SlideShare a Scribd company logo

Study of Anti-Virus Software Detection Evasion Techniques

Download as PPTX, PDF
P
Pradeepkrajyaguru

It's About the whole study of Anti-virus Software how working in your system.

Technology
1 of 20
To Study Of Anti-Virus Software Prepared By : Pradeep K. Rajyaguru 115030693013 Ankit K. Solanki 115030693041 Guided By: Prof. V.A. Gandhi B.H.Gardi College Of Engg. & Tech. Department of M.C.A.
Topic to be covered • • • • • • • • • • • • • Introduction Malware Threats Type of Viruses Other Malwares Types of Attacks Anti-virus Recent Trends in Malware Threat Model Code Hiding Building Blocks Design Prototype Conclusion and Research
Introduction • Internet is a collection of interconnected computers. People rely on the Internet to communicate, share files, for news, and most importantly for financial transactions. • Recent studies and researches show that a computer connected to the Internet may experience an attack every 39 seconds because of less awareness in people regarding attacks. • The war between virus creators and anti-virus developers started since the birth of the earliest viruses in eighties. • Any anti-virus software must perform three functions: detection, identification and Removal of malicious code. The goal of any virus writer is to design a virus that can evade detection.
Continue... • When Virus found that, an anti-virus program is their biggest enemy they came up with the idea to screw the anti-virus program and paralyze the functions of the anti-virus system. How Anti-virus works
Security in consumer computing • Consumer computers are very attractive to intruders because it’s fairly easy to gain access by number of online resources of hacking. • This enables hacker to use the compromised machine to easily steal secret data such as passwords to bank accounts, credit card numbers and social security numbers. • The compromised machines can also be made a part of a huge botnet that can be used to launch Denial of Service attacks on servers. • Software such as anti-virus solutions and firewalls offer some protection to users against attacks, however, they are not completely effective.The reason for this is that anti-virus relies on virus definitions and known behavioral patterns to identify malicious code.
Malware Threats • Malware is short for "malicious software." Malware is any kind of unwanted software that is installed without your adequate consent. Viruses, worms, and Trojan horses are examples of malicious software that are often grouped together and referred to as malware. • Early days they were designed to cause disruptions but recent days they are designed to stealing secret information such as passwords, credit card numbers and social security numbers for providing some sort of financial gains for their developers.
Types of Virus • Boot Virus:These types of viruses operate by infecting the Master Boot Record (MBR) of a PC. Example, ‘POLYBOOT.B’ • Parasitic viruses/ File Infectors:This type of virus attaches itself onto files or executables, leaving the contents of the file unchanged. • Date viruses/ Logic Bombs/ Time Bomb:These are types of viruses that reside in a machine and get triggered by some event such as a particular date or a day of the week . Example, ‘Sunday’. • Macro Virus:These are programs that take advantage of the macro utilities that are built into programs like Excel and Word. Example, ‘Concept’ for Word 95.
Continue.. • Encrypted Virus:This is a type of virus whose body is encrypted. The virus itself contains the key for decryption and a decryption engine within itself. This method is used to hide the virus from signature detection. Example, ‘Cascade’. • Polymorphic virus:It is same as Encrypted Virus but in addition it also has a mutation engine that creates new encryption schemes for every infection. Example, ‘1260’. • Stealth Virus:This type of virus attempts to hide its presence by hooking onto some system calls. A recent worm called the `Lion' installs a rootkit and then makes various hooks and system modifications to prevent any scanner from capturing its presence.
Other Malware • Trojan Horse:This is a program that enters a machine disguised or embedded inside legitimate software. The Trojan looks harmless or something interesting to a user, but is actually very harmful when executed. • Worms:A computer worm is a standalone malware computer program that replicates itself in order to spread to other computers. Worms almost always cause at least some harm to the network. • Rootkit:Rootkit is term derived from the UNIX term root.It is malicious program that obtains administrator privilege and manipulates other processes in the system.It was designed to give administrator privileges to the attacker.
Types of Attack • • • • • Social Engineering Mass E-Mailers Exploit on Software Vulnerabilities Phishing Pharming
Anti-virus • • • • • Signature detection or Pattern Matching X – Raying Emulation Frequency Analysis Heuristics
Recent trend in Malware • Spam Thru Trojan • Beast Trojan Beast Trojan
Literature Review • Secret Data Protection • Smart cards Common Access Card IBM's PCI Crypto Card SET • HD-DVD Encryption • Distributed software for secret protection • Software based approach for secret management
Code-Hiding • Code Obfuscation • Code hiding by malicious programs • Shadow Walker • SubVirt • Blue Pill • Code Injection Before Infection After Infection
Threat Model • Internet Threat Mode • Shortcomings of ITM • Viral Threat Model Internet Threat Model Threat posed by malware
Building Blocks • Injecting Code in Logon process • Shortcomings • Watch Processes Watch Process to monitor anti-virus • Shortcomings • Install as a Different Process • Shortcomings Query results before camouflaging the anti-virus softwar e Query results after camouflaging the anti-virus softwar e
Design • • • • Installing the Program Starting the Process Execution of the Process Watch Processes • Shut Down Events • Virus Definition Files • Whitelists • Storage of definition file Storing image files
Prototype • Placing start up information in Windows system process • Code Injection • Injecting Libraries • Injecting Code • Overhead and Performance System Overhead
Conclusion and Future Research • In this research, an approach was presented to improve the reliability of the anti-virus process by hiding its presence from other processes on the machine because if malware infect any process of system then no component of a consumer computer can be trusted. • For solving this problem it changes the name of the file and changing the registry entry by installing the process under different name. This helps in working around attacks that scan the registry entries and the file system to identify the anti-virus program. • After this, the process was continuously migrated to different address spaces to avoid detection by any malware. . By moving the code at regular intervals of time, such a snapshot would not be very useful in killing the anti-virus process as it would have migrated to another process space while the results of the snapshot are calculated. After this, multiple watch processes were installed to detect if the anti-virus program is shut down at any point of time.
Study of Anti-Virus Software Detection Evasion Techniques

