Week 12- Computer Viruses
Upcoming SlideShare
Loading in...5
×

Like this? Share it with your network

Share

Week 12- Computer Viruses

  • 2,239 views
Uploaded on

Week 12- Computer Viruses

Week 12- Computer Viruses

More in: Education , Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
2,239
On Slideshare
2,239
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
120
Comments
0
Likes
1

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide
  • A macro virus is a virus composed of a sequence of instructions that is interpreted rather than executed directly. • Macro viruses can infect either executables (Duff’s shell virus) or data files (Highland’s Lotus 1-2-3 spreadsheet virus). • Duff’s shell virus can execute on any system that can interpret the instructions
  • A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met. For example, a programmer may hide a piece of code that starts deleting files (such as a salary database trigger ), should they ever be terminated from the company
  • Macro Viruses infect Word or Excel documents and templates, Lotus AmiPro templates and Access database macro objects. An example is the Melissa Word Virus. Companion Viruses have a name similar to that of an application, but instead of using the “.exe” file extension, it uses “.com.”
  • Multipartite Viruses infect the boot sector or Master Boot Record and also infect program files. A multipartite virus is a virus that can infect either boot sectors or executables. • Such a virus typically has two parts, one for each type. • When it infects an executable, it acts as an executable infector. • When it infects a boot sector, it works as a boot sector infector.
  • A virus may be encrypted to try to disguise itself and hide what it does For an encrypted virus to actually run, it has to decrypt its code and data - The portion that does this is referred to as a decryptor Encryption techniques can use random keys to make the virus code hard to spot -However the decryptor itself will have a signature
  • File Viruses infect program files and device drivers by attaching themselves to the program file or by inserting themselves into the program code.
  • A Trojan horse is a program that hides within or looks like a legitimate programs.
  • A Trojan horse is a program that hides within or looks like a legitimate programs.
  • The following is a partial list of available antivirus software solutions. Compare these to see which might meet the needs of your organization. Aladdin Knowledge Systems - http://www.esafe.com Frisk Software International - http://www.complex.is Alwil Software - http://www.avast.com Kaspersky Lab - http://www.kaspersky.com AVG Antivirus - http://www.grisoft.com McAfee - http://www.mcafee.com Central Command, Inc. - http://www.centralcommand.com Network Associates, Inc. - http://www.nai.com Command Software Systems, Inc. - http://www.commandcom.com Norman Data Defense Sys - http://www.norman.com Computer Associates International - http://www.cai.com Panda Software - http://www.pandasoftware.com Data Fellows Corporation - http://www.datafellows.com Proland Software - http://www.pspl.com Dr. Solomon's Software, Inc. - http://www.drsolomon.com Sophos - http://www.sophos.com ESET Software - http://www.mod32.com Symantec Corporation - http://www.symantec.com Finjan Software - http://www.finjan.com Trend Micro, Inc. - http://www.trendmicro.com
  • biometrics Traditionally, the science of measuring and analyzing human biological characteristics. In computer technology, biometrics relates to authentication and security techniques that rely on measurable, individual biological stamps to recognize or verify an individual’s identity. For example, fingerprints, handprints, or voice-recognition might be used to enable access to a computer, to a room, or to an electronic commerce account. Security schemes are generally categorized into three levels: level 1 relies on something the person carries, such as an ID badge with a photo or a computer cardkey; level 2 relies on something the person knows, such as a password or a code number; level 3, the highest level, relies on something that is a part of the person’s biological makeup or behavior, such as a fingerprint, the pattern of blood vessels in a retina, or a signature. See also voice recognition, fingerprint reader, handwriting recognition (definition 1).
  • Methods of hiding the existence of a message or other data. This is different than cryptography, which hides the meaning of a message but does not hide the message itself.
  • Stegnography - refers to hiding information in ways that prevent the detection of hidden messages used to communicate information without letting others even notice that a communication is being taken place

