojan, worm & phishing
site, Spyware Combating Viruses Anti viruses & Firewall What is not virus Conclusion
Presentation Outline1. Introduction: 2. VIRUS Definition and Naming:3. History of Computer Virus:4. Types of computer virus:5. Example of Virus6. To phases of virus:
Introduction to Computer VIRUS Almost every uses has faced virus
attack And loses some sort of computer
resources Computer VIRUS is not a biological
element rather computer program (s).
Example Bullet Point Slide1. Introduction: 2. VIRUS Definition and Naming:3. History of Computer Virus:4. Types of computer virus:5. Example of Virus6. To phases of virus:
VIRUS definition and NamingA virus is a program that reproduces its own code by attaching itself to other executable files in such a way that the virus code is executed when the infected executable file is executed.
virus must do this without the permission or knowledge of the user
What's in a name? That which we call a roseBy any other name would smell as sweet...
Fred Cohen In 1983 was a doctoral candidate at
University of Southern California
For the first time he defined the "computer virus".
without his name discussion of virus must be incomplete
Fred CohenHe stated that
a computer virus is a program that has a destructive nature and is able to "affect other computer programs by modifying them in such a way as to include a (possibly evolved) copy of itself."
VIRUS = Vital Information Resource Under Seize
Name implies the nature of VIRUS
Presentation Outline1. Introduction: 2. VIRUS Definition and Naming:3. History of Computer Virus:4. Types of computer virus:5. Example of Virus6. To phases of virus:
History of Computer Virus1945
Rear Admiral Grace Murray Hopper a moth that was stuck between relays in Navy
computer. She called the trapped moth a "bug" The procedure of fixing the problem with the
computer was called "debugging", 1949
A researcher from Hungary, named John Von Newman developed a theory of self-replicating programs.
He was the one to come up with a theoretical base for computers that store information in their "memory".
History of Computer Virus1979
specialists at Xerox Palo Alto Research Center managed to develop a computer "worm" - a small software program that searched the network for idle processors.
The worm was created to improve computer use but back then no one knew that it would be the forerunner of modern worms, which are, in fact, computer viruses that users download without knowing it and destroy or alter information on computers.
1983 Fred Cohen was a doctoral candidate at University of Southern
California, for the first time defined the term "computer virus". He stated that a computer virus is a program that has a
destructive nature and is able to "affect other computer programs by modifying them in such a way as to include a (possibly evolved) copy of itself."
History of Computer Virus1991
Symantec presents the Norton Anti-Virus software
1995 The software giant Microsoft released its
operating system Windows 95. Companies developing anti-virus programs worried that Windows OS will be resistant to computer viruses. The same year saw the appearance of advanced "macro" viruses that had the possibility to corrupt the system.
History of Computer Virus1998
two teenagers from California managed to take control of over 500 computers systems from the military, government and private sector.
The cyber attack was dubbed "Solar Sunrise". 1999
the notorious computer virus, known as "Melissa", shows a record speed in infecting thousands of computers.
The damage caused by this computer virus was estimated at $80 million.
It also led to an increase in demand for anti-virus software. When downloaded, the computer virus started a program that
launches copies of itself to the first 50 names from the list in the Outlook e-mail address book of the recipient of the virus.
History of Computer Virus2000
giants as Yahoo, eBay, Amazon and Datek along with a number of other Web sites were knocked offline for several hours following a chain of "distributed denial-of-service attacks."
It was later found that the DDOS attacks, which put out of action a target system simply by flooding traffic from hundreds of PC at the same time, were carried out when hackers infiltrated powerful computers at the University of California.
2001 A year later, President Bush appointed Richard Clarke as the first
cybersecurity chief in the United States. In 2002 2002
the 33-year-old developer of Melissa computer virus, David L. Smith, was sentenced to 20 months in federal prison.
History of Computer Virus2003
in about 3 hours, the "Slammer" worm was able to infect hundreds of thousands of computers. It proved to be the fastest spreading worn, causing chaos on businesses around the globe, knocking cash machines offline as well as delaying airline flights.
2009 9 million computers running on Windows operating system were
hit with the new "downadup" worm, dubbed "Conficker" and "Kido".
The worm had the ability to infect USB sticks and corporate laptops. The malware spread via the Internet and the main tools that helped the worm spread were unpatched corporate networks and USB memory sticks that were attacked to infected computers.
Presentation Outline1. Introduction: 2. VIRUS Definition and Naming:3. History of Computer Virus:4. Types of computer virus:5. Example of Virus6. To phases of virus:
Types of Virus Viruses are categorized by HOW they
infect computers.
