SlideShare a Scribd company logo

Virus

Download as PPT, PDF
R
ritu1606089

The document provides information on various types of computer viruses, including how they infect systems and replicate. It discusses topics like file infectors, boot sector viruses, polymorphic viruses, and worms. Examples are given of different viruses and recommendations are provided on how to protect against computer viruses.

1 of 38
Brought to you by Stacey Raimondi & Dan Brush
Definition Of a Computer Virus History Of Computer Viruses The Virus Encyclopedia Virus Protection Virus Protection :Top 8 Picks Viruses in the Present Top Virus New Stories Viruses in the Future.. Work Cited Page
Viruses can infect your computer by reading, or even, previewing, email. There are many ways that you can find out what these email infectors are and take the steps to prevent an infection. You can get a virus as easily as reading an email. A site called the “EMAIL Help Center” can guide you on how to prevent this from happening to you or those you send mail to. You can test whether your email system is vulnerable to email viruses and attacks such as emails containing mail attachments, web page HTML’s, and many more types of computer processing that be infected with one of many different types of viruses. A computer virus is a self-replicating program containing code that explicitly copies itself and that can "infect" other programs by modifying them or their environment such that a call to an infected program implies a call to a possibly evolved copy of the virus.
Since the age of technology arose, and the twentieth century of computers came about, there have always been an attempt from those trying to be “smarter” then the average computer, (or computer user, for that matter). It was the very famous Fred Cohen who "wrote the book" on computer viruses. He was the soul in the development of a theoretical, and mathematical model of computer virus behavior. He was able to use his logic to test several hypothesis about computer virus’s. Cohen's very own, and well-known, informal definition is "a computer virus is a computer program that can infect other computer programs by modifying them in such a way as to include a (possibly evolved) copy of itself". This does not mean that a computer has to undergo actual destruction(such as deleting or corrupting files) in order to be classified as a "virus" by Cohen’s definition. Many people use the term "virus" loosely to cover any sort of program that tries to hide its possible destructive functions andor tries to spread onto as many computers as possible; leaving us with a long list of possibilities to deal with.
*Patricia Hoffman's hypertext VSUM. It covers PC viruses and it is regarded by many in the anti virus field as being inaccurate, so it is advised that you not to rely solely on it. It can be downloaded from most major archive sites.  *A more precise source of information is the Computer Virus Catalog,published by the Virus Test Center in Hamburg. It contains highly technical descriptions of computer viruses for several platforms: DOS,Mac, Amiga, Atari ST and Unix. It is available by anonymous FTP from atik.uni-hamburg. For the directory, go to: pub/virus/texts/catalog. * Another small collection of a good technical descriptions of PC viruses,called CARObase, is available from atik.uni-hamburg.
*There is plenty of information in the monthly Virus Bulletin, published in the UK. Among other things, it gives detailed technical information on viruses . Want a – month subscribtion: only $395.00!! *Another source of information is the book "Virus Encyclopedia" which is part of the printed documentation of Dr. Solomon's AntiVirus ToolKit (a commercial DOS antivirus program). The WWW site www.datafellows.fi, has an on-line, cross-reference data base containing descriptions of about 1500 PC viruses! * Lastly, a network-accessible source of information for viruses is provided by IBM AntiVirus, at :http://www.brs.ibm.com/ibmav.html.
An ARMORED virus is one that uses special tricks to make tracing,disassembling and understanding of its code more difficult. EX.A good example is the Whale virus.  ARMORED Virus
A CAVITY VIRUS is one which overwrites a part of the host file that is filled with a constant (usually nulls), without increasing the length of the file, but preserving its functionality. The Lehigh virus was an early example of a cavity virus. CAVITY Virus
The COMPANION virus is one that, instead of modifying an existing file,creates a new program which is executed instead of the intended program. On exit, the new program executes the original program so that things appear normal. On PCs this has usually been accomplished by creating an infected .COM file with the same name as an existing .EXE file. Integrity checking anti virus software that only looks for modifications in existing files will fail to detect such viruses. COMPANION VIRUS
ComputerVirus & Virus-L To subscribe to Virus-L, send e-mail to LISTSERV@LEHIGH.EDU saying "SUBVIRUS-L your-name". For example:  SUB VIRUS-L Jane Doe To be removed from the Virus-L mailing list, send a message to LISTSERV@LEHIGH.EDU saying "SIGNOFF VIRUS-L". To "subscribe" to comp.virus, simply use your favorite USENET newsreader to read the group. 
Comp.Virus & Virus-L Virus-L and comp.virus are BOTH “discussion forums” that focus on computer virus issues. More specifically, Virus-L is an electronic mailing list and comp.virus is a USENET newsgroup. Both groups are moderated; and all submissions are sent to the moderator who decides if a submission should be distributed to the groups. Virus-L is distributed in "digest" format (with multiple e-mail postings in one large digest) and comp.virus is distributed as individual news postings.However, the content of the two groups is identical.
The first class of the common PC virus consists of the FILE INFECTORS which attach themselves to ordinary program files. These usually infect arbitrary COM and/or EXE programs,though some can infect any program for which execution or interpretation is requested, such as SYS, OVL, OBJ, PRG, MNU and BAT files.  File infectors can be either DIRECT-ACTION or RESIDENT. A direct-action virus selects one or more programs to infect each time a program infected by it is executed. A resident virus installs itself somewhere in memory (RAM) the first time an infected program is executed, and thereafter infects other programs when they are executed, or when other conditions are fulfilled. Direct-action viruses are also sometimes referred to as NON- RESIDENT.The Vienna virus is an example of a direct-action virus. Most viruses are resident. FILE Infectors…for PC’s
