SlideShare a Scribd company logo

Virus and Worms

Download as PPTX, PDF
GrittyCC
GrittyCC

Chapter 2

Education
1 of 30
Viruses and Worms
 It is a replicating program.  Can produce a copy of itself by attaching itself to another program  For example Software that piggybacks on real programs. Every time MS Word runs, virus runs too. Virus reproduces (by attaching copies of itself to other programs & files)  Typical transmission via:  File Downloads  Infected Disks / USB / Flash drives  Email Attachments What is a Virus
 Some Viruses will affect computers as soon as there code is executed.  Others will remain dormant until pre-determined logical circumstances are met. Types & Growth
 Design  Virus code developed using a program language or a virus construction kit.  Replication  The virus replicated itself within the target system over a period of time.  Launch  Virus is activated when the user performs a certain action such as running a program.  Detection  A new virus has been identified typically after data corruption, system malfunctioning and damage has taken place.  Incorporation.  Antivirus software developers assemble defence against the virus  Elimination  Antivirus defence is deployed as an update Virus Life Stages
• Inflict damage to competitors • Research projects • Prank / Vandalism • Targeted attack of specific company (Stuxnet) • Distribute a political message (Injustice) • Identity theft, Spyware (CoolWebSearch) • Financial Gain • Cryptoviral extortion (Gpcode) – This is a Trojan that encrypts files with certain extensions on local and remote drives and then asks a user to contact its author to buy a decryption solution. Motivations in Virus Creation
• Programs taking longer to load • Hard Drive available capacity falling without usage • Drive usage even when unused • Unknown files appearing on your system • Unexpected graphic displays • File name changes • Program size keeps changing • High Memory usage & system slows down Indications of Virus infection
• File downloads without verifying the source • Virus infected files sent via mail with the aim of getting the recipient to open the mail and / or execute the virus. • Virus is incorporated onto popular software programs and the infected software is uploaded onto websites intended for software downloads. • Failing to install / update security patches • Failing to use latest versions of antivirus signature files. • Social engineering, where the attacker tricks the end-user to go to an innocent looking webpage containing malware. (Discuss Spear-phishing also) • Compromised legitimate websites • Fake antivirus software Infection methods
Types of Virus  Email virus:  Moves around in email messages. Replicates by auto mailing itself to people on victim’s email address book  Worm:  Software that uses computer networks & security holes to replicate itself. Copy of worm scans network for other computer with a specific security hole & replicates there as well…  Trojan horse:  Program that claims to do one thing (e.g. game) `but instead does damage when you run it (e.g. erase hard disk). Do not auto replicate How they spread
Some More Types • Encryption Virus • Polymorphic Virus • Metamorphic Virus • File extension Virus • Macro Virus
Encryption Virus • Consists of a encrypted copy of the virus • Also contains a decryption module remains consistent • Different Keys used for encryption • Attached decryption module contains the Key to decrypt the virus. • Virus signature keeps changing • Virus scanners must determine the Signature of the decrypting module instead
Polymorphic Virus • Modify their code each time they replicate • They change their encryption module on replication. • Virus signature keeps changing • Mutation Engine used by the Virus to change is also used by the antivirus software for detection. • Can be difficult to detect
Metamorphic Virus • Virus that rewrite itself • Original algorithm remains intact but the code changes to avoid detection. • Complex to code • Better than Polymorphic at avoiding detection.
File extension Virus • Used to trick the end-user into opening what looks to be a valid file • If the end-user file extension view is turned off a file such as BAD.TXT.VBS will be visible as BAD.TXT
Macro Virus • Word or similar applications infected with this type of virus. • Typically written in a macro language such as VBA Visual Basic for Applications. • Typically spread via Email • The line between data files and applications becoming blurred. • Files such as Word, Excel, PowerPoint and windows help, PDF files can contain exploit macrocode.
Mydoom (Norvarg) Worm/Email Virus:  Infected 250,000 computers in single day in 2004. Windows PCs only.  When users click on email attachment, it runs the virus  Used double extension to fool user (name.txt.exe)  Targeted SCO and Microsoft with HTTP requests from infected hosts.  Distributed Denial of Service (DDOS)  Also floods computers with mass emailing  20% to 30% of all Email traffic at its peak Melissa Macro Virus:  1999. Infects machines with MS Word 97. Propagated by user opening an infected Word doc. Infects Normal.dot & hence all Word files. Virus then creates an email message containing an infected Word doc as attachment. Doc contains references to pornographic web sites.  Virus propagated if macros enabled on the PC Examples of Famous Viruses
ILOVEU virus :  May 2000. Comes in an email with “I LOVE YOU” in subject line an attachment. When attachment opened, sends message to everyone in MS Outlook address book.  Also deletes all JPEG, MP3, & certain other files on your hard disk!  Reached 45 million users in one day.  Some large companies had to shut down email completely.  VBS  $15 billion to remove the worm More Famous Viruses
Bubble Boy Virus • Not harmful • Worm executes as soon as the message is viewed in the preview pane • Changes user name and company name to “BubbleBoy” • Opens Outlook through ActiveX and mails itself to everyone in the address book
