Beruflich Dokumente
Kultur Dokumente
Presented by:
Manish Dixit 2011ecs37
Kaviraj 2011ecs50
Arshit Mahajan 2011ces53
WHAT IS VIRUS?
Computer viruses are small software programs that are designed to spread from one computer to
another and to interfere with computer operation.
A virus might corrupt or delete data on your computer, use your e-mail program to spread itself to
other computers, or even erase everything on your hard disk.
Viruses are most easily spread by attachments in e-mail messages or instant messaging messages.
That is why it is essential that you never open e-mail attachments unless you know who it's from and
you are expecting it.
Viruses can be disguised as attachments of funny images, greeting cards, or audio and video files.
Viruses also spread through downloads on the Internet. They can be hidden in illicit software or other
files or programs you might download.
To help avoid viruses, it's essential that you keep your computer current with the latest updates and
antivirus tools , stay informed about recent threats , and that you follow a few basic rules when you
surf the Internet, download files, and open attachments.
Once a virus is on your computer, its type or the method it used to get there is not as important as
removing it and preventing further infection
Viruses
Taxonomy of Malicious
Programs
Host
Program
Trapdoors
Logic
Bombs
Trojan
Horses
Independent
Viruses
Bacteria
Worms
Types of Viruses
Parasitic Virus - attaches itself to executable files as part of their code.
Runs whenever the host program runs.
Boot Sector Virus - infects the boot sector of a disk, and spreads when
the operating system boots up (original DOS viruses).
An Anti-Virus Virus
Find other viruses and kill them
File Compressor Virus
Compresses the file it infects
Encryption Virus
Infects boot sector and encrypts the disk with a user supplied
password
Maintenance Virus
Traverse a network and perform maintenance functions on individual
machines
Stealth Component
Work very similar to
File Infectors
.COM
Start
End
Prepended virus
(.COM)
Start
Appended virus
(.COM & .EXE)
Jump
End
End
= virus code
= program flow
Computer Network Security Assignment!
Anti-Virus Technologies
Scanners
Interceptors
Disinfectors
Heuristics
Inoculators
Integrity Checkers
Safe Computing (aka Common Sense)
NBAR/QoS
Eicar test string
Anti-Virus Packages
HOW DO I REMOVE A
COMPUTER VIRUS?
If your computer is infected with a virus, you'll want to remove it
as quickly as possible. A fast way to check for viruses is to use an
online scanner, such as the Microsoft Safety Scanner. The scanner
is a free online service that helps you identify and remove viruses,
clean up your hard disk, and generally improve your computer's
performance.
If you're not sure whether your computer has a virus, see How can
I tell if my computer has a virus? to check for some telltale signs.
To try a different online scanner, follow the links to other
companies that provide them on the Windows Security software
providers
webpage.
Computer Network Security Assignment!
Malware is a general name for all programs that are harmful; viruses, trojan, worms and all other
similar programs.
Viruses
A computer virus is a program, a block of executable code, which attach itself to, overwrite or
otherwise replace another program in order to reproduce itself without a knowledge of a PC user.
There are a couple of different types of computer viruses: boot sector viruses, parasitic viruses, multipartite viruses, companion viruses, link viruses and macro viruses. These classifications take into
account the different ways in which the virus can infect different parts of a system. The manner in
which each of these types operates has one thing in common: any virus has to be executed in order to
operate.
Most viruses are pretty harmless. The user might not even notice the virus for years. Sometimes
viruses might cause random damage to data files and over a long period they might destroy files and
disks. Even benign viruses cause damage by occupying disk space and main memory, by using up
CPU processing time. There is also the time and expense wasted in detecting and removing viruses.
Trojan
Trojan
A Trojan Horse is a program that does something else that the user
thought it would do. It is mostly done to someone on purpose. The
Trojan Horses are usually masked so that they look interesting, for
example a saxophone.Wav file that interests a person collecting
sound samples of instruments. A Trojan Horse differs from a
destructive virus in that it doesn't reproduce. There has been a
password trojan out in AOL land (the American On Line). Password30
and Pasword50 which some people thought were wav. files, but they
were disguised and people did not know that they had the trojan in
their systems until they tried to change their passwords.
Trojan Horses
A program which appears to be legitimate, but
performs unintended actions.
