SlideShare a Scribd company logo

Ids 005 computer viruses

Download as PPSX, PDF
J
jyoti_lakhani

Intrusion Detection System

Technology
1 of 35
Computer Virus 7/28/2021 (C) Dr. Jyoti Lakhani
Self-replicating program that attach itself to an existing program and infects a system without permission or knowledge of the user. 7/28/2021 (C) Dr. Jyoti Lakhani Virus A computer virus is a type of computer program that, when executed, replicates itself by modifying other computer programs and inserting its own code. When this replication succeeds, the affected areas are then said to be "infected" with a computer virus. Computer viruses cause billions of dollars' worth of economic damage each year. -Wiki
7/28/2021 (C) Dr. Jyoti Lakhani Virus writers use social engineering deceptions* and exploit detailed knowledge of security vulnerabilities to initially infect systems and to spread the virus. The vast majority of viruses target systems running Microsoft Windows, employing a variety of mechanisms to infect new hosts, and often using complex anti-detection/stealth strategies to evade antivirus software Deception* is an act or statement which misleads, hides the truth
7/28/2021 (C) Dr. Jyoti Lakhani What Damage a VIRUS can cause? System Failure Corrupting Data Wasting Computer Resources Increasing Maintenance Cost Stealing Personal Information
Study on the theory of self-replicating computer programswas done in 1949 by John von Neumann Inception Idea Von Neumann's design for a self-reproducing computer program is considered the world's first computer virus Theoretical “FATHER" of computer virology = John von Neumann 7/28/2021 (C) Dr. Jyoti Lakhani
Components of a Computer Virus Trigger Infection Mechanism Payload Search Routine Condition Malicious Code 7/28/2021 (C) Dr. Jyoti Lakhani
Infection mechanism(infection vector): This is how the virus spreads or propagates. A virus typically has a search routine, which locates new files or new disks for infection. Trigger(logic bomb ): This is the compiled version that could be activated any time within an executable file when the virus is run that determines the event such as a particular date, a particular time, particular presence of another program, capacity of the disk exceeding some limit. Payload: The actual body or data which carries out the malicious purpose of the virus. Payload activity might be noticeable (e.g., because it causes the system to slow down or "freeze"), as most of the time the "payload" itself is the harmful activity. Virus Hoax : When virus is non-destructive but distributive 7/28/2021 (C) Dr. Jyoti Lakhani
Dormant Propagation Triggering Execution Phases/ Life Cycle of Computer Virus 7/28/2021 (C) Dr. Jyoti Lakhani
Dormant phase: • The virus program is idle during this stage. • The virus program has managed to access the target user's computer or software. • The virus will eventually be activated by the "trigger“. • Not all viruses have this stage. Propagation phase: • The virus starts propagating by multiplying and replicating itself. • The virus places a copy of itself into other programs or into certain system areas on the disk. • The copy may not be identical to the propagating version • Viruses often "morph" or change to evade detection by anti-virus software. • Each infected program will now contain a clone of the virus, which will itself enter a propagation phase. 7/28/2021 (C) Dr. Jyoti Lakhani
Triggering phase: A dormant virus moves into this phase when it is activated, and will now perform the function for which it was intended. The triggering phase can be caused by a variety of system events, including a count of the number of times that this copy of the virus has made copies of itself. The trigger may occur when an employee is terminated from their employment or after a set period of time has elapsed, in order to reduce suspicion. 7/28/2021 (C) Dr. Jyoti Lakhani
Execution phase: This is the actual work of the virus, where the "payload" will be released. It can be destructive such as- • Deleting files on disk • Crashing the system • Corrupting files • Popping up humorous or political messages on screen 7/28/2021 (C) Dr. Jyoti Lakhani
Phases of Computer Virus Dormant Phase Trigger Morph Replication Trigger Morph Replication Dormant Propagation Execution 7/28/2021 (C) Dr. Jyoti Lakhani
On the basis of Infection Targets 1. Resides in binary executables (such as .EXE or .COM files) 2. Resides in data files 1. Microsoft Word documents 2. PDF files 3. Resides in the boot sector of the host's hard drive Classification of Viruses 7/28/2021 (C) Dr. Jyoti Lakhani
7/28/2021 (C) Dr. Jyoti Lakhani
Resident Virus or Memory-Resident Virus Installs itself as part of the operating system when executed, after which it remains in RAM from the time the computer is booted up to when it is shut down. Resident viruses overwrite interrupt handling and other functions of the OS. When OS attempts to access the target file or disk sector, the virus code intercepts the request and redirects the control flow to the replication module, infecting the target. Non-Resident Viruses A non-memory-resident virus (or "non-resident virus"), when executed, scans the disk for targets, infects them, and then exits (i.e. it does not remain in memory after it is done executing). Classification of Viruses On the basis of its residence location 7/28/2021 (C) Dr. Jyoti Lakhani
7/28/2021 (C) Dr. Jyoti Lakhani
Macro Viruses (Document Virus) A virus written in a macro language and embedded into these documents so that when users open the file, the virus code is executed, and can infect the user's computer. This is one of the reasons that it is dangerous to open unexpected or suspicious attachments in e-mails. 7/28/2021 (C) Dr. Jyoti Lakhani
7/28/2021 (C) Dr. Jyoti Lakhani