Blaster • Worm • August 2003 • Xp & 2000, 2003 server • Opens a remote command shell that listens on TCP port 4444 • sleeps for 20-second intervals and awakens to look for new machines to infect • Worm starts a TCP SYN Flood attack on windowsupdate.com • Mblast.exe
THE CONFICKER WORM • One of the most notorious worms that has been unleashed on the internet in recent times • Speculation is that the worm was let loose by one or more government organizations to test its power to propagate • Worm infected a large number of machines around the world • Infected only Windows machines
THE CONFICKER WORM • Symptoms – could also lock out certain user accounts – disabled the Automatic Updates feature – impossible for the infected machine to carry out DNS lookup for the hostnames that correspond to anti-virus software vendors – modifications to the Windows registry
Infection method • On the older Windows platforms, a machine would be infected with the worm by any machine sending it a specially crafted packet disguised as an RPC (Remote Procedure Call). • On newer Windows platforms, the infecting packet had to be received from a user who could be authenticated by the victim machine • First discovered in October 2008 • The worm infection spread by exploiting a vulnerability in the executable svchost.exe on a Windows machine
svchost.exe • The job of the always-running process that executes the svchost.exe file is to facilitate the execution of the dynamically-linkable libraries (DLLs) that the different applications reside in or use. • The Svchost process does by replicating itself for each DLL that needs to be executed. So we could say that any DLL that needs to be executed must “attach” itself to the svchost process • The svchost process checks the services part of the registry to construct a list of services (meaning a list of DLLs) it must load.
Infection method • A machine running a pre-patched version of the Windows Server Service svchost.exe could be infected because of a vulnerability with regard to how it handled remote code execution needed by the RPC requests coming in through port 445. • So if a machine allowed for remote code execution in a network perhaps because it made some resources available to clients it would be open to infection through this mechanism. • Once a machine was infected, the worm could drop a copy of itself in the hard disks on the other machines mapped in the previously infected machine (Network Shares) If it needed a password in order to drop a copy of itself at these other locations, the worm came equipped with a list of 240 commonly used passwords. If it succeeded, the worm created a new folder at the root of these other disks where it placed a copy of itself. • The worm could also drop a copy of itself as the autorun.inf file in USB media such as memory sticks. This allowed the worm copy to execute when the drive was accessed (if Autorun was enabled).
Detection • The worm prevented an automatic download of the latest virus signatures from the anti-virus software vendors by altering the DNS software on the infected machine. When a machine could not be disinfected through automatic methods, you had to resort to a more manual intervention consisting of downloading the anti-virus tool on a separate clean machine, possibly burning a CD with it, and, finally, installing and running the tool on the infected machine. • Since the worm was capable of resetting the system restore points that rendered this approach impossible for system recovery. • For the next step, as worm instructs the firewall to open a randomly selected high-numbered port to the internet. It then uses this port to reach out to the network in order to infect other machines. In order to succeed with propagation, the worm must become aware of the IP address of the host on which it currently resides. This it accomplishes by reaching out to a web site like http://checkip.dyndns.com
Problems it caused • A French Navy computer network, was infected with Conficker on 15 January 2009. The network was subsequently quarantined, forcing aircraft at several airbases to be grounded because their flight plans could not be downloaded • The United Kingdom Ministry of Defence reported that some of its major systems and desktops were infected. The virus had spread across administrative offices, NavyStar/N* desktops aboard various Royal Navy warships and Royal Navy submarines, and hospitals across the city of Sheffield reported infection of over 800 computers.
Stuxnet Worm • Discovered in 2010 • The first publicly known intentional act of cyberwarfare to be implemented • Stuxnet reportedly ruined almost one-fifth of Iran's nuclear centrifuges • Stuxnet is typically introduced to the target environment by an infected USB flash drive
Spyware:  Collects personal info about users without their consent.  Record personal info through logging keystrokes, recording web browser history, or scanning hard disk docs.  Purposes include criminal intent, advertising, or just to be annoying  Identity theft, stealing credit card numbers, etc Other unwanted software
What is Anti-Virus Software?  Program that searches hard drive (& other drives) for any known or potential viruses or malware.  Works in 2 ways:  1. Scan files for viruses contained in virus dictionary (DAT file)  2. Identify suspicious behaviour (e.g. data capture, monitoring) Anti-Virus Software
• Very similar products.  For home & home-office use  Enterprise edition for corporate environments  Integrates anti-virus, firewall, & anti-spyware  Performance hits?  Live updates.  Pricing usually based on subscription (1 year).  Get program updates for free, but pay for virus updates! McAfee VirusScan & Norton AntiVirus
Virus Protection  Install after Service Packs  Anti-virus software runs as a process  Schedule to run at specific times (e.g. every day)  Specify which disks to scan  Run each time computer boots up?  Config for auto updates (DAT files) from web  Anti-Virus Software:  McAfee, Norton Install/Config Anti-Virus Software

Recommended

Security threats and safety measures
Security threats and safety measuresSecurity threats and safety measures
Security threats and safety measuresDnyaneshwar Beedkar
 