Windows Backdoors
Back Orifice
Back Orifice 2000 (BO2K)
NetBus
WinVNC (Virtual Network Computing)
SubSeven
Netbus
Provides Remote Administration of Windows 9x and NT
systems
Logs keystrokes
Listens on TCP/UDP 12345 and 12346 (configurable v 1.7 and up)
for connections
Netbus
Trojans - Jokes
One time this guy walks into a bar
Newest category of trojans
Designed to look extremely malicious and are visual
to the user
Worms
Worm
A worm is a program which spreads usually over
network connections.
Unlike a virus which attach itself to a host program,
worms always need a host program to spread.
In practice, worms are not normally associated with one
person computer systems.
They are mostly found in multi-user systems such as
Unix environments.
A classic example of a worm is Robert Morrisis Internetworm 1988.
Why Worms?
Ease
write and launch once
many acquisitions
continually working
Pervasiveness
weeds out weakest targets
The worm didn't place copies of itself or other programs into memory to be
The worm didn't attack machines other than Sun 3 systems and VAX computers
running 4 BSD Unix (or equivalent)
The worm didn't attack machines that werent attached to the internet
The worm didn't travel from machine to machine via disk
The worm didn't cause physical damage to computer systems
Computer Network Security Assignment!
Reconnaissance
Specific Attacks
Command Interface
Communication Mechanisms
Intelligence Capabilities
Unused and Non-attack Capabilities
Specific Attacks
Exploits
buffer overflows, cgi-bin, etc.
Trojan horse injections
Limited in targets
Two components
local, remote
Communications
Information transfer
Protocols
Stealth concerns
UNIX Worms
Worm Propagation
Central Source Propagation
This type of propagation involves a central location where
after a computer is infected it locates a source where it can
get code to copy into the compromised computer then
after it infects the current computer it finds the next
computer and then everything starts over again. And
example of the this kind of worm is the 1i0n worm.
Worm Propagation
Back-Chaining Propagation
The Cheese worm is an example of this type of
propagation where the attacking computer initiates a file
transfer to the victim computer. After initiation, the
attacking computer can then send files and any payload
over to the victim without intervention. Then the victim
becomes the attacking computer in the next cycle with a
new victim. This method of propagation is more reliable
then central source because central source data can be cut
off.
Computer Network Security Assignment!
Worm Propagation
Autonomous Propagation
Autonomous worms attack the victim computer and insert
the attack instructions directly into the processing space of
the victim computer which results in the next attack cycle
to initiate without any additional file transfer. Code Red is
an example of this type of worm. The original Morris
worm of 1988 was of this nature as well.
Worm Propagation
Autonomous Propagation
Autonomous worms attack the victim computer and insert
the attack instructions directly into the processing space of
the victim computer which results in the next attack cycle
to initiate without any additional file transfer. Code Red is
an example of this type of worm. The original Morris
worm of 1988 was of this nature as well.
Windows Worms
Code Red
Nimda
Windows Worms
Code Red infected over 250,000 systems in 9 hours on July 19,
2001.
Design flaws
Open shares
Misconfigurations
Current Limitations
Limited capabilities
Growth and traffic patterns
Network structure
Intelligence Database
Agent-like behavior
Computer Network Security Assignment!
Intelligence Database
Knowledge of other nodes
Concrete vs. abstract
Other Malawares
when they get active, but not all the viruses activate. Some
viruses just spread out, but when viruses activate they do very
different things. Might play a part of melody or play music in the
background, show a picture or animated picture, show text, format
hard disk or do changes to files.
CONCLUSION
There are lots of viruses in the world and new viruses are coming up every day. There
are new anti-virus programs and techniques developed too. It is good to be aware of
viruses and other malware and it is cheaper to protect you environment from them
rather then being sorry.
It is good to be a little suspicious of malware when you surf in the Internet and
download files. Some files that look interesting might hide a malware.
A computer virus is a program that reproduces itself and its mission is to spread out.
Most viruses are harmless and some viruses might cause random damage to data
files.
A trojan horse is not a virus because it doesn't reproduce. The trojan horses are
usually masked so that they look interesting. There are trojan horses that steal
passwords and formats hard disks.
Reference
http://en.wikipedia.org/wiki/Computer_virus
http://windows.microsoft.com/enmy/windows7/how-do-i-remove-a-computervirus