Boot Sector Viruses Boot sector viruses specifically target the boot sector and/or the Master Boot Record (MBR) of the host's hard disk drive, solid- state drive, or removable storage media (flash drives, floppy disks, etc.). The most common way of transmission of computer viruses in boot sector is physical media. When reading the VBR of the drive, the infected floppy disk or USB flash drive connected to the computer will transfer data, and then modify or replace the existing boot code. The next time a user tries to start the desktop, the virus will immediately load and run as part of the master boot record. 7/28/2021 (C) Dr. Jyoti Lakhani
7/28/2021 (C) Dr. Jyoti Lakhani
Email Virus Viruses that intentionally uses the email system to spread. While virus infected files may be accidentally sent as email attachments. Email viruses are aware of email system functions. They harvest email addresses from various sources, and may append copies of themselves to all email sent, or may generate email messages containing copies of themselves as attachments. 7/28/2021 (C) Dr. Jyoti Lakhani
7/28/2021 (C) Dr. Jyoti Lakhani
Stealth Techniques To avoid detection by users, some viruses employ different kinds of deception. Some old viruses, especially on the DOS platform, make sure that the "last modified" date of a host file stays the same when the file is infected by the virus. This approach does not fool antivirus software, however, especially those which maintain and date cyclic redundancy checks on file changes. 7/28/2021 (C) Dr. Jyoti Lakhani
Stealth Techniques Some viruses can infect files without increasing their sizes or damaging the files. They accomplish this by overwriting unused areas of executable files. These are called cavity viruses. For example, the CIH virus, or Chernobyl Virus, infects Portable Executable files. Because those files have many empty gaps, the virus, which was 1 KB in length, did not add to the size of the file. Some viruses try to avoid detection by killing the tasks associated with antivirus software before it can detect them (for example, Conficker). In the 2010s, as computers and operating systems grow larger and more complex, old hiding techniques need to be updated or replaced. Defending a computer against viruses may demand that a file system migrate towards detailed and explicit permission for every kind of file access 7/28/2021 (C) Dr. Jyoti Lakhani
Stealth Techniques Some viruses try to avoid detection by killing the tasks associated with antivirus software before it can detect them (for example, Conficker). Defending a computer against viruses may demand that a file system migrate towards detailed and explicit permission for every kind of file access 7/28/2021 (C) Dr. Jyoti Lakhani
Read request intercept The interception can occur by code injection of the actual operating system files that would handle the read request. Thus, an antivirus software attempting to detect the virus will either not be permitted to read the infected file, or, the "read" request will be served with the uninfected version of the same file. The only reliable method to avoid "stealth" viruses is to "reboot" from a medium that is known to be "clear". Security software can then be used to check the dormant operating system files. 7/28/2021 (C) Dr. Jyoti Lakhani
Self-Modification Most modern antivirus programs try to find virus-patterns inside ordinary programs by scanning them for so-called virus signatures. Virus "signature" is a sequence of bytes. If a virus scanner finds such a pattern in a file before it notifies the user that the file is infected. The user can then delete, or (in some cases) "clean" or "heal" the infected file. Some viruses employ techniques that make detection by means of signatures difficult. These viruses modify their code on each infection. Each infected file contains a different variant of the virus. 7/28/2021 (C) Dr. Jyoti Lakhani
Encrypted viruses • Encryption is used by viruses to evade signature detection • Virus use simple encryption key to encipher (encode) the body of the virus. • The virus consists of a small decrypting module and an encrypted copy of the virus code. • In this case, a virus scanner cannot directly detect the virus using signatures, but it can still detect the decrypting module, which still makes indirect detection of the virus possible. Methods of encryption- 1. Using Cryptographic Key 2. Using arithmetic operation like addition or subtraction, Bitwise rotation, Arithmetic negation 3. Using logical operations like XOR, Logical NOT 7/28/2021 (C) Dr. Jyoti Lakhani
7/28/2021 (C) Dr. Jyoti Lakhani
Some viruses, called polymorphic viruses, will employ a means of encryption inside an executable in which the virus is encrypted under certain events. Just like regular encrypted viruses, a polymorphic virus infects files with an encrypted copy of itself, which is decoded by a decryption module. In the case of polymorphic viruses, however, this decryption module is also modified on each infection. Polymorphic Code A well-written polymorphic virus therefore has no parts which remain identical between infections, making it very difficult to detect directly using "signatures 7/28/2021 (C) Dr. Jyoti Lakhani
Polymorphic code Antivirus software can detect it by decrypting the viruses using an emulator of the encrypted virus body. To enable polymorphic code, the virus has to have a polymorphic engine (also called "mutating engine" or "mutation engine") somewhere in its encrypted body. . 7/28/2021 (C) Dr. Jyoti Lakhani
7/28/2021 (C) Dr. Jyoti Lakhani
7/28/2021 (C) Dr. Jyoti Lakhani
Metamorphic code To avoid being detected by emulation, some viruses rewrite themselves completely each time they are to infect new executables. Viruses that utilize this technique are said to be in metamorphic code. To enable metamorphism, a "metamorphic engine" is needed. A metamorphic virus is usually very large and complex. For example, W32/Simile consisted of over 14,000 lines of assembly language code, 90% of which is part of the metamorphic engine. 7/28/2021 (C) Dr. Jyoti Lakhani
7/28/2021 (C) Dr. Jyoti Lakhani

