SlideShare a Scribd company logo

Network virus detection & prevention

Download as PPT, PDF
K
Khaleel Assadi

Network virus detection & prevention seminar Presentation ppt file

EducationTechnology
1 of 28
One of the most high profile threats to information integrity is Network viruses. Network viruses are software that behaves like biological viruses—they attach themselves to a host and replicate, spreading the infection. For a computer program to be classified as a virus, it simply must replicate itself. In this paper (Network Virus Detection and Prevention), I am presenting what are viruses, worms, and Trojan horses and their differences, different strategies of virus spreading, Virus detection, Virus prevention and case studies of Slammer and Blaster worms.
Virus: A self-replicating program. Often Viruses require a host, and their goal is to infect other files so that the virus can live longer. Worms: Worms are insidious because they rely less (or not at all) upon human behavior in order to spread themselves from one computer to others. Trojan Horses: A Trojan Horse is a one which pretend to be useful programs but do some unwanted action.
Logic Bombs : A logic bomb is a programmed malfunction of a legitimate application. Germs: These are first-generation viruses in a form that the virus cannot generate to its usual infection process. Exploits: Exploit is specific to single vulnerability or set of vulnerabilities.
1) Size- The sizes of the program code required for computer viruses are very small. 2) Versatility - Computer viruses have appeared with the ability to generically attack a wide variety of applications. 3) Propagation - Once a computer virus has infected a program, while this program is running, the virus is able to spread to other programs and files accessible to the computer system. 4) Effectiveness - Many of the computer viruses have far-reaching and catastrophic effects on their victims, including total loss of data, programs, and even the operating systems. 5) Functionality - A wide variety of functions has been demonstrated in virus programs. Some virus programs merely spread themselves to applications without attacking data files, program functions, or operating system activities. Other viruses are programmed to damage or delete files, and even to destroy systems. 6) Persistence - In many cases, especially networked operations, eradication of viruses has been complicated by the ability of virus program to repeatedly spread and reoccur through the networked system from a single copy.
Virus/Worm types overview :  Binary File Virus and Worm: They are able to infect over networks. Normally these are written in machine code.  Binary Stream Worms: Stream worms are a group of network spreading worms that never manifest as files.  Script File Virus and Worm: A script virus is technically a file virus, but script viruses are written as human readable text.  Macro Virus: Macro Viruses infect data files, documents and spreadsheets.  Boot Virus: The first known successful computer virus . These are not able to infect over networks. These take the boot process of personal computers.  Multipartite Viruses: infect both executable files and boot sectors
Overwriting Viruses: These locate another file on the disk and overwrite with their own copy. Random Overwriting Viruses: This is another rare variation of the overwriting method does not change the code at the top of the file but it chooses a random location in the host program and overwrites that location.
Appending Viruses: In this technique the virus code is appended at the end of the program and the first instruction of the code is changed to a jump or call instruction which will be pointing to the starting address of the viral code. Prepending Viruses: A common virus infection technique uses the principle of inserting virus code at the front of host programs. Such viruses are called Prepending Viruses.
Cavity Viruses: These typically don’t increase the size of the program they infect. Instead they will overwrite a part of the code that can be used to store the virus code safely. Amoeba Infection Technique: This is a rarely seen infection technique where the head part of the viral code is stored at the starting of the host program and the tail part is stored after the end of the host program.
A worm might open network connections and infect a vulnerable target computer directly, as with the Morris worm, which infected an estimated 6,000 of the 60,000 Internet hosts in Nov 1988. Other worms spread, as with a virus, via the use of a host file, which needs to be transferred as part of the Network worm. More recent worms have include Mydoom and Storm which were used to install large botnets used for distributed denial of service (DDOS) and spam attacks.
Boot sector viruses infect the boot sector of the boot disk of a computer operating system. These became widespread when it was common for computer users accidently to leave a floppy disk in the drive and the computer BIOS was configured to boot from the floppy by default. These viruses would transfer via the hard disk to all writeable floppies inserted into the infected computer. This mechanism was defeated when administrators changed the BIOS settings and became less likely when floppies were less frequently used. This infection vector could return to prominence again if flash USB drives become routinely used by users to carry an operating system together with applications, custom configurations and data between physical machines.
Non-resident viruses infect application files and are run when the application runs. Typically the virus is prepended to the application source code for an interpreted application, or its executable code for a compiled application. Alternatively the virus code might be appended with a vector to itself added at the start of the program. When the virus part of the code runs it will search for another suitable file to infect. Once the virus code completes it hands control on to the infected host file. A non-resident virus can be trivial to code (see the next slide for an example), but such a 'virus' is extremely unlikely to spread.
Fast infector viruses are programmed to spread as rapidly as possible to reduce the risk of the virus being wiped out once introduced into the wild. However, a fast infector is more likely to cause changes of behaviour of the infected system so is more likely to be detected. Slow infector viruses are designed to find other targets to infect infrequently. By spreading slowly this kind of virus is less likely to be detected.
Macro viruses use the macro programming languages which are embedded within popular applications e.g. Word and Excel. This kind of virus became widespread in the 1990ies. The threat from this kind of virus has probably been reduced following additional prompts when a document containing macros is opened in Word or Excel. Cross Site Scripting (XSS) viruses exploit a combination of vulnerabilities present in both web server applications and web browsers. These will typically need to be coded in 2 parts, one part being the server code (e.g. using PHP) which propagates from the infected browser to the vulnerable servers and the other part which runs in the browser (e.g. using Java script).
Signature based detection is the most common method. To identify viruses and other malware, antivirus software compares the contents of a file to a dictionary of virus signatures. Because viruses can embed themselves in existing files, the entire file is searched, not just as a whole, but also in pieces. Heuristic-based detection, like malicious activity detection, can be used to identify unknown viruses. File emulation is another heuristic approach. File emulation involves executing a program in a virtual environment and logging what actions the program performs. Depending on the actions logged, the antivirus software can determine if the program is malicious or not and then carry out the appropriate disinfection actions.
