SHILPA THUNIKI

DIVYA KAMLEKAR
BHARGAV NAIDU
 COMPUTER SECURITY THREAT
 A computer security threat is a possible danger that
might exploit a weakness to breach security and may
even cause possible damage to the system.
 According to ISO 27005 , a threat can be defined as
“A potential cause of an incident, that may result in
harm of systems and organization.”
 TYPES OF COMPUTER SECURITY
THREATS(known)
Based on the kind of actions the suspect programs
performs computer security threats are divided into 4
types:
 MALWARE
 RISKWARE
 POTENTIALLY UNWANTED APPLICATION
 SPYWARE
 MALWARE
 Malware threats can perform harmful actions such as
stealing personal data or program data, secretly
manipulating a device or installed programs in the
device or completely blocking access to user to use the
device.
 Virus, Worm, Rootkit, Backdoor, Trojan, Rogue,
Exploit, Packed, constructor are types of Malware.
 RISK WARE
 Riskware programs are applications considered safe
when used by an appropriate authorities but may pose
a security threat when used by an attacker.
 For Example, Keyloggers avaliable as utility or
application can be used by system administators in the
line of official work but can also used to secretly
monitor others work.
 Monitoring tool, hack tool, Application are types of
Riskware.
 POTENTIALLY UNWANTED APPLICATION