MALWARE
MALWAREMALWARE
MALWAREAnupam Das
 
Computer Security
Computer SecurityComputer Security
Computer SecurityAkNirojan
 
Computer worms viruses and Prevention
Computer worms viruses and PreventionComputer worms viruses and Prevention
Computer worms viruses and PreventionPratimesh Pathak
 
Malware
MalwareMalware
MalwareAnoushka Srivastava
 
Computer viruses
Computer virusesComputer viruses
Computer virusesPRANJAL SAIKIA
 
Ppt on cyber security
Ppt on cyber securityPpt on cyber security
Ppt on cyber securityAvani Patel
 
Malware ppt
Malware pptMalware ppt
Malware pptFaiz Khan
 

Recommended

Security threats and safety measures
Security threats and safety measuresSecurity threats and safety measures
Security threats and safety measuresDnyaneshwar Beedkar
 
MALWARE
MALWAREMALWARE
MALWAREAnupam Das
 
Computer Security
Computer SecurityComputer Security
Computer SecurityAkNirojan
 
Computer worms viruses and Prevention
Computer worms viruses and PreventionComputer worms viruses and Prevention
Computer worms viruses and PreventionPratimesh Pathak
 
Malware
MalwareMalware
MalwareAnoushka Srivastava
 
Computer viruses
Computer virusesComputer viruses
Computer virusesPRANJAL SAIKIA
 
Ppt on cyber security
Ppt on cyber securityPpt on cyber security
Ppt on cyber securityAvani Patel
 
Malware ppt
Malware pptMalware ppt
Malware pptFaiz Khan
 
Virus and worms
Virus and wormsVirus and worms
Virus and wormsVikas Sharma
 
Virus and malware presentation
Virus and malware presentationVirus and malware presentation
Virus and malware presentationAmjad Bhutto
 
Viruses, worms, and trojan horses
Viruses, worms, and trojan horsesViruses, worms, and trojan horses
Viruses, worms, and trojan horsesEILLEN IVY PORTUGUEZ
 
Computer & internet Security
Computer & internet SecurityComputer & internet Security
Computer & internet SecurityGerard Lamusse
 
Cyber Security Best Practices
Cyber Security Best PracticesCyber Security Best Practices
Cyber Security Best PracticesEvolve IP
 
MALWARE AND ITS TYPES
MALWARE AND ITS TYPES MALWARE AND ITS TYPES
MALWARE AND ITS TYPES Sagilasagi1
 
Computer Virus ppt.pptx
Computer Virus ppt.pptxComputer Virus ppt.pptx
Computer Virus ppt.pptxPragatiKachhi1
 
Cyber security
Cyber securityCyber security
Cyber securitySabir Raja
 
Spyware powerpoint
Spyware powerpointSpyware powerpoint
Spyware powerpointgalaxy201
 
Computer virus
Computer virusComputer virus
Computer virusMaxie Santos
 
Types of malware
Types of malwareTypes of malware
Types of malwaretechexpert2345
 
Computer virus and worms
Computer virus and wormsComputer virus and worms
Computer virus and wormsrishi ram khanal
 
Welcome to my presentation
Welcome to my presentationWelcome to my presentation
Welcome to my presentationRakibul islam
 
Computer Worms
Computer WormsComputer Worms
Computer Wormssadique_ghitm
 
Introduction to cyber security amos
Introduction to cyber security amosIntroduction to cyber security amos
Introduction to cyber security amosAmos Oyoo
 
Cybercrime a growing threat of 21 st century !!!
Cybercrime a growing threat of 21 st century !!!Cybercrime a growing threat of 21 st century !!!
Cybercrime a growing threat of 21 st century !!!Asma Hossain
 
Antivirus software
Antivirus softwareAntivirus software
Antivirus softwareShreya Singireddy
 
Malicious Software Identification
Malicious Software IdentificationMalicious Software Identification
Malicious Software Identificationsandeep shergill
 
Computer virus
Computer virus Computer virus
Computer virusKawsar Ahmed
 
Hacking ppt
Hacking pptHacking ppt
Hacking pptRashed Sayyed
 
Malicious software
Malicious softwareMalicious software
Malicious softwareDr.Florence Dayana
 
Viruses worms
Viruses wormsViruses worms
Viruses wormsGreater Noida Institute Of Technology
 

More Related Content

What's hot

Virus and malware presentation
Virus and malware presentationVirus and malware presentation
Virus and malware presentationAmjad Bhutto
 
Computer & internet Security
Computer & internet SecurityComputer & internet Security
Computer & internet SecurityGerard Lamusse
 
Cyber Security Best Practices
Cyber Security Best PracticesCyber Security Best Practices
Cyber Security Best PracticesEvolve IP
 
MALWARE AND ITS TYPES
MALWARE AND ITS TYPES MALWARE AND ITS TYPES
MALWARE AND ITS TYPES Sagilasagi1
 
Computer Virus ppt.pptx
Computer Virus ppt.pptxComputer Virus ppt.pptx
Computer Virus ppt.pptxPragatiKachhi1
 