 A POLYMORPHIC virus is one that produces varied but operational copies of itself. This is so that virus scanners will not be able to detect all instances of the virus.  One method of evading scan string-driven virus detectors is self-encryption with a variable key. These viruses (Cascades) are not "polymorphic", as their decryption code is always the same.Therefore the decryptor can be used as a scan string by the simplest scan string-driven virus scanners (unless another virus uses the identical decryption routine and the exact identification.) POLYMORPHIC Virus
The STEALTH virus is one that, while "active“ can hide the changes it has made to files or boot records. This is achieved by monitoring the system functions used to read files or sectors from storage media and forging the results of calls to such functions. Meaning that programs that try to read infected files or sectors see the original, uninfected form instead of the actual, infected form. The virus's modifications may go undetected by anti virus programs.: VERY TRICKY In order to do this, the virus must be a resident in memory when the anti virus program is executed and this may be detected by antivirus program. Stealth Viruses
A second PC category of viruses is SYSTEM or BOOT-RECORD INFECTORS:these viruses infect executable code found in certain system areas on a disk. On PCs there are ordinary boot-sector viruses, which infect only the DOS boot sector, and MBR viruses which infect the Master Boot Recordon fixed disks and the DOS boot sector on diskettes. ( Examples include Brain, Stoned, Empire, Azusa and Michelangelo.) All common boot sector and MBR viruses are memory resident. To confuse this classification somewhat, a few viruses are able to infect BOTH files and boot sectors (the Tequila virus is one SYSTEM or BOOT-RECORD Infectors
The TROJAN HORSE Virus A “TROJAN HORSE” is a program that does something undocumented that the programmer intended, but that some users would not approve of if they knew about it. It is a virus, as it is one which is able to spread to other programs(i.e., it turns them into Trojans too). A virus that does not do any deliberate damage (other than merely replicating)is not a Trojan.
A TUNNELLING VIRUS is one that finds the original interrupt handlers in DOS and the BIOS and calls them directly. Then, by passing any activity monitoring program, which may be loaded and have intercepted, it interrupts the vectors in its attempt to detect viral activity. Some anti virus software also uses these “tunnelling” techniques in an attempt to by pass any unknown or undetected virus that may be active when it runs. TUNNELLING Virus
Worms A computer WORM is a self-contained program (or set of programs), that is able to spread functional copies of itself or its segments to other computer systems (usually via network connections).  Unlike other viruses, worms do not need to attach themselves to a host program. There are two types of worms— 1. “host computer worms” &
NETWORK- Computer Worms  Network worms consist of multiple parts, called "segments.“ They each run on different machines (and possibly perform different actions) using the network for several communication purposes. Moving a segment from one machine to another is only one of their purposes. Network worms that have only one main segment will coordinate the work of the other segments; which are sometimes called "octopuses."
HOST- Computer Worms Host computer worms are entirely contained in the computer they run on and use network connections only to copy themselves to other computers. Host computer worms are the original terminates after it launches a copy on to another host (so there is only one copy of the worm running somewhere on the network at any given moment). They are sometimes called"rabbits."
TOP 5 Virus’s Reported 0 2 4 6 8 10 12 14 W32/klez/h W32- Bugbear-A W32/ElKern- C Percent Reported to Sophos 2003
Protect Yourself fromProtect Yourself from Computer Virus’sComputer Virus’s • AVIEN & AVI-EWS • CERT • STOPzilla • GFI Mail Security for Exchange • Anti Virus eScan 2003 • CIAC • Cyber notes • ICSA • Information Security Magazine • NIPC (National Infrastructure Protection Ctr) • SANS Institute • Virus Bulletin
Brought to you by Guide Picks…
#1 ~ PANDA ANTIVIRUS PLATIINUM v7.0 Panda Antivirus Platinum v7.0 combines anti virus and firewall protection to provide robust security with minimal system impact. Optional script blocking and attachment filtering combined with daily updates helps ensure protection against even new and unknown email threats. Downside: cumbersome custom configuration for scans.
#2 ~NORTON ANTIVIRUS 2003 This latest version of Norton AntiVirus offers automatic updating combined with script blocking and outbound worm detection. It also includes protection against IM worms and infected attachments sent via America Online, Yahoo!, and MSN instant messenger programs. Downside: cumbersome custom configuration for scans.
#3~ F-PROT FOR WINDOWS F-Prot for Windows continues to impress with solid 100% ItW and 96.34% Zoo detection. The interface is extremely pleasing - easy enough for novice users to navigate yet sophisticated enough for the more advanced. An excellent addition to any antiviral arenal. Downside: like other Top Picks, excluding folders is a cumbersome task. However, erring on the side of protection is never a bad idea.
#4~ MCAFEE VIRUSSCAN HOME EDITION 7.0 Scoring 100% detection for ItW threats and 99.84% Zoo (with a mere .01% false positive rate), VirusScan Home Edition provides the protection needed in today's hostile computing environment. Script Stopper technology stops VBScript and JScript worms. Hostile Activity Watch Kernel looks for suspicious activity and stops mass-mailing worms. Downside: Some reports of incompatibility with ZoneAlarm.
#5~ NORMAN VIRUS CONTROL Norman Virus Control offers a highly respectable 100% rate of detection for ItW threats and 91.92% Zoo with only a .02% false positive rate. With configurable email attachment blocking, decompression module, and sandboxing, Norman Virus Control has earned its second top pick award. The new interface helps better integrate the various modules. Downside: cumbersome custom configuration for scans.