The most popular approach to this requirement is to install an antivirus program and to keep this current. As new viruses are detected on a daily basis the signatures and heuristic methods need to be kept updated on a very regular basis. For this reason, modern antivirus programs generally include facilities automatically to update themselves using a network connection whenever new virus signatures and heuristics become available.
But the number of known virus signatures continues to increase. So even using the Clam-av antivirus package which is open source and freely installable, growing memory demands are making this job increasingly expensive . The next slide shows how many virus signatures exist and how much memory these occupy as of November 2008. Platforms which are not themselves thought to be vulnerable to viruses but which are used to distribute content potentially including viruses, e.g. via email between Windows users, must also scan for viruses to avoid becoming part of this problem.
Number of virus signatures: 437972 freshclam daemon 0.94 (OS: linux-gnu, ARCH: i386, CPU: i486) ClamAV update process started at Fri Nov 7 18:24:28 2008 main.cld is up to date (version: 49, sigs: 437972, f-level: 35, builder: sven) Demand of anti-virus on memory: 50.9% PID USER PR NI VIRT RES S %CPU %MEM COMMAND 20782 clamav 20 0 126m 72m S 0.0 50.9 clamav-milter
One approach involves stopping a system from running and mounting its hard disk using another operating system, booted using trusted media. Tools can be run on the trusted system to detect suspicious changes to files on the system being scanned. This is considered more reliable than running antivirus software directly on the system which might have been compromised and where the results of the antivirus scan may also have been compromised by an unknown virus. The trusted scanning system might also store a set of hash signatures or checksums of files which the virus might modify and test if any executable’s or registry tables have been modified.
It is used to prevent, detect, and remove malware, including but not limited to computer viruses, computer worms, trojan horses, spyware and adware. Computer security, including protection from social engineering techniques, is commonly offered in products and services of antivirus software companies. An example of free antivirus software: ClamTk 3.08
First generation: (simple scanners) scanner uses virus signature to identify virus or change in length of programs Second generation: (heuristic scanners) uses heuristic rules to spot viral infection or uses crypto hash of program to spot changes Third generation: (activity traps) memory-resident programs identify virus by actions Fourth generation: (full featured protection) packages with a variety of antivirus techniques like access control capability. E.g. scanning & activity traps, access-controls.
 Generic Decryption: Enables antivirus program to detect even the most complex polymorphic viruses. Every executable file should be run in the GD scanner which has CPU emulator, Virus sign scanner and Emulation control module.  Digital Immune System: Developed by IBM. To solve threats in a network.  Integrated mail systems  Mobile program systems
No matter how useful antivirus software can be, it can sometimes have drawbacks. Antivirus software can impair a computer's performance. Inexperienced users may also have trouble understanding the prompts and decisions that antivirus software presents them with. Installed antivirus software running on an individual computer is only one method of guarding against viruses. Other methods are also used, including cloud-based antivirus, firewalls and on-line scanners.  Cloud antivirus: Cloud antivirus is a technology that uses lightweight agent software on the protected computer, while offloading the majority of data analysis to the provider's infrastructure.  Network firewall: Network firewalls prevent unknown programs and processes from accessing the system. However, they are not antivirus systems and make no attempt to identify or remove anything.
An illustration of where a firewall would be located in a network.
3. Online scanning: Some antivirus vendors maintain websites with free online scanning capability of the entire computer, critical areas only, local disks, folders or files. Periodic online scanning is a good idea for those that run antivirus applications on their computers because those applications are frequently slow to catch threats. Using rkhunter to scan for rootkitson an Ubuntu Linux computer.
In biology, viruses enable potentially beneficial DNA to be transferred between species. This is considered to be a part of the optimisation of the evolutionary process. But it is thought unlikely that anyone could benefit from computer viruses, other than the proceeds of crime which those who write and spread viruses might obtain. The difference between a virus and another kind of program is that an ordinary program will normally have the informed consent of the system owner before it can be installed. While there is a similarity between an operating system which can create a copy of itself on installation media and a virus, the OS that makes it easy for its users to copy it will do this with the users full knowledge and consent. There is no situation in which taking away the end users consent to perform an action is considered likely to be of benefit.
I have gone through the basic definitions of Viruses and Worms, then discussed in about the different malicious code environments. After that I have discussed about the different types of viruses and worms, then discussed in detail about the various ways of virus and worm propagation techniques. After that I have discussed about the Prevention From Viruses and Worms. I have also looked into two case studies of slammer and blaster worms. The ability of attackers to rapidly gain control of vast numbers of internet hosts poses an immense risk to overall security of the internet. Now-a-days the virus writers are more concentrating on writing worms as they have got great capability to spread over the network in few minutes. There are various upcoming techniques in worm propagation such as polymorphic worms which are really a big threat to the internet community. Worms can be written such that they can be affected only to a particular region or country. There are worms which willkeep quiet for a specific amount of time and attack at random times. These worms can also be used to create Distributed Denial of Service (DDoS) which is a real threat to the websites and the network traffic.
[1] Peter Szor, The Art of Computer Virus and Defence, Harlow, England: Addison Wesely Professional, 2005. [2] Norman, Norman book on Computer Virus, Norman ASA, 2003. [3] Dan Xu, Xiang Li, and Xian Fan Wang, Mechanisms for Spreading of Computer Virus on the Internet: An Overview, IEEE Computer Society 2004, 601-606. [4] Darrell M. Kienzie, and Matthew C. Elder, Recent Worms: A Survey and Trends, Washington, DC, USA: WORM-2003 [5] David Moore, Vern Paxson, Stefan Savage, Colleen, Stuart Staniford and Nicholas Weaver, Inside the Slammer Worm, IEEE Security and Privacy, 2003. [6] Nicholas Weaver, Vern Paxson, Stuart Staniford, and Robert Cunnigham, A Taxonomy of Computer Worms, Washington, DC, USA: WORM-2003.