Cyber security
Cyber securityCyber security
Cyber securitySabir Raja
 
Spyware powerpoint
Spyware powerpointSpyware powerpoint
Spyware powerpointgalaxy201
 
Welcome to my presentation
Welcome to my presentationWelcome to my presentation
Welcome to my presentationRakibul islam
 
Introduction to cyber security amos
Introduction to cyber security amosIntroduction to cyber security amos
Introduction to cyber security amosAmos Oyoo
 
Cybercrime a growing threat of 21 st century !!!
Cybercrime a growing threat of 21 st century !!!Cybercrime a growing threat of 21 st century !!!
Cybercrime a growing threat of 21 st century !!!Asma Hossain
 
Malicious Software Identification
Malicious Software IdentificationMalicious Software Identification
Malicious Software Identificationsandeep shergill
 

What's hot (20)

Virus and worms
Virus and wormsVirus and worms
Virus and worms
 
Virus and malware presentation
Virus and malware presentationVirus and malware presentation
Virus and malware presentation
 
Viruses, worms, and trojan horses
Viruses, worms, and trojan horsesViruses, worms, and trojan horses
Viruses, worms, and trojan horses
 
Computer & internet Security
Computer & internet SecurityComputer & internet Security
Computer & internet Security
 
Cyber Security Best Practices
Cyber Security Best PracticesCyber Security Best Practices
Cyber Security Best Practices
 
MALWARE AND ITS TYPES
MALWARE AND ITS TYPES MALWARE AND ITS TYPES
MALWARE AND ITS TYPES
 
Computer Virus ppt.pptx
Computer Virus ppt.pptxComputer Virus ppt.pptx
Computer Virus ppt.pptx
 
Cyber security
Cyber securityCyber security
Cyber security
 
Spyware powerpoint
Spyware powerpointSpyware powerpoint
Spyware powerpoint
 
Computer virus
Computer virusComputer virus
Computer virus
 
Types of malware
Types of malwareTypes of malware
Types of malware
 
Computer virus and worms
Computer virus and wormsComputer virus and worms
Computer virus and worms
 
Welcome to my presentation
Welcome to my presentationWelcome to my presentation
Welcome to my presentation
 
Computer Worms
Computer WormsComputer Worms
Computer Worms
 
Introduction to cyber security amos
Introduction to cyber security amosIntroduction to cyber security amos
Introduction to cyber security amos
 
Cybercrime a growing threat of 21 st century !!!
Cybercrime a growing threat of 21 st century !!!Cybercrime a growing threat of 21 st century !!!
Cybercrime a growing threat of 21 st century !!!
 
Antivirus software
Antivirus softwareAntivirus software
Antivirus software
 
Malicious Software Identification
Malicious Software IdentificationMalicious Software Identification
Malicious Software Identification
 
Computer virus
Computer virus Computer virus
Computer virus
 
Hacking ppt
Hacking pptHacking ppt
Hacking ppt
 

Similar to Virus and Worms

Virus and Anti Virus - Types of Virus and Anti Virus
Virus and Anti Virus - Types of Virus and Anti VirusVirus and Anti Virus - Types of Virus and Anti Virus
Virus and Anti Virus - Types of Virus and Anti VirusAdeel Rasheed
 
Computer viruses
Computer virusesComputer viruses
Computer virusesSimiAttri
 
Computer virus_the_things_u_must_know_
Computer virus_the_things_u_must_know_ Computer virus_the_things_u_must_know_
Computer virus_the_things_u_must_know_wargames12
 
Virus and its CounterMeasures -- Pruthvi Monarch
Virus and its CounterMeasures -- Pruthvi Monarch Virus and its CounterMeasures -- Pruthvi Monarch
Virus and its CounterMeasures -- Pruthvi Monarch Pruthvi Monarch
 
Computer virus & its cure
Computer virus & its cure Computer virus & its cure
Computer virus & its cure shubhamverma2711
 
Computer viruses by joy chakraborty
Computer viruses by joy chakrabortyComputer viruses by joy chakraborty
Computer viruses by joy chakrabortyJoy Chakraborty
 
Kinds of Viruses
Kinds of VirusesKinds of Viruses
Kinds of Virusesjenniel143
 
Virus and its types 2
Virus and its types 2Virus and its types 2
Virus and its types 2Saud G
 

Similar to Virus and Worms (20)

Malicious software
Malicious softwareMalicious software
Malicious software
 
Viruses worms
Viruses wormsViruses worms
Viruses worms
 
Viruses & worms
Viruses & wormsViruses & worms
Viruses & worms
 
FCS Presentation.pptx
FCS Presentation.pptxFCS Presentation.pptx
FCS Presentation.pptx
 
Codigo Malicioso
Codigo MaliciosoCodigo Malicioso
Codigo Malicioso
 
Computer Introduction-Lecture04
Computer Introduction-Lecture04Computer Introduction-Lecture04
Computer Introduction-Lecture04
 