Recommended

Lecture 22 What inside the Router.pptx
Lecture 22 What inside the Router.pptxLecture 22 What inside the Router.pptx
Lecture 22 What inside the Router.pptxHanzlaNaveed1
 
Malware Analysis Made Simple
Malware Analysis Made SimpleMalware Analysis Made Simple
Malware Analysis Made SimplePaul Melson
 
Introduction to Malware Analysis
Introduction to Malware AnalysisIntroduction to Malware Analysis
Introduction to Malware AnalysisAndrew McNicol
 
Malware analysis
Malware analysisMalware analysis
Malware analysisPrakashchand Suthar
 
Patch and Vulnerability Management
Patch and Vulnerability ManagementPatch and Vulnerability Management
Patch and Vulnerability ManagementMarcelo Martins
 
Investigating server logs
Investigating server logsInvestigating server logs
Investigating server logsAnimesh Shaw
 
Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information SecurityDumindu Pahalawatta
 
Anomalies Detection: Windows OS - Part 1
Anomalies Detection: Windows OS - Part 1Anomalies Detection: Windows OS - Part 1
Anomalies Detection: Windows OS - Part 1Rhydham Joshi
 

Recommended

Lecture 22 What inside the Router.pptx
Lecture 22 What inside the Router.pptxLecture 22 What inside the Router.pptx
Lecture 22 What inside the Router.pptxHanzlaNaveed1
 
Malware Analysis Made Simple
Malware Analysis Made SimpleMalware Analysis Made Simple
Malware Analysis Made SimplePaul Melson
 
Introduction to Malware Analysis
Introduction to Malware AnalysisIntroduction to Malware Analysis
Introduction to Malware AnalysisAndrew McNicol
 
Malware analysis
Malware analysisMalware analysis
Malware analysisPrakashchand Suthar
 
Patch and Vulnerability Management
Patch and Vulnerability ManagementPatch and Vulnerability Management
Patch and Vulnerability ManagementMarcelo Martins
 
Investigating server logs
Investigating server logsInvestigating server logs
Investigating server logsAnimesh Shaw
 
Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information SecurityDumindu Pahalawatta
 
Anomalies Detection: Windows OS - Part 1
Anomalies Detection: Windows OS - Part 1Anomalies Detection: Windows OS - Part 1
Anomalies Detection: Windows OS - Part 1Rhydham Joshi
 
Best Practices for Configuring Your OSSIM Installation
Best Practices for Configuring Your OSSIM InstallationBest Practices for Configuring Your OSSIM Installation
Best Practices for Configuring Your OSSIM InstallationAlienVault
 
Malware Static Analysis
Malware Static AnalysisMalware Static Analysis
Malware Static AnalysisHossein Yavari
 
OSSIM Overview
OSSIM OverviewOSSIM Overview
OSSIM Overviewn|u - The Open Security Community
 
System hacking
System hackingSystem hacking
System hackingCAS
 
Understanding Cross-site Request Forgery
Understanding Cross-site Request ForgeryUnderstanding Cross-site Request Forgery
Understanding Cross-site Request ForgeryDaniel Miessler
 
IBM QRadar WinCollector - Managed Vs Stand Alone
IBM QRadar WinCollector - Managed Vs Stand AloneIBM QRadar WinCollector - Managed Vs Stand Alone
IBM QRadar WinCollector - Managed Vs Stand AloneMuhammad Abdel Aal
 
Stopping zero day threats
Stopping zero day threatsStopping zero day threats
Stopping zero day threatsZscaler
 
Practical Malware Analysis Ch 14: Malware-Focused Network Signatures
Practical Malware Analysis Ch 14: Malware-Focused Network SignaturesPractical Malware Analysis Ch 14: Malware-Focused Network Signatures
Practical Malware Analysis Ch 14: Malware-Focused Network SignaturesSam Bowne
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testingAbu Sadat Mohammed Yasin
 
Fileless Malware [Cyber Security]
Fileless Malware [Cyber Security]Fileless Malware [Cyber Security]
Fileless Malware [Cyber Security]sumit saurav
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainSuvrat Jain
 
Threat Hunting with Splunk Hands-on
Threat Hunting with Splunk Hands-onThreat Hunting with Splunk Hands-on
Threat Hunting with Splunk Hands-onSplunk
 
Threat Modelling
Threat ModellingThreat Modelling
Threat Modellingn|u - The Open Security Community
 
Malware Classification and Analysis
Malware Classification and AnalysisMalware Classification and Analysis
Malware Classification and AnalysisPrashant Chopra
 
Chapter 9: Access Control Management
Chapter 9: Access Control ManagementChapter 9: Access Control Management
Chapter 9: Access Control ManagementNada G.Youssef
 
Windows Threat Hunting
Windows Threat HuntingWindows Threat Hunting
Windows Threat HuntingGIBIN JOHN
 
Security Training: #3 Threat Modelling - Practices and Tools
Security Training: #3 Threat Modelling - Practices and ToolsSecurity Training: #3 Threat Modelling - Practices and Tools
Security Training: #3 Threat Modelling - Practices and ToolsYulian Slobodyan
 
Classification of vulnerabilities
Classification of vulnerabilitiesClassification of vulnerabilities
Classification of vulnerabilitiesMayur Mehta
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Managementasherad
 
Web application vulnerabilities
Web application vulnerabilitiesWeb application vulnerabilities
Web application vulnerabilitiesebusinessmantra
 
Computer Viruses- B S Kalyan Chakravarthy
Computer Viruses- B S Kalyan ChakravarthyComputer Viruses- B S Kalyan Chakravarthy
Computer Viruses- B S Kalyan ChakravarthyDipayan Sarkar
 
Computer viruses by joy chakraborty
Computer viruses by joy chakrabortyComputer viruses by joy chakraborty
Computer viruses by joy chakrabortyJoy Chakraborty
 

More Related Content

What's hot

Best Practices for Configuring Your OSSIM Installation
Best Practices for Configuring Your OSSIM InstallationBest Practices for Configuring Your OSSIM Installation
Best Practices for Configuring Your OSSIM InstallationAlienVault
 
Malware Static Analysis
Malware Static AnalysisMalware Static Analysis
Malware Static AnalysisHossein Yavari
 
System hacking
System hackingSystem hacking
System hackingCAS
 
Understanding Cross-site Request Forgery
Understanding Cross-site Request ForgeryUnderstanding Cross-site Request Forgery
Understanding Cross-site Request ForgeryDaniel Miessler
 
