SlideShare une entreprise Scribd logo

Modern computer virology

Télécharger en tant que PPTX, PDF
Sandun Perera
Sandun Perera

This document discusses the topic of computer virology. It begins with an introduction to virology and the history of computer viruses. It then covers the different categories of viruses and malware. The document discusses the environment that viruses need to survive, including operating systems, file formats, and networks. It provides details on how viruses replicate, including through boot sectors and by infecting executable files. It promises to cover more on executable file internals and infection techniques in future presentations.

TechnologieDivertissement et humour
1  sur  9
Modern Computer Virology The black art of breaking and defending malicious computing. By M S D Perera 1
Introduction • What is virology? • Then what is computer virology? • How it differ from conventional biological virology? • History of computer virology. By M S D Perera
Categories of Virology • Worms. • Viruses. • Trojan Horses. • Malware. • Spyware. • Rabbits. • Other , malicious code but directly can’t categorize under virology. [ ex-logic bombs, root- kits,shell-code, key loggers ,spammers/ floders. By M S D Perera
Environment Of Virology • As biological virus can’t live without a host computer virus also can’t live without a host or a proper environment. Like parasites need a host[a human] to live a computer virus also need a host[a computer to live]. • What makes environment heterogeneous or homogenous? * Computer Architecture [x86,x64, ARM,SunSolaris.. Etc etc],and CPU version. * Operating systems and software Environment. And their versions. for list of Operating systems refer: http://os-dev.org/ * File systems and file formats. for list of different file systems refer: * Network and media. Different internetworking and media exists today. For a example we can take internet as a popular network for spreading worms, and thumb drives as a popular media for spreading to viruses. By M S D Perera
Media of Replication • So as I mentioned in my previous note a computer virus is a malicious code that it have the ability to reclusively replicate itself within a one host, if it can automatically replicate itself to outside the hos it’s considered as a ‘worm’. • Basic Three parts of a typical computer virus. * replication engine * bomb * polymorphic engine. • There are numerous ways that have been used by virus writers to replicate. * using the boot sector [boot sector virus] * File inflection techniques. [win32,win64 executable files]. * scripts, macros and data file viruses.[explain why almost every file is guilty as same as executable files for viruses]. By M S D Perera
Boot Sector Virus • In x86 computer architecture a boot sector is 512 bytes long executable code. Every computer physical storage medium have this boot sector called a master boot record and may exists alternative number of boot sectors as equal to it’s number of partitions. • Some boot viruses are killing it’s host instantly and made host operating system unbootable. But some smart viruses spread the virus to other boot sectors of the accessible media and wait for the correct time to execute the bomb. It can be logically programmed by the virus writer. However in the second strategy the user should not notice any strange till the correct time and it should boot the OS as normal. To do that Boot sector viruses use different mechanisms. Following explains few. * Relocate original bootsector to somewhere else and later load it to memory and execute it. * Relocate original bootsector at the end of the partition. * Change the PT entries of a particular partition and allow it to execute arbitrary code of sector [virus code] and finally let execute the original boot sector. An Example boot sector virus source code: By M S D Perera
Executable File Inflection Techniques • In Windows platform a executable file ends with the suffix “.exe” and in Linux they have no extension. Linux uses elf32 executable format and windows uses win32 PE and PE+ executable file formats. • Executable file is nothing more than a big data-structure which have following. * header. * sections In a typical executable file there are following sections. text[executable code] data [global variables and statistically initialized data] bss [dynamically initialized data] stack [defines the hardware stack for the executable] There is a entry point in the text section. It’s where your operating systems starts executing after it loads data and text sessions into memory and bss and stack have been initialized. So a virus code have to insert it’s code to the text section , in other words it have to alter to the text section of a particular executable file. There are other methods too., for a example inserting a new text session is also possible. Following are some different techniques that virus writers are using . * Overwriting Viruses. * Append last to the text section. * Viruses that inject it’s code to the padded aligned spaces between segments. * Random Inflection. * Viruses that hijack Entry points. * and many more unspecified wild techniques are used among the virus writer underground communities. An example Executable virus source code: By M S D Perera
Summary • Introduction and history about viruses. • Environment and category. • Media of Replication. • Into about mechanisms about Boot sector viruses and executable viruses. • In My next Presentation: More about Executable file internals. More about Win32 PE and PE+ executable file format. More about executable file inflection techniques which are used by the win32 viruses in the windowing platform. Thanks for the audience  By M S D Perera
By M S D Perera