Some viruses fall into more than one of these categories.
Types of VirusPolymorphic Viruses
Polymorphic viruses change characteristics as they infect a computer.
Stealth Viruses Stealth viruses actively try to hide themselves from
anti-virus and system software. Fast and Slow Infectors
Fast and Slow viruses infect a computer in a particular way to try to avoid being detected by anti-virus software.
Sparse Infectors Sparse Infectors don't infect very often.
Armored Viruses Armored viruses are programmed to make eradication
difficult.
Types of VirusMultipartite Viruses
Multipartite Viruses are viruses that may fall into more than one of these categories.
Cavity (Spacefiller) Viruses Cavity (Spacefiller) viruses attempt to maintain a constant file
size when infecting a computer in order to try to avoid detection.
Tunneling Viruses Tunneling viruses try to "tunnel" under anti-virus software
while infecting. Camouflage Viruses
Camouflage viruses attempt to appear as a benign program. Virus Droppers
Virus Droppers are a special category of programs that place viruses on computers but are not by themselves an actual virus.
Types of Virus Viruses are categorized by WHERE
they infect computers.
Types of VirusFile infector viruses
File infector viruses infect program files. These viruses normally infect executable code, such
as .com and .exe files. The can infect other files when an infected program is
run from floppy, hard drive, or from the network. Many of these viruses are memory resident. After memory becomes infected, any noninfected
executable that runs becomes infected. Examples of known file infector viruses include
Jerusalem and Cascade.
Types of VirusBoot sector viruses
Boot sector viruses infect the system area of a disk; that is, the boot record on floppy disks and hard disks.
All floppy disks and hard disks (including disks containing only data) contain a small program in the boot record that is run when the computer starts up.
Boot sector viruses attach themselves to this part of the disk and activate when the user attempts to start up from the infected disk.
These viruses are always memory resident in nature. Most were written for DOS, but, all PCs, regardless of the
operating system, are potential targets of this type of virus. All that is required to become infected is to attempt to start up
your computer with an infected floppy disk Thereafter, while the virus remains in memory, all floppy disks that are not write protected will become infected when the floppy disk is accessed.
Examples of boot sector viruses are Form, Disk Killer, Michelangelo, and Stoned.
Types of VirusMaster Boot Record viruses
Master boot record viruses are memory-resident viruses that infect disks in the same manner as boot sector viruses.
The difference between these two virus types is where the viral code is located.
Master boot record infectors normally save a legitimate copy of the master boot record in an different location.
Windows NT computers that become infected by either boot sector viruses or master boot sector viruses will not boot.
This is due to the difference in how the operating system accesses its boot information, as compared to Windows 98/Me.
If your Windows NT systems is formatted with FAT partitions you can usually remove the virus by booting to DOS and using antivirus software.
If the boot partition is NTFS, the system must be recovered by using the three Windows NT Setup disks.
Examples of master boot record infectors are NYB, AntiExe, and Unashamed.
Types of VirusMultipartite viruses
Multipartite (also known as polypartite) viruses infect both boot records and program files.
These are particularly difficult to repair. If the boot area is cleaned, but the files are not,
the boot area will be reinfected. The same holds true for cleaning infected files. If the virus is not removed from the boot area,
any files that you have cleaned will be reinfected.
Examples of multipartite viruses include One_Half, Emperor, Anthrax and Tequilla.
Types of VirusMacro viruses
These types of viruses infect data files. They are the most common and have cost corporations the most
money and time trying to repair. With the advent of Visual Basic in Microsoft's Office 97, a macro
virus can be written that not only infects data files, but also can infect other files as well.
Macro viruses infect Microsoft Office Word, Excel, PowerPoint and Access files. Newer strains are now turning up in other programs as well.
All of these viruses use another program's internal programming language, which was created to allow users to automate certain tasks within that program. Because of the ease with which these viruses can be created, there are now thousands of them in circulation.
Examples of macro viruses include W97M.Melissa, WM.NiceDay and W97M.Groov.
Types of VirusCompanion viruses
A special Type That add files that runs first on the disk
Cluster viruses A special Type That infects through directory
Batch File viruses These use text batch files to infect
Source Code viruses These add code to actual program code
Visual Basic Worms These add code to actual program code
Types of VirusScreen Savers
These are not just pictures but executable code.
Vulnerability Problems in operating system or program code can be
exploited.
