Modern Computer Virology   The black art of breaking and  defending malicious computing.                               By ...
Introduction• What is virology?• Then what is computer virology?• How it differ from conventional biological  virology?• H...
Categories of Virology•   Worms.•   Viruses.•   Trojan Horses.•   Malware.•   Spyware.•   Rabbits.•   Other , malicious co...
Environment Of Virology•   As biological virus can’t live without a host computer virus also can’t live without a    host ...
Media of Replication• So as I mentioned in my previous note a computer virus is a  malicious code that it have the ability...
Boot Sector Virus•   In x86 computer architecture a boot sector is 512 bytes long executable code. Every    computer physi...
Executable File Inflection Techniques•      In Windows platform a executable file ends with the suffix “.exe” and in Linux...
Summary•   Introduction and history about viruses.•   Environment and category.•   Media of Replication.•   Into about mec...
By M S D Perera
Upcoming SlideShare
Loading in …5
×

Modern computer virology

1,107 views
921 views

Published on

This is my presentation 1

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,107
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
4
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Virology is a general term which is not specific to neither computer virology or biological virology.Conventional biological virology is something that which there exists in the nature ,but there exists artificially created Biology viruses [for a example Anthrax virus created by Al-quada] . Convetntional viruses are physical, they can be very Long worms who lives in your clone and later invade your whole body. But computer viruses invade your computerFile system , storage,memory , network , hard disk , firmware roms ,etc,etc. So another difference is computer virusesAre not nasty enough like biological viruses.Typcially computer viruses can’t think and self aware about it’s environment so it can’t adopt to highly dynamicEnvironments. For a example win32 virus will stop it’s journey of inflection when it met with a linux host.But a parasatic worm that lives in the snail body can swim to a fish and then when a human eat the fish It can adopt to the human body and live as a roundworm in human clone.Because of computer viruses are created by human programmers and they are non smart enough to Build self awaness into the computer virus it’s very obvious why computer viruses are less smart than the Biological virues. However computer viruses takes it’s idea by biological viruses.Placing your toothbrush top of your computer keyboard won’t transfer computer viruses to your body.Don’t worry.
  • Modern computer virology

    1. 1. Modern Computer Virology The black art of breaking and defending malicious computing. By M S D Perera 1
    2. 2. Introduction• What is virology?• Then what is computer virology?• How it differ from conventional biological virology?• History of computer virology. By M S D Perera
    3. 3. Categories of Virology• Worms.• Viruses.• Trojan Horses.• Malware.• Spyware.• Rabbits.• Other , malicious code but directly can’t categorize under virology. [ ex-logic bombs, root- kits,shell-code, key loggers ,spammers/ floders. By M S D Perera
    4. 4. Environment Of Virology• As biological virus can’t live without a host computer virus also can’t live without a host or a proper environment. Like parasites need a host[a human] to live a computer virus also need a host[a computer to live].• What makes environment heterogeneous or homogenous? * Computer Architecture [x86,x64, ARM,SunSolaris.. Etc etc],and CPU version. * Operating systems and software Environment. And their versions. for list of Operating systems refer: http://os-dev.org/ * File systems and file formats. for list of different file systems refer: * Network and media. Different internetworking and media exists today. For a example we can take internet as a popular network for spreading worms, and thumb drives as a popular media for spreading to viruses. By M S D Perera
    5. 5. Media of Replication• So as I mentioned in my previous note a computer virus is a malicious code that it have the ability to reclusively replicate itself within a one host, if it can automatically replicate itself to outside the hos it’s considered as a ‘worm’.• Basic Three parts of a typical computer virus. * replication engine * bomb * polymorphic engine.• There are numerous ways that have been used by virus writers to replicate. * using the boot sector [boot sector virus] * File inflection techniques. [win32,win64 executable files]. * scripts, macros and data file viruses.[explain why almost every file is guilty as same as executable files for viruses]. By M S D Perera
    6. 6. Boot Sector Virus• In x86 computer architecture a boot sector is 512 bytes long executable code. Every computer physical storage medium have this boot sector called a master boot record and may exists alternative number of boot sectors as equal to it’s number of partitions.• Some boot viruses are killing it’s host instantly and made host operating system unbootable. But some smart viruses spread the virus to other boot sectors of the accessible media and wait for the correct time to execute the bomb. It can be logically programmed by the virus writer. However in the second strategy the user should not notice any strange till the correct time and it should boot the OS as normal. To do that Boot sector viruses use different mechanisms. Following explains few. * Relocate original bootsector to somewhere else and later load it to memory andexecute it. * Relocate original bootsector at the end of the partition. * Change the PT entries of a particular partition and allow it to execute arbitrary codeof sector [virus code] and finally let execute the original boot sector.An Example boot sector virus source code: By M S D Perera
    7. 7. Executable File Inflection Techniques• In Windows platform a executable file ends with the suffix “.exe” and in Linux they have no extension. Linux uses elf32 executable format and windows uses win32 PE and PE+ executable file formats.• Executable file is nothing more than a big data-structure which have following. * header. * sections In a typical executable file there are following sections. text[executable code] data [global variables and statistically initialized data] bss [dynamically initialized data] stack [defines the hardware stack for the executable]There is a entry point in the text section. It’s where your operating systems starts executing after it loads data and text sessionsinto memory and bss and stack have been initialized. So a virus code have to insert it’s code to the text section , in other words ithave to alter to the text section of a particular executable file. There are other methods too., for a example inserting a new textsession is also possible. Following are some different techniques that virus writers are using . * Overwriting Viruses. * Append last to the text section. * Viruses that inject it’s code to the padded aligned spaces between segments. * Random Inflection. * Viruses that hijack Entry points. * and many more unspecified wild techniques are used among the virus writer underground communities.An example Executable virus source code: By M S D Perera
    8. 8. Summary• Introduction and history about viruses.• Environment and category.• Media of Replication.• Into about mechanisms about Boot sector viruses and executable viruses.• In My next Presentation: More about Executable file internals. More about Win32 PE and PE+ executable file format. More about executable file inflection techniques which areused by the win32 viruses in the windowing platform. Thanks for the audience  By M S D Perera
    9. 9. By M S D Perera

    ×