Recommended

Computer maintenance
Computer maintenanceComputer maintenance
Computer maintenanceDanladi Gambo
 
ICT and end user security awareness slides
ICT and end user security awareness slidesICT and end user security awareness slides
ICT and end user security awareness slidesjubke
 
Basic Computer Troubleshooting
Basic Computer TroubleshootingBasic Computer Troubleshooting
Basic Computer TroubleshootingMeredith Martin
 
How to create windows 10 bootable usb drive from iso using Command Prompt
How to create windows 10 bootable usb drive from iso using Command PromptHow to create windows 10 bootable usb drive from iso using Command Prompt
How to create windows 10 bootable usb drive from iso using Command PromptViney Dhiman
 
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...David Menken
 
Introduction to Computer Virus
Introduction to Computer VirusIntroduction to Computer Virus
Introduction to Computer VirusImtiaz Ahmed
 
Windows movie maker presentation
Windows movie maker presentationWindows movie maker presentation
Windows movie maker presentationmouzak
 
Basic Network And Hardware Troubleshooting
Basic Network And Hardware TroubleshootingBasic Network And Hardware Troubleshooting
Basic Network And Hardware Troubleshootingsl0wupl0ads
 

Recommended

Computer maintenance
Computer maintenanceComputer maintenance
Computer maintenanceDanladi Gambo
 
ICT and end user security awareness slides
ICT and end user security awareness slidesICT and end user security awareness slides
ICT and end user security awareness slidesjubke
 
Basic Computer Troubleshooting
Basic Computer TroubleshootingBasic Computer Troubleshooting
Basic Computer TroubleshootingMeredith Martin
 
How to create windows 10 bootable usb drive from iso using Command Prompt
How to create windows 10 bootable usb drive from iso using Command PromptHow to create windows 10 bootable usb drive from iso using Command Prompt
How to create windows 10 bootable usb drive from iso using Command PromptViney Dhiman
 
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...David Menken
 
Introduction to Computer Virus
Introduction to Computer VirusIntroduction to Computer Virus
Introduction to Computer VirusImtiaz Ahmed
 
Windows movie maker presentation
Windows movie maker presentationWindows movie maker presentation
Windows movie maker presentationmouzak
 
Basic Network And Hardware Troubleshooting
Basic Network And Hardware TroubleshootingBasic Network And Hardware Troubleshooting
Basic Network And Hardware Troubleshootingsl0wupl0ads
 
Information Security Awareness Training by Wilfrid Laurier University
Information Security Awareness Training by Wilfrid Laurier UniversityInformation Security Awareness Training by Wilfrid Laurier University
Information Security Awareness Training by Wilfrid Laurier UniversityAtlantic Training, LLC.
 