IBM QRadar WinCollector - Managed Vs Stand Alone
IBM QRadar WinCollector - Managed Vs Stand AloneIBM QRadar WinCollector - Managed Vs Stand Alone
IBM QRadar WinCollector - Managed Vs Stand AloneMuhammad Abdel Aal
 
Stopping zero day threats
Stopping zero day threatsStopping zero day threats
Stopping zero day threatsZscaler
 
Practical Malware Analysis Ch 14: Malware-Focused Network Signatures
Practical Malware Analysis Ch 14: Malware-Focused Network SignaturesPractical Malware Analysis Ch 14: Malware-Focused Network Signatures
Practical Malware Analysis Ch 14: Malware-Focused Network SignaturesSam Bowne
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testingAbu Sadat Mohammed Yasin
 
Fileless Malware [Cyber Security]
Fileless Malware [Cyber Security]Fileless Malware [Cyber Security]
Fileless Malware [Cyber Security]sumit saurav
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainSuvrat Jain
 
Threat Hunting with Splunk Hands-on
Threat Hunting with Splunk Hands-onThreat Hunting with Splunk Hands-on
Threat Hunting with Splunk Hands-onSplunk
 
Malware Classification and Analysis
Malware Classification and AnalysisMalware Classification and Analysis
Malware Classification and AnalysisPrashant Chopra
 
Chapter 9: Access Control Management
Chapter 9: Access Control ManagementChapter 9: Access Control Management
Chapter 9: Access Control ManagementNada G.Youssef
 
Windows Threat Hunting
Windows Threat HuntingWindows Threat Hunting
Windows Threat HuntingGIBIN JOHN
 
Security Training: #3 Threat Modelling - Practices and Tools
Security Training: #3 Threat Modelling - Practices and ToolsSecurity Training: #3 Threat Modelling - Practices and Tools
Security Training: #3 Threat Modelling - Practices and ToolsYulian Slobodyan
 
Classification of vulnerabilities
Classification of vulnerabilitiesClassification of vulnerabilities
Classification of vulnerabilitiesMayur Mehta
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Managementasherad
 
Web application vulnerabilities
Web application vulnerabilitiesWeb application vulnerabilities
Web application vulnerabilitiesebusinessmantra
 

What's hot (20)

Best Practices for Configuring Your OSSIM Installation
Best Practices for Configuring Your OSSIM InstallationBest Practices for Configuring Your OSSIM Installation
Best Practices for Configuring Your OSSIM Installation
 
Malware Static Analysis
Malware Static AnalysisMalware Static Analysis
Malware Static Analysis
 
OSSIM Overview
OSSIM OverviewOSSIM Overview
OSSIM Overview
 
System hacking
System hackingSystem hacking
System hacking
 
Understanding Cross-site Request Forgery
Understanding Cross-site Request ForgeryUnderstanding Cross-site Request Forgery
Understanding Cross-site Request Forgery
 
IBM QRadar WinCollector - Managed Vs Stand Alone
IBM QRadar WinCollector - Managed Vs Stand AloneIBM QRadar WinCollector - Managed Vs Stand Alone
IBM QRadar WinCollector - Managed Vs Stand Alone
 
Stopping zero day threats
Stopping zero day threatsStopping zero day threats
Stopping zero day threats
 
Practical Malware Analysis Ch 14: Malware-Focused Network Signatures
Practical Malware Analysis Ch 14: Malware-Focused Network SignaturesPractical Malware Analysis Ch 14: Malware-Focused Network Signatures
Practical Malware Analysis Ch 14: Malware-Focused Network Signatures
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testing
 
Fileless Malware [Cyber Security]
Fileless Malware [Cyber Security]Fileless Malware [Cyber Security]
Fileless Malware [Cyber Security]
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jain
 
Threat Hunting with Splunk Hands-on
Threat Hunting with Splunk Hands-onThreat Hunting with Splunk Hands-on
Threat Hunting with Splunk Hands-on
 
Threat Modelling
Threat ModellingThreat Modelling
Threat Modelling
 
Malware Classification and Analysis
Malware Classification and AnalysisMalware Classification and Analysis
Malware Classification and Analysis
 
Chapter 9: Access Control Management
Chapter 9: Access Control ManagementChapter 9: Access Control Management
Chapter 9: Access Control Management
 
Windows Threat Hunting
Windows Threat HuntingWindows Threat Hunting
Windows Threat Hunting
 
Security Training: #3 Threat Modelling - Practices and Tools
Security Training: #3 Threat Modelling - Practices and ToolsSecurity Training: #3 Threat Modelling - Practices and Tools
Security Training: #3 Threat Modelling - Practices and Tools
 
Classification of vulnerabilities
Classification of vulnerabilitiesClassification of vulnerabilities
Classification of vulnerabilities
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Management
 
Web application vulnerabilities
Web application vulnerabilitiesWeb application vulnerabilities
Web application vulnerabilities
 

Similar to Ids 005 computer viruses

Computer Viruses- B S Kalyan Chakravarthy
Computer Viruses- B S Kalyan ChakravarthyComputer Viruses- B S Kalyan Chakravarthy
Computer Viruses- B S Kalyan ChakravarthyDipayan Sarkar
 
Computer viruses by joy chakraborty
Computer viruses by joy chakrabortyComputer viruses by joy chakraborty
Computer viruses by joy chakrabortyJoy Chakraborty
 
computer virus Report
computer virus Reportcomputer virus Report
computer virus Reportrawaabdullah
 
CSC439-Sp2013-Module-9-Spring2013-Malware.pdf
CSC439-Sp2013-Module-9-Spring2013-Malware.pdfCSC439-Sp2013-Module-9-Spring2013-Malware.pdf
CSC439-Sp2013-Module-9-Spring2013-Malware.pdfkd123is123live
 