Virus and Anti Virus - Types of Virus and Anti Virus
Virus and Anti Virus - Types of Virus and Anti VirusVirus and Anti Virus - Types of Virus and Anti Virus
Virus and Anti Virus - Types of Virus and Anti Virus
 
Virussss.pdf
Virussss.pdfVirussss.pdf
Virussss.pdf
 
Computer viruses
Computer virusesComputer viruses
Computer viruses
 
Virus.pptx
Virus.pptxVirus.pptx
Virus.pptx
 
Computer Viruses
Computer VirusesComputer Viruses
Computer Viruses
 
Computer virus_the_things_u_must_know_
Computer virus_the_things_u_must_know_ Computer virus_the_things_u_must_know_
Computer virus_the_things_u_must_know_
 
Virus and its CounterMeasures -- Pruthvi Monarch
Virus and its CounterMeasures -- Pruthvi Monarch Virus and its CounterMeasures -- Pruthvi Monarch
Virus and its CounterMeasures -- Pruthvi Monarch
 
Computer viruses
Computer virusesComputer viruses
Computer viruses
 
Computer virus & its cure
Computer virus & its cure Computer virus & its cure
Computer virus & its cure
 
Computer viruses
Computer virusesComputer viruses
Computer viruses
 
Computer viruses by joy chakraborty
Computer viruses by joy chakrabortyComputer viruses by joy chakraborty
Computer viruses by joy chakraborty
 
Kinds of Viruses
Kinds of VirusesKinds of Viruses
Kinds of Viruses
 
Virus and its types 2
Virus and its types 2Virus and its types 2
Virus and its types 2
 
Computer virus
Computer virusComputer virus
Computer virus
 

More from GrittyCC

Copyright Protection
Copyright ProtectionCopyright Protection
Copyright ProtectionGrittyCC
 
General Data Protection Regulation
General Data Protection RegulationGeneral Data Protection Regulation
General Data Protection RegulationGrittyCC
 
Spam & Phishing
Spam & PhishingSpam & Phishing
Spam & PhishingGrittyCC
 
International Cybercrime (Part 1)
International Cybercrime (Part 1)International Cybercrime (Part 1)
International Cybercrime (Part 1)GrittyCC
 
International Cybercrime (Part 2)
International Cybercrime (Part 2)International Cybercrime (Part 2)
International Cybercrime (Part 2)GrittyCC
 
International Cybercrime (Part 3)
International Cybercrime (Part 3)International Cybercrime (Part 3)
International Cybercrime (Part 3)GrittyCC
 
Computer Evidence/Computer Misuse Act 1990 cases
Computer Evidence/Computer Misuse Act 1990 casesComputer Evidence/Computer Misuse Act 1990 cases
Computer Evidence/Computer Misuse Act 1990 casesGrittyCC
 

More from GrittyCC (8)

Copyright Protection
Copyright ProtectionCopyright Protection
Copyright Protection
 
General Data Protection Regulation
General Data Protection RegulationGeneral Data Protection Regulation
General Data Protection Regulation
 
Spam & Phishing
Spam & PhishingSpam & Phishing
Spam & Phishing
 
Passwords
PasswordsPasswords
Passwords
 
International Cybercrime (Part 1)
International Cybercrime (Part 1)International Cybercrime (Part 1)
International Cybercrime (Part 1)
 
International Cybercrime (Part 2)
International Cybercrime (Part 2)International Cybercrime (Part 2)
International Cybercrime (Part 2)
 
International Cybercrime (Part 3)
International Cybercrime (Part 3)International Cybercrime (Part 3)
International Cybercrime (Part 3)
 
Computer Evidence/Computer Misuse Act 1990 cases
Computer Evidence/Computer Misuse Act 1990 casesComputer Evidence/Computer Misuse Act 1990 cases
Computer Evidence/Computer Misuse Act 1990 cases
 

Recently uploaded

Transparency, Recognition and the role of eSealing - Ildiko Mazar and Koen No...
Transparency, Recognition and the role of eSealing - Ildiko Mazar and Koen No...Transparency, Recognition and the role of eSealing - Ildiko Mazar and Koen No...
Transparency, Recognition and the role of eSealing - Ildiko Mazar and Koen No...EADTU
 
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptx
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptxOn_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptx
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptxPooja Bhuva
 
How to setup Pycharm environment for Odoo 17.pptx
How to setup Pycharm environment for Odoo 17.pptxHow to setup Pycharm environment for Odoo 17.pptx
How to setup Pycharm environment for Odoo 17.pptxCeline George
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxRamakrishna Reddy Bijjam
 
Graduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - EnglishGraduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - Englishneillewis46
 
NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...
NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...
NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...Amil baba
 
Play hard learn harder: The Serious Business of Play
Play hard learn harder: The Serious Business of PlayPlay hard learn harder: The Serious Business of Play
Play hard learn harder: The Serious Business of PlayPooky Knightsmith
 
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxHMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxEsquimalt MFRC
 
REMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptxREMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptxDr. Ravikiran H M Gowda
 
