SlideShare a Scribd company logo

INSERVICE COURSE FOR PGT COMPUTER SCIENCE ON COMPUTER VIRUSES

Download as PPTX, PDF
Dipayan Sarkar
Dipayan Sarkar

This document provides an overview of an in-service computer science course for postgraduate teachers (PGT) held at Kendriya Vidyalaya Gachibowli in Hyderabad. It includes a demo lesson on computer viruses presented by B.S. Kalyan Chakravathy from Kendriya Vidyalaya Guntur. The document then provides detailed information about computer viruses including their history, operations, infection methods, stealth strategies, and countermeasures like antivirus software.

Education
1 of 38
INSERVICE COURSE FOR PGT COMPUTER SCIENCE 2016-17 Venue : KENDRIYA VIDYALAYA GACHIBOWLI,HYDERABAD-32 DEMO LESSON BY :- B S KALYAN CHAKRAVATHY, PGT-COMP, KV GUNTUR, SHIFT-1 HYDRABAD REGION Original source from Wikipedia
A piece of code which is capable of copying itself and typically has a detrimental effect, such as corrupting the system or destroying data. COMPUTER VIRUS
Virus - History  1949 Theories for self-replicating programs are first developed.  1981 Apple Viruses 1, 2, and 3 are some of the first viruses “in the wild,” or in the public domain. Found on the Apple II operating system, the viruses spread through Texas A&M via pirated computer games.  1983 Fred Cohen, while working on his dissertation, formally defines a computer virus as “a computer program that can affect other computer programs by modifying them in such a way as to include a (possibly evolved) copy of itself.”
Virus - History  1986 Two programmers named Basit and Amjad replace the executable code in the boot sector of a floppy disk with their own code designed to infect each 360kb floppy accessed on any drive. Infected floppies had “© Brain” for a volume label.  1987 The Lehigh virus, one of the first file viruses, infects command.com files.  1988 One of the most common viruses, Jerusalem, is unleashed. Activated every Friday the 13th, the virus affects both .exe and .com files and deletes any programs run on that day. MacMag and the Scores virus cause the first major Macintosh outbreaks. .....
Vulnerabilities & Infection Vector  Software bugs: Because software is often designed with security features to prevent unauthorized use of system resources, many viruses must exploit and manipulate security bug in a system or application software to spread and infect. Software development strategies that produce large numbers of bugs will generally also produce potential exploit.
Vulnerabilities & Infection Vector  Social engineering and poor security practices : In order to replicate itself, a virus must be permitted to execute code and write to memory. For this reason, many viruses attach themselves to executable files that may be part of legitimate programs. If a user attempts to launch an infected program, the virus' code may be executed simultaneously.
Operations & functions of a virus  Virus parts A viable computer virus must contain a search routine, which locates new files or new disks which are worthwhile targets for infection. Secondly, every computer virus must contain a routine to copy itself into the program which the search routine locates.  The three main virus parts are:  Infection mechanism : Infection mechanism (also called 'infection vector'), is how the virus spreads or propagates, a virus has a search routine, which locates new files or new disks for infection.
Operations & functions of a virus  Trigger : Trigger which is also known as logic bomb is the compiled version that could be activated any time an executable with the virus is run that determines the event or condition for the payload to be activated or delivered such as a particular date, a particular time, particular presence of another program, capacity of the disk exceeding some limit, or a double-click that opens a particular file.  Payload : The payload is the actual body or data that perform the actual purpose of the virus. Payload activity might be noticeable, as most of the time it is the harmful activity, or some times non-destructive but distributive, which is called Virus hoax.
Virus Phases  Virus phases is the life cycle of the computer virus, it can be divided into 4 phases:  Dormant Phase The virus is idle. The virus will eventually be activated by the trigger which states which event will execute the virus, such as a date, the presence of another program or file, or the capacity of the disk exceeding some limit. Not all viruses have this stage.  Propagation Phase The virus starts propagating, that is multiplying itself. The virus places a copy of itself into other programs or into certain system areas on the disk. The copy may not be identical to the propagating version; viruses often morph to evade detection. Each infected program will now contain a clone of the virus, which will itself enter a propagation phase.
Virus phases  Triggering Phase A Dormant virus moves into this phase when it gets activated, it will now perform the function for which it was intended. The triggering phase can be caused by a variety of system events, including a count of the number of times that this copy of the virus has made copies of itself.  Execution Phase This is the actual work of the virus, where the payload will be released. It can be destructive such as deleting files on disk or harmless such as popping messages on screen.
Infection targets and replication techniques  Computer viruses infect a variety of different subsystems on their hosts. One manner of classifying viruses is to analyse whether they reside in binary executable (such as.EXE or .COM files), data files (such as Microsoft Word documents or PDF files), or in the boot sector of the host's hard drive (or some combination of all of these).  Resident vs. non-resident viruses  A memory-resident virus (or simply "resident virus") installs itself as part of the operating system when executed, after which it remains in RAM from the time the computer is booted up to when it is shut down.  Resident viruses overwrite interrupt handling code or other functions, and when the operating system attempts to access the target file or disk sector, the virus code intercepts the request and redirects the control flow to the replication module, infecting the target.  In contrast, a non-memory-resident virus (or "non-resident virus"), when executed, scans the disk for targets, infects them, and then exits (i.e. it does not remain in memory after it is done executing).
Infection targets and replication techniques  Macro viruses Many common applications, such as Microsoft Outlook and Microsoft Word, allow macro programs to be embedded in documents or emails, so that the programs may be run automatically when the document is opened. A macro virus (or "document virus") is a virus that is written in a macro language, and embedded into these documents so that when users open the file, the virus code is executed, and can infect the user's computer. This is one of the reasons that it is dangerous to open unexpected attachments in e-mails.  Boot sector viruses Boot sector viruses specifically target the boot sector/Master Boot Record(MBR) of the host's hard drive or removable storage media (flash drives, floppy disks, etc.).
Stealth Strategies  In order to avoid detection by users, some viruses employ different kinds of deception. Some old viruses, especially on the MS-DOS platform, make sure that the "last modified" date of a host file stays the same when the file is infected by the virus.  This approach does not fool antivirus software, however, especially those which maintain and date cyclic redundancy checks on file changes.  Some viruses can infect files without increasing their sizes or damaging the files. They accomplish this by overwriting unused areas of executable files. These are called cavity viruses.  For example, the CIH virus, or Chernobyl Virus, infects Portable Executable files. Because those files have many empty gaps, the virus, which was 1 KB in length, did not add to the size of the file.
Stealth Strategies  Some viruses try to avoid detection by killing the tasks associated with antivirus software before it can detect them (for example, Conficker).  As computers and operating systems grow larger and more complex, old hiding techniques need to be updated or replaced. Defending a computer against viruses may demand that a file system migrate towards detailed and explicit permission for every kind of file access.
Stealth Strategies  Read request intercepts While some antivirus software employ various techniques to counter stealth mechanisms, once the infection occurs any recourse to clean the system is unreliable. In Microsoft Windows operating systems, the NTFS file system is proprietary. This leaves antivirus software little alternative but to send a read request to Windows OS files that handle such requests. Some viruses trick antivirus software by intercepting its requests to the OS. A virus can hide itself by intercepting the request to read the infected file, handling the request itself, and return an uninfected version of the file to the antivirus software. The interception can occur by code injection of the actual operating system files that would handle the read request. Thus, an antivirus software attempting to detect the virus will either not be given permission to read the infected file, or, the read request will be served with the uninfected version of the same file.
Stealth Strategies  The only reliable method to avoid stealth is to boot from a medium that is known to be clean. Security software can then be used to check the dormant operating system files. Most security software relies on virus signatures, or they employ heuristics.  Security software may also use a database of file hashes for Windows OS files, so the security software can identify altered files, and request Windows installation media to replace them with authentic versions.  In older versions of Windows, file hashes of Windows OS files stored in Windows—to allow file integrity/authenticity to be checked—could be overwritten so that the System File Checker would report that altered system files are authentic, so using file hashes to scan for altered files would not always guarantee finding an infection.
Stealth Strategies  Self-modification  Most modern antivirus programs try to find virus-patterns inside ordinary programs by scanning them for so-called virus signatures.  Unfortunately, the term is misleading, in that viruses do not possess unique signatures in the way that human beings do. Such a virus signature is merely a sequence of bytes that an antivirus program looks for because it is known to be part of the virus.  A better term would be "search strings". If a virus scanner finds such a pattern in a file, it will perform other checks to make sure that it has found the virus, and not merely a coincidental sequence in an innocent file, before it notifies the user that the file is infected. The user can then delete, or (in some cases) "clean" or "heal" the infected file.. That is, each infected file contains a different variant of the virus.
Stealth Strategies  Encrypted viruses  One method of evading signature detection is to use simple encryption to encipher the body of the virus, leaving only the encryption module and a static cryptographic key in clear text which doesn't change from one infection to the next. In this case, the virus consists of a small decrypting module and an encrypted copy of the virus code.  If the virus is encrypted with a different key for each infected file, the only part of the virus that remains constant is the decrypting module, which would (for example) be appended to the end. In this case, a virus scanner cannot directly detect the virus using signatures, but it can still detect the decrypting module, which still makes indirect detection of the virus possible.  Since these would be symmetric keys, stored on the infected host, it is in fact entirely possible to decrypt the final virus, but this is probably not required, since self-modifying code is such a rarity that it may be reason for virus scanners to at least flag the file as suspicious.