Dilsher idrees mustafa_6_a_vulnerabilities_study
Dilsher idrees mustafa_6_a_vulnerabilities_studyDilsher idrees mustafa_6_a_vulnerabilities_study
Dilsher idrees mustafa_6_a_vulnerabilities_studydilsherece
 
Computer virus
Computer virusComputer virus
Computer virusDark Side
 
suraj singh Bed PPT(Computer Virus and its management).pptx
suraj singh Bed PPT(Computer Virus and its management).pptxsuraj singh Bed PPT(Computer Virus and its management).pptx
suraj singh Bed PPT(Computer Virus and its management).pptxDEEP TIWARI
 
Computer Virus And Antivirus-Sumon Chakraborty
Computer Virus And Antivirus-Sumon ChakrabortyComputer Virus And Antivirus-Sumon Chakraborty
Computer Virus And Antivirus-Sumon Chakrabortysankhadeep
 
Madhu Devi ppt(computer virus and its management).pptx
Madhu Devi ppt(computer virus and its management).pptxMadhu Devi ppt(computer virus and its management).pptx
Madhu Devi ppt(computer virus and its management).pptxDEEP TIWARI
 
Madhu Devi ppt(computer virus and its management).pptx
Madhu Devi ppt(computer virus and its management).pptxMadhu Devi ppt(computer virus and its management).pptx
Madhu Devi ppt(computer virus and its management).pptxDEEP TIWARI
 
Presentation2
Presentation2Presentation2
Presentation2Jeslynn
 
Computer viruses
Computer virusesComputer viruses
Computer virusesSimiAttri
 
Firewall , Viruses and Antiviruses
Firewall , Viruses and AntivirusesFirewall , Viruses and Antiviruses
Firewall , Viruses and AntivirusesVikas Chandwani
 
introduction to malwares,virus,trojan horse
introduction to malwares,virus,trojan horseintroduction to malwares,virus,trojan horse
introduction to malwares,virus,trojan horseSpandan Patnaik
 
Computer virus (sarthak)
Computer virus (sarthak)Computer virus (sarthak)
Computer virus (sarthak)manveer gujar
 

Similar to Ids 005 computer viruses (20)

Computer Viruses- B S Kalyan Chakravarthy
Computer Viruses- B S Kalyan ChakravarthyComputer Viruses- B S Kalyan Chakravarthy
Computer Viruses- B S Kalyan Chakravarthy
 
Computer viruses by joy chakraborty
Computer viruses by joy chakrabortyComputer viruses by joy chakraborty
Computer viruses by joy chakraborty
 
FCS Presentation.pptx
FCS Presentation.pptxFCS Presentation.pptx
FCS Presentation.pptx
 
computer virus Report
computer virus Reportcomputer virus Report
computer virus Report
 
CSC439-Sp2013-Module-9-Spring2013-Malware.pdf
CSC439-Sp2013-Module-9-Spring2013-Malware.pdfCSC439-Sp2013-Module-9-Spring2013-Malware.pdf
CSC439-Sp2013-Module-9-Spring2013-Malware.pdf
 
Dilsher idrees mustafa_6_a_vulnerabilities_study
Dilsher idrees mustafa_6_a_vulnerabilities_studyDilsher idrees mustafa_6_a_vulnerabilities_study
Dilsher idrees mustafa_6_a_vulnerabilities_study
 
Types of Virus & Anti-virus
Types of Virus & Anti-virusTypes of Virus & Anti-virus
Types of Virus & Anti-virus
 
viruses
virusesviruses
viruses
 
Computer virus
Computer virusComputer virus
Computer virus
 
suraj singh Bed PPT(Computer Virus and its management).pptx
suraj singh Bed PPT(Computer Virus and its management).pptxsuraj singh Bed PPT(Computer Virus and its management).pptx
suraj singh Bed PPT(Computer Virus and its management).pptx
 
Computer Virus And Antivirus-Sumon Chakraborty
Computer Virus And Antivirus-Sumon ChakrabortyComputer Virus And Antivirus-Sumon Chakraborty
Computer Virus And Antivirus-Sumon Chakraborty
 
Madhu Devi ppt(computer virus and its management).pptx
Madhu Devi ppt(computer virus and its management).pptxMadhu Devi ppt(computer virus and its management).pptx
Madhu Devi ppt(computer virus and its management).pptx
 
Madhu Devi ppt(computer virus and its management).pptx
Madhu Devi ppt(computer virus and its management).pptxMadhu Devi ppt(computer virus and its management).pptx
Madhu Devi ppt(computer virus and its management).pptx
 
Cybercrime: Virus and Defense
Cybercrime: Virus and DefenseCybercrime: Virus and Defense
Cybercrime: Virus and Defense
 
Presentation2
Presentation2Presentation2
Presentation2
 
Virus examples
Virus examplesVirus examples
Virus examples
 
Computer viruses
Computer virusesComputer viruses
Computer viruses
 
Firewall , Viruses and Antiviruses
Firewall , Viruses and AntivirusesFirewall , Viruses and Antiviruses
Firewall , Viruses and Antiviruses
 
introduction to malwares,virus,trojan horse
introduction to malwares,virus,trojan horseintroduction to malwares,virus,trojan horse
introduction to malwares,virus,trojan horse
 
Computer virus (sarthak)
Computer virus (sarthak)Computer virus (sarthak)
Computer virus (sarthak)
 

More from jyoti_lakhani

CG02 Computer Graphic Systems.ppsx
CG02 Computer Graphic Systems.ppsxCG02 Computer Graphic Systems.ppsx
CG02 Computer Graphic Systems.ppsxjyoti_lakhani
 
CG04 Color Models.ppsx
CG04 Color Models.ppsxCG04 Color Models.ppsx
CG04 Color Models.ppsxjyoti_lakhani
 
