Computer virus
Transcript of Computer virus
![Page 1: Computer virus](https://reader030.fdocuments.in/reader030/viewer/2022032616/55a8ea4c1a28abc10e8b45d6/html5/thumbnails/1.jpg)
![Page 2: Computer virus](https://reader030.fdocuments.in/reader030/viewer/2022032616/55a8ea4c1a28abc10e8b45d6/html5/thumbnails/2.jpg)
IntroductionComputer virus have become today’s headline
newsWith the increasing use of the Internet, it has
become easier for virus to spread Virus show us loopholes in softwareMost virus are targeted at the MS Windows OS
![Page 3: Computer virus](https://reader030.fdocuments.in/reader030/viewer/2022032616/55a8ea4c1a28abc10e8b45d6/html5/thumbnails/3.jpg)
Definition� Virus : A true virus is capable of self replication
on a machine. It may spread between files or disks, but the defining character is that it can recreate itself on it’s own with out traveling to a new host
![Page 4: Computer virus](https://reader030.fdocuments.in/reader030/viewer/2022032616/55a8ea4c1a28abc10e8b45d6/html5/thumbnails/4.jpg)
OverviewBackground SymptomsClassifying Viruses ExamplesProtection/PreventionConclusion
![Page 5: Computer virus](https://reader030.fdocuments.in/reader030/viewer/2022032616/55a8ea4c1a28abc10e8b45d6/html5/thumbnails/5.jpg)
BackgroundThere are estimated 30,000 computer
viruses in existenceOver 300 new ones are created each
monthFirst virus was created to show loopholes
in software
![Page 6: Computer virus](https://reader030.fdocuments.in/reader030/viewer/2022032616/55a8ea4c1a28abc10e8b45d6/html5/thumbnails/6.jpg)
Virus LanguagesANSI COBOL C/C++PascalVBAUnix Shell ScriptsJavaScriptBasically any language that works on the system
that is the target
![Page 7: Computer virus](https://reader030.fdocuments.in/reader030/viewer/2022032616/55a8ea4c1a28abc10e8b45d6/html5/thumbnails/7.jpg)
Symptoms of Virus Attack Computer runs slower then usual Computer no longer boots up Screen sometimes flicker PC speaker beeps periodically System crashes for no reason Files/directories sometimes disappear Denial of Service (DoS)
![Page 8: Computer virus](https://reader030.fdocuments.in/reader030/viewer/2022032616/55a8ea4c1a28abc10e8b45d6/html5/thumbnails/8.jpg)
Virus through the InternetToday almost 87% of all viruses are spread
through the internet (source: ZDNet)
Transmission time to a new host is relatively low, on the order of hours to days
“Latent virus”
![Page 9: Computer virus](https://reader030.fdocuments.in/reader030/viewer/2022032616/55a8ea4c1a28abc10e8b45d6/html5/thumbnails/9.jpg)
Classifying Virus - GeneralVirus Information
Discovery Date:
Origin:
Length:
Type:
SubType:
Risk Assessment:
Category:
![Page 10: Computer virus](https://reader030.fdocuments.in/reader030/viewer/2022032616/55a8ea4c1a28abc10e8b45d6/html5/thumbnails/10.jpg)
Classifying Virus - Categories
StealthPolymorphicCompanionArmored
![Page 11: Computer virus](https://reader030.fdocuments.in/reader030/viewer/2022032616/55a8ea4c1a28abc10e8b45d6/html5/thumbnails/11.jpg)
Classifying Virus - Types
Trojan HorseWorm Macro
![Page 12: Computer virus](https://reader030.fdocuments.in/reader030/viewer/2022032616/55a8ea4c1a28abc10e8b45d6/html5/thumbnails/12.jpg)
Trojan Horse
Covert
Leaks information
Usually does not reproduce
![Page 13: Computer virus](https://reader030.fdocuments.in/reader030/viewer/2022032616/55a8ea4c1a28abc10e8b45d6/html5/thumbnails/13.jpg)
Trojan Horse Back Orifice
Discovery Date: 10/15/1998
Origin: Pro-hacker Website
Length: 124,928
Type: Trojan
SubType: Remote Access
Risk Assessment: Low
Category: Stealth
![Page 14: Computer virus](https://reader030.fdocuments.in/reader030/viewer/2022032616/55a8ea4c1a28abc10e8b45d6/html5/thumbnails/14.jpg)
Trojan HorseAbout Back Orifice
requires Windows to work distributed by “Cult of the Dead Cow”similar to PC Anywhere, Carbon Copy softwareallows remote access and control of other computersinstall a reference in the registryonce infected, runs in the backgroundby default uses UDP port 54320
TCP port 54321In Australia 72% of 92 ISP surveyed were infected with
Back Orifice
![Page 15: Computer virus](https://reader030.fdocuments.in/reader030/viewer/2022032616/55a8ea4c1a28abc10e8b45d6/html5/thumbnails/15.jpg)
Trojan Horse Features of Back Orifice
pings and query serversreboot or lock up the systemlist cached and screen saver passworddisplay system informationlogs keystrokesedit registryserver controlreceive and send filesdisplay a message box
![Page 16: Computer virus](https://reader030.fdocuments.in/reader030/viewer/2022032616/55a8ea4c1a28abc10e8b45d6/html5/thumbnails/16.jpg)
WormsSpread over network connectionWorms replicateFirst worm released on the Internet was called
Morris worm, it was released on Nov 2, 1988.
