2. Definitions of Virus
History of Virus
Goal & Properties of Virus
Working of a Slapper (Worm Virus)
Common experience of losing data
Overview of Virus
History of Virus
Special Types of Trojans (Major Type of Virus)
Concept of latest Trojans
Virus Program Execution
Working of a Slapper (Worm Virus)
Data loss
Data Protection
Recommended Anti-Virus Softwares
Agenda
3. Definitions of Virus
History of Virus
Goal & Properties of Virus
Working of a Slapper (Worm Virus)
Common experience of losing data
Virus – Malicious program with set of destructive codes that starts
replicating to infect OS or user data when accessed it
Major Types of Viruses:
Trojan Horse
Overview of Virus
Worm
Some Features of Virus:
locates & infects “.exe”, “.com”, “.dll” files
Delete Files, Shutdown Programs, Eat up System
resources, hide or alter data
VB & Command Scripts contain Assembly code for
Virus replication (Optional)
4. Definitions of Virus
History of Virus
Goal & Properties of Virus
Working of a Slapper (Worm Virus)
Common experience of losing data
Hex dump of a worm leaving message for Bill Gates III
5. 1. Elk Cloner :
First real Virus written by Richard Skrenta for Apple II
It will stick to all the disks
It can also modify RAM
2. “Brain“ – First major PC Virus found in Lahore, Pakistan
Boot Sector of a Floppy infected by “Brain”
History of Virus
7. Exploit – Spread malicious data in OS
Backdoor – Created to give access of a Computer to
unauthorized user
DDoS – Causes Web Address to fail
Tiny Trojan Banker – Steals Bank details of a user or
organizaton
FakeAV – Convinces user that the PC is infected with Virus
Ransom – Designed for crime which modifies or blocks data
on a Computer & the data in the Computer
8. Downloader – Programmed to download & install new
malicious programs
Spy – Invisible to user & observes Computer activities
silently by taking screenshots
SpyEye – Targets Airline Travel & Banking Websites
Zeus – Steals banking details & personal data, participate
in fraud schemes & other criminal works
AIDS – Infects “.exe” & “.com” files
9. Concept of latest Trojan
Shortcut file--------------------Address------------X-----------Hidden Data
cmd.exe------------opens-----------explorer.exe
Step 1: Waits till it is accessed by user or Anti-Virus
Step 2: Sticks to specified System Files
Step 3: Permanently hides all Files & Folders present in External Drives
Step 4: Creates shortcuts of all the Files & Folders present in External Drives
Step 5: Opens particular File/Folder when its shortcut file is accessed
Step 6: Some Virus uses VB or Command scripts for replication & some have
capacity to self replicate inside the all External Drives connected to
the infected Computer
Shortcut----cmd.exe----explorer.exe----Hidden Data
10. The shortcut file is at front end & at back end, it contans
address of the hidden data
13. +
Slapper Requesting
HTTP/1.1 400 Bad Request..Date: Sun, 22 Sep 2002 03:41:10
GMT..Server: Apache/1.3.20 (Unix) (Red-Hat/Linux) mod_ssl/2.8.4
OpenSSL/0.9.6b DAV/1.0.2 PHP/ 4.0.6 mod_perl/1.24_01..Connection:
close..Transfer-Encoding: chunked..Content-Type: text/html;
charset=iso-8859-1....169..<!DOCTYPE HTML PUBLIC "-//IETF//DTD
HTML 2.0//EN">.<HTML><HEAD>.<TITLE>400 Bad quest</TITLE>. </HEAD>
<BODY>.<H1>Bad Request</H1>.Your browser sent a request that this
server could not understand.<P>.client sent HTTP/1.1 request
without hostname (see RFC2616 section 14.23): <P>. <HR>.
<ADDRESS>Apache/1.3.20 Server at 127.0.0.1 Port
80</ADDRESS>.</BODY></HTML>...0....
68.168.1.15:52160 -> 127.0.0.1:80
GET / HTTP/1.1....
127.0.0.1:80 -> 68.168.1.15:52160 :52160
18. Firstly, when a Virus infected Pendrive is inserted to a non-infected
PC, every data present in Pendrive will be in shortcut forms usually
with 1KB or 2KB size (or more in rare cases)
19. Secondly, user will open a folder (shortcut file) & feels that entire the
data is safe. But, this is when the virus spreads to the PC & all the
External Devices connected in future
20. User scans & commands the Anti-Virus to take proper actions
25. When a virus infected Pendrive is inserted to a non-infected PC, note
that every data present in Pendrive will be in shortcuts. Never touch
the shortcut files.
28. 1. Mark “Show hidden files, folders and drives”
2. Untick “Hide protected operating system files
(Recommended)”
3. Again open the same Pendrive
29. VB Scrpt & its shortcut (Trojan Virus) containing code for Virus to replicate
Original User data permanently
hidden
Trojan or Worm viruses
(as shortcuts to the Original
Data)
“.Trashes” file present at the top contains address of Recycle Bin
35. Think Before You Click
Be cautious with e-mail
attachments and links
Only download
files from Web sites
you trust
36. Safely remove External Drives, Shutdown Computer properly & dont
save data in System Partititon
37. Use Power ISO, Win ISO, Ultra ISO, Magic ISO
or any other Softwares for Data Backup
38. Virus can be kidnapped & kept inside “.iso” file as locker
39. Advantages of creating “.iso” Image Data
Easy to create
Never corrupts
Mount to a Virtual Drive & Access at high speed
Provides very tight security for data stored in it
OS or Anti-Virus cannot modify or delete its data
without user’s permission
Portable with all OS supporting “.iso” Image Data
Will not compress Data
40. SkyLabs Kaspersky
Symantec Norton
ESET
Bitdefender
Trend Micro
AVG
MS Essentials
Recommended Anti-Virus based on security levelsRecommended Anti-Virus by popularity levels
SkyLabs Kaspersky
Bitdefender
Symantec Norton
MS Essentials
Trend Micro
AVG
ESET