This document discusses viruses and worms, describing that viruses inject code into files while worms copy themselves over a network. It then lists common infection methods like email attachments and browser exploits. The document outlines virus characteristics like remaining hidden, carrying other viruses, and persisting after formatting. It describes the infection process and payload delivery. Finally, it lists different virus types and techniques used to avoid detection like maintaining file modification dates and encrypting code.
2.
Virus:
It is an application that self replicates by
injecting its code into other data files.
It spreads and attempts to consume
specific targets and are normally
executables.
Worm:
It copies itself over a network.
It is a program that views the infection
point as another computer rather than as
other executables files
4.
Your computer can be infected even if files are just
copied
Can be memory or non-memory resident
Can be a stealth virus
Viruses can carry other viruses
Can make the system never show outward signs
Can stay on the computer even if the computer is
formatted.
5.
In this phase virus
developers decide
- When to Infect program
- Which programs to infect
6. Some viruses infect the computer as soon as virus
file installed in computer.
Some viruses infect computer at specific date, time
or particular event.
TSR viruses loaded into memory & later infect the
PCs.
Continued…..
7.
In this phase Virus will:
- Delete files.
- Replicate itself to another PCs.
- Corrupt targets only
10.
Boot Virus –
Infects boot sectors & records.
Shell Virus –
Virus Code forms shell around target host’s genuine program
& host it as sub routine.
Terminate & Stay Resident Virus –
Remains permanently in the memory during the work session
even after target host is executed & terminated.
Continued…..
11.
Same “last Modified” Date.
Overwriting Unused areas of the .exe
files.
Killing tasks of Antivirus Software
Avoiding Bait files & other undesirable
hosts
Making stealth virus
Self Modification on each Infection
Encryption with variable key.
Polymorphic code Polymorphic code
12.
Same “last Modified” Date.
In order to avoid detection by users, some
viruses employ different kinds of
deception.
Some old viruses, especially on the MS-
DOS platform, make sure that the "last
modified" date of a host file stays the
same when the file is infected by the virus.
This approach sometimes fool anti-virus
s/w
13.
Bait files (or goat files) are files that are
specially created by anti-virus
software, or by anti-virus professionals
themselves, to be infected by a virus.
Many anti-virus programs perform an
integrity check of their own code.
Infecting such programs will therefore
increase the likelihood that the virus is
detected.
Anti-virus professionals can use bait
files to take a sample of a virus