Recommended

Cause and effects of computer virus
Cause and effects of computer virus Cause and effects of computer virus
Cause and effects of computer virus tayyaba rashid
 
Computer viruses and antiviruses PPT
Computer viruses and antiviruses PPTComputer viruses and antiviruses PPT
Computer viruses and antiviruses PPTEva Harshita
 
Computer Viruses & Management Strategies
Computer Viruses & Management Strategies Computer Viruses & Management Strategies
Computer Viruses & Management Strategies Dasun Hegoda
 
Antivirus PPt
Antivirus PPtAntivirus PPt
Antivirus PPtArnab Singha
 
Computer Virus
Computer Virus Computer Virus
Computer Virus Study Hub
 
5 worms and other malware
5 worms and other malware5 worms and other malware
5 worms and other malwaredrewz lin
 
Computer virus
Computer virusComputer virus
Computer virusDark Side
 
Computer Virus powerpoint presentation
Computer Virus powerpoint presentationComputer Virus powerpoint presentation
Computer Virus powerpoint presentationshohrabkhan
 

Recommended

Cause and effects of computer virus
Cause and effects of computer virus Cause and effects of computer virus
Cause and effects of computer virus tayyaba rashid
 
Computer viruses and antiviruses PPT
Computer viruses and antiviruses PPTComputer viruses and antiviruses PPT
Computer viruses and antiviruses PPTEva Harshita
 
Computer Viruses & Management Strategies
Computer Viruses & Management Strategies Computer Viruses & Management Strategies
Computer Viruses & Management Strategies Dasun Hegoda
 
Antivirus PPt
Antivirus PPtAntivirus PPt
Antivirus PPtArnab Singha
 
Computer Virus
Computer Virus Computer Virus
Computer Virus Study Hub
 
5 worms and other malware
5 worms and other malware5 worms and other malware
5 worms and other malwaredrewz lin
 
Computer virus
Computer virusComputer virus
Computer virusDark Side
 
Computer Virus powerpoint presentation
Computer Virus powerpoint presentationComputer Virus powerpoint presentation
Computer Virus powerpoint presentationshohrabkhan
 
Introduction to computer virus
Introduction to computer virusIntroduction to computer virus
Introduction to computer virusYouQue ™
 
Computer virus
Computer virusComputer virus
Computer virusManjula Pradeep Gunathilake
 
Computer virus
Computer virusComputer virus
Computer virusShailendra Gohil
 
Internet Security
Internet SecurityInternet Security
Internet SecurityManoj Sahu
 
Introduction to Computer Virus
Introduction to Computer VirusIntroduction to Computer Virus
Introduction to Computer VirusImtiaz Ahmed
 
Virus slides
Virus slidesVirus slides
Virus slidesrahul kundu
 
Virus vs anti virus
Virus vs anti virusVirus vs anti virus
Virus vs anti virusXʎz ʞsɥ
 
W 12 computer viruses
W 12 computer virusesW 12 computer viruses
W 12 computer virusesInstitute of Management Studies UOP
 
Computer virus 1
Computer virus 1Computer virus 1
Computer virus 1wargames12
 
Security and Viruses
Security and VirusesSecurity and Viruses
Security and VirusesAmrit Kaur
 
Computer Virus
Computer VirusComputer Virus
Computer Virusdiarfirstdiarfirst
 
The Giant Black Book Of Computer Viruses
The Giant Black Book Of Computer VirusesThe Giant Black Book Of Computer Viruses
The Giant Black Book Of Computer VirusesChuck Thompson
 
Computer Virus
Computer VirusComputer Virus
Computer VirusOECLIB Odisha Electronics Control Library
 