Stealth Strategies  An old but compact way will be the use of arithmetic operation like addition or subtraction and the use of logical conditions such as XORing , where each byte in a virus is with a constant, so that the exclusive-or operation had only to be repeated for decryption. It is suspicious for a code to modify itself, so the code to do the encryption/decryption may be part of the signature in many virus definitions. An simpler older approach did not use a key, where the encryption consisted only of operations with no parameters, like incrementing and decrementing, bitwise rotation, arithmetic negation, and logical NOT.  Some viruses will employ a means of encryption inside an executable in which the virus is encrypted under certain events, such as the virus scanner being disabled for updates or the computer being rebooted. This is called Cryptovirology. At said times, the executable will decrypt the virus and execute its hidden runtimes infecting the computer and sometimes disabling the antivirus software.
Stealth Strategies  Polymorphic code  Polymorphic code was the first technique that posed a serious threat to virus scanners. Just like regular encrypted viruses, a polymorphic virus infects files with an encrypted copy of itself, which is decoded by a decryption module.  In the case of polymorphic viruses, however, this decryption module is also modified on each infection. A well-written polymorphic virus therefore has no parts which remain identical between infections, making it very difficult to detect directly using signatures. Antivirus software can detect it by decrypting the viruses using an emulator, or by statistical pattern analysis of the encrypted virus body.  To enable polymorphic code, the virus has to have a polymorphic engine(also called mutating engine or mutation engine) somewhere in its encrypted body. See polymorphic code for technical detail on how such engines operate.
Stealth Strategies  Some viruses employ polymorphic code in a way that constrains the mutation rate of the virus significantly.  For example, a virus can be programmed to mutate only slightly over time, or it can be programmed to refrain from mutating when it infects a file on a computer that already contains copies of the virus. The advantage of using such slow polymorphic code is that it makes it more difficult for antivirus professionals to obtain representative samples of the virus, because bait files that are infected in one run will typically contain identical or similar samples of the virus.  This will make it more likely that the detection by the virus scanner will be unreliable, and that some instances of the virus may be able to avoid detection.  There has also been virus called undetectable virus (proposed in Yongge Wang ). Undetectable virus is one kind of polymorphic virus that is static signature-free and whose dynamic signatures are hard to determine unless some cryptographic assumption fails.
Stealth Strategies  Metamorphic code  To avoid being detected by emulation, some viruses rewrite themselves completely each time they are to infect new executable. Viruses that utilize this technique are said to be metamorphic. To enable metamorphism, a metamorphic engine is needed. A metamorphic virus is usually very large and complex. For example, W32/Simile consisted of over 14,000 lines of assembly language code, 90% of which is part of the metamorphic engine.
Countermeasures  Antivirus software Many users install antivirus software that can detect and eliminate known viruses when the computer attempts to download or run the executable (which may be distributed as an email attachment, or on USB flash drives, for example). Some antivirus software blocks known malicious web sites that attempt to install malware. Antivirus software does not change the underlying capability of hosts to transmit viruses. Users must update their software regularly to patch security vulnerabilities ("holes"). Antivirus software also needs to be regularly updated in order to recognize the latest threats. The German AV-TEST Institute publishes evaluations of antivirus software for Windows and Android.
Countermeasures There are two common methods that an antivirus software application uses to detect viruses, as described in the antivirus software article. The first, and by far the most common method of virus detection is using a list of virus signature definitions. This works by examining the content of the computer's memory (its RAM, and boot sectors) and the files stored on fixed or removable drives (hard drives, floppy drives, or USB flash drives), and comparing those files against a database of known virus "signatures". Virus signatures are just strings of code that are used to identify individual viruses; for each virus, the antivirus designer tries to choose a unique signature string that will not be found in a legitimate program. Different antivirus programs use different "signatures" to identify viruses.
Countermeasures The disadvantage of this detection method is that users are only protected from viruses that are detected by signatures in their most recent virus definition update, and not protected from new viruses (see "zero-day attack"). A second method to find viruses is to use a heuristic algorithm based on common virus behaviours. This method has the ability to detect new viruses for which antivirus security firms have yet to define a "signature", but it also gives rise to more false positives than using signatures. False positives can be disruptive, especially in a commercial environment.
Countermeasures Recovery strategies and methods One may reduce the damage done by viruses by making regular backups of data (and the operating systems) on different media, that are either kept unconnected to the system (most of the time), read-only or not accessible for other reasons, such as using different file systems. This way, if data is lost through a virus, one can start again using the backup (which will hopefully be recent). If a backup session on optical media like CD and DVD is closed, it becomes read-only and can no longer be affected by a virus (so long as a virus or infected file was not copied onto the CD/DVD). Likewise, an operating system on a bootable CD can be used to start the computer if the installed operating systems become unusable. Backups on removable media must be carefully inspected before restoration. The Gammima virus, for example, propagates via removable flash drives.
Countermeasures Virus removal Many websites run by antivirus software companies provide free online virus scanning, with limited cleaning facilities (the purpose of the sites is to sell antivirus products). Some websites—like Google subsidiary VirusTotal.com—allow users to upload one or more suspicious files to be scanned and checked by one or more antivirus programs in one operation. Additionally, several capable antivirus software programs are available for free download from the Internet (usually restricted to non-commercial use).Microsoft offers an optional free antivirus utility called Microsoft Security Essentials, a Windows Malicious Software Removal Tool that is updated as part of the regular Windows update regime, and an older optional anti- malware (malware removal) tool Windows Defender that has been upgraded to an antivirus product in Windows 8.
Countermeasures Some viruses disable System Restore and other important Windows tools such as Task Manager and CMD. An example of a virus that does this is CiaDoor. Many such viruses can be removed by rebooting the computer, entering Windows safe mode with networking, and then using system tools or Microsoft Safety Scanner. System Restore on Windows Me, Window XP, Windows Vista and Windows 7 can restore the registry and critical system files to a previous checkpoint. Often a virus will cause a system to hang, and a subsequent hard reboot will render a system restore point from the same day corrupt. Restore points from previous days should work provided the virus is not designed to corrupt the restore files and does not exist in previous restore points.
Countermeasures  Operating system reinstallation Microsoft's System File Checker (improved in Windows 7 and later) can be used to check for, and repair, corrupted system files. Restoring an earlier "clean" (virus-free) copy of the entire partition from a cloned disk, a disk image, or a backup copy is one solution—restoring an earlier backup disk image is relatively simple to do, usually removes any malware, and may be faster than disinfecting the computer—or reinstalling and reconfiguring the operating system and programs from scratch, as described below, then restoring user preferences.
Countermeasures  Reinstalling the operating system is another approach to virus removal.  It may be possible to recover copies of essential user data by booting from a live CD, or connecting the hard drive to another computer and booting from the second computer's operating system, taking great care not to infect that computer by executing any infected programs on the original drive.  The original hard drive can then be reformatted and the OS and all programs installed from original media. Once the system has been restored, precautions must be taken to avoid reinfection from any restored executable files.
Computer worm  A computer worm is a standalone computer program that replicates itself in order to spread to other computers. Often, it uses a computer network to spread itself, relying on security failures on the target computer to access it. Unlike a computer virus, it does not need to attach itself to an existing program.  Worms almost always cause at least some harm to the network, even if only by consuming bandwidth, whereas viruses almost always corrupt or modify files on a targeted computer.
Worm - History  On November 2, 1988, Robert Tappan Morris, a Cornell University computer science graduate student, unleashed what became known as the Morris worm, disrupting a large number of computers then on the Internet, guessed at the time to be one tenth of all those connected.  During the Morris appeal process, the U.S. Court of Appeals estimated the cost of removing the virus from each installation was in the range of $200–53,000, and prompting the formation of the CERT Coordination Centre and Phage mailing list.  Morris himself became the first person tried and convicted under the 1986 Computer Fraud and Abuse Act.
Trojan horse  In computing, Trojan horse, or Trojan, is any computer program which is used to hack into a computer by misleading users of its true intent.  The term is derived from the Ancient Greek story of the wooden horse that was used to help Greek troops invade the city of Troy by stealth.  Unlike computer viruses and worms, Trojans generally do not attempt to inject themselves into other files or otherwise propagate themselves.
Purpose and uses  Destructive  Use of resources or identity  Money theft, ransom  Data theft  Spying, surveillance or stalking
Spamming  Electronic spamming is the use of electronic messaging systems to send unsolicited messages (spam), especially advertising, as well as sending messages repeatedly on the same site.  While the most widely recognized form of spam is email spam, the term is applied to similar abuses in other media: instant messaging spam, Usenet newsgroup spam, Web search engine spam, spam in blogs, wiki spam , online classified ads spam, mobile phone messaging spam, Internet forum spam, junk fax transmissions, social spam, spam mobile apps, television advertising and file sharing spam.
Spam – In different media  Email  Instant messaging  Newsgroup and forum  Mobile phone  Social networking spam  Social spam  Online game messaging  Blog, wiki, and guestbook  SPIT (Spam over Internet Telephony)
thank you