Recommandé

Antivirus engine
Antivirus engineAntivirus engine
Antivirus engine
Shilpa Sreedhar
 
Anıl kurmuş pacsec3
Anıl kurmuş pacsec3Anıl kurmuş pacsec3
Anıl kurmuş pacsec3
PacSecJP
 
File inflection techniques
File inflection techniquesFile inflection techniques
File inflection techniques
Sandun Perera
 
Linux Vulnerabilities
Linux VulnerabilitiesLinux Vulnerabilities
Linux Vulnerabilities
SecurityTube.Net
 
Report_Honeypots_Trojans_Spyware
Report_Honeypots_Trojans_SpywareReport_Honeypots_Trojans_Spyware
Report_Honeypots_Trojans_Spyware
Shan Kumar
 
Linux Operating System Vulnerabilities
Linux Operating System VulnerabilitiesLinux Operating System Vulnerabilities
Linux Operating System Vulnerabilities
Information Technology
 
Viruses and Anti-Viruses
Viruses and Anti-VirusesViruses and Anti-Viruses
Viruses and Anti-Viruses
Ayman Hussein
 
Computer Viruses and Classification lecture slides ppt
Computer Viruses and Classification lecture slides pptComputer Viruses and Classification lecture slides ppt
Computer Viruses and Classification lecture slides ppt
Osama Yousaf
 

Recommandé

Antivirus engine
Antivirus engineAntivirus engine
Antivirus engine
Shilpa Sreedhar
 
Anıl kurmuş pacsec3
Anıl kurmuş pacsec3Anıl kurmuş pacsec3
Anıl kurmuş pacsec3
PacSecJP
 
File inflection techniques
File inflection techniquesFile inflection techniques
File inflection techniques
Sandun Perera
 
Linux Vulnerabilities
Linux VulnerabilitiesLinux Vulnerabilities
Linux Vulnerabilities
SecurityTube.Net
 
Report_Honeypots_Trojans_Spyware
Report_Honeypots_Trojans_SpywareReport_Honeypots_Trojans_Spyware
Report_Honeypots_Trojans_Spyware
Shan Kumar
 
Linux Operating System Vulnerabilities
Linux Operating System VulnerabilitiesLinux Operating System Vulnerabilities
Linux Operating System Vulnerabilities
Information Technology
 
Viruses and Anti-Viruses
Viruses and Anti-VirusesViruses and Anti-Viruses
Viruses and Anti-Viruses
Ayman Hussein
 
Computer Viruses and Classification lecture slides ppt
Computer Viruses and Classification lecture slides pptComputer Viruses and Classification lecture slides ppt
Computer Viruses and Classification lecture slides ppt
Osama Yousaf
 
Deft v7
Deft v7Deft v7
Deft v7
TGodfrey
 
CarolinaCon 2008 Rootkits Then and Now
CarolinaCon 2008 Rootkits Then and NowCarolinaCon 2008 Rootkits Then and Now
CarolinaCon 2008 Rootkits Then and Now
Tyler Shields
 
Difference between linux and windows operating system
Difference between linux and windows operating systemDifference between linux and windows operating system
Difference between linux and windows operating system
Pulkitmodi1998
 
Description of linux and windows
Description of linux and windowsDescription of linux and windows
Description of linux and windows
Rohit Kumar
 
Virus and antivirus final ppt
Virus and antivirus final pptVirus and antivirus final ppt
Virus and antivirus final ppt
aritradutta22
 
Linux Kernel Exploitation
Linux Kernel ExploitationLinux Kernel Exploitation
Linux Kernel Exploitation
Scio Security
 
Chapter 1: Introduction to Unix / Linux Kernel
Chapter 1: Introduction to Unix / Linux KernelChapter 1: Introduction to Unix / Linux Kernel
Chapter 1: Introduction to Unix / Linux Kernel
Dr.Ashvini Chaudhari Bhongade
 