CG03 Random Raster Scan displays and Color CRTs.ppsx
CG03 Random Raster Scan displays and Color CRTs.ppsxCG03 Random Raster Scan displays and Color CRTs.ppsx
CG03 Random Raster Scan displays and Color CRTs.ppsxjyoti_lakhani
 
CG02 Computer Graphic Systems.pptx
CG02 Computer Graphic Systems.pptxCG02 Computer Graphic Systems.pptx
CG02 Computer Graphic Systems.pptxjyoti_lakhani
 
CG01 introduction.ppsx
CG01 introduction.ppsxCG01 introduction.ppsx
CG01 introduction.ppsxjyoti_lakhani
 
Tree terminology and introduction to binary tree
Tree terminology and introduction to binary treeTree terminology and introduction to binary tree
Tree terminology and introduction to binary treejyoti_lakhani
 
Ds006 linked list- delete from front
Ds006 linked list- delete from frontDs006 linked list- delete from front
Ds006 linked list- delete from frontjyoti_lakhani
 
Ds06 linked list- insert a node after a given node
Ds06 linked list- insert a node after a given nodeDs06 linked list- insert a node after a given node
Ds06 linked list- insert a node after a given nodejyoti_lakhani
 
Ds06 linked list- insert a node at end
Ds06 linked list- insert a node at endDs06 linked list- insert a node at end
Ds06 linked list- insert a node at endjyoti_lakhani
 
Ds06 linked list- insert a node at beginning
Ds06 linked list- insert a node at beginningDs06 linked list- insert a node at beginning
Ds06 linked list- insert a node at beginningjyoti_lakhani
 
Ds06 linked list- intro and create a node
Ds06 linked list- intro and create a nodeDs06 linked list- intro and create a node
Ds06 linked list- intro and create a nodejyoti_lakhani
 
Ds04 abstract data types (adt) jyoti lakhani
Ds04 abstract data types (adt) jyoti lakhaniDs04 abstract data types (adt) jyoti lakhani
Ds04 abstract data types (adt) jyoti lakhanijyoti_lakhani
 
Ds03 part i algorithms by jyoti lakhani
Ds03 part i algorithms by jyoti lakhaniDs03 part i algorithms by jyoti lakhani
Ds03 part i algorithms by jyoti lakhanijyoti_lakhani
 
Ds03 algorithms jyoti lakhani
Ds03 algorithms jyoti lakhaniDs03 algorithms jyoti lakhani
Ds03 algorithms jyoti lakhanijyoti_lakhani
 
Ds02 flow chart and pseudo code
Ds02 flow chart and pseudo codeDs02 flow chart and pseudo code
Ds02 flow chart and pseudo codejyoti_lakhani
 
Ds01 data structure introduction - by jyoti lakhani
Ds01 data structure introduction - by jyoti lakhaniDs01 data structure introduction - by jyoti lakhani
Ds01 data structure introduction - by jyoti lakhanijyoti_lakhani
 

More from jyoti_lakhani (20)

CG02 Computer Graphic Systems.ppsx
CG02 Computer Graphic Systems.ppsxCG02 Computer Graphic Systems.ppsx
CG02 Computer Graphic Systems.ppsx
 
Projections.pptx
Projections.pptxProjections.pptx
Projections.pptx
 
CG04 Color Models.ppsx
CG04 Color Models.ppsxCG04 Color Models.ppsx
CG04 Color Models.ppsx
 
CG03 Random Raster Scan displays and Color CRTs.ppsx
CG03 Random Raster Scan displays and Color CRTs.ppsxCG03 Random Raster Scan displays and Color CRTs.ppsx
CG03 Random Raster Scan displays and Color CRTs.ppsx
 
CG02 Computer Graphic Systems.pptx
CG02 Computer Graphic Systems.pptxCG02 Computer Graphic Systems.pptx
CG02 Computer Graphic Systems.pptx
 
CG01 introduction.ppsx
CG01 introduction.ppsxCG01 introduction.ppsx
CG01 introduction.ppsx
 
Doubly linked list
Doubly linked listDoubly linked list
Doubly linked list
 
Double ended queue
Double ended queueDouble ended queue
Double ended queue
 
Tree terminology and introduction to binary tree
Tree terminology and introduction to binary treeTree terminology and introduction to binary tree
Tree terminology and introduction to binary tree
 
Priority queue
Priority queuePriority queue
Priority queue
 
Ds006 linked list- delete from front
Ds006 linked list- delete from frontDs006 linked list- delete from front
Ds006 linked list- delete from front
 
Ds06 linked list- insert a node after a given node
Ds06 linked list- insert a node after a given nodeDs06 linked list- insert a node after a given node
Ds06 linked list- insert a node after a given node
 
Ds06 linked list- insert a node at end
Ds06 linked list- insert a node at endDs06 linked list- insert a node at end
Ds06 linked list- insert a node at end
 
Ds06 linked list- insert a node at beginning
Ds06 linked list- insert a node at beginningDs06 linked list- insert a node at beginning
Ds06 linked list- insert a node at beginning
 
Ds06 linked list- intro and create a node
Ds06 linked list- intro and create a nodeDs06 linked list- intro and create a node
Ds06 linked list- intro and create a node
 
Ds04 abstract data types (adt) jyoti lakhani
Ds04 abstract data types (adt) jyoti lakhaniDs04 abstract data types (adt) jyoti lakhani
Ds04 abstract data types (adt) jyoti lakhani
 
Ds03 part i algorithms by jyoti lakhani
Ds03 part i algorithms by jyoti lakhaniDs03 part i algorithms by jyoti lakhani
Ds03 part i algorithms by jyoti lakhani
 
Ds03 algorithms jyoti lakhani
Ds03 algorithms jyoti lakhaniDs03 algorithms jyoti lakhani
Ds03 algorithms jyoti lakhani
 