Transcript

  • 1. Week - 12
    • Computer Viruses
    • Viruses
      • Classification of Viruses
      • Macro viruses
      • Logic bomb
      • Boot sector viruses
      • Multipartite Viruses
      • Polymorphic Virus
      • File infectors
      • Trojan horses
      • Worms
      • Protection from viruses (Anti Viruses)
  • 2.
    • Infact viruses are malicious code.
    • Malicious code means a program that can be harmful for computer, its program and data present in the computer.
    • Malicious code are categorized into three types.
      • Computer Virus
      • Trojan Horse
      • Worms
    Introduction
  • 3. Computer Virus
    • A computer virus is program that can affects or infect a computer without permission or knowledge of the user.
    • It can delete files, programs and any data present on computer hard disk.
    • Some times it may damage computer hardware.
  • 4. Classification of Viruses
    • Viruses can be subdivided into a number of types based on their feature.
      • Macro viruses
      • Logic bomb
      • Boot sector viruses
      • Multipartite Viruses
      • Polymorphic Virus
      • File infectors
  • 5. Macro viruses
    • A macro virus is a virus composed of a sequence of instructions that is interpreted rather than executed directly.
    • Macro viruses are designed to infect different types of documents like Word, Excel and Power point presentation.
    • May delete these files or may convert them into unreadable form.
    • First macro virus was written for Microsoft Word and was discovered in August 1995.
    • Today, there are thousand of macro viruses in existence, some example are Relax, Melissa. A and Bablas.
  • 6. Logic bomb
    • A logic bomb employs code that lies inert until specific condition are met.
    • Logic bombs may reside within standalone programs, or they may part of worms or viruses.
    • An example of a logic bomb would be a virus that waits to execute until it has infected a certain number of hosts.
    • A time bomb is a subset of logic bomb, which is set to trigger on a particular date & or time.
    • Their objective is to destroy data on the computer once certain conditions have been met.
    • Logic bombs go undetected until launched, and the result can be destructive.
    • An example of a time bomb is the infamous ‘Friday the 13th’ virus.
  • 7. Master Boot Record/Boot Sector Viruses
    • Boot sector viruses alters or hide the boot sector, usually the Ist sector of a bootable disk (hard drive, floppy disk|). or
    • Boot Sector Viruses infect the boot sector of a hard disk or floppy disk.
    • They can also affect the Master Boot Record (MBR) of the hard disk.
    • The MBR is the first software loaded onto your computer.
    • The MBR resides on either a hard disk or floppy disk and when your computer is turned on, the hardware locates and runs the MBR.
    • This program then loads the rest of the operating system into memory.
    • Without a boot sector, computer software will not run.
  • 8. Master Boot Record/Boot Sector Viruses
    • A boot sector virus modifies the content of the MBR.
    • It replaces the legitimate contents with its own infected version.
    • A boot sector virus can only infect a machine if it is used to boot up the computer.
    • Boot sector virus (Apple Viruses 1,2,3, “Elk Cloner”), Pakistani Brain (x86), Polyboot.B, AntiEXE.
  • 9. Multipartite Viruses
    • Multipartite Viruses infect the boot sector or Master Boot Record and also infect program files.
    • Such a virus typically has two parts, one for each type.
    • When it infects an executable, it acts as an executable infector.
    • When it infects a boot sector, it works as a boot sector infector.
    • Such viruses come in through infected media and reside in memory then they move on to the boot sector of the hard drive. Form there, the virus infects executable files on the hard drive and spreads across the system.
    • A well known multipartite virus is Ywinz.
  • 10. Polymorphic Virus
    • Polymorphic Viruses change their own code each time they duplicate themselves.
    • In this way, each new copy is a variation of the original virus, in order to evade detection by antivirus software.
    • Polymorphic viruses encrypt or encode themselves in a different way (using different algorithms and encryption keys) every time they infect a system.
    • This makes it impossible for antivirus to find them using string or signature searches (because they are different in each encryption) and also enables them to create a large number of copies of themselves.
    • Some examples include: Elkern, Marburg, Satan Bug, Tuareg and Dark Avenger.
  • 11. File infectors