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...Pooja Bhuva
 
How to Add a Tool Tip to a Field in Odoo 17
How to Add a Tool Tip to a Field in Odoo 17How to Add a Tool Tip to a Field in Odoo 17
How to Add a Tool Tip to a Field in Odoo 17Celine George
 
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...Nguyen Thanh Tu Collection
 
Model Attribute _rec_name in the Odoo 17
Model Attribute _rec_name in the Odoo 17Model Attribute _rec_name in the Odoo 17
Model Attribute _rec_name in the Odoo 17Celine George
 
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptxHMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptxmarlenawright1
 
What is 3 Way Matching Process in Odoo 17.pptx
What is 3 Way Matching Process in Odoo 17.pptxWhat is 3 Way Matching Process in Odoo 17.pptx
What is 3 Way Matching Process in Odoo 17.pptxCeline George
 
dusjagr & nano talk on open tools for agriculture research and learning
dusjagr & nano talk on open tools for agriculture research and learningdusjagr & nano talk on open tools for agriculture research and learning
dusjagr & nano talk on open tools for agriculture research and learningMarc Dusseiller Dusjagr
 
PANDITA RAMABAI- Indian political thought GENDER.pptx
PANDITA RAMABAI- Indian political thought GENDER.pptxPANDITA RAMABAI- Indian political thought GENDER.pptx
PANDITA RAMABAI- Indian political thought GENDER.pptxakanksha16arora
 
UGC NET Paper 1 Unit 7 DATA INTERPRETATION.pdf
UGC NET Paper 1 Unit 7 DATA INTERPRETATION.pdfUGC NET Paper 1 Unit 7 DATA INTERPRETATION.pdf
UGC NET Paper 1 Unit 7 DATA INTERPRETATION.pdfNirmal Dwivedi
 
Details on CBSE Compartment Exam.pptx1111
Details on CBSE Compartment Exam.pptx1111Details on CBSE Compartment Exam.pptx1111
Details on CBSE Compartment Exam.pptx1111GangaMaiya1
 

Recently uploaded (20)

Transparency, Recognition and the role of eSealing - Ildiko Mazar and Koen No...
Transparency, Recognition and the role of eSealing - Ildiko Mazar and Koen No...Transparency, Recognition and the role of eSealing - Ildiko Mazar and Koen No...
Transparency, Recognition and the role of eSealing - Ildiko Mazar and Koen No...
 
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptx
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptxOn_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptx
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptx
 
VAMOS CUIDAR DO NOSSO PLANETA! .
VAMOS CUIDAR DO NOSSO PLANETA! .VAMOS CUIDAR DO NOSSO PLANETA! .
VAMOS CUIDAR DO NOSSO PLANETA! .
 
How to setup Pycharm environment for Odoo 17.pptx
How to setup Pycharm environment for Odoo 17.pptxHow to setup Pycharm environment for Odoo 17.pptx
How to setup Pycharm environment for Odoo 17.pptx
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docx
 
Graduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - EnglishGraduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - English
 
NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...
NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...
NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...
 
Play hard learn harder: The Serious Business of Play
Play hard learn harder: The Serious Business of PlayPlay hard learn harder: The Serious Business of Play
Play hard learn harder: The Serious Business of Play
 
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxHMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
 
REMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptxREMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptx
 
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
 
How to Add a Tool Tip to a Field in Odoo 17
How to Add a Tool Tip to a Field in Odoo 17How to Add a Tool Tip to a Field in Odoo 17
How to Add a Tool Tip to a Field in Odoo 17
 
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
 
Model Attribute _rec_name in the Odoo 17
Model Attribute _rec_name in the Odoo 17Model Attribute _rec_name in the Odoo 17
Model Attribute _rec_name in the Odoo 17
 
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptxHMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
 
What is 3 Way Matching Process in Odoo 17.pptx
What is 3 Way Matching Process in Odoo 17.pptxWhat is 3 Way Matching Process in Odoo 17.pptx
What is 3 Way Matching Process in Odoo 17.pptx
 
dusjagr & nano talk on open tools for agriculture research and learning
dusjagr & nano talk on open tools for agriculture research and learningdusjagr & nano talk on open tools for agriculture research and learning
dusjagr & nano talk on open tools for agriculture research and learning
 
PANDITA RAMABAI- Indian political thought GENDER.pptx
PANDITA RAMABAI- Indian political thought GENDER.pptxPANDITA RAMABAI- Indian political thought GENDER.pptx
PANDITA RAMABAI- Indian political thought GENDER.pptx
 
UGC NET Paper 1 Unit 7 DATA INTERPRETATION.pdf
UGC NET Paper 1 Unit 7 DATA INTERPRETATION.pdfUGC NET Paper 1 Unit 7 DATA INTERPRETATION.pdf
UGC NET Paper 1 Unit 7 DATA INTERPRETATION.pdf
 
Details on CBSE Compartment Exam.pptx1111
Details on CBSE Compartment Exam.pptx1111Details on CBSE Compartment Exam.pptx1111
Details on CBSE Compartment Exam.pptx1111
 