Presentation Slide: Computer Virus
Presentation Slide: Computer VirusPresentation Slide: Computer Virus
Presentation Slide: Computer VirusYo Maruf
 
Welcome to my presentation
Welcome to my presentationWelcome to my presentation
Welcome to my presentationRakibul islam
 
Computer Virus
Computer VirusComputer Virus
Computer VirusAritra Das
 
Presentation2
Presentation2Presentation2
Presentation2Jeslynn
 
Computer virus (Microsoft Word)
Computer virus (Microsoft Word)Computer virus (Microsoft Word)
Computer virus (Microsoft Word)ainizbahari97
 
virus
virusvirus
virusVinod siragaon
 
computer virus and related legal issues
computer virus and related legal issuescomputer virus and related legal issues
computer virus and related legal issuesShweta Ghate
 
Network virus
Network virusNetwork virus
Network virusA M
 
Virus detection and prevention
Virus detection and preventionVirus detection and prevention
Virus detection and preventionCholo Legisma
 

More Related Content

What's hot

Introduction to computer virus
Introduction to computer virusIntroduction to computer virus
Introduction to computer virusYouQue ™
 
Internet Security
Internet SecurityInternet Security
Internet SecurityManoj Sahu
 
Introduction to Computer Virus
Introduction to Computer VirusIntroduction to Computer Virus
Introduction to Computer VirusImtiaz Ahmed
 
Virus vs anti virus
Virus vs anti virusVirus vs anti virus
Virus vs anti virusXʎz ʞsɥ
 
Computer virus 1
Computer virus 1Computer virus 1
Computer virus 1wargames12
 
Security and Viruses
Security and VirusesSecurity and Viruses
Security and VirusesAmrit Kaur
 
The Giant Black Book Of Computer Viruses
The Giant Black Book Of Computer VirusesThe Giant Black Book Of Computer Viruses
The Giant Black Book Of Computer VirusesChuck Thompson
 
Presentation Slide: Computer Virus
Presentation Slide: Computer VirusPresentation Slide: Computer Virus
Presentation Slide: Computer VirusYo Maruf
 
Welcome to my presentation
Welcome to my presentationWelcome to my presentation
Welcome to my presentationRakibul islam
 
Computer Virus
Computer VirusComputer Virus
Computer VirusAritra Das
 
Presentation2
Presentation2Presentation2
Presentation2Jeslynn
 
Computer virus (Microsoft Word)
Computer virus (Microsoft Word)Computer virus (Microsoft Word)
Computer virus (Microsoft Word)ainizbahari97
 
computer virus and related legal issues
computer virus and related legal issuescomputer virus and related legal issues
computer virus and related legal issuesShweta Ghate
 

What's hot (20)

Introduction to computer virus
Introduction to computer virusIntroduction to computer virus
Introduction to computer virus
 
Computer virus
Computer virusComputer virus
Computer virus
 
Computer virus
Computer virusComputer virus
Computer virus
 
Internet Security
Internet SecurityInternet Security
Internet Security
 
Introduction to Computer Virus
Introduction to Computer VirusIntroduction to Computer Virus
Introduction to Computer Virus
 
Virus slides
Virus slidesVirus slides
Virus slides
 
Virus vs anti virus
Virus vs anti virusVirus vs anti virus
Virus vs anti virus
 
W 12 computer viruses
W 12 computer virusesW 12 computer viruses
W 12 computer viruses
 
Computer virus 1
Computer virus 1Computer virus 1
Computer virus 1
 
Security and Viruses
Security and VirusesSecurity and Viruses
Security and Viruses
 
Computer Virus
Computer VirusComputer Virus
Computer Virus
 
The Giant Black Book Of Computer Viruses
The Giant Black Book Of Computer VirusesThe Giant Black Book Of Computer Viruses
The Giant Black Book Of Computer Viruses
 
Computer Virus
Computer VirusComputer Virus
Computer Virus
 
Presentation Slide: Computer Virus
Presentation Slide: Computer VirusPresentation Slide: Computer Virus
Presentation Slide: Computer Virus
 
Welcome to my presentation
Welcome to my presentationWelcome to my presentation
Welcome to my presentation
 
Computer Virus
Computer VirusComputer Virus
Computer Virus
 
Presentation2
Presentation2Presentation2
Presentation2
 
Computer virus (Microsoft Word)
Computer virus (Microsoft Word)Computer virus (Microsoft Word)
Computer virus (Microsoft Word)
 
virus
virusvirus
virus
 
computer virus and related legal issues
computer virus and related legal issuescomputer virus and related legal issues
computer virus and related legal issues
 

Viewers also liked

Network virus
Network virusNetwork virus
Network virusA M
 
Virus detection and prevention
Virus detection and preventionVirus detection and prevention
Virus detection and preventionCholo Legisma
 
Virus detection and prevention
Virus detection and preventionVirus detection and prevention
Virus detection and preventionCholo Legisma
 
Network virus detection & prevention
Network virus detection & preventionNetwork virus detection & prevention
Network virus detection & preventionKhaleel Assadi
 
Virus detection system
Virus detection systemVirus detection system
Virus detection systemAkshay Surve
 