Ds02 flow chart and pseudo code
Ds02 flow chart and pseudo codeDs02 flow chart and pseudo code
Ds02 flow chart and pseudo code
 
Ds01 data structure introduction - by jyoti lakhani
Ds01 data structure introduction - by jyoti lakhaniDs01 data structure introduction - by jyoti lakhani
Ds01 data structure introduction - by jyoti lakhani
 

Recently uploaded

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesBoston Institute of Analytics
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 

Recently uploaded (20)

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 

Ids 005 computer viruses

  • 1. Computer Virus 7/28/2021 (C) Dr. Jyoti Lakhani
  • 2. Self-replicating program that attach itself to an existing program and infects a system without permission or knowledge of the user. 7/28/2021 (C) Dr. Jyoti Lakhani Virus A computer virus is a type of computer program that, when executed, replicates itself by modifying other computer programs and inserting its own code. When this replication succeeds, the affected areas are then said to be "infected" with a computer virus. Computer viruses cause billions of dollars' worth of economic damage each year. -Wiki
  • 3. 7/28/2021 (C) Dr. Jyoti Lakhani Virus writers use social engineering deceptions* and exploit detailed knowledge of security vulnerabilities to initially infect systems and to spread the virus. The vast majority of viruses target systems running Microsoft Windows, employing a variety of mechanisms to infect new hosts, and often using complex anti-detection/stealth strategies to evade antivirus software Deception* is an act or statement which misleads, hides the truth
  • 4. 7/28/2021 (C) Dr. Jyoti Lakhani What Damage a VIRUS can cause? System Failure Corrupting Data Wasting Computer Resources Increasing Maintenance Cost Stealing Personal Information
  • 5. Study on the theory of self-replicating computer programswas done in 1949 by John von Neumann Inception Idea Von Neumann's design for a self-reproducing computer program is considered the world's first computer virus Theoretical “FATHER" of computer virology = John von Neumann 7/28/2021 (C) Dr. Jyoti Lakhani
  • 6. Components of a Computer Virus Trigger Infection Mechanism Payload Search Routine Condition Malicious Code 7/28/2021 (C) Dr. Jyoti Lakhani
  • 7. Infection mechanism(infection vector): This is how the virus spreads or propagates. A virus typically has a search routine, which locates new files or new disks for infection. Trigger(logic bomb ): This is the compiled version that could be activated any time within an executable file when the virus is run that determines the event such as a particular date, a particular time, particular presence of another program, capacity of the disk exceeding some limit. Payload: The actual body or data which carries out the malicious purpose of the virus. Payload activity might be noticeable (e.g., because it causes the system to slow down or "freeze"), as most of the time the "payload" itself is the harmful activity. Virus Hoax : When virus is non-destructive but distributive 7/28/2021 (C) Dr. Jyoti Lakhani
  • 8. Dormant Propagation Triggering Execution Phases/ Life Cycle of Computer Virus 7/28/2021 (C) Dr. Jyoti Lakhani
  • 9. Dormant phase: • The virus program is idle during this stage. • The virus program has managed to access the target user's computer or software. • The virus will eventually be activated by the "trigger“. • Not all viruses have this stage. Propagation phase: • The virus starts propagating by multiplying and replicating itself. • The virus places a copy of itself into other programs or into certain system areas on the disk. • The copy may not be identical to the propagating version • Viruses often "morph" or change to evade detection by anti-virus software. • Each infected program will now contain a clone of the virus, which will itself enter a propagation phase. 7/28/2021 (C) Dr. Jyoti Lakhani
  • 10. Triggering phase: A dormant virus moves into this phase when it is activated, and will now perform the function for which it was intended. The triggering phase can be caused by a variety of system events, including a count of the number of times that this copy of the virus has made copies of itself. The trigger may occur when an employee is terminated from their employment or after a set period of time has elapsed, in order to reduce suspicion. 7/28/2021 (C) Dr. Jyoti Lakhani
  • 11. Execution phase: This is the actual work of the virus, where the "payload" will be released. It can be destructive such as- • Deleting files on disk • Crashing the system • Corrupting files • Popping up humorous or political messages on screen 7/28/2021 (C) Dr. Jyoti Lakhani
  • 12. Phases of Computer Virus Dormant Phase Trigger Morph Replication Trigger Morph Replication Dormant Propagation Execution 7/28/2021 (C) Dr. Jyoti Lakhani
  • 13. On the basis of Infection Targets 1. Resides in binary executables (such as .EXE or .COM files) 2. Resides in data files 1. Microsoft Word documents 2. PDF files 3. Resides in the boot sector of the host's hard drive Classification of Viruses 7/28/2021 (C) Dr. Jyoti Lakhani
  • 14. 7/28/2021 (C) Dr. Jyoti Lakhani
  • 15. Resident Virus or Memory-Resident Virus Installs itself as part of the operating system when executed, after which it remains in RAM from the time the computer is booted up to when it is shut down. Resident viruses overwrite interrupt handling and other functions of the OS. When OS attempts to access the target file or disk sector, the virus code intercepts the request and redirects the control flow to the replication module, infecting the target. Non-Resident Viruses A non-memory-resident virus (or "non-resident virus"), when executed, scans the disk for targets, infects them, and then exits (i.e. it does not remain in memory after it is done executing). Classification of Viruses On the basis of its residence location 7/28/2021 (C) Dr. Jyoti Lakhani
  • 16. 7/28/2021 (C) Dr. Jyoti Lakhani
  • 17. Macro Viruses (Document Virus) A virus written in a macro language and embedded into these documents so that when users open the file, the virus code is executed, and can infect the user's computer. This is one of the reasons that it is dangerous to open unexpected or suspicious attachments in e-mails. 7/28/2021 (C) Dr. Jyoti Lakhani