 It is a program that has aspects and behavior which

were considered as undesirable unwanted or risky but
not like the harmful actions provided by the malware.
 SPYWARE
 It collects the information web browsing behavior or
preferred applications and the information may be
stored locally or sent out.
 The programs categorized as spyware introduce
security risks that may affect the user's personal data.
 The programs under spyware include trackware,
adware and spyware.
 Trackware and adware may provide useful services in
exchange for being allowed tp gather information from
or about user.
 SPYWARE
 The information may include web browsing history,
personal details, system or installed programs etc.,
 Legal implications may also arise based on where and
how the program is being used.
 VIRUS
 It is a sub-category of a Malware.
 A virus is a program or piece of code that is loaded
onto your computer without your knowledge and runs
against your wishes. Viruses can also replicate
themselves. All computer viruses are man-made.
 A simple virus that can make a copy of itself over and
over again is relatively easy to produce which in simple
term infection.
 BOOT SECTOR VIRUS
 A Boot sector virus is a virus that resides itself in the
boot sectors of floppy disks or Master Boot
Record(MBR) of hard disks.
 Defining BOOT SECTOR Virus
 Sector : A sector is a subdivision of a drive, in computer
terminology, a sector is an an arc where data is written.
 Boot Sector : A hard drive is comprised of many segments and
clusters of segments, which may be separated by something
called a partition. There has to be a way to find all the data
spread across these segments, and so the boot sector operates as
a virtual Dewey Decimal system.
 Boot sector contains machine code to be loaded into random-
access memory (RAM) by a computer system's built-in firmware.
 The purpose of a boot sector is to allow the boot process of a
computer to load a program (usually an operating system) stored
on the storage device of that computer.
 The location and size of the boot sector (logical disk sector) is
specified by the design of the computing platform.
COMMON BOOT SECTORS
 Master Boot Record(MBR)
 first sector of data storage device that was partitioned.
 contain code to locate the active partition and to
invoke VBR
 Volume Boot Record(VBR)
 first sector of the data storage device that was not
partitioned or of individual partition first sector.
 contains code to load an operating system installed on
that device or within the partition.
History of boot sector virus
 The first boot sector virus was discovered in 1986
called BRAIN originated in Pakisthan operated in
stealth mode infecting 360KB floppies. But the most
infamous is Michelangelo which is MBR and a boot
sector infector with a March 6th payload overwriting
critical drive sectors. There are boot sector virus
programs such as these at present called bootkits that
writes the code to MBR for the loading early in the
boot process and concealing its actions under
Windows. But the difference is the cannot infect the
removable media.
 TYPES OF BOOT SECTOR VIRUS
 GHOST BALL
 BRAIN
 CRAZYBOOT
 BOOT KIT
 GHOST BALL
 Ghostball was the first multipartite virus discovered.[1] The virus
was discovered in October 1989, by Fridrik Skulason. It infected
both executable .COM-files and boot sectors.
Effects
 It captures certain information entered or saved by the user, with
the corresponding threat to privacy.
 It causes the loss of information stored on the computer, either
specific files or data in general.
 It affects the productivity of the computer, the network to which
it's connected or other remote sites.
 It carries out actions that decrease the security level of the
computer.
 It does not spread automatically using its own means.
 BRAIN
 Brain is the industry standard name for a computer virus that
was released in its first form in January 1986, and is
considered to be the first computer virus for MS-DOS. It
infects the boot sector of storage media formatted with
the DOS File Allocation Table (FAT) file system.
 Brain by replacing the boot sector of a floppy disk with a copy
of the virus. The real boot sector is moved to another sector
and marked as bad. Infected disks usually have five kilobytes
of bad sectors. The disk label is changed to ©Brain,
 There are many minor and major variations to that version of
the text. The virus slows down the floppy disk drive and
makes seven kilobytes of memory unavailable to DOS.
 CRAZY BOOT
 Crazy Boot is a computer virus that infects the operating
systems causing no physical damage nor direct loss of information.
 If the host computer is booted from an infected floppy disk, this virus
makes it look as though all physical hard drives have been lost.
 Crazy Bootspreads through unprotected disks easily. It spreads only on
diskettes, not by file distribution.
 The virus resides in memory, it infects the master boot records of all
physical hard disks and infects the boot sector of floppy disks.
 If Crazy Boot is in memory, any access to the boot record is rerouted to
a copy of the original boot sector. When the virus infects a hard drive, it
makes a copy of the partition table, writes the copy, and deletes the
original partition table.
 To read the partition information, Crazy Boot must be active in
memory. If users boot from a floppy disk not infected by this virus in
order to avoid it, all physical hard drives are inaccessible by normal
means.
 BOOT KIT
 A bootkit is a type of malware that infects the Master Boot
Record (MBR).
 This infection method allows the malicious program to be
executed before the operating system boots. As soon as BIOS
(Basic Input Output System) selects an appropriate boot
device (it can be a hard disk or a flash drive), the bootkit that
resides in the MBR starts executing its code. Once the bootkit
receives the control, it usually starts preparing itself and returns
the control to the legitimate boot loader overseeing all stages of
the boot process.
 The main feature of a bootkit is that it cannot be detected by
standard means of an operating system because all its
components reside outside of the standard file systems.
 Some types of bootkits hide even the fact that the MBR has been
compromised by returning the legitimate copy of the MBR when
an attempt to read it has been made.
What does a boot sector virus do…
 Boot sector viruses infect or substitute their own code for either
the DOS boot sector or the Master Boot Record(MBR) of a PC.
The MBR is a small program that runs every time the computer
starts up. It controls the boot sequence and determines which
partition the computer boots from. The MBR generally resides
on the first sector of the hard disk.
 Since the MBR executes every time a computer is started, a boot
sector virus is extremely dangerous. Once the boot code on the
drive is infected, the virus will be loaded into memory on every
startup. From memory, the boot virus can spread to every disk
that the system reads. Boot sector viruses are typically very
difficult to remove, as most antivirus programs cannot clean the
MBR while Windows is running. In most cases, it takes bootable
antivirus disks such as a Symantec/Norton AntiVirus (SAV/NAV)
rescue set to properly remove a boot sector virus.
 SYMPTOMS
 A boot sector virus can cause a variety of boot or data
retrieval problems. In some cases, data disappear from
entire partitions. In other cases, the computer
suddenly becomes unstable. Often the infected
computer fails to start up or to find the hard drive.
Also, error messages such as "Invalid system disk" may
become prevalent.
HOW THEY SPREAD
 Boot sector viruses are usually spread by infected
floppy disks. In the past, these were usually bootable
disks, but this is no longer the case. A floppy disk does
not need to be bootable to transmit a boot sector virus.
Any disk can cause infection if it is in the drive when
the computer boots up or shuts down. The virus can
also be spread across networks from file downloads
and from email file attachments. In most cases, all
write-enabled floppies used on an infected PC will
themselves pick up the boot sector virus.
PRECAUTIONS&DAMAGE CONTROL
 a good antivirus program with up-to-date virus definitions. Antivirus programs do
two key things:
 Scan for and remove viruses in files on disks
 Monitor the operation of your computer for virus-like activity and look for
known actions of specific viruses or general suspicious activity
 Back up your files, so that you can restore them if a virus damages them. Note: If
you back up a file that is already infected with a virus, you can re-infect your
system by restoring files from the backup copies. Check your backup files with
virus scanning software before using them.
 Keep your original application and system disks locked (write-protected). This will
prevent a virus from spreading to your original disks.
 If you must insert one of your application floppy disks into an unknown computer,
lock it first. Unlock your application disk only after verifying that the computer is
free of viruses.
 Obtain public-domain software from reputable sources. Don't download software
directly to a hard disk. Rather, save it to a floppy disk, lock the floppy disk, and
check it thoroughly using reputable virus detection software. Don't copy it to your
hard disk until you know it is safe. This can also help protect you from Trojan
horse programs.
 Quarantine any infected computer. If you discover that a computer is infected with
a virus, immediately isolate it from other computers. In other words, disconnect it
from any network it is on. Don't allow anyone to copy or move files from it until
the entire system has been reliably disinfected.
How to remove boot sector virus
 Removing a boot sector virus can be difficult because it may encrypt the boot
sector. In many cases users may not even be aware that they have been
infected with a virus until they run an antivirus protection program or
malware scan.
 Remove any important files and shut down the infected computer. You can
not begin to remove the virus if it is in the RAM in your computer.
 Option 1: Take the drive to a pro. UNPLUG the computer, and all monitors, etc.
Remove the HDD (hard disk drive or hard drive) from the infected computer. Be
sure to remove all of the static electricity from your self by touching the metal case.

Option 2: Use software on a CD-ROM or floppy (yes, you can still download
recovery tools as floppy images) to scan the drive and fix the MBR. Start with the OS
install CD. Use the Windows Recovery Console option if you are using Windows XP.
 ources of that software: Find out which company manufactures your HDD and
see if they have a utility that will do a low-level format. This part is important
because it deletes everything from your hard drive so that no one can get it back,
including the virus. Some common HDD manufacturers' tools for doing this can be
found.
 Run the formatting utility provided by your HDD manufacturer.
 If you have errors booting the OS, reinstall your operating system of choice
however you want to.
references
Contibution
THANK YOU