Virus and Worms

  • 2.  It is a replicating program.  Can produce a copy of itself by attaching itself to another program  For example Software that piggybacks on real programs. Every time MS Word runs, virus runs too. Virus reproduces (by attaching copies of itself to other programs & files)  Typical transmission via:  File Downloads  Infected Disks / USB / Flash drives  Email Attachments What is a Virus
  • 3.  Some Viruses will affect computers as soon as there code is executed.  Others will remain dormant until pre-determined logical circumstances are met. Types & Growth
  • 4.  Design  Virus code developed using a program language or a virus construction kit.  Replication  The virus replicated itself within the target system over a period of time.  Launch  Virus is activated when the user performs a certain action such as running a program.  Detection  A new virus has been identified typically after data corruption, system malfunctioning and damage has taken place.  Incorporation.  Antivirus software developers assemble defence against the virus  Elimination  Antivirus defence is deployed as an update Virus Life Stages
  • 5. • Inflict damage to competitors • Research projects • Prank / Vandalism • Targeted attack of specific company (Stuxnet) • Distribute a political message (Injustice) • Identity theft, Spyware (CoolWebSearch) • Financial Gain • Cryptoviral extortion (Gpcode) – This is a Trojan that encrypts files with certain extensions on local and remote drives and then asks a user to contact its author to buy a decryption solution. Motivations in Virus Creation
  • 6. • Programs taking longer to load • Hard Drive available capacity falling without usage • Drive usage even when unused • Unknown files appearing on your system • Unexpected graphic displays • File name changes • Program size keeps changing • High Memory usage & system slows down Indications of Virus infection
  • 7. • File downloads without verifying the source • Virus infected files sent via mail with the aim of getting the recipient to open the mail and / or execute the virus. • Virus is incorporated onto popular software programs and the infected software is uploaded onto websites intended for software downloads. • Failing to install / update security patches • Failing to use latest versions of antivirus signature files. • Social engineering, where the attacker tricks the end-user to go to an innocent looking webpage containing malware. (Discuss Spear-phishing also) • Compromised legitimate websites • Fake antivirus software Infection methods
  • 8. Types of Virus  Email virus:  Moves around in email messages. Replicates by auto mailing itself to people on victim’s email address book  Worm:  Software that uses computer networks & security holes to replicate itself. Copy of worm scans network for other computer with a specific security hole & replicates there as well…  Trojan horse:  Program that claims to do one thing (e.g. game) `but instead does damage when you run it (e.g. erase hard disk). Do not auto replicate How they spread
  • 9. Some More Types • Encryption Virus • Polymorphic Virus • Metamorphic Virus • File extension Virus • Macro Virus
  • 10. Encryption Virus • Consists of a encrypted copy of the virus • Also contains a decryption module remains consistent • Different Keys used for encryption • Attached decryption module contains the Key to decrypt the virus. • Virus signature keeps changing • Virus scanners must determine the Signature of the decrypting module instead
  • 11. Polymorphic Virus • Modify their code each time they replicate • They change their encryption module on replication. • Virus signature keeps changing • Mutation Engine used by the Virus to change is also used by the antivirus software for detection. • Can be difficult to detect
  • 12. Metamorphic Virus • Virus that rewrite itself • Original algorithm remains intact but the code changes to avoid detection. • Complex to code • Better than Polymorphic at avoiding detection.
  • 13. File extension Virus • Used to trick the end-user into opening what looks to be a valid file • If the end-user file extension view is turned off a file such as BAD.TXT.VBS will be visible as BAD.TXT
  • 14. Macro Virus • Word or similar applications infected with this type of virus. • Typically written in a macro language such as VBA Visual Basic for Applications. • Typically spread via Email • The line between data files and applications becoming blurred. • Files such as Word, Excel, PowerPoint and windows help, PDF files can contain exploit macrocode.
  • 15. Mydoom (Norvarg) Worm/Email Virus:  Infected 250,000 computers in single day in 2004. Windows PCs only.  When users click on email attachment, it runs the virus  Used double extension to fool user (name.txt.exe)  Targeted SCO and Microsoft with HTTP requests from infected hosts.  Distributed Denial of Service (DDOS)  Also floods computers with mass emailing  20% to 30% of all Email traffic at its peak Melissa Macro Virus:  1999. Infects machines with MS Word 97. Propagated by user opening an infected Word doc. Infects Normal.dot & hence all Word files. Virus then creates an email message containing an infected Word doc as attachment. Doc contains references to pornographic web sites.  Virus propagated if macros enabled on the PC Examples of Famous Viruses
  • 16. ILOVEU virus :  May 2000. Comes in an email with “I LOVE YOU” in subject line an attachment. When attachment opened, sends message to everyone in MS Outlook address book.  Also deletes all JPEG, MP3, & certain other files on your hard disk!  Reached 45 million users in one day.  Some large companies had to shut down email completely.  VBS  $15 billion to remove the worm More Famous Viruses
  • 17. Bubble Boy Virus • Not harmful • Worm executes as soon as the message is viewed in the preview pane • Changes user name and company name to “BubbleBoy” • Opens Outlook through ActiveX and mails itself to everyone in the address book