IP addressing Grade 10 TLE ICT
IP addressing Grade 10 TLE ICTIP addressing Grade 10 TLE ICT
IP addressing Grade 10 TLE ICTLeonel Rivas
 
Computer hardware troubleshooting
Computer hardware troubleshootingComputer hardware troubleshooting
Computer hardware troubleshootingJerome Luison
 
End-User Security Awareness
End-User Security AwarenessEnd-User Security Awareness
End-User Security AwarenessSurya Bathulapalli
 
How to format a computer windows 7
How to format a computer windows 7How to format a computer windows 7
How to format a computer windows 7Md Aftab
 
Operating system security
Operating system securityOperating system security
Operating system securityRachel Jeewa
 
Computer virus
Computer virusComputer virus
Computer virusMaxie Santos
 
Computer Security and safety
Computer Security and safety Computer Security and safety
Computer Security and safety Sadaf Walliyani
 
IT Security DOs and DON'Ts
IT Security DOs and DON'Ts IT Security DOs and DON'Ts
IT Security DOs and DON'Ts Sophos
 
TYPES OF COMPUTER SYSTEM ERRORS
TYPES OF COMPUTER SYSTEM ERRORSTYPES OF COMPUTER SYSTEM ERRORS
TYPES OF COMPUTER SYSTEM ERRORSPerla Pelicano Corpez
 
Basic computer maintenance
Basic computer maintenanceBasic computer maintenance
Basic computer maintenancegeepatty
 
Computer security and privacy
Computer security and privacyComputer security and privacy
Computer security and privacyeiramespi07
 
Basic Troubleshooting
Basic TroubleshootingBasic Troubleshooting
Basic TroubleshootingAaron Abraham
 
Demonstration lesson-plan-in-ict grade 11
Demonstration lesson-plan-in-ict grade 11Demonstration lesson-plan-in-ict grade 11
Demonstration lesson-plan-in-ict grade 11Luffy Kun
 
Security awareness training - 4 topics that matter most
Security awareness training - 4 topics that matter mostSecurity awareness training - 4 topics that matter most
Security awareness training - 4 topics that matter mostInfosec
 
Computer repair and maintenance
Computer repair and maintenanceComputer repair and maintenance
Computer repair and maintenanceCornelius Micah
 
TLE 10 (ICT): Configuring a Wireless Router
TLE 10 (ICT): Configuring a Wireless RouterTLE 10 (ICT): Configuring a Wireless Router
TLE 10 (ICT): Configuring a Wireless RouterRomne Ryan Portacion
 
SECURITY AND CONTROL
SECURITY AND CONTROLSECURITY AND CONTROL
SECURITY AND CONTROLshinydey
 
Troubleshoot beeping computers
Troubleshoot beeping computersTroubleshoot beeping computers
Troubleshoot beeping computersFrya Lora
 
How to install windows 10
How to install windows 10How to install windows 10
How to install windows 10Annu Ahmed
 
Antivirus
AntivirusAntivirus
Antivirusava & araf co.
 
ANTIVIRUS AND VIRUS Powerpoint presentation
ANTIVIRUS AND VIRUS Powerpoint presentationANTIVIRUS AND VIRUS Powerpoint presentation
ANTIVIRUS AND VIRUS Powerpoint presentationabhijit chintamani
 

More Related Content

What's hot

Information Security Awareness Training by Wilfrid Laurier University
Information Security Awareness Training by Wilfrid Laurier UniversityInformation Security Awareness Training by Wilfrid Laurier University
Information Security Awareness Training by Wilfrid Laurier UniversityAtlantic Training, LLC.
 