Types of VirusA special Type:
Virus Dropper Programs that places viruses on the
system But they themselves are not virus (a
special form of Trojan)
Presentation Outline1. Introduction: 2. VIRUS Definition and Naming:3. History of Computer Virus:4. Types of computer virus:5. Example of Virus6. To phases of virus:
Example of Computer Viruses Jerusalem Cascade. Form Disk Killer Michelangelo Stoned. NYB AntiExe Unashamed. One_Half Emperor Anthrax
Tequilla. W97M.Melissa WM.NiceDay W97M.Groov. Malissa "Slammer" malware Viyena I Love You CIH Copa
Presentation Outline1. Introduction: 2. VIRUS Definition and Naming:3. History of Computer Virus:4. Types of computer virus:5. Example of Virus6. To phases of virus
Two Phases of VIRUS1. Reproduce Phase:
A virus reproduces, usually without permission or knowledge of the computer user. In general terms they have an infection phase where they reproduce widely
2. Attack phase: Where they do whatever damage they are
programmed to do (if any). There are a large number of virus types.
Presentation Outline7. Symptom of computer attacked by virus8. Special focus on: Trojan, worm & Phishing
site, Spyware9. Combating Viruses10. Anti viruses & Firewall11. What is not virus12. Conclusion
Two Phases of VIRUS1. Computer programs take longer to load than
normal. 2. The computer's hard drive constantly runs
out of free space. 3. The floppy disk drive or hard drive runs
when you are not using it. 4. New files keep appearing on the system and
you don't know where they came from. 5. Strange sounds or beeping noises come from
the computer or keyboard.
Two Phases of VIRUS6. Strange graphics are displayed on your
computer monitor. 7. Files have strange names you don't
recognize. 8. You are unable to access the hard drive
when booting from the floppy drive. 9. Program sizes keep changing. 10. Conventional memory is less than it used to
be and you can't explain it. 11. Programs act erratically.
Presentation Outline
Symptom of computer attacked by virus Special focus on: Trojan, worm & Phishing
site, Spyware Combating Viruses Anti viruses & Firewall What is not virus Conclusion
Two column bullet points1. A Trojan Horse is
full of as much trickery as the mythological Trojan Horse it was named after.
Trojans2. Trojan Horse, at first glance will appear to
be useful software but will actually do damage once installed or run on your computer.
3. Those on the receiving end of a Trojan Horse are usually tricked into opening them because they appear to be receiving legitimate software or files from a legitimate source.
Worms1. A worm is similar to a virus by design and
is considered to be a sub-class of a virus.2. Worms spread from computer to computer,
but unlike a virus, it has the capability to travel without any human action.
3. A worm takes advantage of file or information transport features on your system, which is what allows it to travel unaided.
Worms1. A worm is similar to a virus by design and
is considered to be a sub-class of a virus.2. Worms spread from computer to computer,
but unlike a virus, it has the capability to travel without any human action.
3. A worm takes advantage of file or information transport features on your system, which is what allows it to travel unaided.
Worms4. The biggest danger with a worm is its capability to
replicate itself on your system,
5. so rather than your computer sending out a single worm, it could send out hundreds or thousands of copies of itself, creating a huge devastating effect.
6. One example would be for a worm to send a copy of itself to everyone listed in your e-mail address book. Then, the worm replicates and sends itself out to everyone listed in each of the receiver's address book, and the manifest continues on down the line.
Differences: Virus, Trojans, Worm1. Worms are programs that replicate
themselves from system to system without the use of a host file.
2. This is in contrast to viruses, which requires the spreading of an infected host file.
Differences: Virus, Trojans, Worm3. A very important distinction between
Trojan horse programs and true viruses is that they do not replicate themselves.
4. Another very important distinction between Trojan horse programs and worms or viruses is that Trojans need user activation of programs (Like: opening infected attach files)
Phishing Site
Designed to fraudulently obtain private information.
Phishing Site Generally, phishing does not involve personal contact
however; instead, legitimate looking E-mail, websites, or other electronic means are involved in phishing attacks.
The term phishing is a variant of fishing which might be used to describe the process of "fishing" for information.
The "ph" in place of the "f" was probably influenced by phreaking.
Spyware Spyware is a type of malware that is installed on computers
and collects little bits of information at a time about users without their knowledge.
The presence of spyware is typically hidden from the user, and can be difficult to detect.
Typically, spyware is secretly installed on the user's personal computer. Sometimes, however, spywares such as keyloggers are installed by the owner of a shared, corporate, or public computer on purpose in order to secretly monitor other users.