Recommended

Viruses notes1
Viruses notes1Viruses notes1
Viruses notes1Dara Corporates
 
Virus
VirusVirus
Virusritu1606089
 
Computer viruses
Computer virusesComputer viruses
Computer virusesYousef Bahaa
 
Computer viruses
Computer virusesComputer viruses
Computer virusesYousef Bahaa
 
Virus and Worms
Virus and WormsVirus and Worms
Virus and WormsGrittyCC
 
How computer works against thevirus or any threat
How computer works against thevirus or any threatHow computer works against thevirus or any threat
How computer works against thevirus or any threatSadaf Walliyani
 
Module 16 (virus)
Module 16 (virus)Module 16 (virus)
Module 16 (virus)Wail Hassan
 
Virus
VirusVirus
Virusdddaou
 

Recommended

Viruses notes1
Viruses notes1Viruses notes1
Viruses notes1Dara Corporates
 
Virus
VirusVirus
Virusritu1606089
 
Computer viruses
Computer virusesComputer viruses
Computer virusesYousef Bahaa
 
Computer viruses
Computer virusesComputer viruses
Computer virusesYousef Bahaa
 
Virus and Worms
Virus and WormsVirus and Worms
Virus and WormsGrittyCC
 
How computer works against thevirus or any threat
How computer works against thevirus or any threatHow computer works against thevirus or any threat
How computer works against thevirus or any threatSadaf Walliyani
 
Module 16 (virus)
Module 16 (virus)Module 16 (virus)
Module 16 (virus)Wail Hassan
 
Virus
VirusVirus
Virusdddaou
 
Viruses & Malware
Viruses & MalwareViruses & Malware
Viruses & MalwareT.J. Schiel
 
Computer viruses 911 computer support
Computer viruses 911 computer supportComputer viruses 911 computer support
Computer viruses 911 computer supportbozzerapide
 
Introductions To Malwares
Introductions To MalwaresIntroductions To Malwares
Introductions To MalwaresCyber Vignan
 
Final malacious softwares
Final malacious softwaresFinal malacious softwares
Final malacious softwaresMirza Adnan Baig
 
Program security
Program securityProgram security
Program securityG Prachi
 
Lecture 12 malicious software
Lecture 12 malicious software Lecture 12 malicious software
Lecture 12 malicious software rajakhurram
 
Fighting computer viruses
Fighting computer virusesFighting computer viruses
Fighting computer virusesNguyễn Anh
 
Computer viruses
Computer virusesComputer viruses
Computer virusesImran Khan
 
Ch19
Ch19Ch19
Ch19saurabhmittal79
 
Virus and its types 2
Virus and its types 2Virus and its types 2
Virus and its types 2Saud G
 
Network virus detection & prevention
Network virus detection & preventionNetwork virus detection & prevention
Network virus detection & preventionKhaleel Assadi
 
Internet Security
Internet SecurityInternet Security
Internet SecurityManoj Sahu
 
Seminar project(computer virus)
Seminar project(computer virus)Seminar project(computer virus)
Seminar project(computer virus)cdebraj16101991
 
Virus
VirusVirus
VirusProtik Roy
 
Dilsher idrees mustafa_6_a_vulnerabilities_study
Dilsher idrees mustafa_6_a_vulnerabilities_studyDilsher idrees mustafa_6_a_vulnerabilities_study
Dilsher idrees mustafa_6_a_vulnerabilities_studydilsherece
 