#6~ PC-CILLIN With 100% ItW, 94.82% Zoo detection, and only a .02% false positive rate, Trend Micro's best-of- breed anti virus protection features an integrated firewall and extends its scanning to include even web-based email. PC-cillin also provides mobile users the extra protection needed to stay virus- free on the road, including Wi-Fi connection security and PDA synchronization protection.
#7 ~ BIT DEFENDER PROFESSIONAL v6.5 Softwin's BitDefender Professional provides filtering of URLs, IP addresses, and ports, as well as seamless signature updates every 8 hours. BitDefender's impressive 100% ItW and 94.21% Zoo detection also protects against viruses encountered through the use of ICQ, Yahoo! Messenger, NetMeeting, or MSN Messenger.
#8 ~ NOD 32 Nod32 continues to be a personal favorite. With a tiny footprint, its presence on the system is barely perceptible yet it packs quite a bit of protection. For older systems, Nod32 may well be the only antivirus solution capable of offering superb 100% detection and prevention of ItW threats without impacting performance. Downside: inability to exclude folders from scanning.
#9 STOPzilla!  BLOCK annoying popup-windows for good and forever with  STOPzilla!STOPzilla maximizes your surfing speed by guarding your  system against annoying unwanted popup windows. With fully  customizable options that allow you to configure STOPzilla to meet  your surfing needs, you will never again be smothered in an endless  sea of pop-ups!  •Acts like a firewall for popup windows, & Monitors your system while  you surf the web and destroys pop-ups before they open.  •Speeds up your surfing by keeping pop ups at bay, & is Configurable  warnings alert you when a site attempts to open a pop-up.  •Automatically add sites to the STOPzilla Black List to prevent all  future popup attempts.  •Fully customizable settings give you the flexibility to 'ALLOW' or  'BLOCK' with the single click of a mouse.  •Audible alerts let you know when STOPzilla has thwarted a  perpetrator
'SARS' computer virus hits India  Breaking News Story : May 8, 2003  NEW DELHI - Computers in India are vulnerable to a mass mailing worm "SARS", also  known as W32/Coronex-A, which attacks address books and attempts to dupe users.  Micro World Technologies Inc, a content security and IT solutions provider, has  cautioned computer users of the mass mailing worm that uses a variety of subject lines,  message bodies and attachment names, including "SARS Virus" and Hong Kong.exe.  "SARS forwards itself to all contacts in address books and attempts to dupe innocent  computer users into opening an attachment offering details on the current SARS  epidemic. The worm is delivered as an e-mail attachment and the e-mail may have a  subject line about the current paranoia about SARS," a statement said.  The SARS worm just goes onto prove that there are still scores of virus writers who use  common fears to spread dangerous viruses throughout the world, Govind Rammurthy,  MD and CEO, Micro World Inc said.  However, the impact of the worm seems to be less destructive, a security analyst said.  Sunil Chandran, CEO, Stellar info, a data security firm in Delhi said, "The worm has  been in operation since April 24 and so far its nature of destruction is not high and not  widespread and there has been no reporting of data loss by customers to us." 
What do expert’s believe are in store for the future of Virus’s? ''Iraq will destroy us by computer,'' the experts screamed by Rob Rosenburg -- 05/01/03 "IRAQ WILL CRIPPLE the U.S. with cyber-attacks," the fear mongers warned. I tell you, everyone got into the act -- from Congress to the FBI to former CIA officials to computer security salesmen. Even a fire-breathing Muslim cleric living the high life in Britain got into the act. Even a delusional narcissistic hacker living in the slums of Kuala Lumpur got into the act. I tell you, everyone screamed about the coming cybergeddon. I mean, c'mon! How much effort does it take to “open a digital can of whoop-ass” on the United States? From what I hear, even a 14 year old Iraqi nomad can remotely shut down our national power grid and remotely pollute our vital toilet water supplies. In August of last year, an ominous m2g press release quoted CEO D.K. Matai: "it would seem highly likely that the launch of a physical attack on Iraq will see counter- attacks from disgruntled Arab, Islamic fundamentalist and anti-American groups." mi2g warned terrorists might launch remote-controlled “SCADA Attacks” along with those (equally?) scary "chemical, biological, radiological, [and] nuclear" attacks.
CONT. In December 2002, IDC chief research officer John Gantz predicted a major cyber terrorism event would occur in 2003 -- a cybertastrophe "that will disrupt the economy and bring the Internet to its knees for at least a day or two," according to News.com scribe Ed Frauenheim. Gantz specifically warned "the [looming] war with Iraq will galvanize hackers." A New York Times story in mid-January quoted House Armed Services Committee member Robert E. Andrews (D-NJ), who warned "a cyber attack really fits Saddam Hussein's paradigm for attacking us." The same New York Times story quoted ex-FBI flunky Michael Vatis (a well- documented fear-monger) on the cyber-threat Iraq could pose to U.S. interests should war break out. ""I would suspect [Iraq's computer warfare program is] at a middling stage ... but even a middling capability can cause serious harm." FBI's National Internet Infrastructure Protection Center (now known as DHS NIPC) issued a pre-war advisory to say Iraq or its sympathizers might cripple the U.S. with Spam. Meanwhile, Japan's version of NIPC -- the Information Technology Security Center within the Ministry of Economy -- went on "heightened alert" after their prime minister made comments supporting the U.S.-led coalition against Iraq. The agency soon upgraded its cyber-threat assessment and sent a written plea ("written"?) to computer security firms to ask them to "watch for computer virus attacks and unauthorized changes to Web sites." According to a Kyodo newswire, Japan's version of NIPC wanted to assure the public "[computer security firms] will be on alert day and night to be able to act immediately on any abnormal incidents." No doubt.
SEE OUR WEB PAGE: www.uri.edu/personal/dbru7007/biblio.html
Virus