Intruders and Viruses in Network Security NS9
Intruders and Viruses in Network Security NS9Intruders and Viruses in Network Security NS9
Intruders and Viruses in Network Security NS9koolkampus
 
Intrusion detection system ppt
Intrusion detection system pptIntrusion detection system ppt
Intrusion detection system pptSheetal Verma
 
Network Security Threats and Solutions
Network Security Threats and SolutionsNetwork Security Threats and Solutions
Network Security Threats and SolutionsColin058
 
Virus Detection System
Virus Detection SystemVirus Detection System
Virus Detection SystemAntiy Labs
 
Virus Detection Based on the Packet Flow
Virus Detection Based on the Packet FlowVirus Detection Based on the Packet Flow
Virus Detection Based on the Packet FlowAntiy Labs
 
Artificial Intelligence in Virus Detection & Recognition
Artificial Intelligence in Virus Detection & RecognitionArtificial Intelligence in Virus Detection & Recognition
Artificial Intelligence in Virus Detection & Recognitionahmadali999
 
Lecture 10 intruders
Lecture 10 intrudersLecture 10 intruders
Lecture 10 intrudersrajakhurram
 
Modulation types-amplitude,frequency,phase modulation,
Modulation types-amplitude,frequency,phase modulation,Modulation types-amplitude,frequency,phase modulation,
Modulation types-amplitude,frequency,phase modulation,gayatri suthar
 
Intruders
IntrudersIntruders
Intruderstechn
 
Cloud computing simple ppt
Cloud computing simple pptCloud computing simple ppt
Cloud computing simple pptAgarwaljay
 
Introduction of Cloud computing
Introduction of Cloud computingIntroduction of Cloud computing
Introduction of Cloud computingRkrishna Mishra
 

Viewers also liked (20)

Network virus
Network virusNetwork virus
Network virus
 
Virus detection and prevention
Virus detection and preventionVirus detection and prevention
Virus detection and prevention
 
Virus detection and prevention
Virus detection and preventionVirus detection and prevention
Virus detection and prevention
 
Network virus detection & prevention
Network virus detection & preventionNetwork virus detection & prevention
Network virus detection & prevention
 
Virus detection system
Virus detection systemVirus detection system
Virus detection system
 
intruders types ,detection & prevention
intruders types ,detection & preventionintruders types ,detection & prevention
intruders types ,detection & prevention
 
Intruders and Viruses in Network Security NS9
Intruders and Viruses in Network Security NS9Intruders and Viruses in Network Security NS9
Intruders and Viruses in Network Security NS9
 
Intrusion detection system ppt
Intrusion detection system pptIntrusion detection system ppt
Intrusion detection system ppt
 
Network Security Threats and Solutions
Network Security Threats and SolutionsNetwork Security Threats and Solutions
Network Security Threats and Solutions
 
Virus Detection System
Virus Detection SystemVirus Detection System
Virus Detection System
 
Virus Detection Based on the Packet Flow
Virus Detection Based on the Packet FlowVirus Detection Based on the Packet Flow
Virus Detection Based on the Packet Flow
 
Intruders
IntrudersIntruders
Intruders
 
Artificial Intelligence in Virus Detection & Recognition
Artificial Intelligence in Virus Detection & RecognitionArtificial Intelligence in Virus Detection & Recognition
Artificial Intelligence in Virus Detection & Recognition
 
Lecture 10 intruders
Lecture 10 intrudersLecture 10 intruders
Lecture 10 intruders
 
Modulation types-amplitude,frequency,phase modulation,
Modulation types-amplitude,frequency,phase modulation,Modulation types-amplitude,frequency,phase modulation,
Modulation types-amplitude,frequency,phase modulation,
 
Intruders
IntrudersIntruders
Intruders
 
COMPUTERS ( types of viruses)
COMPUTERS ( types of viruses)COMPUTERS ( types of viruses)
COMPUTERS ( types of viruses)
 
Cloud computing ppt
Cloud computing pptCloud computing ppt
Cloud computing ppt
 
Cloud computing simple ppt
Cloud computing simple pptCloud computing simple ppt
Cloud computing simple ppt
 
Introduction of Cloud computing
Introduction of Cloud computingIntroduction of Cloud computing
Introduction of Cloud computing
 

Similar to Network virus detection & prevention

Computer viruses
Computer virusesComputer viruses
Computer virusesImran Khan
 
Firewall , Viruses and Antiviruses
Firewall , Viruses and AntivirusesFirewall , Viruses and Antiviruses
Firewall , Viruses and AntivirusesVikas Chandwani
 
Computer viruses, types and preventions
Computer viruses, types and preventionsComputer viruses, types and preventions
Computer viruses, types and preventionsPrem Kumar Bonam
 
Presentation24190
Presentation24190Presentation24190
Presentation24190KRT395
 
Computer Virus And Antivirus-Sumon Chakraborty
Computer Virus And Antivirus-Sumon ChakrabortyComputer Virus And Antivirus-Sumon Chakraborty
Computer Virus And Antivirus-Sumon Chakrabortysankhadeep
 
How computer works against thevirus or any threat
How computer works against thevirus or any threatHow computer works against thevirus or any threat
How computer works against thevirus or any threatSadaf Walliyani
 