IP addressing Grade 10 TLE ICT
IP addressing Grade 10 TLE ICTIP addressing Grade 10 TLE ICT
IP addressing Grade 10 TLE ICTLeonel Rivas
 
Computer hardware troubleshooting
Computer hardware troubleshootingComputer hardware troubleshooting
Computer hardware troubleshootingJerome Luison
 
How to format a computer windows 7
How to format a computer windows 7How to format a computer windows 7
How to format a computer windows 7Md Aftab
 
Operating system security
Operating system securityOperating system security
Operating system securityRachel Jeewa
 
Computer Security and safety
Computer Security and safety Computer Security and safety
Computer Security and safety Sadaf Walliyani
 
IT Security DOs and DON'Ts
IT Security DOs and DON'Ts IT Security DOs and DON'Ts
IT Security DOs and DON'Ts Sophos
 
Basic computer maintenance
Basic computer maintenanceBasic computer maintenance
Basic computer maintenancegeepatty
 
Computer security and privacy
Computer security and privacyComputer security and privacy
Computer security and privacyeiramespi07
 
Basic Troubleshooting
Basic TroubleshootingBasic Troubleshooting
Basic TroubleshootingAaron Abraham
 
Demonstration lesson-plan-in-ict grade 11
Demonstration lesson-plan-in-ict grade 11Demonstration lesson-plan-in-ict grade 11
Demonstration lesson-plan-in-ict grade 11Luffy Kun
 
Security awareness training - 4 topics that matter most
Security awareness training - 4 topics that matter mostSecurity awareness training - 4 topics that matter most
Security awareness training - 4 topics that matter mostInfosec
 
Computer repair and maintenance
Computer repair and maintenanceComputer repair and maintenance
Computer repair and maintenanceCornelius Micah
 
TLE 10 (ICT): Configuring a Wireless Router
TLE 10 (ICT): Configuring a Wireless RouterTLE 10 (ICT): Configuring a Wireless Router
TLE 10 (ICT): Configuring a Wireless RouterRomne Ryan Portacion
 
SECURITY AND CONTROL
SECURITY AND CONTROLSECURITY AND CONTROL
SECURITY AND CONTROLshinydey
 
Troubleshoot beeping computers
Troubleshoot beeping computersTroubleshoot beeping computers
Troubleshoot beeping computersFrya Lora
 
How to install windows 10
How to install windows 10How to install windows 10
How to install windows 10Annu Ahmed
 

What's hot (20)

Information Security Awareness Training by Wilfrid Laurier University
Information Security Awareness Training by Wilfrid Laurier UniversityInformation Security Awareness Training by Wilfrid Laurier University
Information Security Awareness Training by Wilfrid Laurier University
 
IP addressing Grade 10 TLE ICT
IP addressing Grade 10 TLE ICTIP addressing Grade 10 TLE ICT
IP addressing Grade 10 TLE ICT
 
Computer hardware troubleshooting
Computer hardware troubleshootingComputer hardware troubleshooting
Computer hardware troubleshooting
 
End-User Security Awareness
End-User Security AwarenessEnd-User Security Awareness
End-User Security Awareness
 
How to format a computer windows 7
How to format a computer windows 7How to format a computer windows 7
How to format a computer windows 7
 
Operating system security
Operating system securityOperating system security
Operating system security
 
Computer virus
Computer virusComputer virus
Computer virus
 
Computer Security and safety
Computer Security and safety Computer Security and safety
Computer Security and safety
 
IT Security DOs and DON'Ts
IT Security DOs and DON'Ts IT Security DOs and DON'Ts
IT Security DOs and DON'Ts
 
TYPES OF COMPUTER SYSTEM ERRORS
TYPES OF COMPUTER SYSTEM ERRORSTYPES OF COMPUTER SYSTEM ERRORS
TYPES OF COMPUTER SYSTEM ERRORS
 
Basic computer maintenance
Basic computer maintenanceBasic computer maintenance
Basic computer maintenance
 
Computer security and privacy
Computer security and privacyComputer security and privacy
Computer security and privacy
 