  • 18. Blaster • Worm • August 2003 • Xp & 2000, 2003 server • Opens a remote command shell that listens on TCP port 4444 • sleeps for 20-second intervals and awakens to look for new machines to infect • Worm starts a TCP SYN Flood attack on windowsupdate.com • Mblast.exe
  • 19. THE CONFICKER WORM • One of the most notorious worms that has been unleashed on the internet in recent times • Speculation is that the worm was let loose by one or more government organizations to test its power to propagate • Worm infected a large number of machines around the world • Infected only Windows machines
  • 20. THE CONFICKER WORM • Symptoms – could also lock out certain user accounts – disabled the Automatic Updates feature – impossible for the infected machine to carry out DNS lookup for the hostnames that correspond to anti-virus software vendors – modifications to the Windows registry
  • 21. Infection method • On the older Windows platforms, a machine would be infected with the worm by any machine sending it a specially crafted packet disguised as an RPC (Remote Procedure Call). • On newer Windows platforms, the infecting packet had to be received from a user who could be authenticated by the victim machine • First discovered in October 2008 • The worm infection spread by exploiting a vulnerability in the executable svchost.exe on a Windows machine
  • 22. svchost.exe • The job of the always-running process that executes the svchost.exe file is to facilitate the execution of the dynamically-linkable libraries (DLLs) that the different applications reside in or use. • The Svchost process does by replicating itself for each DLL that needs to be executed. So we could say that any DLL that needs to be executed must “attach” itself to the svchost process • The svchost process checks the services part of the registry to construct a list of services (meaning a list of DLLs) it must load.
  • 23. Infection method • A machine running a pre-patched version of the Windows Server Service svchost.exe could be infected because of a vulnerability with regard to how it handled remote code execution needed by the RPC requests coming in through port 445. • So if a machine allowed for remote code execution in a network perhaps because it made some resources available to clients it would be open to infection through this mechanism. • Once a machine was infected, the worm could drop a copy of itself in the hard disks on the other machines mapped in the previously infected machine (Network Shares) If it needed a password in order to drop a copy of itself at these other locations, the worm came equipped with a list of 240 commonly used passwords. If it succeeded, the worm created a new folder at the root of these other disks where it placed a copy of itself. • The worm could also drop a copy of itself as the autorun.inf file in USB media such as memory sticks. This allowed the worm copy to execute when the drive was accessed (if Autorun was enabled).
  • 24. Detection • The worm prevented an automatic download of the latest virus signatures from the anti-virus software vendors by altering the DNS software on the infected machine. When a machine could not be disinfected through automatic methods, you had to resort to a more manual intervention consisting of downloading the anti-virus tool on a separate clean machine, possibly burning a CD with it, and, finally, installing and running the tool on the infected machine. • Since the worm was capable of resetting the system restore points that rendered this approach impossible for system recovery. • For the next step, as worm instructs the firewall to open a randomly selected high-numbered port to the internet. It then uses this port to reach out to the network in order to infect other machines. In order to succeed with propagation, the worm must become aware of the IP address of the host on which it currently resides. This it accomplishes by reaching out to a web site like http://checkip.dyndns.com
  • 25. Problems it caused • A French Navy computer network, was infected with Conficker on 15 January 2009. The network was subsequently quarantined, forcing aircraft at several airbases to be grounded because their flight plans could not be downloaded • The United Kingdom Ministry of Defence reported that some of its major systems and desktops were infected. The virus had spread across administrative offices, NavyStar/N* desktops aboard various Royal Navy warships and Royal Navy submarines, and hospitals across the city of Sheffield reported infection of over 800 computers.
  • 26. Stuxnet Worm • Discovered in 2010 • The first publicly known intentional act of cyberwarfare to be implemented • Stuxnet reportedly ruined almost one-fifth of Iran's nuclear centrifuges • Stuxnet is typically introduced to the target environment by an infected USB flash drive
  • 27. Spyware:  Collects personal info about users without their consent.  Record personal info through logging keystrokes, recording web browser history, or scanning hard disk docs.  Purposes include criminal intent, advertising, or just to be annoying  Identity theft, stealing credit card numbers, etc Other unwanted software
  • 28. What is Anti-Virus Software?  Program that searches hard drive (& other drives) for any known or potential viruses or malware.  Works in 2 ways:  1. Scan files for viruses contained in virus dictionary (DAT file)  2. Identify suspicious behaviour (e.g. data capture, monitoring) Anti-Virus Software
  • 29. • Very similar products.  For home & home-office use  Enterprise edition for corporate environments  Integrates anti-virus, firewall, & anti-spyware  Performance hits?  Live updates.  Pricing usually based on subscription (1 year).  Get program updates for free, but pay for virus updates! McAfee VirusScan & Norton AntiVirus
  • 30. Virus Protection  Install after Service Packs  Anti-virus software runs as a process  Schedule to run at specific times (e.g. every day)  Specify which disks to scan  Run each time computer boots up?  Config for auto updates (DAT files) from web  Anti-Virus Software:  McAfee, Norton Install/Config Anti-Virus Software