Computer viruses
Computer virusesComputer viruses
Computer virusesSimiAttri
 
Computer Viruses- B S Kalyan Chakravarthy
Computer Viruses- B S Kalyan ChakravarthyComputer Viruses- B S Kalyan Chakravarthy
Computer Viruses- B S Kalyan ChakravarthyDipayan Sarkar
 

Similar to Network virus detection & prevention (20)

Computer viruses
Computer virusesComputer viruses
Computer viruses
 
Codigo Malicioso
Codigo MaliciosoCodigo Malicioso
Codigo Malicioso
 
Malicious
MaliciousMalicious
Malicious
 
Malicious software
Malicious softwareMalicious software
Malicious software
 
Computer viruses
Computer virusesComputer viruses
Computer viruses
 
Computer virus 18
Computer virus 18Computer virus 18
Computer virus 18
 
Ch19
Ch19Ch19
Ch19
 
Firewall , Viruses and Antiviruses
Firewall , Viruses and AntivirusesFirewall , Viruses and Antiviruses
Firewall , Viruses and Antiviruses
 
Computer viruses, types and preventions
Computer viruses, types and preventionsComputer viruses, types and preventions
Computer viruses, types and preventions
 
Presentation24190
Presentation24190Presentation24190
Presentation24190
 
Computer Virus And Antivirus-Sumon Chakraborty
Computer Virus And Antivirus-Sumon ChakrabortyComputer Virus And Antivirus-Sumon Chakraborty
Computer Virus And Antivirus-Sumon Chakraborty
 
How computer works against thevirus or any threat
How computer works against thevirus or any threatHow computer works against thevirus or any threat
How computer works against thevirus or any threat
 
Cybercrime: Virus and Defense
Cybercrime: Virus and DefenseCybercrime: Virus and Defense
Cybercrime: Virus and Defense
 
Computer viruses
Computer virusesComputer viruses
Computer viruses
 
Computer viruses
Computer virusesComputer viruses
Computer viruses
 
Virus
VirusVirus
Virus
 
Virus
VirusVirus
Virus
 
Antiviruse.ppt
Antiviruse.pptAntiviruse.ppt
Antiviruse.ppt
 
Computer viruses
Computer virusesComputer viruses
Computer viruses
 
Computer Viruses- B S Kalyan Chakravarthy
Computer Viruses- B S Kalyan ChakravarthyComputer Viruses- B S Kalyan Chakravarthy
Computer Viruses- B S Kalyan Chakravarthy
 

Recently uploaded

Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Celine George
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTiammrhaywood
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon AUnboundStockton
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxGaneshChakor2
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 
Concept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.CompdfConcept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.CompdfUmakantAnnand
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesFatimaKhan178732
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Educationpboyjonauth
 
How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17Celine George
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxNirmalaLoungPoorunde1
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13Steve Thomason
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxiammrhaywood
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactdawncurless
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxpboyjonauth
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxOH TEIK BIN
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxmanuelaromero2013
 

Recently uploaded (20)

Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon A
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptx
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
Concept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.CompdfConcept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.Compdf
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and Actinides
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Education
 
How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptx
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
 
9953330565 Low Rate Call Girls In Rohini Delhi NCR
9953330565 Low Rate Call Girls In Rohini Delhi NCR9953330565 Low Rate Call Girls In Rohini Delhi NCR
9953330565 Low Rate Call Girls In Rohini Delhi NCR
 
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptx
 
Staff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSDStaff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSD
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptx
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptx
 