Recommended

Virus soran university
Virus soran universityVirus soran university
Virus soran universityRebaz Hamad
 
Computer Viruses- B S Kalyan Chakravarthy
Computer Viruses- B S Kalyan ChakravarthyComputer Viruses- B S Kalyan Chakravarthy
Computer Viruses- B S Kalyan ChakravarthyDipayan Sarkar
 
Viruses & Malware
Viruses & MalwareViruses & Malware
Viruses & MalwareT.J. Schiel
 
Virus
VirusVirus
Virusdddaou
 
Viruses notes1
Viruses notes1Viruses notes1
Viruses notes1Dara Corporates
 
How computer works against thevirus or any threat
How computer works against thevirus or any threatHow computer works against thevirus or any threat
How computer works against thevirus or any threatSadaf Walliyani
 
Virus and Anti virus
Virus and Anti virusVirus and Anti virus
Virus and Anti virusFaisal Hassan
 
Computer virus 18
Computer virus 18Computer virus 18
Computer virus 18Muhammad Ramzan
 

Recommended

Virus soran university
Virus soran universityVirus soran university
Virus soran universityRebaz Hamad
 
Computer Viruses- B S Kalyan Chakravarthy
Computer Viruses- B S Kalyan ChakravarthyComputer Viruses- B S Kalyan Chakravarthy
Computer Viruses- B S Kalyan ChakravarthyDipayan Sarkar
 
Viruses & Malware
Viruses & MalwareViruses & Malware
Viruses & MalwareT.J. Schiel
 
Virus
VirusVirus
Virusdddaou
 
Viruses notes1
Viruses notes1Viruses notes1
Viruses notes1Dara Corporates
 
How computer works against thevirus or any threat
How computer works against thevirus or any threatHow computer works against thevirus or any threat
How computer works against thevirus or any threatSadaf Walliyani
 
Virus and Anti virus
Virus and Anti virusVirus and Anti virus
Virus and Anti virusFaisal Hassan
 
Computer virus 18
Computer virus 18Computer virus 18
Computer virus 18Muhammad Ramzan
 
Computer viruses
Computer virusesComputer viruses
Computer virusesRaviteja Chowdary Adusumalli
 
Presentation2
Presentation2Presentation2
Presentation2Jeslynn
 
Computer viruses
Computer virusesComputer viruses
Computer virusesYousef Bahaa
 
Computer viruses 911 computer support
Computer viruses 911 computer supportComputer viruses 911 computer support
Computer viruses 911 computer supportbozzerapide
 
Computer viruses
Computer virusesComputer viruses
Computer virusesYousef Bahaa
 
Network virus detection & prevention
Network virus detection & preventionNetwork virus detection & prevention
Network virus detection & preventionKhaleel Assadi
 
Users’ Perception of the Effects of Viruses
Users’ Perception of the Effects of VirusesUsers’ Perception of the Effects of Viruses
Users’ Perception of the Effects of VirusesSolomon Sunday Oyelere
 
Computer Viruses and Classification lecture slides ppt
Computer Viruses and Classification lecture slides pptComputer Viruses and Classification lecture slides ppt
Computer Viruses and Classification lecture slides pptOsama Yousaf
 
Viruspresentacion10
Viruspresentacion10Viruspresentacion10
Viruspresentacion10LuisaFernanda923920
 
ANTIVIRUS AND VIRUS Powerpoint presentation
ANTIVIRUS AND VIRUS Powerpoint presentationANTIVIRUS AND VIRUS Powerpoint presentation
ANTIVIRUS AND VIRUS Powerpoint presentationabhijit chintamani
 
Malicious
MaliciousMalicious
Maliciousashraf karaimeh
 
Computer virus !!!!!
Computer virus !!!!!Computer virus !!!!!
Computer virus !!!!!pratikpandya18
 
Fighting computer viruses
Fighting computer virusesFighting computer viruses
Fighting computer virusesNguyễn Anh
 
Ch19
Ch19Ch19
Ch19saurabhmittal79
 
ESET India Cyber Threat Trends Report Q1
ESET India Cyber Threat Trends Report Q1ESET India Cyber Threat Trends Report Q1
ESET India Cyber Threat Trends Report Q1ESET_India
 
Introductio to Virus
Introductio to VirusIntroductio to Virus
Introductio to VirusUniversity of Sindh, Jamshoro
 
Final malacious softwares
Final malacious softwaresFinal malacious softwares
Final malacious softwaresMirza Adnan Baig
 
Viruses
VirusesViruses
Virusesprakhar vajpai
 
Remote File Inclusion
Remote File InclusionRemote File Inclusion
Remote File InclusionImperva
 
Viruses
VirusesViruses
Viruses/ /
 
W 12 computer viruses
W 12 computer virusesW 12 computer viruses
W 12 computer virusesInstitute of Management Studies UOP
 
Virus vs anti virus
Virus vs anti virusVirus vs anti virus
Virus vs anti virusXʎz ʞsɥ
 

More Related Content

What's hot

Presentation2
Presentation2Presentation2
Presentation2Jeslynn
 
Computer viruses 911 computer support
Computer viruses 911 computer supportComputer viruses 911 computer support
Computer viruses 911 computer supportbozzerapide
 
Network virus detection & prevention
Network virus detection & preventionNetwork virus detection & prevention
Network virus detection & preventionKhaleel Assadi
 
Users’ Perception of the Effects of Viruses
Users’ Perception of the Effects of VirusesUsers’ Perception of the Effects of Viruses
Users’ Perception of the Effects of VirusesSolomon Sunday Oyelere
 
Computer Viruses and Classification lecture slides ppt
Computer Viruses and Classification lecture slides pptComputer Viruses and Classification lecture slides ppt
Computer Viruses and Classification lecture slides pptOsama Yousaf
 
ANTIVIRUS AND VIRUS Powerpoint presentation
ANTIVIRUS AND VIRUS Powerpoint presentationANTIVIRUS AND VIRUS Powerpoint presentation
ANTIVIRUS AND VIRUS Powerpoint presentationabhijit chintamani
 
Fighting computer viruses
Fighting computer virusesFighting computer viruses
Fighting computer virusesNguyễn Anh
 
ESET India Cyber Threat Trends Report Q1
ESET India Cyber Threat Trends Report Q1ESET India Cyber Threat Trends Report Q1
ESET India Cyber Threat Trends Report Q1ESET_India
 
