4. Viruses
• Code written with the express intention of
replicating itself.
• A virus attempts to spread from computer to
computer by attaching itself to a host programs.
• It may damage the hardware, software or the
information.
5. Worms
• A subclass of virus. A worm generally
spread without user action and distributes
complete copies (possibly modified) of itself
across networks.
• Can consume memory or networks
bandwidth thus causing a computer stop
responding.
- Because worms don’t need to travel via a
“host” program or file, they can also tunnel
into your system and allow somebody else
to take control of your computer remotely.
6. Trojan horse
• Is a program which a user or
administrator install on the computer.
• Are impostor files that claim to be
something desirable but, in fact are
malicious.
• often acts as a backdoor, contacting a
controller which can then have
unauthorized access to the affected
computer.
7. Viruses
How does a virus work?
• Virus is a dropped in a program using a dropper.
• Software installer onto a computer infecting
target files.
• Virus lies dormant until it is triggered by the
user and event or timer; therefore executing its
payload.
8. • Crashing the computer, e.g. with "blue screen of death"
(BSOD)
• Data corruption,
• Formatting disks, destroying all contents
• Use of the machine as part of a boot net (e.g. to perform
automated spamming or to distribute Denial-of-service
attacks).
• Electronic money theft
• Modification or deletion of files
• Using computer resources for mining crypto currency.
• Linking computer to Boot net
• Using infected computer as proxy for illegal activities and
attacks on other computers.
Viruses
How it does effect to the computer?
9. •The main signs are:
* The start up and the responses of your computer become slower
than before.
* The Control Panel or the My Document folder opens
automatically especially after the start-up of the computer.
* While changing the background of your desktop, the color
changes to default color blue (for Xp) or anything else which you
didn't want.
* Very often some of your running programs will be non-
responsive. If you are able to open the Task Manager, then it will
show you that the CPU or RAM usage is very high.
* In many times, computer will show windows telling that some of
the files are missing from the system files (Generally C drive) and
some fatal error may occur.
Viruses
11. Viruses
Companions Viruses
• Not actually a virus.
• Understand Execution
-Program.com
- Program.exe
- Program.bat
• Most program today have a extension
.exe.
• difficult to detect, as anti-virus software
tends to use changes in files as clue..
12. Viruses
Executable Program Viruses
• Overwriting
- Overwrites executable program with itself.
• Parasitic
- Attaches itself to others programs, but allow
original function.
• Cavity
- Hides itself in unused portion of segment
(512), exploits internal fragmentation.
• a non resident computer virus that stores itself
in an executable file and infects other files
each time the file is run.
13. Viruses
Memory Resident Viruses
• A virus that stays in memory after it executes
and after its host program is terminated. In
contrast, non-memory-resident viruses only are
activated when an infected application runs.
• Hides
- At the top of memory.
- Among interrupt vectors.
• Can alter RAM bitmap to avoid overwritten.
• Captures trap or interrupt vectors.
• Saves address to scratch variable.
• Executes its own address.
• Invokes real system by jumping to saved trap
address.
14. Viruses
Boot Sector Viruses
• Is a computer virus that infects a storage
device's master boot record (MBR). It is
not mandatory that a boot sector virus
successfully boot the victim's PC to infect
it.
• These viruses copy their infected code
either to the floppy disk's boot sector or to
the hard disk's partition table. During
start-up, the virus gets loaded to the
computer's memory.
• Such viruses are very common.
15. Viruses
Device Driver Viruses
• A virus which infiltrates a computer
via the device driver software.
• The software used to control
peripherals such as the keyboard.
• Happily only early operating systems
such as MSDOS were susceptible to
this type of virus.
• If a drive is infected, the virus will be
run every time the computer restart.
16. Viruses
Macro Viruses
• Is a computer virus that "infects“
a Microsoft Word or similar
application and causes a sequence
of actions to be performed
automatically when the application
is started or something else
triggers it.
• Used to group several commands
to a keystroke.
• Attach to menu items..
17. Viruses
Source Code Viruses
• Are a subset of computer
viruses that make modifications
to source code located on an
infected machine.
• A source file can be overwritten
such that it includes a call to
some malicious code.
• Can be very portable.
• Are rare, partly due to the
difficulty of parsing source code
programmatically, but have
been reported.
18. DifferencesVirus
- attempts to spread from computer to computer by attaching itself.
Worm
- generally spread without user action and distributes complete copies
(possibly modified) of itself across networks.
Trojan
- may give a hacker remote access to a targeted computer system,
operations that could be performed by a hacker.
Some people call any type of malicious software a “computer virus,” but
that isn’t accurate. Viruses, Worms, and Trojans horse are different
types of malicious software with different behaviors. In particular, they
spread themselves in very different way. Malicious software in general
is referred to as “malware.” If you want a catch-all term for bad
computer software, malware is the word to use.
19. Examples of Viruses
• Name: CIH
• Aliases : Chernobyl, Space filler
• Isolation date: June 1998
• Types: Windows 95/98/Me
• Origin: Taiwan
• Author: Chen ing - Hau
• Note: Activates on April 26, in which it
destroys partition tables, and tries
to overwrite the BIOS.
20. • Name: Code Red
• Aliases: Heart bleed and CRv1 & CRv2
• Types: Server Jamming Worm
• Isolation date: January, 2001
• Note: This worm allows the hackers to hack
your complete network from the
location. The Heart Bleed virus allows
hackers to steal data like credit card.
Examples of Worms
21. Examples of Trojan horse
• Name: Trojan.Flame.A
• Aliases: sky Wiper
• Types: Windows 7/2000/XP/2003/ME
•Isolation date: May 2012
• Note: Can spread to other system over
a local network (LAN) or via USB
stick and Bluetooth, in which grab screen
shot down.
22. Be Careful from the Viruses
• Keep your system and software to up date.
• Use Anti-virus, firewall and Antispyware solution.
• Do not open unsafe attachment.
• Keep away from chain letters, spam and
‘too good to be true’ offers.
• keep away from dubious web sites.
• Beware of receiving files from people in chat
rooms.
• beware of Hoaxes (do a search for them
if suspicious).
• Beware of unsafe file sharing programs.