Basic Troubleshooting
Basic TroubleshootingBasic Troubleshooting
Basic Troubleshooting
 
Demonstration lesson-plan-in-ict grade 11
Demonstration lesson-plan-in-ict grade 11Demonstration lesson-plan-in-ict grade 11
Demonstration lesson-plan-in-ict grade 11
 
Security awareness training - 4 topics that matter most
Security awareness training - 4 topics that matter mostSecurity awareness training - 4 topics that matter most
Security awareness training - 4 topics that matter most
 
Computer repair and maintenance
Computer repair and maintenanceComputer repair and maintenance
Computer repair and maintenance
 
TLE 10 (ICT): Configuring a Wireless Router
TLE 10 (ICT): Configuring a Wireless RouterTLE 10 (ICT): Configuring a Wireless Router
TLE 10 (ICT): Configuring a Wireless Router
 
SECURITY AND CONTROL
SECURITY AND CONTROLSECURITY AND CONTROL
SECURITY AND CONTROL
 
Troubleshoot beeping computers
Troubleshoot beeping computersTroubleshoot beeping computers
Troubleshoot beeping computers
 
How to install windows 10
How to install windows 10How to install windows 10
How to install windows 10
 

Viewers also liked

ANTIVIRUS AND VIRUS Powerpoint presentation
ANTIVIRUS AND VIRUS Powerpoint presentationANTIVIRUS AND VIRUS Powerpoint presentation
ANTIVIRUS AND VIRUS Powerpoint presentationabhijit chintamani
 
Computer virus (Microsoft Powerpoint)
Computer virus (Microsoft Powerpoint)Computer virus (Microsoft Powerpoint)
Computer virus (Microsoft Powerpoint)ainizbahari97
 
Computer Virus powerpoint presentation
Computer Virus powerpoint presentationComputer Virus powerpoint presentation
Computer Virus powerpoint presentationshohrabkhan
 
What Is An Antivirus Software?
What Is An Antivirus Software?What Is An Antivirus Software?
What Is An Antivirus Software?culltdueet65
 
Antivirus - Virus detection and removal methods
Antivirus - Virus detection and removal methodsAntivirus - Virus detection and removal methods
Antivirus - Virus detection and removal methodsSomanath Kavalase
 
Computer viruses and antiviruses PPT
Computer viruses and antiviruses PPTComputer viruses and antiviruses PPT
Computer viruses and antiviruses PPTEva Harshita
 
Anti-virus Mechanisms and Various Ways to Bypass Antivirus detection
Anti-virus Mechanisms and Various Ways to Bypass Antivirus detectionAnti-virus Mechanisms and Various Ways to Bypass Antivirus detection
Anti-virus Mechanisms and Various Ways to Bypass Antivirus detectionNeel Pathak
 
Virus and antivirus final ppt
Virus and antivirus final pptVirus and antivirus final ppt
Virus and antivirus final pptaritradutta22
 
Virus y-antivirus
Virus y-antivirusVirus y-antivirus
Virus y-antivirusMayra Sole
 
ppt on antivirus and computer virus
ppt on antivirus and computer virusppt on antivirus and computer virus
ppt on antivirus and computer virusNaveen Goyal
 
AntiVirus Evasion Techniques Use of Crypters 2k14 at MundoHackerDay
AntiVirus Evasion Techniques Use of Crypters 2k14 at MundoHackerDayAntiVirus Evasion Techniques Use of Crypters 2k14 at MundoHackerDay
AntiVirus Evasion Techniques Use of Crypters 2k14 at MundoHackerDayINCIDE
 

Viewers also liked (20)

Antivirus
AntivirusAntivirus
Antivirus
 
ANTIVIRUS AND VIRUS Powerpoint presentation
ANTIVIRUS AND VIRUS Powerpoint presentationANTIVIRUS AND VIRUS Powerpoint presentation
ANTIVIRUS AND VIRUS Powerpoint presentation
 
Antivirus PPt
Antivirus PPtAntivirus PPt
Antivirus PPt
 
Antivirus software
Antivirus softwareAntivirus software
Antivirus software
 
Computer virus (Microsoft Powerpoint)
Computer virus (Microsoft Powerpoint)Computer virus (Microsoft Powerpoint)
Computer virus (Microsoft Powerpoint)
 
Computer Virus powerpoint presentation
Computer Virus powerpoint presentationComputer Virus powerpoint presentation
Computer Virus powerpoint presentation
 
Anti Virus Software
Anti Virus SoftwareAnti Virus Software
Anti Virus Software
 
What Is An Antivirus Software?
What Is An Antivirus Software?What Is An Antivirus Software?
What Is An Antivirus Software?
 