Remote File Inclusion
Remote File InclusionRemote File Inclusion
Remote File InclusionImperva
 
Viruses
VirusesViruses
Viruses/ /
 

What's hot (20)

Computer viruses
Computer virusesComputer viruses
Computer viruses
 
Presentation2
Presentation2Presentation2
Presentation2
 
Computer viruses
Computer virusesComputer viruses
Computer viruses
 
Computer viruses 911 computer support
Computer viruses 911 computer supportComputer viruses 911 computer support
Computer viruses 911 computer support
 
Computer viruses
Computer virusesComputer viruses
Computer viruses
 
Network virus detection & prevention
Network virus detection & preventionNetwork virus detection & prevention
Network virus detection & prevention
 
Users’ Perception of the Effects of Viruses
Users’ Perception of the Effects of VirusesUsers’ Perception of the Effects of Viruses
Users’ Perception of the Effects of Viruses
 
Computer Viruses and Classification lecture slides ppt
Computer Viruses and Classification lecture slides pptComputer Viruses and Classification lecture slides ppt
Computer Viruses and Classification lecture slides ppt
 
Viruspresentacion10
Viruspresentacion10Viruspresentacion10
Viruspresentacion10
 
ANTIVIRUS AND VIRUS Powerpoint presentation
ANTIVIRUS AND VIRUS Powerpoint presentationANTIVIRUS AND VIRUS Powerpoint presentation
ANTIVIRUS AND VIRUS Powerpoint presentation
 
Malicious
MaliciousMalicious
Malicious
 
Computer virus !!!!!
Computer virus !!!!!Computer virus !!!!!
Computer virus !!!!!
 
Fighting computer viruses
Fighting computer virusesFighting computer viruses
Fighting computer viruses
 
Ch19
Ch19Ch19
Ch19
 
ESET India Cyber Threat Trends Report Q1
ESET India Cyber Threat Trends Report Q1ESET India Cyber Threat Trends Report Q1
ESET India Cyber Threat Trends Report Q1
 
Introductio to Virus
Introductio to VirusIntroductio to Virus
Introductio to Virus
 
Final malacious softwares
Final malacious softwaresFinal malacious softwares
Final malacious softwares
 
Viruses
VirusesViruses
Viruses
 
Remote File Inclusion
Remote File InclusionRemote File Inclusion
Remote File Inclusion
 
Viruses
VirusesViruses
Viruses
 

Similar to Virus

Virus vs anti virus
Virus vs anti virusVirus vs anti virus
Virus vs anti virusXʎz ʞsɥ
 
Computer viruses
Computer virusesComputer viruses
Computer virusesSimiAttri
 
Antivirus!!
Antivirus!!Antivirus!!
Antivirus!!amoY91
 
Firewall , Viruses and Antiviruses
Firewall , Viruses and AntivirusesFirewall , Viruses and Antiviruses
Firewall , Viruses and AntivirusesVikas Chandwani
 
Presentation24190
Presentation24190Presentation24190
Presentation24190KRT395
 
Virus, Worms And Antivirus
Virus, Worms And AntivirusVirus, Worms And Antivirus
Virus, Worms And AntivirusLokesh Kumar N
 
Network virus detection & prevention
Network virus detection & preventionNetwork virus detection & prevention
Network virus detection & preventionKhaleel Assadi
 
Computer Virus And Antivirus-Sumon Chakraborty
Computer Virus And Antivirus-Sumon ChakrabortyComputer Virus And Antivirus-Sumon Chakraborty
Computer Virus And Antivirus-Sumon Chakrabortysankhadeep
 
introduction to malwares,virus,trojan horse
introduction to malwares,virus,trojan horseintroduction to malwares,virus,trojan horse
introduction to malwares,virus,trojan horseSpandan Patnaik
 
Computer viruses and prevention techniques
Computer viruses and prevention techniquesComputer viruses and prevention techniques
Computer viruses and prevention techniquesPrasad Athukorala
 
Computer viruses, types and preventions
Computer viruses, types and preventionsComputer viruses, types and preventions
Computer viruses, types and preventionsPrem Kumar Bonam
 
Computer virus and antivirus
Computer virus and antivirusComputer virus and antivirus
Computer virus and antivirusMaryam Malik
 

Similar to Virus (20)

W 12 computer viruses
W 12 computer virusesW 12 computer viruses
W 12 computer viruses
 
Virus vs anti virus
Virus vs anti virusVirus vs anti virus
Virus vs anti virus
 
Computer virus
Computer virusComputer virus
Computer virus
 
Computer viruses
Computer virusesComputer viruses
Computer viruses
 
Antivirus!!
Antivirus!!Antivirus!!
Antivirus!!
 
Types of Virus & Anti-virus
Types of Virus & Anti-virusTypes of Virus & Anti-virus
Types of Virus & Anti-virus
 
Viruses notes
Viruses notesViruses notes
Viruses notes
 
Firewall , Viruses and Antiviruses
Firewall , Viruses and AntivirusesFirewall , Viruses and Antiviruses
Firewall , Viruses and Antiviruses
 
Antivirus security
Antivirus securityAntivirus security
Antivirus security
 
Presentation24190
Presentation24190Presentation24190
Presentation24190
 
Virus, Worms And Antivirus
Virus, Worms And AntivirusVirus, Worms And Antivirus
Virus, Worms And Antivirus
 
Network virus detection & prevention
Network virus detection & preventionNetwork virus detection & prevention
Network virus detection & prevention
 
Computer Virus And Antivirus-Sumon Chakraborty
Computer Virus And Antivirus-Sumon ChakrabortyComputer Virus And Antivirus-Sumon Chakraborty
Computer Virus And Antivirus-Sumon Chakraborty
 
introduction to malwares,virus,trojan horse
introduction to malwares,virus,trojan horseintroduction to malwares,virus,trojan horse
introduction to malwares,virus,trojan horse
 