    • File Viruses infect program files and device drivers by attaching themselves to the program file or by inserting themselves into the program code.
    • This type of virus infects programs or executable files (files with an .EXE or .COM extension).
    • When one of these programs is run, directly or indirectly, the virus is activated, producing the damaging effects it is programmed to carry out.
    • The majorities of existing viruses belong to this category, and can be classified according to the actions that they carry out.
  • 12. Trojan Horse
    • Malicious program that hides within a friendly program
    • A Trojan horse is a file that appears harmless until executed.
      • Can erase or overwrite data on a computer
      • Corrupting files & Spreading other malware, such as viruses. (Trojan horse is called a 'dropper‘)
      • Installing a backdoor on a computer system.
  • 13. Trojan Horse (Cont’d)
    • The Trojan Horse gets its name from Greek history and the story of Trojans war.
    • Greek warriors hide inside a wooden horse, which the Trojans took within the walls of the city of Troy.
    • When night fell and the Trojans were asleep, the Greek warrior came out of the horse and open the gates to the city, letting the Greek army enter the gates and destroy the city of Troy.
  • 14. Worms Attacks
    • A program or algorithm that replicates itself over a computer network or through e-mail
    • Sometimes performs malicious actions such as using up the computer and network resources and possibly destroying data.
    • Can spread itself over a network, doesn’t need to be sent
    • Slow down the computer or network
    • Some examples of worms include:
      • Klez, Nimda, Code Red, PSWBugbear.B, Lovgate.F, Trile.C, Sobig.D and Mapson.
  • 15. Famous Viruses
    • Two of the most famous viruses to date were
      • Mellissa, struck in March, 1999,
      • ILOVEYOU virus, hit in May, 2000
    • Both viruses cost organization and individuals billion of dollars
    • Mellissa virus spread in MS Word documents sent via e-mail
      • When the document was opened, the virus was triggered
      • Mellissa accessed the MS Outlook address book on that computer and automatically sent the infected Word attachment by e-mail to the first 50 people in the address book. Each time another person opened the attachment, the virus would send out another 50 messages.
    • The ILOVEYOU virus was sent as an attachment to an e-mail posing as a love letter.
      • The message in the e-mail said “Kindly check the attached love letter coming from abc”
  • 16. Famous Viruses (Cont’d)
    • These viruses corrupt all type of files, including system files.
    • Network at companies and government organizations world wide were shut down for days trying to remedy the problem.
    • Estimates for damage caused by the virus were as high as $10 to $15 billion, with the majority of the damage done in just few hours.
    • In June, 2000, a worm named Timofonica that was propagated via e-mail quickly made its way into the cellular phone network in Spain, sending prank calls and leaving text messages on the phones
  • 17. Web Defacing
    • Another popular form of attack by hackers is web defacing
      • Hackers illegally change the content of a Web site
        • One notable case of Web defacing occurred in 1996 when Swedish hackers changed the Central Intelligence Agency Web site ( www.odci.gov/cia ) to read “Central Stupidity Agency”
        • Many other popular and large Web sites have been defaced
  • 18. Protection against viruses
    • A virus can only spread from one computer to another when its hosts is taken to the uninfected computer, for instance by a user sending it over a network or carrying it on a removable medium such as a floppy disk, CD, or USB drive.
    • Additionally, viruses can spread to other computes by infecting files on a network file system or a file system that is accessed by another computer.
    • Today’s viruses may also take advantage of network services such as the World Wide Web, e-mail and file sharing systems to spread.
    • If we want to protect our computer from computer viruses than we must have to install Antivirus Software and must update it from internet on regular basis.
  • 19. Antivirus Software
    • Antivirus software consist of computer programs that attempt to identify and eliminate computer viruses and other malicious software (malware).
    • Antivirus software typically uses two different techniques to accomplish this:
      • Examining (scanning) files to look for known viruses matching definitions in a virus dictionary.
      • Identifying suspicious behavior from any computer program which might indicate infection.