Bsd ppt
Bsd pptBsd ppt
Bsd ppt
Muhammad Bilal
 
Inferno
InfernoInferno
Inferno
Nagarajan
 
OSCh5
OSCh5OSCh5
OSCh5
Joe Christensen
 
Anton Chuvakin on illogic Rootkit Analysis
Anton Chuvakin on illogic Rootkit AnalysisAnton Chuvakin on illogic Rootkit Analysis
Anton Chuvakin on illogic Rootkit Analysis
Anton Chuvakin
 
Computer virus (sarthak)
Computer virus (sarthak)Computer virus (sarthak)
Computer virus (sarthak)
manveer gujar
 
Linux architecture
Linux architectureLinux architecture
Linux architecture
ICI Bucharest - roTLD
 
20111204 intro malware_livshits_lecture02
20111204 intro malware_livshits_lecture0220111204 intro malware_livshits_lecture02
20111204 intro malware_livshits_lecture02
Computer Science Club
 
bsd
bsdbsd
bsd
Jessica Chan
 
An introduction to the linux kernel and device drivers (NTU CSIE 2016.03)
An introduction to the linux kernel and device drivers (NTU CSIE 2016.03)An introduction to the linux kernel and device drivers (NTU CSIE 2016.03)
An introduction to the linux kernel and device drivers (NTU CSIE 2016.03)
William Liang
 
Bsd presentation
Bsd presentationBsd presentation
Bsd presentation
Majda Allani
 
Group project linux helix
Group project linux helixGroup project linux helix
Group project linux helix
Jeff Carroll
 
Inferno operating system
Inferno operating systemInferno operating system
Inferno operating system
Sadhana28
 
Virus and Worms
Virus and WormsVirus and Worms
Virus and Worms
GrittyCC
 
Kinds of Viruses
Kinds of VirusesKinds of Viruses
Kinds of Viruses
jenniel143
 
Botnets Attacks.pptx
Botnets Attacks.pptxBotnets Attacks.pptx
Botnets Attacks.pptx
MuhammadRehan856177
 

Contenu connexe

Tendances

Description of linux and windows
Description of linux and windowsDescription of linux and windows
Description of linux and windows
Rohit Kumar
 
20111204 intro malware_livshits_lecture02
20111204 intro malware_livshits_lecture0220111204 intro malware_livshits_lecture02
20111204 intro malware_livshits_lecture02
Computer Science Club
 
Inferno operating system
Inferno operating systemInferno operating system
Inferno operating system
Sadhana28
 

Tendances (19)

Deft v7
Deft v7Deft v7
Deft v7
 
CarolinaCon 2008 Rootkits Then and Now
CarolinaCon 2008 Rootkits Then and NowCarolinaCon 2008 Rootkits Then and Now
CarolinaCon 2008 Rootkits Then and Now
 
Difference between linux and windows operating system
Difference between linux and windows operating systemDifference between linux and windows operating system
Difference between linux and windows operating system
 
Description of linux and windows
Description of linux and windowsDescription of linux and windows
Description of linux and windows
 
Virus and antivirus final ppt
Virus and antivirus final pptVirus and antivirus final ppt
Virus and antivirus final ppt
 
Linux Kernel Exploitation
Linux Kernel ExploitationLinux Kernel Exploitation
Linux Kernel Exploitation
 
Chapter 1: Introduction to Unix / Linux Kernel
Chapter 1: Introduction to Unix / Linux KernelChapter 1: Introduction to Unix / Linux Kernel
Chapter 1: Introduction to Unix / Linux Kernel
 
Bsd ppt
Bsd pptBsd ppt
Bsd ppt
 
Inferno
InfernoInferno
Inferno
 
OSCh5
OSCh5OSCh5
OSCh5
 
Anton Chuvakin on illogic Rootkit Analysis
Anton Chuvakin on illogic Rootkit AnalysisAnton Chuvakin on illogic Rootkit Analysis
Anton Chuvakin on illogic Rootkit Analysis
 
Computer virus (sarthak)
Computer virus (sarthak)Computer virus (sarthak)
Computer virus (sarthak)
 