Virus & Antivirus
Virus & AntivirusVirus & Antivirus
Virus & Antivirus
 
Antivirus - Virus detection and removal methods
Antivirus - Virus detection and removal methodsAntivirus - Virus detection and removal methods
Antivirus - Virus detection and removal methods
 
Computer viruses and antiviruses PPT
Computer viruses and antiviruses PPTComputer viruses and antiviruses PPT
Computer viruses and antiviruses PPT
 
Anti-virus Mechanisms and Various Ways to Bypass Antivirus detection
Anti-virus Mechanisms and Various Ways to Bypass Antivirus detectionAnti-virus Mechanisms and Various Ways to Bypass Antivirus detection
Anti-virus Mechanisms and Various Ways to Bypass Antivirus detection
 
Antivirus ppt
Antivirus pptAntivirus ppt
Antivirus ppt
 
Types of Virus & Anti-virus
Types of Virus & Anti-virusTypes of Virus & Anti-virus
Types of Virus & Anti-virus
 
Virus and antivirus final ppt
Virus and antivirus final pptVirus and antivirus final ppt
Virus and antivirus final ppt
 
Anti virus
Anti virusAnti virus
Anti virus
 
Virus y-antivirus
Virus y-antivirusVirus y-antivirus
Virus y-antivirus
 
ppt on antivirus and computer virus
ppt on antivirus and computer virusppt on antivirus and computer virus
ppt on antivirus and computer virus
 
Anti-Virus Evasion Techniques and Countermeasures
Anti-Virus Evasion Techniques and CountermeasuresAnti-Virus Evasion Techniques and Countermeasures
Anti-Virus Evasion Techniques and Countermeasures
 
AntiVirus Evasion Techniques Use of Crypters 2k14 at MundoHackerDay
AntiVirus Evasion Techniques Use of Crypters 2k14 at MundoHackerDayAntiVirus Evasion Techniques Use of Crypters 2k14 at MundoHackerDay
AntiVirus Evasion Techniques Use of Crypters 2k14 at MundoHackerDay
 

Similar to Study of Anti-Virus Software Detection Evasion Techniques

Virus and its CounterMeasures -- Pruthvi Monarch
Virus and its CounterMeasures -- Pruthvi Monarch Virus and its CounterMeasures -- Pruthvi Monarch
Virus and its CounterMeasures -- Pruthvi Monarch Pruthvi Monarch
 
Virus and malware presentation
Virus and malware presentationVirus and malware presentation
Virus and malware presentationAmjad Bhutto
 
Computervirus 110705112128-phpapp02
Computervirus 110705112128-phpapp02Computervirus 110705112128-phpapp02
Computervirus 110705112128-phpapp02hiiraa
 
6unit1 virus and their types
6unit1 virus and their types6unit1 virus and their types
6unit1 virus and their typesNeha Kurale
 
(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious Code(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious CodeSatria Ady Pradana
 
Malicious software and software security
Malicious software and software securityMalicious software and software security
Malicious software and software securityG Prachi
 
Malware ppt final.pptx
Malware ppt final.pptxMalware ppt final.pptx
Malware ppt final.pptxLakshayNRReddy
 
CH1- Introduction to malware analysis-v2.pdf
CH1- Introduction to malware analysis-v2.pdfCH1- Introduction to malware analysis-v2.pdf
CH1- Introduction to malware analysis-v2.pdfWajdiElhamzi3
 

Similar to Study of Anti-Virus Software Detection Evasion Techniques (20)