Computer viruses and prevention techniques
Computer viruses and prevention techniquesComputer viruses and prevention techniques
Computer viruses and prevention techniques
 
Computer viruses, types and preventions
Computer viruses, types and preventionsComputer viruses, types and preventions
Computer viruses, types and preventions
 
Cybercrime: Virus and Defense
Cybercrime: Virus and DefenseCybercrime: Virus and Defense
Cybercrime: Virus and Defense
 
Computer Viruses
Computer VirusesComputer Viruses
Computer Viruses
 
Computer virus and antivirus
Computer virus and antivirusComputer virus and antivirus
Computer virus and antivirus
 
Computer virus
Computer virusComputer virus
Computer virus
 

Virus

  • 1. Brought to you by Stacey Raimondi & Dan Brush
  • 3. Viruses can infect your computer by reading, or even, previewing, email. There are many ways that you can find out what these email infectors are and take the steps to prevent an infection. You can get a virus as easily as reading an email. A site called the “EMAIL Help Center” can guide you on how to prevent this from happening to you or those you send mail to. You can test whether your email system is vulnerable to email viruses and attacks such as emails containing mail attachments, web page HTML’s, and many more types of computer processing that be infected with one of many different types of viruses. A computer virus is a self-replicating program containing code that explicitly copies itself and that can "infect" other programs by modifying them or their environment such that a call to an infected program implies a call to a possibly evolved copy of the virus.
  • 4. Since the age of technology arose, and the twentieth century of computers came about, there have always been an attempt from those trying to be “smarter” then the average computer, (or computer user, for that matter). It was the very famous Fred Cohen who "wrote the book" on computer viruses. He was the soul in the development of a theoretical, and mathematical model of computer virus behavior. He was able to use his logic to test several hypothesis about computer virus’s. Cohen's very own, and well-known, informal definition is "a computer virus is a computer program that can infect other computer programs by modifying them in such a way as to include a (possibly evolved) copy of itself". This does not mean that a computer has to undergo actual destruction(such as deleting or corrupting files) in order to be classified as a "virus" by Cohen’s definition. Many people use the term "virus" loosely to cover any sort of program that tries to hide its possible destructive functions andor tries to spread onto as many computers as possible; leaving us with a long list of possibilities to deal with.
  • 5. *Patricia Hoffman's hypertext VSUM. It covers PC viruses and it is regarded by many in the anti virus field as being inaccurate, so it is advised that you not to rely solely on it. It can be downloaded from most major archive sites.  *A more precise source of information is the Computer Virus Catalog,published by the Virus Test Center in Hamburg. It contains highly technical descriptions of computer viruses for several platforms: DOS,Mac, Amiga, Atari ST and Unix. It is available by anonymous FTP from atik.uni-hamburg. For the directory, go to: pub/virus/texts/catalog. * Another small collection of a good technical descriptions of PC viruses,called CARObase, is available from atik.uni-hamburg.
  • 6. *There is plenty of information in the monthly Virus Bulletin, published in the UK. Among other things, it gives detailed technical information on viruses . Want a – month subscribtion: only $395.00!! *Another source of information is the book "Virus Encyclopedia" which is part of the printed documentation of Dr. Solomon's AntiVirus ToolKit (a commercial DOS antivirus program). The WWW site www.datafellows.fi, has an on-line, cross-reference data base containing descriptions of about 1500 PC viruses! * Lastly, a network-accessible source of information for viruses is provided by IBM AntiVirus, at :http://www.brs.ibm.com/ibmav.html.
  • 7.
  • 8. An ARMORED virus is one that uses special tricks to make tracing,disassembling and understanding of its code more difficult. EX.A good example is the Whale virus.  ARMORED Virus
  • 9. A CAVITY VIRUS is one which overwrites a part of the host file that is filled with a constant (usually nulls), without increasing the length of the file, but preserving its functionality. The Lehigh virus was an early example of a cavity virus. CAVITY Virus
  • 10. The COMPANION virus is one that, instead of modifying an existing file,creates a new program which is executed instead of the intended program. On exit, the new program executes the original program so that things appear normal. On PCs this has usually been accomplished by creating an infected .COM file with the same name as an existing .EXE file. Integrity checking anti virus software that only looks for modifications in existing files will fail to detect such viruses. COMPANION VIRUS
  • 11. ComputerVirus & Virus-L To subscribe to Virus-L, send e-mail to LISTSERV@LEHIGH.EDU saying "SUBVIRUS-L your-name". For example:  SUB VIRUS-L Jane Doe To be removed from the Virus-L mailing list, send a message to LISTSERV@LEHIGH.EDU saying "SIGNOFF VIRUS-L". To "subscribe" to comp.virus, simply use your favorite USENET newsreader to read the group. 
  • 12. Comp.Virus & Virus-L Virus-L and comp.virus are BOTH “discussion forums” that focus on computer virus issues. More specifically, Virus-L is an electronic mailing list and comp.virus is a USENET newsgroup. Both groups are moderated; and all submissions are sent to the moderator who decides if a submission should be distributed to the groups. Virus-L is distributed in "digest" format (with multiple e-mail postings in one large digest) and comp.virus is distributed as individual news postings.However, the content of the two groups is identical.
  • 13. The first class of the common PC virus consists of the FILE INFECTORS which attach themselves to ordinary program files. These usually infect arbitrary COM and/or EXE programs,though some can infect any program for which execution or interpretation is requested, such as SYS, OVL, OBJ, PRG, MNU and BAT files.  File infectors can be either DIRECT-ACTION or RESIDENT. A direct-action virus selects one or more programs to infect each time a program infected by it is executed. A resident virus installs itself somewhere in memory (RAM) the first time an infected program is executed, and thereafter infects other programs when they are executed, or when other conditions are fulfilled. Direct-action viruses are also sometimes referred to as NON- RESIDENT.The Vienna virus is an example of a direct-action virus. Most viruses are resident. FILE Infectors…for PC’s