  • 18. 7/28/2021 (C) Dr. Jyoti Lakhani
  • 19. Boot Sector Viruses Boot sector viruses specifically target the boot sector and/or the Master Boot Record (MBR) of the host's hard disk drive, solid- state drive, or removable storage media (flash drives, floppy disks, etc.). The most common way of transmission of computer viruses in boot sector is physical media. When reading the VBR of the drive, the infected floppy disk or USB flash drive connected to the computer will transfer data, and then modify or replace the existing boot code. The next time a user tries to start the desktop, the virus will immediately load and run as part of the master boot record. 7/28/2021 (C) Dr. Jyoti Lakhani
  • 20. 7/28/2021 (C) Dr. Jyoti Lakhani
  • 21. Email Virus Viruses that intentionally uses the email system to spread. While virus infected files may be accidentally sent as email attachments. Email viruses are aware of email system functions. They harvest email addresses from various sources, and may append copies of themselves to all email sent, or may generate email messages containing copies of themselves as attachments. 7/28/2021 (C) Dr. Jyoti Lakhani
  • 22. 7/28/2021 (C) Dr. Jyoti Lakhani
  • 23. Stealth Techniques To avoid detection by users, some viruses employ different kinds of deception. Some old viruses, especially on the DOS platform, make sure that the "last modified" date of a host file stays the same when the file is infected by the virus. This approach does not fool antivirus software, however, especially those which maintain and date cyclic redundancy checks on file changes. 7/28/2021 (C) Dr. Jyoti Lakhani
  • 24. Stealth Techniques Some viruses can infect files without increasing their sizes or damaging the files. They accomplish this by overwriting unused areas of executable files. These are called cavity viruses. For example, the CIH virus, or Chernobyl Virus, infects Portable Executable files. Because those files have many empty gaps, the virus, which was 1 KB in length, did not add to the size of the file. Some viruses try to avoid detection by killing the tasks associated with antivirus software before it can detect them (for example, Conficker). In the 2010s, as computers and operating systems grow larger and more complex, old hiding techniques need to be updated or replaced. Defending a computer against viruses may demand that a file system migrate towards detailed and explicit permission for every kind of file access 7/28/2021 (C) Dr. Jyoti Lakhani
  • 25. Stealth Techniques Some viruses try to avoid detection by killing the tasks associated with antivirus software before it can detect them (for example, Conficker). Defending a computer against viruses may demand that a file system migrate towards detailed and explicit permission for every kind of file access 7/28/2021 (C) Dr. Jyoti Lakhani
  • 26. Read request intercept The interception can occur by code injection of the actual operating system files that would handle the read request. Thus, an antivirus software attempting to detect the virus will either not be permitted to read the infected file, or, the "read" request will be served with the uninfected version of the same file. The only reliable method to avoid "stealth" viruses is to "reboot" from a medium that is known to be "clear". Security software can then be used to check the dormant operating system files. 7/28/2021 (C) Dr. Jyoti Lakhani
  • 27. Self-Modification Most modern antivirus programs try to find virus-patterns inside ordinary programs by scanning them for so-called virus signatures. Virus "signature" is a sequence of bytes. If a virus scanner finds such a pattern in a file before it notifies the user that the file is infected. The user can then delete, or (in some cases) "clean" or "heal" the infected file. Some viruses employ techniques that make detection by means of signatures difficult. These viruses modify their code on each infection. Each infected file contains a different variant of the virus. 7/28/2021 (C) Dr. Jyoti Lakhani
  • 28. Encrypted viruses • Encryption is used by viruses to evade signature detection • Virus use simple encryption key to encipher (encode) the body of the virus. • The virus consists of a small decrypting module and an encrypted copy of the virus code. • In this case, a virus scanner cannot directly detect the virus using signatures, but it can still detect the decrypting module, which still makes indirect detection of the virus possible. Methods of encryption- 1. Using Cryptographic Key 2. Using arithmetic operation like addition or subtraction, Bitwise rotation, Arithmetic negation 3. Using logical operations like XOR, Logical NOT 7/28/2021 (C) Dr. Jyoti Lakhani
  • 29. 7/28/2021 (C) Dr. Jyoti Lakhani
  • 30. Some viruses, called polymorphic viruses, will employ a means of encryption inside an executable in which the virus is encrypted under certain events. Just like regular encrypted viruses, a polymorphic virus infects files with an encrypted copy of itself, which is decoded by a decryption module. In the case of polymorphic viruses, however, this decryption module is also modified on each infection. Polymorphic Code A well-written polymorphic virus therefore has no parts which remain identical between infections, making it very difficult to detect directly using "signatures 7/28/2021 (C) Dr. Jyoti Lakhani
  • 31. Polymorphic code Antivirus software can detect it by decrypting the viruses using an emulator of the encrypted virus body. To enable polymorphic code, the virus has to have a polymorphic engine (also called "mutating engine" or "mutation engine") somewhere in its encrypted body. . 7/28/2021 (C) Dr. Jyoti Lakhani
  • 32. 7/28/2021 (C) Dr. Jyoti Lakhani
  • 33. 7/28/2021 (C) Dr. Jyoti Lakhani
  • 34. Metamorphic code To avoid being detected by emulation, some viruses rewrite themselves completely each time they are to infect new executables. Viruses that utilize this technique are said to be in metamorphic code. To enable metamorphism, a "metamorphic engine" is needed. A metamorphic virus is usually very large and complex. For example, W32/Simile consisted of over 14,000 lines of assembly language code, 90% of which is part of the metamorphic engine. 7/28/2021 (C) Dr. Jyoti Lakhani
  • 35. 7/28/2021 (C) Dr. Jyoti Lakhani