Virus and Anti virus
Virus and Anti virusVirus and Anti virus
Virus and Anti virusFaisal Hassan
 
ANTIVIRUS AND VIRUS Powerpoint presentation
ANTIVIRUS AND VIRUS Powerpoint presentationANTIVIRUS AND VIRUS Powerpoint presentation
ANTIVIRUS AND VIRUS Powerpoint presentationabhijit chintamani
 
Malicious
MaliciousMalicious
Maliciousashraf karaimeh
 
Lecture malicious software
Lecture malicious softwareLecture malicious software
Lecture malicious softwarerajakhurram
 
Malicious software
Malicious softwareMalicious software
Malicious softwaremsdeepika
 
Virus vs anti virus
Virus vs anti virusVirus vs anti virus
Virus vs anti virusXʎz ʞsɥ
 
Viruses notes
Viruses notesViruses notes
Viruses notesDara Corporates
 

More Related Content

What's hot

Viruses & Malware
Viruses & MalwareViruses & Malware
Viruses & MalwareT.J. Schiel
 
Computer viruses 911 computer support
Computer viruses 911 computer supportComputer viruses 911 computer support
Computer viruses 911 computer supportbozzerapide
 
Introductions To Malwares
Introductions To MalwaresIntroductions To Malwares
Introductions To MalwaresCyber Vignan
 
Program security
Program securityProgram security
Program securityG Prachi
 
Lecture 12 malicious software
Lecture 12 malicious software Lecture 12 malicious software
Lecture 12 malicious software rajakhurram
 
Fighting computer viruses
Fighting computer virusesFighting computer viruses
Fighting computer virusesNguyễn Anh
 
Computer viruses
Computer virusesComputer viruses
Computer virusesImran Khan
 
Virus and its types 2
Virus and its types 2Virus and its types 2
Virus and its types 2Saud G
 
Network virus detection & prevention
Network virus detection & preventionNetwork virus detection & prevention
Network virus detection & preventionKhaleel Assadi
 
Internet Security
Internet SecurityInternet Security
Internet SecurityManoj Sahu
 
Seminar project(computer virus)
Seminar project(computer virus)Seminar project(computer virus)
Seminar project(computer virus)cdebraj16101991
 
Dilsher idrees mustafa_6_a_vulnerabilities_study
Dilsher idrees mustafa_6_a_vulnerabilities_studyDilsher idrees mustafa_6_a_vulnerabilities_study
Dilsher idrees mustafa_6_a_vulnerabilities_studydilsherece
 
Virus and Anti virus
Virus and Anti virusVirus and Anti virus
Virus and Anti virusFaisal Hassan
 
ANTIVIRUS AND VIRUS Powerpoint presentation
ANTIVIRUS AND VIRUS Powerpoint presentationANTIVIRUS AND VIRUS Powerpoint presentation
ANTIVIRUS AND VIRUS Powerpoint presentationabhijit chintamani
 
Lecture malicious software
Lecture malicious softwareLecture malicious software
Lecture malicious softwarerajakhurram
 
Malicious software
Malicious softwareMalicious software
Malicious softwaremsdeepika
 

What's hot (20)

Viruses & Malware
Viruses & MalwareViruses & Malware
Viruses & Malware
 
Computer viruses 911 computer support
Computer viruses 911 computer supportComputer viruses 911 computer support
Computer viruses 911 computer support
 
Introductions To Malwares
Introductions To MalwaresIntroductions To Malwares
Introductions To Malwares
 
Final malacious softwares
Final malacious softwaresFinal malacious softwares
Final malacious softwares
 
Program security
Program securityProgram security
Program security
 
Lecture 12 malicious software
Lecture 12 malicious software Lecture 12 malicious software
Lecture 12 malicious software
 
Fighting computer viruses
Fighting computer virusesFighting computer viruses
Fighting computer viruses
 
Computer viruses
Computer virusesComputer viruses
Computer viruses
 
Ch19
Ch19Ch19
Ch19
 
Virus and its types 2
Virus and its types 2Virus and its types 2
Virus and its types 2
 
Network virus detection & prevention
Network virus detection & preventionNetwork virus detection & prevention
Network virus detection & prevention
 
Internet Security
Internet SecurityInternet Security
Internet Security
 
Seminar project(computer virus)
Seminar project(computer virus)Seminar project(computer virus)
Seminar project(computer virus)
 
Virus
VirusVirus
Virus
 
Dilsher idrees mustafa_6_a_vulnerabilities_study
Dilsher idrees mustafa_6_a_vulnerabilities_studyDilsher idrees mustafa_6_a_vulnerabilities_study
Dilsher idrees mustafa_6_a_vulnerabilities_study
 
Virus and Anti virus
Virus and Anti virusVirus and Anti virus
Virus and Anti virus
 
ANTIVIRUS AND VIRUS Powerpoint presentation
ANTIVIRUS AND VIRUS Powerpoint presentationANTIVIRUS AND VIRUS Powerpoint presentation
ANTIVIRUS AND VIRUS Powerpoint presentation
 
Malicious
MaliciousMalicious
Malicious
 
Lecture malicious software
Lecture malicious softwareLecture malicious software
Lecture malicious software
 
Malicious software
Malicious softwareMalicious software
Malicious software
 

Similar to INSERVICE COURSE FOR PGT COMPUTER SCIENCE ON COMPUTER VIRUSES

Virus vs anti virus
Virus vs anti virusVirus vs anti virus
Virus vs anti virusXʎz ʞsɥ
 
Computer Virus
Computer Virus Computer Virus
Computer Virus bebo
 
Network virus detection & prevention
Network virus detection & preventionNetwork virus detection & prevention
Network virus detection & preventionKhaleel Assadi
 
Computer viruses by joy chakraborty
Computer viruses by joy chakrabortyComputer viruses by joy chakraborty
Computer viruses by joy chakrabortyJoy Chakraborty
 
Computer viruses
Computer virusesComputer viruses
Computer virusesSimiAttri
 
Presentation24190
Presentation24190Presentation24190
Presentation24190KRT395
 
Computer Virus And Antivirus-Sumon Chakraborty
Computer Virus And Antivirus-Sumon ChakrabortyComputer Virus And Antivirus-Sumon Chakraborty
Computer Virus And Antivirus-Sumon Chakrabortysankhadeep
 
Presentation2
Presentation2Presentation2
Presentation2Jeslynn
 
Computer viruses and prevention techniques
Computer viruses and prevention techniquesComputer viruses and prevention techniques
Computer viruses and prevention techniquesPrasad Athukorala
 
Virus, Worms And Antivirus
Virus, Worms And AntivirusVirus, Worms And Antivirus
Virus, Worms And AntivirusLokesh Kumar N
 
Firewall , Viruses and Antiviruses
Firewall , Viruses and AntivirusesFirewall , Viruses and Antiviruses
Firewall , Viruses and AntivirusesVikas Chandwani
 
introduction to malwares,virus,trojan horse
introduction to malwares,virus,trojan horseintroduction to malwares,virus,trojan horse
introduction to malwares,virus,trojan horseSpandan Patnaik
 

Similar to INSERVICE COURSE FOR PGT COMPUTER SCIENCE ON COMPUTER VIRUSES (20)