Network virus detection & prevention

  • 1. One of the most high profile threats to information integrity is Network viruses. Network viruses are software that behaves like biological viruses—they attach themselves to a host and replicate, spreading the infection. For a computer program to be classified as a virus, it simply must replicate itself. In this paper (Network Virus Detection and Prevention), I am presenting what are viruses, worms, and Trojan horses and their differences, different strategies of virus spreading, Virus detection, Virus prevention and case studies of Slammer and Blaster worms.
  • 2. Virus: A self-replicating program. Often Viruses require a host, and their goal is to infect other files so that the virus can live longer. Worms: Worms are insidious because they rely less (or not at all) upon human behavior in order to spread themselves from one computer to others. Trojan Horses: A Trojan Horse is a one which pretend to be useful programs but do some unwanted action.
  • 3. Logic Bombs : A logic bomb is a programmed malfunction of a legitimate application. Germs: These are first-generation viruses in a form that the virus cannot generate to its usual infection process. Exploits: Exploit is specific to single vulnerability or set of vulnerabilities.
  • 4.
  • 5. 1) Size- The sizes of the program code required for computer viruses are very small. 2) Versatility - Computer viruses have appeared with the ability to generically attack a wide variety of applications. 3) Propagation - Once a computer virus has infected a program, while this program is running, the virus is able to spread to other programs and files accessible to the computer system. 4) Effectiveness - Many of the computer viruses have far-reaching and catastrophic effects on their victims, including total loss of data, programs, and even the operating systems. 5) Functionality - A wide variety of functions has been demonstrated in virus programs. Some virus programs merely spread themselves to applications without attacking data files, program functions, or operating system activities. Other viruses are programmed to damage or delete files, and even to destroy systems. 6) Persistence - In many cases, especially networked operations, eradication of viruses has been complicated by the ability of virus program to repeatedly spread and reoccur through the networked system from a single copy.
  • 6. Virus/Worm types overview :  Binary File Virus and Worm: They are able to infect over networks. Normally these are written in machine code.  Binary Stream Worms: Stream worms are a group of network spreading worms that never manifest as files.  Script File Virus and Worm: A script virus is technically a file virus, but script viruses are written as human readable text.  Macro Virus: Macro Viruses infect data files, documents and spreadsheets.  Boot Virus: The first known successful computer virus . These are not able to infect over networks. These take the boot process of personal computers.  Multipartite Viruses: infect both executable files and boot sectors
  • 7. Overwriting Viruses: These locate another file on the disk and overwrite with their own copy. Random Overwriting Viruses: This is another rare variation of the overwriting method does not change the code at the top of the file but it chooses a random location in the host program and overwrites that location.
  • 8. Appending Viruses: In this technique the virus code is appended at the end of the program and the first instruction of the code is changed to a jump or call instruction which will be pointing to the starting address of the viral code. Prepending Viruses: A common virus infection technique uses the principle of inserting virus code at the front of host programs. Such viruses are called Prepending Viruses.
  • 9. Cavity Viruses: These typically don’t increase the size of the program they infect. Instead they will overwrite a part of the code that can be used to store the virus code safely. Amoeba Infection Technique: This is a rarely seen infection technique where the head part of the viral code is stored at the starting of the host program and the tail part is stored after the end of the host program.
  • 10. A worm might open network connections and infect a vulnerable target computer directly, as with the Morris worm, which infected an estimated 6,000 of the 60,000 Internet hosts in Nov 1988. Other worms spread, as with a virus, via the use of a host file, which needs to be transferred as part of the Network worm. More recent worms have include Mydoom and Storm which were used to install large botnets used for distributed denial of service (DDOS) and spam attacks.
  • 11. Boot sector viruses infect the boot sector of the boot disk of a computer operating system. These became widespread when it was common for computer users accidently to leave a floppy disk in the drive and the computer BIOS was configured to boot from the floppy by default. These viruses would transfer via the hard disk to all writeable floppies inserted into the infected computer. This mechanism was defeated when administrators changed the BIOS settings and became less likely when floppies were less frequently used. This infection vector could return to prominence again if flash USB drives become routinely used by users to carry an operating system together with applications, custom configurations and data between physical machines.
  • 12. Non-resident viruses infect application files and are run when the application runs. Typically the virus is prepended to the application source code for an interpreted application, or its executable code for a compiled application. Alternatively the virus code might be appended with a vector to itself added at the start of the program. When the virus part of the code runs it will search for another suitable file to infect. Once the virus code completes it hands control on to the infected host file. A non-resident virus can be trivial to code (see the next slide for an example), but such a 'virus' is extremely unlikely to spread.
  • 13. Fast infector viruses are programmed to spread as rapidly as possible to reduce the risk of the virus being wiped out once introduced into the wild. However, a fast infector is more likely to cause changes of behaviour of the infected system so is more likely to be detected. Slow infector viruses are designed to find other targets to infect infrequently. By spreading slowly this kind of virus is less likely to be detected.
  • 14. Macro viruses use the macro programming languages which are embedded within popular applications e.g. Word and Excel. This kind of virus became widespread in the 1990ies. The threat from this kind of virus has probably been reduced following additional prompts when a document containing macros is opened in Word or Excel. Cross Site Scripting (XSS) viruses exploit a combination of vulnerabilities present in both web server applications and web browsers. These will typically need to be coded in 2 parts, one part being the server code (e.g. using PHP) which propagates from the infected browser to the vulnerable servers and the other part which runs in the browser (e.g. using Java script).
  • 15. Signature based detection is the most common method. To identify viruses and other malware, antivirus software compares the contents of a file to a dictionary of virus signatures. Because viruses can embed themselves in existing files, the entire file is searched, not just as a whole, but also in pieces. Heuristic-based detection, like malicious activity detection, can be used to identify unknown viruses. File emulation is another heuristic approach. File emulation involves executing a program in a virtual environment and logging what actions the program performs. Depending on the actions logged, the antivirus software can determine if the program is malicious or not and then carry out the appropriate disinfection actions.
