2. Definition of VirusDefinition of Virus
A virus is a small piece of software thatA virus is a small piece of software that
piggybacks on real programs in order to getpiggybacks on real programs in order to get
executedexecuted
Once itOnce it’’s running, it spreads by insertings running, it spreads by inserting
copies of itself into other executable code orcopies of itself into other executable code or
documentsdocuments
4. Typical things that some currentTypical things that some current
Personal Computer (PC) viruses doPersonal Computer (PC) viruses do
Display a messageDisplay a message
5. Typical things that some currentTypical things that some current
Personal Computer (PC) viruses doPersonal Computer (PC) viruses do
Erase filesErase files
Scramble data on a hard diskScramble data on a hard disk
Cause erratic screen behaviorCause erratic screen behavior
Halt the PCHalt the PC
Many viruses do nothing obvious at allMany viruses do nothing obvious at all
except spread!except spread!
Display a messageDisplay a message
6. Distributed Denial of ServiceDistributed Denial of Service
AA denial-of-service attackdenial-of-service attack is an attack thatis an attack that
causes a loss of service to users, typicallycauses a loss of service to users, typically
the loss of network connectivity andthe loss of network connectivity and
services by consuming the bandwidth of theservices by consuming the bandwidth of the
victim network or overloading thevictim network or overloading the
computational resources of the victimcomputational resources of the victim
system.system.
7. How it works?How it works?
The flood of incoming messages to the targetThe flood of incoming messages to the target
system essentially forces it to shut down, therebysystem essentially forces it to shut down, thereby
denying service to the system to legitimate users.denying service to the system to legitimate users.
Victim's IP address.Victim's IP address.
Victim's port number.Victim's port number.
Attacking packet size.Attacking packet size.
Attacking interpacket delay.Attacking interpacket delay.
Duration of attack.Duration of attack.
MyDoom – SCO GroupMyDoom – SCO Group
8. Executable VirusesExecutable Viruses
Traditional VirusesTraditional Viruses
pieces of code attached to a legitimatepieces of code attached to a legitimate
programprogram
run when the legitimate program getsrun when the legitimate program gets
executedexecuted
loads itself into memory and looks aroundloads itself into memory and looks around
to see if it can find any other programs onto see if it can find any other programs on
the diskthe disk
9. Boot Sector VirusesBoot Sector Viruses
Traditional VirusTraditional Virus
infect the boot sector on floppy disks andinfect the boot sector on floppy disks and
hard diskshard disks
By putting its code in the boot sector, aBy putting its code in the boot sector, a
virus can guarantee it gets executedvirus can guarantee it gets executed
load itself into memory immediately, and itload itself into memory immediately, and it
is able to run whenever the computer is onis able to run whenever the computer is on
10. Decline of traditional virusesDecline of traditional viruses
Reasons:Reasons:
– Huge size of today’s programs storing on aHuge size of today’s programs storing on a
compact diskcompact disk
– Operating systmes now protect the boot sectorOperating systmes now protect the boot sector
11. E-mail VirusesE-mail Viruses
Moves around in e-mail messagesMoves around in e-mail messages
Replicates itself by automatically mailingReplicates itself by automatically mailing
itself to dozens of people in the victimitself to dozens of people in the victim’’s e-s e-
mail address bookmail address book
Example:Example: Melissa virusMelissa virus,, ILOVEYOU virusILOVEYOU virus
12. Melissa virusMelissa virus
March 1999March 1999
the Melissa virus was the fastest-spreading virusthe Melissa virus was the fastest-spreading virus
ever seenever seen
Someone created the virus as a Word documentSomeone created the virus as a Word document
uploaded to anuploaded to an Internet newsgroupInternet newsgroup
People who downloaded the document and openedPeople who downloaded the document and opened
it would trigger the virusit would trigger the virus
The virus would then send the document in an e-The virus would then send the document in an e-
mail message to the first 50 people in the person'smail message to the first 50 people in the person's
address bookaddress book