Linux architecture
Linux architectureLinux architecture
Linux architecture
 
20111204 intro malware_livshits_lecture02
20111204 intro malware_livshits_lecture0220111204 intro malware_livshits_lecture02
20111204 intro malware_livshits_lecture02
 
bsd
bsdbsd
bsd
 
An introduction to the linux kernel and device drivers (NTU CSIE 2016.03)
An introduction to the linux kernel and device drivers (NTU CSIE 2016.03)An introduction to the linux kernel and device drivers (NTU CSIE 2016.03)
An introduction to the linux kernel and device drivers (NTU CSIE 2016.03)
 
Bsd presentation
Bsd presentationBsd presentation
Bsd presentation
 
Group project linux helix
Group project linux helixGroup project linux helix
Group project linux helix
 
Inferno operating system
Inferno operating systemInferno operating system
Inferno operating system
 

Similaire à Modern computer virology

Presentation Prepared By: Mohamad Almajali
Presentation Prepared By: Mohamad AlmajaliPresentation Prepared By: Mohamad Almajali
Presentation Prepared By: Mohamad Almajali
webhostingguy
 

Similaire à Modern computer virology (20)

Virus and Worms
Virus and WormsVirus and Worms
Virus and Worms
 
Kinds of Viruses
Kinds of VirusesKinds of Viruses
Kinds of Viruses
 
Botnets Attacks.pptx
Botnets Attacks.pptxBotnets Attacks.pptx
Botnets Attacks.pptx
 
Computer viruses
Computer virusesComputer viruses
Computer viruses
 
Computer viruses
Computer virusesComputer viruses
Computer viruses
 
Module 16 (virus)
Module 16 (virus)Module 16 (virus)
Module 16 (virus)
 
Computer Virus
Computer VirusComputer Virus
Computer Virus
 
6unit1 virus and their types
6unit1 virus and their types6unit1 virus and their types
6unit1 virus and their types
 
Viruses & worms
Viruses & wormsViruses & worms
Viruses & worms
 
Computer Virus
Computer VirusComputer Virus
Computer Virus
 
Virus vs worms vs trojans
Virus vs worms vs trojansVirus vs worms vs trojans
Virus vs worms vs trojans
 
Isas
IsasIsas
Isas
 
list of Deception as well as detection techniques for maleware
list of Deception as well as detection techniques for malewarelist of Deception as well as detection techniques for maleware
list of Deception as well as detection techniques for maleware
 
DTS Solution - Yehia Mamdouh - Release your pet worm on your infrastructure....
DTS Solution - Yehia Mamdouh - Release your pet worm on your infrastructure....DTS Solution - Yehia Mamdouh - Release your pet worm on your infrastructure....
DTS Solution - Yehia Mamdouh - Release your pet worm on your infrastructure....
 
Computer viruses - A daily harm
Computer viruses - A daily harmComputer viruses - A daily harm
Computer viruses - A daily harm
 
ETHICAL HACKING
ETHICAL HACKINGETHICAL HACKING
ETHICAL HACKING
 
Presentation Prepared By: Mohamad Almajali
Presentation Prepared By: Mohamad AlmajaliPresentation Prepared By: Mohamad Almajali
Presentation Prepared By: Mohamad Almajali
 
Anti Virus Software
Anti Virus SoftwareAnti Virus Software
Anti Virus Software
 
Isys20261 lecture 05
Isys20261 lecture 05Isys20261 lecture 05
Isys20261 lecture 05
 
Introduction to computer lec (4)
Introduction to computer lec (4)Introduction to computer lec (4)
Introduction to computer lec (4)
 

Plus de Sandun Perera

Macro expansion techinical_report
Macro expansion techinical_reportMacro expansion techinical_report
Macro expansion techinical_report
Sandun Perera
 
Electrical power ecx3232 lab report
Electrical power ecx3232 lab reportElectrical power ecx3232 lab report
Electrical power ecx3232 lab report
Sandun Perera
 

Plus de Sandun Perera (6)

0512575 printing request_and_press_resource_management_system_for_udara_type_...
0512575 printing request_and_press_resource_management_system_for_udara_type_...0512575 printing request_and_press_resource_management_system_for_udara_type_...
0512575 printing request_and_press_resource_management_system_for_udara_type_...
 