  • 14.  A POLYMORPHIC virus is one that produces varied but operational copies of itself. This is so that virus scanners will not be able to detect all instances of the virus.  One method of evading scan string-driven virus detectors is self-encryption with a variable key. These viruses (Cascades) are not "polymorphic", as their decryption code is always the same.Therefore the decryptor can be used as a scan string by the simplest scan string-driven virus scanners (unless another virus uses the identical decryption routine and the exact identification.) POLYMORPHIC Virus
  • 15. The STEALTH virus is one that, while "active“ can hide the changes it has made to files or boot records. This is achieved by monitoring the system functions used to read files or sectors from storage media and forging the results of calls to such functions. Meaning that programs that try to read infected files or sectors see the original, uninfected form instead of the actual, infected form. The virus's modifications may go undetected by anti virus programs.: VERY TRICKY In order to do this, the virus must be a resident in memory when the anti virus program is executed and this may be detected by antivirus program. Stealth Viruses
  • 16. A second PC category of viruses is SYSTEM or BOOT-RECORD INFECTORS:these viruses infect executable code found in certain system areas on a disk. On PCs there are ordinary boot-sector viruses, which infect only the DOS boot sector, and MBR viruses which infect the Master Boot Recordon fixed disks and the DOS boot sector on diskettes. ( Examples include Brain, Stoned, Empire, Azusa and Michelangelo.) All common boot sector and MBR viruses are memory resident. To confuse this classification somewhat, a few viruses are able to infect BOTH files and boot sectors (the Tequila virus is one SYSTEM or BOOT-RECORD Infectors
  • 17. The TROJAN HORSE Virus A “TROJAN HORSE” is a program that does something undocumented that the programmer intended, but that some users would not approve of if they knew about it. It is a virus, as it is one which is able to spread to other programs(i.e., it turns them into Trojans too). A virus that does not do any deliberate damage (other than merely replicating)is not a Trojan.
  • 18. A TUNNELLING VIRUS is one that finds the original interrupt handlers in DOS and the BIOS and calls them directly. Then, by passing any activity monitoring program, which may be loaded and have intercepted, it interrupts the vectors in its attempt to detect viral activity. Some anti virus software also uses these “tunnelling” techniques in an attempt to by pass any unknown or undetected virus that may be active when it runs. TUNNELLING Virus
  • 19. Worms A computer WORM is a self-contained program (or set of programs), that is able to spread functional copies of itself or its segments to other computer systems (usually via network connections).  Unlike other viruses, worms do not need to attach themselves to a host program. There are two types of worms— 1. “host computer worms” &
  • 20. NETWORK- Computer Worms  Network worms consist of multiple parts, called "segments.“ They each run on different machines (and possibly perform different actions) using the network for several communication purposes. Moving a segment from one machine to another is only one of their purposes. Network worms that have only one main segment will coordinate the work of the other segments; which are sometimes called "octopuses."
  • 21. HOST- Computer Worms Host computer worms are entirely contained in the computer they run on and use network connections only to copy themselves to other computers. Host computer worms are the original terminates after it launches a copy on to another host (so there is only one copy of the worm running somewhere on the network at any given moment). They are sometimes called"rabbits."
  • 22. TOP 5 Virus’s Reported 0 2 4 6 8 10 12 14 W32/klez/h W32- Bugbear-A W32/ElKern- C Percent Reported to Sophos 2003
  • 23. Protect Yourself fromProtect Yourself from Computer Virus’sComputer Virus’s • AVIEN & AVI-EWS • CERT • STOPzilla • GFI Mail Security for Exchange • Anti Virus eScan 2003 • CIAC • Cyber notes • ICSA • Information Security Magazine • NIPC (National Infrastructure Protection Ctr) • SANS Institute • Virus Bulletin
  • 24. Brought to you by Guide Picks…
  • 25. #1 ~ PANDA ANTIVIRUS PLATIINUM v7.0 Panda Antivirus Platinum v7.0 combines anti virus and firewall protection to provide robust security with minimal system impact. Optional script blocking and attachment filtering combined with daily updates helps ensure protection against even new and unknown email threats. Downside: cumbersome custom configuration for scans.
  • 26. #2 ~NORTON ANTIVIRUS 2003 This latest version of Norton AntiVirus offers automatic updating combined with script blocking and outbound worm detection. It also includes protection against IM worms and infected attachments sent via America Online, Yahoo!, and MSN instant messenger programs. Downside: cumbersome custom configuration for scans.
  • 27. #3~ F-PROT FOR WINDOWS F-Prot for Windows continues to impress with solid 100% ItW and 96.34% Zoo detection. The interface is extremely pleasing - easy enough for novice users to navigate yet sophisticated enough for the more advanced. An excellent addition to any antiviral arenal. Downside: like other Top Picks, excluding folders is a cumbersome task. However, erring on the side of protection is never a bad idea.
  • 28. #4~ MCAFEE VIRUSSCAN HOME EDITION 7.0 Scoring 100% detection for ItW threats and 99.84% Zoo (with a mere .01% false positive rate), VirusScan Home Edition provides the protection needed in today's hostile computing environment. Script Stopper technology stops VBScript and JScript worms. Hostile Activity Watch Kernel looks for suspicious activity and stops mass-mailing worms. Downside: Some reports of incompatibility with ZoneAlarm.
  • 29. #5~ NORMAN VIRUS CONTROL Norman Virus Control offers a highly respectable 100% rate of detection for ItW threats and 91.92% Zoo with only a .02% false positive rate. With configurable email attachment blocking, decompression module, and sandboxing, Norman Virus Control has earned its second top pick award. The new interface helps better integrate the various modules. Downside: cumbersome custom configuration for scans.