While the term spyware suggests that software that secretly monitors the user's computing, the functions of spyware extend well beyond simple monitoring.
Spyware Spyware programs can collect various types of personal
information, such as Internet surfing habits and sites that have been visited, but can also interfere with user control of the computer in other ways, such as installing additional software and redirecting Web browser activity.
Spyware is known to change computer settings, resulting in slow connection speeds, different home pages, and/or loss of Internet or functionality of other programs.
In an attempt to increase the understanding of spyware, a more formal classification of its included software types is captured under the term privacy-invasive software.
Presentation Outline
Symptom of computer attacked by virus Special focus on: Trojan, worm & Phishing
Site, Spyware Combating Viruses Anti viruses & Firewall What is not virus Conclusion
Combating Viruses1. Scanning2. Integrity Checking3. Interception4. AV Product Use
Guidelines5. File Extensions6. Safe Computing
Practices (Safe Hex)
7. Update Update Update
8. Outlook and Outlook Express
9. Disable Scripting10.Backup Strategy11.On-going Virus
Information
Scanning Scanning looks for known viruses by a signature or
characteristics that make new viruses similar to existing viruses.
This requires that ANTI-VIRUS makers and users keep products up to date.
The major disadvantages of scanners is that they sometimes false alarm and need constant updating which, even so, is always "after-the-fact" protection.
Scanners allow you to check programs before execution.
Scanning Scanning looks for known viruses by a signature or
characteristics that make new viruses similar to existing viruses.
This requires that ANTI-VIRUS makers and users keep products up to date.
The major disadvantages of scanners is that they sometimes false alarm and need constant updating which, even so, is always "after-the-fact" protection.
Scanners allow you to check programs before execution.
Integrity Checking Integrity products record information
about your system for later comparison in order to detect changes.
Just detecting changes is not enough, however; the detection must have some "intelligence" behind it to avoid confusion.
While using an integrity checker is an excellent way to monitor changes to your system.
Interception Monitoring for system-level routines that perform
destructive acts can help, but such monitoring is fairly easily bypassed. Do not depend on it alone.
Interceptors (also known as resident monitors) are particularly useful for deflecting logic bombs and Trojans.
The interceptor monitors operating system requests that write to disk or do other things that the program considers threatening (such as installing itself as a resident program). If it finds such a request, the interceptor generally pops up and asks you if you want to allow the request to continue.
Anti-Virus Product Use guideline First, understand how your anti-virus product works. Then,
start with a known-clean computer and follow specific steps to assure good virus detection/protection. Do research on specific products before purchase.
Understand your anti-virus product and what you can expect from it.
Check setup to be certain you are booting from the floppy disk and then cold boot from a known-clean, write-protected diskette.
Scan only with the latest version of any scanner. Check all new software and all data diskettes before use and
again after the installation. Install any scan-on-use component your anti-virus product
may have. Do a bit of research and look for certification when you
purchase anti-virus software.
File Extensions There is currently a big push toward relying heavily on
recognizing "bad" file extensions and acting solely on this knowledge. That's not necessarily a good thing as extensions can be misleading.
While extensions are often touted as being accurate indicators of files that can be infected, history shows they are not. Additionally, they can be spoofed in a variety of ways.
Safe Computing Practices Update AV
Software Safe Boot Disk Hard Disk Boot Use RTF Not DOC Consider
Alternate Software
Don't Open Attachments
Turn off Preview
Disable Scripting Show Extensions Protect Floppies Don't Boot from
Unknown Devices
Keep Up Get Info Backup
Update Update Update It would be highly
unusual to find any modern software with no bugs or security holes in it.
When found, software makers will often offer patches to update the software.
Unless these patches are applied you may be at risk if you use the software.
Outlook and Outlook Express Despite the similar names, Outlook and Outlook
Express are two different programs with two different development histories.
So, in general, when you see a worm/virus description talk about "Outlook" you can generally assume it means the Outlook program and not the Outlook Express program.
But, as with everything, there is at least one (and in the future more?) caveat. The “KAK worm” specifically targets Outlook Express by changing the default signature to one containing JavaScript code that acts as a worm.
Two column bullet points The Windows
Scripting Host (WSH) is used by few but makes many avenues of mischief available to malicious software. Consider removing or deactivating it.
Back up Once damage is done to files on your computer (no
matter what the cause) it's often too late. A comprehensive backup strategy is a vital component in your computer security arsenal (and don't forget to test the restore routines!).
Develop a backup strategy based on how much work you are willing to do to reenter information.
