introduction to malwares,virus,trojan horsePresentation Transcript
Malwares are softwares Designed to infiltrate or damage a computer system without the owner's informed consent.
Many normal computer users are however still unfamiliar with The term, and most never use it.
Instead, “virus” is used in common parlance and often in the general media to describe all kinds of malware.
A computer program that can copy itself and infect a computer without permission or knowledge of the user.
A virus can spread from one computer to another when its host is taken to the uninfected computer.
Viruses may take advantage of network services such as web ,email , sharing file systems in a network to spread.
Usually viruses are programmed to damage the computer by damaging programs ,deleting files , reformatting hard disk.
expand exponentially through recursion.
It is written in scripting languages for programs such as word and excel.
It infects documents & spreadsheets.
It quickly spreads over internet and LAN.
It generally propagates through shared resources.
COMPANION VIRUS :
It creates new files that have the same file names as a legitimate program but with different extensions.
It employs code that remain inert until specific conditions are met.
BOOT SECTOR VIRUS:
It is hidden in the boot sector(usually in the first sector.)
It loads into memory during every boot sequence.
It doesn’t effect files but the disks that contain them.
A well written virus of this type is usually difficult for antivirus scanners to detect but these are usually not that well written. They changes code whenever it passes to another machine.
STEALTH VIRUS :
These hides its presence by making an infected file not appear infected, but doesn't usually stand up to antivirus software .
These infects both files and the boot sector that infect our system dozens of times before it's caught.
A self replicating computer program.
It uses a network to send copies of itself to other nodes and it may do so without any user intervention.
Unlike a virus, it doesn’t need to attach itself to an existing program.
Worms always effect network (only by consuming bandwidth), whereas viruses always infect or corrupt files on a targeted computer.
A computer software that collects personal information about users without their informed consent.
Personal information is secretly recorded with different technique including logging keystrokes recording internet, web browsing history and scanning documents on computer hard disk.
It can steal victim’s password and financial details.
Malicious programmers have released a large number of rogue (fake) anti-spyware programs, and widely distributed Web banner ads now spuriously warn users that their computers have been infected with spyware, directing them to purchase programs which do not actually remove spyware or else, may add more spyware of their own.
It is recommended that users do not install any freeware claiming to be anti-spyware unless it is verified to be legitimate. Some known offenders include :
XP antivirus 2008
A Trojan is a malware that appears to perform a desirable function but infact performs undisclosed malicious function.
Trojan horse programs can’t operate autonomously, The victim must activate it.
Unlike virus it doesn’t replicate.
There are two types of trojan horses.
Useful software that has been corrupted by a cracker inserting malicious code that executes when the program is used.
Standalone program that is disguised as something else like a game or image file that is malicious to the computer.
Now a days pendrive is the major medium of transferring data between two computers.
The unpleasant truth is that this pendrive is the medium of spreading Malware among computers.
Some Malwares are built in a way that When we insert the pen drive in an infected computer it is copied to the pendrive.
Sometimes we can see it. E.g A file contains with in a folder with the same name as the folder with a .exe extension
Go to Tools->Folder options ->view
check show hidden files and folders, uncheck hide protected OS files, uncheck hide extensions .
Mark the extensions .vbs/.exe/.com /.bat .
These are the Malwares and effects the system when the pendrive is double clicked.
When we see the hidden malwares there is always a file called autorun.inf .
Many of the computer users have the misconception that the autorun.inf is a virus.
But it is the file which helps another file to run.
The pictures shows an example of autorun.inf
The autorun.inf file in the example opens a file called bank.exe changes the icon to bank.ico and changes the label to SDSC BANK.
Always open the pendrive by using the address of the drive in the Address bar or open it using windows autoplay application.
Don’t double click the pendrive icon or don’t try to use the right click menu commands.
Try to know the extention of a file.
Follow the either of two solutions
Use a batch file to delete the autorun.inf
Disable the autorun on windows
Batch file is a text file that contains series of commands to be executed one after another.
It has an extension .bat
On double clicking the batch file it starts executing.
People used to design malwares using batch files.
Simply writing a delete command in the batch file can delete one file or set of files.
E.g. “del /a /f h:autorun.inf” deletes the autorun.inf hidden in H drive
Instead of H we can give the address of our removal storage disk to delete the autorun.inf
We can disable the autorun feature using windows registry
The Windows registry is a database which stores settings and options for the operating system for Windows
Open the registry editor and goto HKCU/Software/microsoft/windows/CurrentVersion/policies/explorer
On the right double click NoDriveTypeAutoRun enter a value “223” in decimal or “fd” in hexadecimal.
Close the registry and restart the computer .
Now you are free to open your pendrive.
Don’t fear to malware, rather try to get some knowledge about it.
Don’t download files and free software from unknown sites & strangers.
Install a trustable antivirus & update it regularly.
Back up the files on a regular basis. so, that if some malware attacks the system then we can able to restore them.