  • 16. The most popular approach to this requirement is to install an antivirus program and to keep this current. As new viruses are detected on a daily basis the signatures and heuristic methods need to be kept updated on a very regular basis. For this reason, modern antivirus programs generally include facilities automatically to update themselves using a network connection whenever new virus signatures and heuristics become available.
  • 17. But the number of known virus signatures continues to increase. So even using the Clam-av antivirus package which is open source and freely installable, growing memory demands are making this job increasingly expensive . The next slide shows how many virus signatures exist and how much memory these occupy as of November 2008. Platforms which are not themselves thought to be vulnerable to viruses but which are used to distribute content potentially including viruses, e.g. via email between Windows users, must also scan for viruses to avoid becoming part of this problem.
  • 18. Number of virus signatures: 437972 freshclam daemon 0.94 (OS: linux-gnu, ARCH: i386, CPU: i486) ClamAV update process started at Fri Nov 7 18:24:28 2008 main.cld is up to date (version: 49, sigs: 437972, f-level: 35, builder: sven) Demand of anti-virus on memory: 50.9% PID USER PR NI VIRT RES S %CPU %MEM COMMAND 20782 clamav 20 0 126m 72m S 0.0 50.9 clamav-milter
  • 19. One approach involves stopping a system from running and mounting its hard disk using another operating system, booted using trusted media. Tools can be run on the trusted system to detect suspicious changes to files on the system being scanned. This is considered more reliable than running antivirus software directly on the system which might have been compromised and where the results of the antivirus scan may also have been compromised by an unknown virus. The trusted scanning system might also store a set of hash signatures or checksums of files which the virus might modify and test if any executable’s or registry tables have been modified.
  • 20. It is used to prevent, detect, and remove malware, including but not limited to computer viruses, computer worms, trojan horses, spyware and adware. Computer security, including protection from social engineering techniques, is commonly offered in products and services of antivirus software companies. An example of free antivirus software: ClamTk 3.08
  • 21. First generation: (simple scanners) scanner uses virus signature to identify virus or change in length of programs Second generation: (heuristic scanners) uses heuristic rules to spot viral infection or uses crypto hash of program to spot changes Third generation: (activity traps) memory-resident programs identify virus by actions Fourth generation: (full featured protection) packages with a variety of antivirus techniques like access control capability. E.g. scanning & activity traps, access-controls.
  • 22. Generic Decryption: Enables antivirus program to detect even the most complex polymorphic viruses. Every executable file should be run in the GD scanner which has CPU emulator, Virus sign scanner and Emulation control module.  Digital Immune System: Developed by IBM. To solve threats in a network.  Integrated mail systems  Mobile program systems
  • 23. No matter how useful antivirus software can be, it can sometimes have drawbacks. Antivirus software can impair a computer's performance. Inexperienced users may also have trouble understanding the prompts and decisions that antivirus software presents them with. Installed antivirus software running on an individual computer is only one method of guarding against viruses. Other methods are also used, including cloud-based antivirus, firewalls and on-line scanners.  Cloud antivirus: Cloud antivirus is a technology that uses lightweight agent software on the protected computer, while offloading the majority of data analysis to the provider's infrastructure.  Network firewall: Network firewalls prevent unknown programs and processes from accessing the system. However, they are not antivirus systems and make no attempt to identify or remove anything.
  • 24. An illustration of where a firewall would be located in a network.
  • 25. 3. Online scanning: Some antivirus vendors maintain websites with free online scanning capability of the entire computer, critical areas only, local disks, folders or files. Periodic online scanning is a good idea for those that run antivirus applications on their computers because those applications are frequently slow to catch threats. Using rkhunter to scan for rootkitson an Ubuntu Linux computer.
  • 26. In biology, viruses enable potentially beneficial DNA to be transferred between species. This is considered to be a part of the optimisation of the evolutionary process. But it is thought unlikely that anyone could benefit from computer viruses, other than the proceeds of crime which those who write and spread viruses might obtain. The difference between a virus and another kind of program is that an ordinary program will normally have the informed consent of the system owner before it can be installed. While there is a similarity between an operating system which can create a copy of itself on installation media and a virus, the OS that makes it easy for its users to copy it will do this with the users full knowledge and consent. There is no situation in which taking away the end users consent to perform an action is considered likely to be of benefit.
  • 27. I have gone through the basic definitions of Viruses and Worms, then discussed in about the different malicious code environments. After that I have discussed about the different types of viruses and worms, then discussed in detail about the various ways of virus and worm propagation techniques. After that I have discussed about the Prevention From Viruses and Worms. I have also looked into two case studies of slammer and blaster worms. The ability of attackers to rapidly gain control of vast numbers of internet hosts poses an immense risk to overall security of the internet. Now-a-days the virus writers are more concentrating on writing worms as they have got great capability to spread over the network in few minutes. There are various upcoming techniques in worm propagation such as polymorphic worms which are really a big threat to the internet community. Worms can be written such that they can be affected only to a particular region or country. There are worms which willkeep quiet for a specific amount of time and attack at random times. These worms can also be used to create Distributed Denial of Service (DDoS) which is a real threat to the websites and the network traffic.
  • 28. [1] Peter Szor, The Art of Computer Virus and Defence, Harlow, England: Addison Wesely Professional, 2005. [2] Norman, Norman book on Computer Virus, Norman ASA, 2003. [3] Dan Xu, Xiang Li, and Xian Fan Wang, Mechanisms for Spreading of Computer Virus on the Internet: An Overview, IEEE Computer Society 2004, 601-606. [4] Darrell M. Kienzie, and Matthew C. Elder, Recent Worms: A Survey and Trends, Washington, DC, USA: WORM-2003 [5] David Moore, Vern Paxson, Stefan Savage, Colleen, Stuart Staniford and Nicholas Weaver, Inside the Slammer Worm, IEEE Security and Privacy, 2003. [6] Nicholas Weaver, Vern Paxson, Stuart Staniford, and Robert Cunnigham, A Taxonomy of Computer Worms, Washington, DC, USA: WORM-2003.