ETHICAL HACKING
ETHICAL HACKINGETHICAL HACKING
ETHICAL HACKING
 
Virus and its CounterMeasures -- Pruthvi Monarch
Virus and its CounterMeasures -- Pruthvi Monarch Virus and its CounterMeasures -- Pruthvi Monarch
Virus and its CounterMeasures -- Pruthvi Monarch
 
Malicious
MaliciousMalicious
Malicious
 
Virus and malware presentation
Virus and malware presentationVirus and malware presentation
Virus and malware presentation
 
Computervirus 110705112128-phpapp02
Computervirus 110705112128-phpapp02Computervirus 110705112128-phpapp02
Computervirus 110705112128-phpapp02
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
 
Computer Virus
Computer VirusComputer Virus
Computer Virus
 
Thur Venture
Thur VentureThur Venture
Thur Venture
 
Venture name Basics
Venture name BasicsVenture name Basics
Venture name Basics
 
Venture name Basics
Venture name BasicsVenture name Basics
Venture name Basics
 
Regression
RegressionRegression
Regression
 
Sangeetha Venture
Sangeetha VentureSangeetha Venture
Sangeetha Venture
 
Viruses andthreats@dharmesh
Viruses andthreats@dharmeshViruses andthreats@dharmesh
Viruses andthreats@dharmesh
 
6unit1 virus and their types
6unit1 virus and their types6unit1 virus and their types
6unit1 virus and their types
 
(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious Code(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious Code
 
Malicious software and software security
Malicious software and software securityMalicious software and software security
Malicious software and software security
 
Malware ppt final.pptx
Malware ppt final.pptxMalware ppt final.pptx
Malware ppt final.pptx
 
CH1- Introduction to malware analysis-v2.pdf
CH1- Introduction to malware analysis-v2.pdfCH1- Introduction to malware analysis-v2.pdf
CH1- Introduction to malware analysis-v2.pdf
 
Virusppt
ViruspptVirusppt
Virusppt
 
Botnets Attacks.pptx
Botnets Attacks.pptxBotnets Attacks.pptx
Botnets Attacks.pptx
 

Recently uploaded

GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 

Recently uploaded (20)

GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 

Study of Anti-Virus Software Detection Evasion Techniques

  • 1. To Study Of Anti-Virus Software Prepared By : Pradeep K. Rajyaguru 115030693013 Ankit K. Solanki 115030693041 Guided By: Prof. V.A. Gandhi B.H.Gardi College Of Engg. & Tech. Department of M.C.A.
  • 2. Topic to be covered • • • • • • • • • • • • • Introduction Malware Threats Type of Viruses Other Malwares Types of Attacks Anti-virus Recent Trends in Malware Threat Model Code Hiding Building Blocks Design Prototype Conclusion and Research
  • 3. Introduction • Internet is a collection of interconnected computers. People rely on the Internet to communicate, share files, for news, and most importantly for financial transactions. • Recent studies and researches show that a computer connected to the Internet may experience an attack every 39 seconds because of less awareness in people regarding attacks. • The war between virus creators and anti-virus developers started since the birth of the earliest viruses in eighties. • Any anti-virus software must perform three functions: detection, identification and Removal of malicious code. The goal of any virus writer is to design a virus that can evade detection.
  • 4. Continue... • When Virus found that, an anti-virus program is their biggest enemy they came up with the idea to screw the anti-virus program and paralyze the functions of the anti-virus system. How Anti-virus works
  • 5. Security in consumer computing • Consumer computers are very attractive to intruders because it’s fairly easy to gain access by number of online resources of hacking. • This enables hacker to use the compromised machine to easily steal secret data such as passwords to bank accounts, credit card numbers and social security numbers. • The compromised machines can also be made a part of a huge botnet that can be used to launch Denial of Service attacks on servers. • Software such as anti-virus solutions and firewalls offer some protection to users against attacks, however, they are not completely effective.The reason for this is that anti-virus relies on virus definitions and known behavioral patterns to identify malicious code.
  • 6. Malware Threats • Malware is short for "malicious software." Malware is any kind of unwanted software that is installed without your adequate consent. Viruses, worms, and Trojan horses are examples of malicious software that are often grouped together and referred to as malware. • Early days they were designed to cause disruptions but recent days they are designed to stealing secret information such as passwords, credit card numbers and social security numbers for providing some sort of financial gains for their developers.
  • 7. Types of Virus • Boot Virus:These types of viruses operate by infecting the Master Boot Record (MBR) of a PC. Example, ‘POLYBOOT.B’ • Parasitic viruses/ File Infectors:This type of virus attaches itself onto files or executables, leaving the contents of the file unchanged. • Date viruses/ Logic Bombs/ Time Bomb:These are types of viruses that reside in a machine and get triggered by some event such as a particular date or a day of the week . Example, ‘Sunday’. • Macro Virus:These are programs that take advantage of the macro utilities that are built into programs like Excel and Word. Example, ‘Concept’ for Word 95.
  • 8. Continue.. • Encrypted Virus:This is a type of virus whose body is encrypted. The virus itself contains the key for decryption and a decryption engine within itself. This method is used to hide the virus from signature detection. Example, ‘Cascade’. • Polymorphic virus:It is same as Encrypted Virus but in addition it also has a mutation engine that creates new encryption schemes for every infection. Example, ‘1260’. • Stealth Virus:This type of virus attempts to hide its presence by hooking onto some system calls. A recent worm called the `Lion' installs a rootkit and then makes various hooks and system modifications to prevent any scanner from capturing its presence.
  • 9. Other Malware • Trojan Horse:This is a program that enters a machine disguised or embedded inside legitimate software. The Trojan looks harmless or something interesting to a user, but is actually very harmful when executed. • Worms:A computer worm is a standalone malware computer program that replicates itself in order to spread to other computers. Worms almost always cause at least some harm to the network. • Rootkit:Rootkit is term derived from the UNIX term root.It is malicious program that obtains administrator privilege and manipulates other processes in the system.It was designed to give administrator privileges to the attacker.
  • 10. Types of Attack • • • • • Social Engineering Mass E-Mailers Exploit on Software Vulnerabilities Phishing Pharming
  • 11. Anti-virus • • • • • Signature detection or Pattern Matching X – Raying Emulation Frequency Analysis Heuristics
  • 12. Recent trend in Malware • Spam Thru Trojan • Beast Trojan Beast Trojan
  • 13. Literature Review • Secret Data Protection • Smart cards Common Access Card IBM's PCI Crypto Card SET • HD-DVD Encryption • Distributed software for secret protection • Software based approach for secret management
  • 14. Code-Hiding • Code Obfuscation • Code hiding by malicious programs • Shadow Walker • SubVirt • Blue Pill • Code Injection Before Infection After Infection
  • 15. Threat Model • Internet Threat Mode • Shortcomings of ITM • Viral Threat Model Internet Threat Model Threat posed by malware
  • 16. Building Blocks • Injecting Code in Logon process • Shortcomings • Watch Processes Watch Process to monitor anti-virus • Shortcomings • Install as a Different Process • Shortcomings Query results before camouflaging the anti-virus softwar e Query results after camouflaging the anti-virus softwar e
  • 17. Design • • • • Installing the Program Starting the Process Execution of the Process Watch Processes • Shut Down Events • Virus Definition Files • Whitelists • Storage of definition file Storing image files
  • 18. Prototype • Placing start up information in Windows system process • Code Injection • Injecting Libraries • Injecting Code • Overhead and Performance System Overhead
  • 19. Conclusion and Future Research • In this research, an approach was presented to improve the reliability of the anti-virus process by hiding its presence from other processes on the machine because if malware infect any process of system then no component of a consumer computer can be trusted. • For solving this problem it changes the name of the file and changing the registry entry by installing the process under different name. This helps in working around attacks that scan the registry entries and the file system to identify the anti-virus program. • After this, the process was continuously migrated to different address spaces to avoid detection by any malware. . By moving the code at regular intervals of time, such a snapshot would not be very useful in killing the anti-virus process as it would have migrated to another process space while the results of the snapshot are calculated. After this, multiple watch processes were installed to detect if the anti-virus program is shut down at any point of time.