      • Such analysis may include data captures, port monitoring and other methods.
    • Most commercial antivirus software uses both of these approaches with an emphasis on the virus dictionary approach.
  • 20. Antivirus Software Options
    • Available antivirus software solutions. Compare these to see which might meet the needs of your organization.
    • Aladdin Knowledge Systems - http://www.esafe.com
    • Frisk Software International - http://www.complex.is
    • Alwil Software - http://www.avast.com
    • Kaspersky Lab - http://www.kaspersky.com
    • AVG Antivirus - http://www.grisoft.com
    • McAfee - http://www.mcafee.com
    • Central Command, Inc. - http://www.centralcommand.com
    • Network Associates, Inc. - http://www.nai.com
    • Command Software Systems, Inc. - http://www.commandcom.com
    • Computer Associates International - http://www.cai.com
    • Panda Software - http://www.pandasoftware.com
    • Data Fellows Corporation - http://www.datafellows.com
    • Dr. Solomon's Software, Inc. - http://www.drsolomon.com
    • ESET Software - http://www.mod32.com
    • Symantec Corporation - http://www.symantec.com
    • Finjan Software - http://www.finjan.com
  • 21. Firewalls
    • A firewall is software program or device that checks information coming from the Internet or a network, and then either blocks it or allows it to pass through to your computer, depending on your firewall settings.
      • Protects local area network (LAN) from outside intruders
      • Prohibit all data not allowed or permit all data not prohibited
    • Types of firewalls
      • Packet-filtering firewalls
        • Rejects all data with local addresses from outside
        • Examine only source not content
          • Small metal box filled with plug openings, or ports.
          • Hook your computer network into the box (just as other peripherals') then set it up on your computer.
          • Hardware firewalls are typically owned by larger businesses.
  • 22. Firewalls (Cont’d)
    • Application level firewalls
        • Attempt to scan data
    • Help block computer viruses and worms from reaching your computer.
      • Detect or disable computer viruses and worms if they are already on your computer.
      • Ask for your permission to block or unblock certain connection requests.
    • Some software firewall also include parental controls to manage what kind of websites the children visit.
    • Some package will also allow you to block photos and specific text content that you do not want your children to view.
  • 23. Kerberos
    • Kerberos is a computer network authentication protocol, which allows nodes communicating over a non-secure network to prove their identity to one another in a secure manner.
      • Uses symmetric secret-key cryptography to authenticate users in a network
      • Freely available, open source protocol developed by MIT.
  • 24. Biometrics
    • Biometrics is an authentication and security techniques
      • Uses unique personal information to identify
      • Recognize or verify an individual’s identity.
      • Examples are fingerprints, eyeball iris scans or face scans, voice-recognition might be used to enable access to a computer, to a room, or to an electronic commerce account
  • 25. Steganography
    • Steganography (covered writing)
      • Practice of hiding information within other information
    • Hides existence of message
      • Using only a subset of letters/words in a longer message marked in some way
      • For example, if you want to tell your stock broker to buy, vs sell a stock and your message must be transmitted over insecure channel, you could send the message “BURIED UNDER YARD” if you have agreed in advance that your message is hidden in the first letter of each word, the stock broker picks these letters off and sees “BUY”.
  • 26. Steganorgraphy (Cont’d)
    • An increasing popular application of Steganography is digital watermarking.
      • Hidden within documents and can be shown to prove ownership
    • Example of a conventional watermark
  • 27.
    • Example: A German spy sent the following “harmless” message in WWII
      • Apparently neutral’s protest is thoroughly discounted and ignored. Isman hard hit. Blockade issue affects pretext for embargo on by-products, ejecting suets and vegetable oils.
    • If we extract the 2 nd letter in each word, we get:
      • A p parently n e utral’s p r otest i s t h oroughly d i scounted a n d i g nored. I s man h a rd h i t. B l ockade i s sue a f fects p r etext f o r e m bargo o n b y -products, e j ecting s u ets a n d v e getable o i ls.
    • Or the secret message:
      • Pershing sails from NY June I.
    Steganorgraphy (Cont’d)