Macro expansion techinical_report
Macro expansion techinical_reportMacro expansion techinical_report
Macro expansion techinical_report
 
Electrical power ecx3232 lab report
Electrical power ecx3232 lab reportElectrical power ecx3232 lab report
Electrical power ecx3232 lab report
 
Buffer overflows
Buffer overflowsBuffer overflows
Buffer overflows
 
Buffer overflow attacks
Buffer overflow attacksBuffer overflow attacks
Buffer overflow attacks
 
Buffer overflow attacks
Buffer overflow attacksBuffer overflow attacks
Buffer overflow attacks
 

Dernier

Long journey of Ruby Standard library at RubyKaigi 2024
Long journey of Ruby Standard library at RubyKaigi 2024Long journey of Ruby Standard library at RubyKaigi 2024
Long journey of Ruby Standard library at RubyKaigi 2024
Hiroshi SHIBATA
 
Easier, Faster, and More Powerful – Notes Document Properties Reimagined
Easier, Faster, and More Powerful – Notes Document Properties ReimaginedEasier, Faster, and More Powerful – Notes Document Properties Reimagined
Easier, Faster, and More Powerful – Notes Document Properties Reimagined
panagenda
 
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Skynet Technologies
 
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptxTales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
FIDO Alliance
 
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
panagenda
 

Dernier (20)

Google I/O Extended 2024 Warsaw
Google I/O Extended 2024 WarsawGoogle I/O Extended 2024 Warsaw
Google I/O Extended 2024 Warsaw
 
Design Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptxDesign Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptx
 
AI mind or machine power point presentation
AI mind or machine power point presentationAI mind or machine power point presentation
AI mind or machine power point presentation
 
Long journey of Ruby Standard library at RubyKaigi 2024
Long journey of Ruby Standard library at RubyKaigi 2024Long journey of Ruby Standard library at RubyKaigi 2024
Long journey of Ruby Standard library at RubyKaigi 2024
 
WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024
 
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdfThe Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
 
Easier, Faster, and More Powerful – Notes Document Properties Reimagined
Easier, Faster, and More Powerful – Notes Document Properties ReimaginedEasier, Faster, and More Powerful – Notes Document Properties Reimagined
Easier, Faster, and More Powerful – Notes Document Properties Reimagined
 
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
 
Portal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russePortal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russe
 
Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024
 
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
 
Oauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoftOauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoft
 
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdfHow Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
 
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptxTales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
 
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
 
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdfWhere to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
 
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdfIntroduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
 
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdfSimplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
 
Microsoft CSP Briefing Pre-Engagement - Questionnaire
Microsoft CSP Briefing Pre-Engagement - QuestionnaireMicrosoft CSP Briefing Pre-Engagement - Questionnaire
Microsoft CSP Briefing Pre-Engagement - Questionnaire
 
Working together SRE & Platform Engineering
Working together SRE & Platform EngineeringWorking together SRE & Platform Engineering
Working together SRE & Platform Engineering
 