  • 30. #6~ PC-CILLIN With 100% ItW, 94.82% Zoo detection, and only a .02% false positive rate, Trend Micro's best-of- breed anti virus protection features an integrated firewall and extends its scanning to include even web-based email. PC-cillin also provides mobile users the extra protection needed to stay virus- free on the road, including Wi-Fi connection security and PDA synchronization protection.
  • 31. #7 ~ BIT DEFENDER PROFESSIONAL v6.5 Softwin's BitDefender Professional provides filtering of URLs, IP addresses, and ports, as well as seamless signature updates every 8 hours. BitDefender's impressive 100% ItW and 94.21% Zoo detection also protects against viruses encountered through the use of ICQ, Yahoo! Messenger, NetMeeting, or MSN Messenger.
  • 32. #8 ~ NOD 32 Nod32 continues to be a personal favorite. With a tiny footprint, its presence on the system is barely perceptible yet it packs quite a bit of protection. For older systems, Nod32 may well be the only antivirus solution capable of offering superb 100% detection and prevention of ItW threats without impacting performance. Downside: inability to exclude folders from scanning.
  • 33. #9 STOPzilla!  BLOCK annoying popup-windows for good and forever with  STOPzilla!STOPzilla maximizes your surfing speed by guarding your  system against annoying unwanted popup windows. With fully  customizable options that allow you to configure STOPzilla to meet  your surfing needs, you will never again be smothered in an endless  sea of pop-ups!  •Acts like a firewall for popup windows, & Monitors your system while  you surf the web and destroys pop-ups before they open.  •Speeds up your surfing by keeping pop ups at bay, & is Configurable  warnings alert you when a site attempts to open a pop-up.  •Automatically add sites to the STOPzilla Black List to prevent all  future popup attempts.  •Fully customizable settings give you the flexibility to 'ALLOW' or  'BLOCK' with the single click of a mouse.  •Audible alerts let you know when STOPzilla has thwarted a  perpetrator
  • 34. 'SARS' computer virus hits India  Breaking News Story : May 8, 2003  NEW DELHI - Computers in India are vulnerable to a mass mailing worm "SARS", also  known as W32/Coronex-A, which attacks address books and attempts to dupe users.  Micro World Technologies Inc, a content security and IT solutions provider, has  cautioned computer users of the mass mailing worm that uses a variety of subject lines,  message bodies and attachment names, including "SARS Virus" and Hong Kong.exe.  "SARS forwards itself to all contacts in address books and attempts to dupe innocent  computer users into opening an attachment offering details on the current SARS  epidemic. The worm is delivered as an e-mail attachment and the e-mail may have a  subject line about the current paranoia about SARS," a statement said.  The SARS worm just goes onto prove that there are still scores of virus writers who use  common fears to spread dangerous viruses throughout the world, Govind Rammurthy,  MD and CEO, Micro World Inc said.  However, the impact of the worm seems to be less destructive, a security analyst said.  Sunil Chandran, CEO, Stellar info, a data security firm in Delhi said, "The worm has  been in operation since April 24 and so far its nature of destruction is not high and not  widespread and there has been no reporting of data loss by customers to us." 
  • 35. What do expert’s believe are in store for the future of Virus’s? ''Iraq will destroy us by computer,'' the experts screamed by Rob Rosenburg -- 05/01/03 "IRAQ WILL CRIPPLE the U.S. with cyber-attacks," the fear mongers warned. I tell you, everyone got into the act -- from Congress to the FBI to former CIA officials to computer security salesmen. Even a fire-breathing Muslim cleric living the high life in Britain got into the act. Even a delusional narcissistic hacker living in the slums of Kuala Lumpur got into the act. I tell you, everyone screamed about the coming cybergeddon. I mean, c'mon! How much effort does it take to “open a digital can of whoop-ass” on the United States? From what I hear, even a 14 year old Iraqi nomad can remotely shut down our national power grid and remotely pollute our vital toilet water supplies. In August of last year, an ominous m2g press release quoted CEO D.K. Matai: "it would seem highly likely that the launch of a physical attack on Iraq will see counter- attacks from disgruntled Arab, Islamic fundamentalist and anti-American groups." mi2g warned terrorists might launch remote-controlled “SCADA Attacks” along with those (equally?) scary "chemical, biological, radiological, [and] nuclear" attacks.
  • 36. CONT. In December 2002, IDC chief research officer John Gantz predicted a major cyber terrorism event would occur in 2003 -- a cybertastrophe "that will disrupt the economy and bring the Internet to its knees for at least a day or two," according to News.com scribe Ed Frauenheim. Gantz specifically warned "the [looming] war with Iraq will galvanize hackers." A New York Times story in mid-January quoted House Armed Services Committee member Robert E. Andrews (D-NJ), who warned "a cyber attack really fits Saddam Hussein's paradigm for attacking us." The same New York Times story quoted ex-FBI flunky Michael Vatis (a well- documented fear-monger) on the cyber-threat Iraq could pose to U.S. interests should war break out. ""I would suspect [Iraq's computer warfare program is] at a middling stage ... but even a middling capability can cause serious harm." FBI's National Internet Infrastructure Protection Center (now known as DHS NIPC) issued a pre-war advisory to say Iraq or its sympathizers might cripple the U.S. with Spam. Meanwhile, Japan's version of NIPC -- the Information Technology Security Center within the Ministry of Economy -- went on "heightened alert" after their prime minister made comments supporting the U.S.-led coalition against Iraq. The agency soon upgraded its cyber-threat assessment and sent a written plea ("written"?) to computer security firms to ask them to "watch for computer virus attacks and unauthorized changes to Web sites." According to a Kyodo newswire, Japan's version of NIPC wanted to assure the public "[computer security firms] will be on alert day and night to be able to act immediately on any abnormal incidents." No doubt.
  • 37. SEE OUR WEB PAGE: www.uri.edu/personal/dbru7007/biblio.html