Virus vs anti virus
Virus vs anti virusVirus vs anti virus
Virus vs anti virus
 
Viruses notes
Viruses notesViruses notes
Viruses notes
 
Computer Virus
Computer Virus Computer Virus
Computer Virus
 
Network virus detection & prevention
Network virus detection & preventionNetwork virus detection & prevention
Network virus detection & prevention
 
FCS Presentation.pptx
FCS Presentation.pptxFCS Presentation.pptx
FCS Presentation.pptx
 
Computer viruses by joy chakraborty
Computer viruses by joy chakrabortyComputer viruses by joy chakraborty
Computer viruses by joy chakraborty
 
Types of Virus & Anti-virus
Types of Virus & Anti-virusTypes of Virus & Anti-virus
Types of Virus & Anti-virus
 
Computer viruses
Computer virusesComputer viruses
Computer viruses
 
Presentation24190
Presentation24190Presentation24190
Presentation24190
 
Computer virus
Computer virusComputer virus
Computer virus
 
Computer Virus And Antivirus-Sumon Chakraborty
Computer Virus And Antivirus-Sumon ChakrabortyComputer Virus And Antivirus-Sumon Chakraborty
Computer Virus And Antivirus-Sumon Chakraborty
 
Presentation2
Presentation2Presentation2
Presentation2
 
Computer viruses and prevention techniques
Computer viruses and prevention techniquesComputer viruses and prevention techniques
Computer viruses and prevention techniques
 
Computer virus
Computer virusComputer virus
Computer virus
 
Virus and antivirus
Virus and antivirusVirus and antivirus
Virus and antivirus
 
Computer virus 18
Computer virus 18Computer virus 18
Computer virus 18
 
Virus, Worms And Antivirus
Virus, Worms And AntivirusVirus, Worms And Antivirus
Virus, Worms And Antivirus
 
Firewall , Viruses and Antiviruses
Firewall , Viruses and AntivirusesFirewall , Viruses and Antiviruses
Firewall , Viruses and Antiviruses
 
Virus.pptx
Virus.pptxVirus.pptx
Virus.pptx
 
introduction to malwares,virus,trojan horse
introduction to malwares,virus,trojan horseintroduction to malwares,virus,trojan horse
introduction to malwares,virus,trojan horse
 

More from Dipayan Sarkar

introduction to aep arc
introduction to aep arcintroduction to aep arc
introduction to aep arcDipayan Sarkar
 
why focus on adolescents unique needs
why focus on adolescents unique needswhy focus on adolescents unique needs
why focus on adolescents unique needsDipayan Sarkar
 
aep in india milestones, learning, way forward
aep in india milestones, learning, way forwardaep in india milestones, learning, way forward
aep in india milestones, learning, way forwardDipayan Sarkar
 
Softskills - S Fernandez
Softskills - S FernandezSoftskills - S Fernandez
Softskills - S FernandezDipayan Sarkar
 
Project Based Learning- Ashish K Chaurdia
Project Based Learning- Ashish K ChaurdiaProject Based Learning- Ashish K Chaurdia
Project Based Learning- Ashish K ChaurdiaDipayan Sarkar
 
Linux and the Open Source- D Sarkar
Linux and the Open Source- D SarkarLinux and the Open Source- D Sarkar
Linux and the Open Source- D SarkarDipayan Sarkar
 
File Handling - N K Upadhyay
File Handling - N K UpadhyayFile Handling - N K Upadhyay
File Handling - N K UpadhyayDipayan Sarkar
 
Sorting Techniques - Govardhan Satish
Sorting Techniques - Govardhan SatishSorting Techniques - Govardhan Satish
Sorting Techniques - Govardhan SatishDipayan Sarkar
 
Application of Stack - Yadraj Meena
Application of Stack - Yadraj MeenaApplication of Stack - Yadraj Meena
Application of Stack - Yadraj MeenaDipayan Sarkar
 
Information Technology Act 2000 - Santosh K Pathak
Information Technology Act 2000 - Santosh K PathakInformation Technology Act 2000 - Santosh K Pathak
Information Technology Act 2000 - Santosh K PathakDipayan Sarkar
 
Universal Gates - Aneesa N Ali
Universal Gates - Aneesa N AliUniversal Gates - Aneesa N Ali
Universal Gates - Aneesa N AliDipayan Sarkar
 
Selection Sort - Vipin Ramola
Selection Sort - Vipin RamolaSelection Sort - Vipin Ramola
Selection Sort - Vipin RamolaDipayan Sarkar
 
Deletion of a Record from a File - K Karun
Deletion of a Record from a File - K KarunDeletion of a Record from a File - K Karun
Deletion of a Record from a File - K KarunDipayan Sarkar
 
Java Databse Connectvity- Alex Jose
Java Databse Connectvity- Alex JoseJava Databse Connectvity- Alex Jose
Java Databse Connectvity- Alex JoseDipayan Sarkar
 
Cloud Computing- Sreehari S
Cloud Computing- Sreehari SCloud Computing- Sreehari S
Cloud Computing- Sreehari SDipayan Sarkar
 

More from Dipayan Sarkar (18)

Relationships
RelationshipsRelationships
Relationships
 
ideal learning space
ideal learning spaceideal learning space
ideal learning space
 
introduction to aep arc
introduction to aep arcintroduction to aep arc
introduction to aep arc
 
why focus on adolescents unique needs
why focus on adolescents unique needswhy focus on adolescents unique needs
why focus on adolescents unique needs
 
aep in india milestones, learning, way forward
aep in india milestones, learning, way forwardaep in india milestones, learning, way forward
aep in india milestones, learning, way forward
 
Softskills - S Fernandez
Softskills - S FernandezSoftskills - S Fernandez
Softskills - S Fernandez
 
Project Based Learning- Ashish K Chaurdia
Project Based Learning- Ashish K ChaurdiaProject Based Learning- Ashish K Chaurdia
Project Based Learning- Ashish K Chaurdia
 
Linux and the Open Source- D Sarkar
Linux and the Open Source- D SarkarLinux and the Open Source- D Sarkar
Linux and the Open Source- D Sarkar
 
File Handling - N K Upadhyay
File Handling - N K UpadhyayFile Handling - N K Upadhyay
File Handling - N K Upadhyay
 
Sorting Techniques - Govardhan Satish
Sorting Techniques - Govardhan SatishSorting Techniques - Govardhan Satish
Sorting Techniques - Govardhan Satish
 
Application of Stack - Yadraj Meena
Application of Stack - Yadraj MeenaApplication of Stack - Yadraj Meena
Application of Stack - Yadraj Meena
 
Information Technology Act 2000 - Santosh K Pathak
Information Technology Act 2000 - Santosh K PathakInformation Technology Act 2000 - Santosh K Pathak
Information Technology Act 2000 - Santosh K Pathak
 
Universal Gates - Aneesa N Ali
Universal Gates - Aneesa N AliUniversal Gates - Aneesa N Ali
Universal Gates - Aneesa N Ali
 
Selection Sort - Vipin Ramola
Selection Sort - Vipin RamolaSelection Sort - Vipin Ramola
Selection Sort - Vipin Ramola
 
Deletion of a Record from a File - K Karun
Deletion of a Record from a File - K KarunDeletion of a Record from a File - K Karun
Deletion of a Record from a File - K Karun
 