Modern computer virology

  • 1. Modern Computer Virology The black art of breaking and defending malicious computing. By M S D Perera 1
  • 2. Introduction • What is virology? • Then what is computer virology? • How it differ from conventional biological virology? • History of computer virology. By M S D Perera
  • 3. Categories of Virology • Worms. • Viruses. • Trojan Horses. • Malware. • Spyware. • Rabbits. • Other , malicious code but directly can’t categorize under virology. [ ex-logic bombs, root- kits,shell-code, key loggers ,spammers/ floders. By M S D Perera
  • 4. Environment Of Virology • As biological virus can’t live without a host computer virus also can’t live without a host or a proper environment. Like parasites need a host[a human] to live a computer virus also need a host[a computer to live]. • What makes environment heterogeneous or homogenous? * Computer Architecture [x86,x64, ARM,SunSolaris.. Etc etc],and CPU version. * Operating systems and software Environment. And their versions. for list of Operating systems refer: http://os-dev.org/ * File systems and file formats. for list of different file systems refer: * Network and media. Different internetworking and media exists today. For a example we can take internet as a popular network for spreading worms, and thumb drives as a popular media for spreading to viruses. By M S D Perera
  • 5. Media of Replication • So as I mentioned in my previous note a computer virus is a malicious code that it have the ability to reclusively replicate itself within a one host, if it can automatically replicate itself to outside the hos it’s considered as a ‘worm’. • Basic Three parts of a typical computer virus. * replication engine * bomb * polymorphic engine. • There are numerous ways that have been used by virus writers to replicate. * using the boot sector [boot sector virus] * File inflection techniques. [win32,win64 executable files]. * scripts, macros and data file viruses.[explain why almost every file is guilty as same as executable files for viruses]. By M S D Perera
  • 6. Boot Sector Virus • In x86 computer architecture a boot sector is 512 bytes long executable code. Every computer physical storage medium have this boot sector called a master boot record and may exists alternative number of boot sectors as equal to it’s number of partitions. • Some boot viruses are killing it’s host instantly and made host operating system unbootable. But some smart viruses spread the virus to other boot sectors of the accessible media and wait for the correct time to execute the bomb. It can be logically programmed by the virus writer. However in the second strategy the user should not notice any strange till the correct time and it should boot the OS as normal. To do that Boot sector viruses use different mechanisms. Following explains few. * Relocate original bootsector to somewhere else and later load it to memory and execute it. * Relocate original bootsector at the end of the partition. * Change the PT entries of a particular partition and allow it to execute arbitrary code of sector [virus code] and finally let execute the original boot sector. An Example boot sector virus source code: By M S D Perera
  • 7. Executable File Inflection Techniques • In Windows platform a executable file ends with the suffix “.exe” and in Linux they have no extension. Linux uses elf32 executable format and windows uses win32 PE and PE+ executable file formats. • Executable file is nothing more than a big data-structure which have following. * header. * sections In a typical executable file there are following sections. text[executable code] data [global variables and statistically initialized data] bss [dynamically initialized data] stack [defines the hardware stack for the executable] There is a entry point in the text section. It’s where your operating systems starts executing after it loads data and text sessions into memory and bss and stack have been initialized. So a virus code have to insert it’s code to the text section , in other words it have to alter to the text section of a particular executable file. There are other methods too., for a example inserting a new text session is also possible. Following are some different techniques that virus writers are using . * Overwriting Viruses. * Append last to the text section. * Viruses that inject it’s code to the padded aligned spaces between segments. * Random Inflection. * Viruses that hijack Entry points. * and many more unspecified wild techniques are used among the virus writer underground communities. An example Executable virus source code: By M S D Perera
  • 8. Summary • Introduction and history about viruses. • Environment and category. • Media of Replication. • Into about mechanisms about Boot sector viruses and executable viruses. • In My next Presentation: More about Executable file internals. More about Win32 PE and PE+ executable file format. More about executable file inflection techniques which are used by the win32 viruses in the windowing platform. Thanks for the audience  By M S D Perera
  • 9. By M S D Perera

Notes de l'éditeur

  1. Virology is a general term which is not specific to neither computer virology or biological virology.Conventional biological virology is something that which there exists in the nature ,but there exists artificially created Biology viruses [for a example Anthrax virus created by Al-quada] . Convetntional viruses are physical, they can be very Long worms who lives in your clone and later invade your whole body. But computer viruses invade your computerFile system , storage,memory , network , hard disk , firmware roms ,etc,etc. So another difference is computer virusesAre not nasty enough like biological viruses.Typcially computer viruses can’t think and self aware about it’s environment so it can’t adopt to highly dynamicEnvironments. For a example win32 virus will stop it’s journey of inflection when it met with a linux host.But a parasatic worm that lives in the snail body can swim to a fish and then when a human eat the fish It can adopt to the human body and live as a roundworm in human clone.Because of computer viruses are created by human programmers and they are non smart enough to Build self awaness into the computer virus it’s very obvious why computer viruses are less smart than the Biological virues. However computer viruses takes it’s idea by biological viruses.Placing your toothbrush top of your computer keyboard won’t transfer computer viruses to your body.Don’t worry.