Keep at least one backup copy off-site.
Test your ability to restore from your backup before you have to and be certain to store the recovery program with the back.
On Going Virus Information Anti-virus vendor sites are a good
source of continuing information.
Follow discussions on the newsgroups with great care.
Know the qualifications of sources from which you get information.
Presentation Outline
Symptom of computer attacked by virus Special focus on: Trojan, worm & Phishing
Site, Spyware Combating Viruses Anti viruses & Firewall What is not virus Conclusion
Anti-VirusesA
A-squared Anti-MalwareAlwilAOL Active Virus ShieldAuthentiumAVG (software)Avira security software
BBitDefender
CCentral Point Anti-VirusClam AntiVirusClamWinComodo GroupComodo Internet Security
DDisinfectant (software)Dr Solomon's AntivirusDr. WebDriveSentry
EEICAREliashim (anti virus)ESET NOD32Ewido Networks
FF-SecureFRISK Software International
Safe Computing PracticesG
Gateway Anti-VirusGraugon AntiVirusGwava
HHeuristic analysisHouseCall
IIAntivirusINCA InternetImmunet Protect
KKaspersky Anti-HackerKaspersky Anti-VirusKaspersky Internet
SecurityKaspersky LabKingsoft internet security
Safe Computing PracticesL
LinuxShieldM
MSAVMalwarebytes' Anti-MalwareMcAfee VirusScanMicrosoft Security EssentialsTemplate:Microsoft Security ProductMoon Secure AV
NNProtect GameGuard Personal 2007Norman (company)Norton 360Norton AntiVirusNorton Download InsightNorton InsightNorton Internet Security
OOn-demand scanOnline Armor Personal Firewall
PPanda Cloud AntivirusPanda SecurityPC Tools (company)Prevx
QQuarantine technology
RRising AntiVirus
Safe Computing PracticesS
SpamfighterStopzillaSymantec Endpoint Protection
TTrend Micro Internet Security
VVba32 AntiVirusVirusBarrier X6VirusTotal.com
WWhitelistWindows Live OneCare
ZZoneAlarm
Firewall
Firewall A firewall is a part of a computer system or network that is
designed to block unauthorized access while permitting authorized communications. It is a device or set of devices which is configured to permit or deny computer applications based upon a set of rules and other criteria.
Firewalls can be implemented in either hardware or software, or a combination of both.
Firewalls are frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet, especially intranets. All messages entering or leaving the intranet pass through the firewall, which examines each message and blocks those that do not meet the specified security criteria.
Types of Firewall Packet filter:
Packet filtering inspects each packet passing through the network and accepts or rejects it based on user-defined rules. Although difficult to configure, it is fairly effective and mostly transparent to its users. It is susceptible to IP spoofing.
Application gateway: Applies security mechanisms to specific applications, such as FTP
and Telnet servers. This is very effective, but can impose a performance degradation.
Circuit-level gateway: Applies security mechanisms when a TCP or UDP connection is
established. Once the connection has been made, packets can flow between the hosts without further checking.
Proxy server: Intercepts all messages entering and leaving the network. The proxy
server effectively hides the true network addresses.
Presentation Outline
Symptom of computer attacked by virus Special focus on: Trojan, worm & Phishing
Site, Spyware Combating Viruses Anti viruses & Firewall What is not virus Conclusion
What is not Virus Because of the publicity that viruses
have received, it is easy to blame any computer problem on a virus.
The following are not likely to be caused by a virus or other malicious code:
What is not VirusHardware problems No viruses can physically damage computer hardware, such
as chips, boards, and monitors.
The computer beeps at startup with no screen display
This is usually caused by a hardware problem during the boot process. Consult your computer documentation for the meaning of the beep codes.
The computer does not register 640 KB of conventional memory
This can be a sign of a virus, but it is not conclusive. Some hardware drivers such as those for the monitor or SCSI card can use some of this memory. Consult with your computer manufacturer or hardware vendor to determine if this is the case.
You have two antivirus programs installed and one of them reports a virus
This might be a virus, but it can also be caused by one antivirus program detect the other program's signatures in memory.
What is not VirusMicrosoft Word warns
you that a document contains a macro
This does not mean that the macro is a virus.
You cannot open a particular document
This is not necessarily an indication of a virus. Try opening another document or a backup of the document in question. If other documents open correctly, the document may be damaged.
The label on a hard drive has changed
Every disk is allowed to have a label. You can assign a label to a disk by using the DOS Label command of from within Windows.
Question…???
Thank You