Java Databse Connectvity- Alex Jose
Java Databse Connectvity- Alex JoseJava Databse Connectvity- Alex Jose
Java Databse Connectvity- Alex Jose
 
Cloud Computing- Sreehari S
Cloud Computing- Sreehari SCloud Computing- Sreehari S
Cloud Computing- Sreehari S
 
SQL JOINS- Reena P V
SQL JOINS- Reena P VSQL JOINS- Reena P V
SQL JOINS- Reena P V
 

Recently uploaded

Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxpboyjonauth
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatYousafMalik24
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon AUnboundStockton
 
Historical philosophical, theoretical, and legal foundations of special and i...
Historical philosophical, theoretical, and legal foundations of special and i...Historical philosophical, theoretical, and legal foundations of special and i...
Historical philosophical, theoretical, and legal foundations of special and i...jaredbarbolino94
 
Roles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceRoles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceSamikshaHamane
 
Hierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of managementHierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of managementmkooblal
 
How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17Celine George
 
History Class XII Ch. 3 Kinship, Caste and Class (1).pptx
History Class XII Ch. 3 Kinship, Caste and Class (1).pptxHistory Class XII Ch. 3 Kinship, Caste and Class (1).pptx
History Class XII Ch. 3 Kinship, Caste and Class (1).pptxsocialsciencegdgrohi
 
Pharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfPharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfMahmoud M. Sallam
 
internship ppt on smartinternz platform as salesforce developer
internship ppt on smartinternz platform as salesforce developerinternship ppt on smartinternz platform as salesforce developer
internship ppt on smartinternz platform as salesforce developerunnathinaik
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxOH TEIK BIN
 
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxEPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxRaymartEstabillo3
 
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Celine George
 
DATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersDATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersSabitha Banu
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxmanuelaromero2013
 
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfEnzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfSumit Tiwari
 

Recently uploaded (20)

Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptx
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice great
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon A
 
Historical philosophical, theoretical, and legal foundations of special and i...
Historical philosophical, theoretical, and legal foundations of special and i...Historical philosophical, theoretical, and legal foundations of special and i...
Historical philosophical, theoretical, and legal foundations of special and i...
 
ESSENTIAL of (CS/IT/IS) class 06 (database)
ESSENTIAL of (CS/IT/IS) class 06 (database)ESSENTIAL of (CS/IT/IS) class 06 (database)
ESSENTIAL of (CS/IT/IS) class 06 (database)
 
Roles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceRoles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in Pharmacovigilance
 
OS-operating systems- ch04 (Threads) ...
OS-operating systems- ch04 (Threads) ...OS-operating systems- ch04 (Threads) ...
OS-operating systems- ch04 (Threads) ...
 
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
 
Hierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of managementHierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of management
 
How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17
 
History Class XII Ch. 3 Kinship, Caste and Class (1).pptx
History Class XII Ch. 3 Kinship, Caste and Class (1).pptxHistory Class XII Ch. 3 Kinship, Caste and Class (1).pptx
History Class XII Ch. 3 Kinship, Caste and Class (1).pptx
 
Pharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfPharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdf
 
internship ppt on smartinternz platform as salesforce developer
internship ppt on smartinternz platform as salesforce developerinternship ppt on smartinternz platform as salesforce developer
internship ppt on smartinternz platform as salesforce developer
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptx
 
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxEPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
 
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17
 
DATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersDATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginners
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptx
 
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfEnzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
 

INSERVICE COURSE FOR PGT COMPUTER SCIENCE ON COMPUTER VIRUSES

  • 1. INSERVICE COURSE FOR PGT COMPUTER SCIENCE 2016-17 Venue : KENDRIYA VIDYALAYA GACHIBOWLI,HYDERABAD-32 DEMO LESSON BY :- B S KALYAN CHAKRAVATHY, PGT-COMP, KV GUNTUR, SHIFT-1 HYDRABAD REGION Original source from Wikipedia
  • 2. A piece of code which is capable of copying itself and typically has a detrimental effect, such as corrupting the system or destroying data. COMPUTER VIRUS
  • 3. Virus - History  1949 Theories for self-replicating programs are first developed.  1981 Apple Viruses 1, 2, and 3 are some of the first viruses “in the wild,” or in the public domain. Found on the Apple II operating system, the viruses spread through Texas A&M via pirated computer games.  1983 Fred Cohen, while working on his dissertation, formally defines a computer virus as “a computer program that can affect other computer programs by modifying them in such a way as to include a (possibly evolved) copy of itself.”
  • 4. Virus - History  1986 Two programmers named Basit and Amjad replace the executable code in the boot sector of a floppy disk with their own code designed to infect each 360kb floppy accessed on any drive. Infected floppies had “© Brain” for a volume label.  1987 The Lehigh virus, one of the first file viruses, infects command.com files.  1988 One of the most common viruses, Jerusalem, is unleashed. Activated every Friday the 13th, the virus affects both .exe and .com files and deletes any programs run on that day. MacMag and the Scores virus cause the first major Macintosh outbreaks. .....
  • 5. Vulnerabilities & Infection Vector  Software bugs: Because software is often designed with security features to prevent unauthorized use of system resources, many viruses must exploit and manipulate security bug in a system or application software to spread and infect. Software development strategies that produce large numbers of bugs will generally also produce potential exploit.
  • 6. Vulnerabilities & Infection Vector  Social engineering and poor security practices : In order to replicate itself, a virus must be permitted to execute code and write to memory. For this reason, many viruses attach themselves to executable files that may be part of legitimate programs. If a user attempts to launch an infected program, the virus' code may be executed simultaneously.
  • 7. Operations & functions of a virus  Virus parts A viable computer virus must contain a search routine, which locates new files or new disks which are worthwhile targets for infection. Secondly, every computer virus must contain a routine to copy itself into the program which the search routine locates.  The three main virus parts are:  Infection mechanism : Infection mechanism (also called 'infection vector'), is how the virus spreads or propagates, a virus has a search routine, which locates new files or new disks for infection.
  • 8. Operations & functions of a virus  Trigger : Trigger which is also known as logic bomb is the compiled version that could be activated any time an executable with the virus is run that determines the event or condition for the payload to be activated or delivered such as a particular date, a particular time, particular presence of another program, capacity of the disk exceeding some limit, or a double-click that opens a particular file.  Payload : The payload is the actual body or data that perform the actual purpose of the virus. Payload activity might be noticeable, as most of the time it is the harmful activity, or some times non-destructive but distributive, which is called Virus hoax.
  • 9. Virus Phases  Virus phases is the life cycle of the computer virus, it can be divided into 4 phases:  Dormant Phase The virus is idle. The virus will eventually be activated by the trigger which states which event will execute the virus, such as a date, the presence of another program or file, or the capacity of the disk exceeding some limit. Not all viruses have this stage.  Propagation Phase The virus starts propagating, that is multiplying itself. The virus places a copy of itself into other programs or into certain system areas on the disk. The copy may not be identical to the propagating version; viruses often morph to evade detection. Each infected program will now contain a clone of the virus, which will itself enter a propagation phase.
  • 10. Virus phases  Triggering Phase A Dormant virus moves into this phase when it gets activated, it will now perform the function for which it was intended. The triggering phase can be caused by a variety of system events, including a count of the number of times that this copy of the virus has made copies of itself.  Execution Phase This is the actual work of the virus, where the payload will be released. It can be destructive such as deleting files on disk or harmless such as popping messages on screen.
  • 11. Infection targets and replication techniques  Computer viruses infect a variety of different subsystems on their hosts. One manner of classifying viruses is to analyse whether they reside in binary executable (such as.EXE or .COM files), data files (such as Microsoft Word documents or PDF files), or in the boot sector of the host's hard drive (or some combination of all of these).  Resident vs. non-resident viruses  A memory-resident virus (or simply "resident virus") installs itself as part of the operating system when executed, after which it remains in RAM from the time the computer is booted up to when it is shut down.  Resident viruses overwrite interrupt handling code or other functions, and when the operating system attempts to access the target file or disk sector, the virus code intercepts the request and redirects the control flow to the replication module, infecting the target.  In contrast, a non-memory-resident virus (or "non-resident virus"), when executed, scans the disk for targets, infects them, and then exits (i.e. it does not remain in memory after it is done executing).
  • 12. Infection targets and replication techniques  Macro viruses Many common applications, such as Microsoft Outlook and Microsoft Word, allow macro programs to be embedded in documents or emails, so that the programs may be run automatically when the document is opened. A macro virus (or "document virus") is a virus that is written in a macro language, and embedded into these documents so that when users open the file, the virus code is executed, and can infect the user's computer. This is one of the reasons that it is dangerous to open unexpected attachments in e-mails.  Boot sector viruses Boot sector viruses specifically target the boot sector/Master Boot Record(MBR) of the host's hard drive or removable storage media (flash drives, floppy disks, etc.).
  • 13. Stealth Strategies  In order to avoid detection by users, some viruses employ different kinds of deception. Some old viruses, especially on the MS-DOS platform, make sure that the "last modified" date of a host file stays the same when the file is infected by the virus.  This approach does not fool antivirus software, however, especially those which maintain and date cyclic redundancy checks on file changes.  Some viruses can infect files without increasing their sizes or damaging the files. They accomplish this by overwriting unused areas of executable files. These are called cavity viruses.  For example, the CIH virus, or Chernobyl Virus, infects Portable Executable files. Because those files have many empty gaps, the virus, which was 1 KB in length, did not add to the size of the file.
  • 14. Stealth Strategies  Some viruses try to avoid detection by killing the tasks associated with antivirus software before it can detect them (for example, Conficker).  As computers and operating systems grow larger and more complex, old hiding techniques need to be updated or replaced. Defending a computer against viruses may demand that a file system migrate towards detailed and explicit permission for every kind of file access.
  • 15. Stealth Strategies  Read request intercepts While some antivirus software employ various techniques to counter stealth mechanisms, once the infection occurs any recourse to clean the system is unreliable. In Microsoft Windows operating systems, the NTFS file system is proprietary. This leaves antivirus software little alternative but to send a read request to Windows OS files that handle such requests. Some viruses trick antivirus software by intercepting its requests to the OS. A virus can hide itself by intercepting the request to read the infected file, handling the request itself, and return an uninfected version of the file to the antivirus software. The interception can occur by code injection of the actual operating system files that would handle the read request. Thus, an antivirus software attempting to detect the virus will either not be given permission to read the infected file, or, the read request will be served with the uninfected version of the same file.
  • 16. Stealth Strategies  The only reliable method to avoid stealth is to boot from a medium that is known to be clean. Security software can then be used to check the dormant operating system files. Most security software relies on virus signatures, or they employ heuristics.  Security software may also use a database of file hashes for Windows OS files, so the security software can identify altered files, and request Windows installation media to replace them with authentic versions.  In older versions of Windows, file hashes of Windows OS files stored in Windows—to allow file integrity/authenticity to be checked—could be overwritten so that the System File Checker would report that altered system files are authentic, so using file hashes to scan for altered files would not always guarantee finding an infection.
  • 17. Stealth Strategies  Self-modification  Most modern antivirus programs try to find virus-patterns inside ordinary programs by scanning them for so-called virus signatures.  Unfortunately, the term is misleading, in that viruses do not possess unique signatures in the way that human beings do. Such a virus signature is merely a sequence of bytes that an antivirus program looks for because it is known to be part of the virus.  A better term would be "search strings". If a virus scanner finds such a pattern in a file, it will perform other checks to make sure that it has found the virus, and not merely a coincidental sequence in an innocent file, before it notifies the user that the file is infected. The user can then delete, or (in some cases) "clean" or "heal" the infected file.. That is, each infected file contains a different variant of the virus.
  • 18. Stealth Strategies  Encrypted viruses  One method of evading signature detection is to use simple encryption to encipher the body of the virus, leaving only the encryption module and a static cryptographic key in clear text which doesn't change from one infection to the next. In this case, the virus consists of a small decrypting module and an encrypted copy of the virus code.  If the virus is encrypted with a different key for each infected file, the only part of the virus that remains constant is the decrypting module, which would (for example) be appended to the end. In this case, a virus scanner cannot directly detect the virus using signatures, but it can still detect the decrypting module, which still makes indirect detection of the virus possible.  Since these would be symmetric keys, stored on the infected host, it is in fact entirely possible to decrypt the final virus, but this is probably not required, since self-modifying code is such a rarity that it may be reason for virus scanners to at least flag the file as suspicious.
  • 19. Stealth Strategies  An old but compact way will be the use of arithmetic operation like addition or subtraction and the use of logical conditions such as XORing , where each byte in a virus is with a constant, so that the exclusive-or operation had only to be repeated for decryption. It is suspicious for a code to modify itself, so the code to do the encryption/decryption may be part of the signature in many virus definitions. An simpler older approach did not use a key, where the encryption consisted only of operations with no parameters, like incrementing and decrementing, bitwise rotation, arithmetic negation, and logical NOT.  Some viruses will employ a means of encryption inside an executable in which the virus is encrypted under certain events, such as the virus scanner being disabled for updates or the computer being rebooted. This is called Cryptovirology. At said times, the executable will decrypt the virus and execute its hidden runtimes infecting the computer and sometimes disabling the antivirus software.
  • 20. Stealth Strategies  Polymorphic code  Polymorphic code was the first technique that posed a serious threat to virus scanners. Just like regular encrypted viruses, a polymorphic virus infects files with an encrypted copy of itself, which is decoded by a decryption module.  In the case of polymorphic viruses, however, this decryption module is also modified on each infection. A well-written polymorphic virus therefore has no parts which remain identical between infections, making it very difficult to detect directly using signatures. Antivirus software can detect it by decrypting the viruses using an emulator, or by statistical pattern analysis of the encrypted virus body.  To enable polymorphic code, the virus has to have a polymorphic engine(also called mutating engine or mutation engine) somewhere in its encrypted body. See polymorphic code for technical detail on how such engines operate.
  • 21. Stealth Strategies  Some viruses employ polymorphic code in a way that constrains the mutation rate of the virus significantly.  For example, a virus can be programmed to mutate only slightly over time, or it can be programmed to refrain from mutating when it infects a file on a computer that already contains copies of the virus. The advantage of using such slow polymorphic code is that it makes it more difficult for antivirus professionals to obtain representative samples of the virus, because bait files that are infected in one run will typically contain identical or similar samples of the virus.  This will make it more likely that the detection by the virus scanner will be unreliable, and that some instances of the virus may be able to avoid detection.  There has also been virus called undetectable virus (proposed in Yongge Wang ). Undetectable virus is one kind of polymorphic virus that is static signature-free and whose dynamic signatures are hard to determine unless some cryptographic assumption fails.
  • 22. Stealth Strategies  Metamorphic code  To avoid being detected by emulation, some viruses rewrite themselves completely each time they are to infect new executable. Viruses that utilize this technique are said to be metamorphic. To enable metamorphism, a metamorphic engine is needed. A metamorphic virus is usually very large and complex. For example, W32/Simile consisted of over 14,000 lines of assembly language code, 90% of which is part of the metamorphic engine.
  • 23. Countermeasures  Antivirus software Many users install antivirus software that can detect and eliminate known viruses when the computer attempts to download or run the executable (which may be distributed as an email attachment, or on USB flash drives, for example). Some antivirus software blocks known malicious web sites that attempt to install malware. Antivirus software does not change the underlying capability of hosts to transmit viruses. Users must update their software regularly to patch security vulnerabilities ("holes"). Antivirus software also needs to be regularly updated in order to recognize the latest threats. The German AV-TEST Institute publishes evaluations of antivirus software for Windows and Android.
  • 24. Countermeasures There are two common methods that an antivirus software application uses to detect viruses, as described in the antivirus software article. The first, and by far the most common method of virus detection is using a list of virus signature definitions. This works by examining the content of the computer's memory (its RAM, and boot sectors) and the files stored on fixed or removable drives (hard drives, floppy drives, or USB flash drives), and comparing those files against a database of known virus "signatures". Virus signatures are just strings of code that are used to identify individual viruses; for each virus, the antivirus designer tries to choose a unique signature string that will not be found in a legitimate program. Different antivirus programs use different "signatures" to identify viruses.
  • 25. Countermeasures The disadvantage of this detection method is that users are only protected from viruses that are detected by signatures in their most recent virus definition update, and not protected from new viruses (see "zero-day attack"). A second method to find viruses is to use a heuristic algorithm based on common virus behaviours. This method has the ability to detect new viruses for which antivirus security firms have yet to define a "signature", but it also gives rise to more false positives than using signatures. False positives can be disruptive, especially in a commercial environment.
  • 26. Countermeasures Recovery strategies and methods One may reduce the damage done by viruses by making regular backups of data (and the operating systems) on different media, that are either kept unconnected to the system (most of the time), read-only or not accessible for other reasons, such as using different file systems. This way, if data is lost through a virus, one can start again using the backup (which will hopefully be recent). If a backup session on optical media like CD and DVD is closed, it becomes read-only and can no longer be affected by a virus (so long as a virus or infected file was not copied onto the CD/DVD). Likewise, an operating system on a bootable CD can be used to start the computer if the installed operating systems become unusable. Backups on removable media must be carefully inspected before restoration. The Gammima virus, for example, propagates via removable flash drives.
  • 27. Countermeasures Virus removal Many websites run by antivirus software companies provide free online virus scanning, with limited cleaning facilities (the purpose of the sites is to sell antivirus products). Some websites—like Google subsidiary VirusTotal.com—allow users to upload one or more suspicious files to be scanned and checked by one or more antivirus programs in one operation. Additionally, several capable antivirus software programs are available for free download from the Internet (usually restricted to non-commercial use).Microsoft offers an optional free antivirus utility called Microsoft Security Essentials, a Windows Malicious Software Removal Tool that is updated as part of the regular Windows update regime, and an older optional anti- malware (malware removal) tool Windows Defender that has been upgraded to an antivirus product in Windows 8.
  • 28. Countermeasures Some viruses disable System Restore and other important Windows tools such as Task Manager and CMD. An example of a virus that does this is CiaDoor. Many such viruses can be removed by rebooting the computer, entering Windows safe mode with networking, and then using system tools or Microsoft Safety Scanner. System Restore on Windows Me, Window XP, Windows Vista and Windows 7 can restore the registry and critical system files to a previous checkpoint. Often a virus will cause a system to hang, and a subsequent hard reboot will render a system restore point from the same day corrupt. Restore points from previous days should work provided the virus is not designed to corrupt the restore files and does not exist in previous restore points.
  • 29. Countermeasures  Operating system reinstallation Microsoft's System File Checker (improved in Windows 7 and later) can be used to check for, and repair, corrupted system files. Restoring an earlier "clean" (virus-free) copy of the entire partition from a cloned disk, a disk image, or a backup copy is one solution—restoring an earlier backup disk image is relatively simple to do, usually removes any malware, and may be faster than disinfecting the computer—or reinstalling and reconfiguring the operating system and programs from scratch, as described below, then restoring user preferences.
  • 30. Countermeasures  Reinstalling the operating system is another approach to virus removal.  It may be possible to recover copies of essential user data by booting from a live CD, or connecting the hard drive to another computer and booting from the second computer's operating system, taking great care not to infect that computer by executing any infected programs on the original drive.  The original hard drive can then be reformatted and the OS and all programs installed from original media. Once the system has been restored, precautions must be taken to avoid reinfection from any restored executable files.
  • 31. Computer worm  A computer worm is a standalone computer program that replicates itself in order to spread to other computers. Often, it uses a computer network to spread itself, relying on security failures on the target computer to access it. Unlike a computer virus, it does not need to attach itself to an existing program.  Worms almost always cause at least some harm to the network, even if only by consuming bandwidth, whereas viruses almost always corrupt or modify files on a targeted computer.
  • 32. Worm - History  On November 2, 1988, Robert Tappan Morris, a Cornell University computer science graduate student, unleashed what became known as the Morris worm, disrupting a large number of computers then on the Internet, guessed at the time to be one tenth of all those connected.  During the Morris appeal process, the U.S. Court of Appeals estimated the cost of removing the virus from each installation was in the range of $200–53,000, and prompting the formation of the CERT Coordination Centre and Phage mailing list.  Morris himself became the first person tried and convicted under the 1986 Computer Fraud and Abuse Act.
  • 33. Trojan horse  In computing, Trojan horse, or Trojan, is any computer program which is used to hack into a computer by misleading users of its true intent.  The term is derived from the Ancient Greek story of the wooden horse that was used to help Greek troops invade the city of Troy by stealth.  Unlike computer viruses and worms, Trojans generally do not attempt to inject themselves into other files or otherwise propagate themselves.
  • 34. Purpose and uses  Destructive  Use of resources or identity  Money theft, ransom  Data theft  Spying, surveillance or stalking
  • 35. Spamming  Electronic spamming is the use of electronic messaging systems to send unsolicited messages (spam), especially advertising, as well as sending messages repeatedly on the same site.  While the most widely recognized form of spam is email spam, the term is applied to similar abuses in other media: instant messaging spam, Usenet newsgroup spam, Web search engine spam, spam in blogs, wiki spam , online classified ads spam, mobile phone messaging spam, Internet forum spam, junk fax transmissions, social spam, spam mobile apps, television advertising and file sharing spam.
  • 36. Spam – In different media  Email  Instant messaging  Newsgroup and forum  Mobile phone  Social networking spam  Social spam  Online game messaging  Blog, wiki, and guestbook  SPIT (Spam over Internet Telephony)
  • 37.