![Page 17: Computer virus](https://reader030.fdocuments.in/reader030/viewer/2022032616/55a8ea4c1a28abc10e8b45d6/html5/thumbnails/17.jpg)
WormsBubbleboy
Discovery Date: 11/8/1999
Origin: Argentina (?)
Length: 4992
Type: Worm/Macro
SubType: VbScript
Risk Assessment: Low
Category: Stealth/Companion
![Page 18: Computer virus](https://reader030.fdocuments.in/reader030/viewer/2022032616/55a8ea4c1a28abc10e8b45d6/html5/thumbnails/18.jpg)
WormsBubbleboy
requires WSL (windows scripting language), Outlook or Outlook Express, and IE5
Does not work in Windows NT
Effects Spanish and English version of Windows
2 variants have been identified
Is a “latent virus” on a Unix or Linux system
May cause DoS
![Page 19: Computer virus](https://reader030.fdocuments.in/reader030/viewer/2022032616/55a8ea4c1a28abc10e8b45d6/html5/thumbnails/19.jpg)
WormsHow Bubbleboy works
Bubbleboy is embedded within an email message of HTML format.
a VbScript while the user views a HTML page
a file named “Update.hta” is placed in the start up directory
upon reboot Bubbleboy executes
![Page 20: Computer virus](https://reader030.fdocuments.in/reader030/viewer/2022032616/55a8ea4c1a28abc10e8b45d6/html5/thumbnails/20.jpg)
WormsHow Bubbleboy works
changes the registered owner/organization HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentV
ersion\RegisteredOwner = “Bubble Boy” HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentV
ersion\RegisteredOrganization = “Vandalay Industry”
using the Outlook MAPI address book it sends itself to each entry
marks itself in the registry HKEY_LOCAL_MACHINE\Software\Outlook.bubbleboy =
“OUTLOOK.Bubbleboy1.0 by Zulu”
![Page 21: Computer virus](https://reader030.fdocuments.in/reader030/viewer/2022032616/55a8ea4c1a28abc10e8b45d6/html5/thumbnails/21.jpg)
MacroSpecific to certain applications Comprise a high percentage of the virusesUsually made in WordBasic and Visual
Basic for Applications (VBA) Microsoft shipped “Concept”, the first
macro virus, on a CD ROM called "Windows 95 Software Compatibility Test" in 1995
![Page 22: Computer virus](https://reader030.fdocuments.in/reader030/viewer/2022032616/55a8ea4c1a28abc10e8b45d6/html5/thumbnails/22.jpg)
MacroMelissa
Discovery Date: 3/26/1999
Origin: Newsgroup Posting
Length: varies depending on variant
Type: Macro/Worm
Subtype: Macro
Risk Assessment: High
Category: Companion
![Page 23: Computer virus](https://reader030.fdocuments.in/reader030/viewer/2022032616/55a8ea4c1a28abc10e8b45d6/html5/thumbnails/23.jpg)
MacroMelissa
requires WSL, Outlook or Outlook Express Word 97 SR1 or Office 2000
105 lines of code (original variant)received either as an infected template or email
attachmentlowers computer defenses to future macro virus
attacksmay cause DoSinfects template files with it’s own macro code80% of of the 150 Fortune 1000 companies
were affected
![Page 24: Computer virus](https://reader030.fdocuments.in/reader030/viewer/2022032616/55a8ea4c1a28abc10e8b45d6/html5/thumbnails/24.jpg)
MacroHow Melissa works
the virus is activated through a MS word documentdocument displays reference to pornographic websites
while macro runs1st lowers the macro protection security setting for
future attackschecks to see is it has run in current session before
HKEY_LOCAL_MACHINE\Software\Microsoft\Office\Melissa = “by Kwyjibo”
propagates itself using the Outlook MAPI address book (emails sent to the first 50 addresses)
![Page 25: Computer virus](https://reader030.fdocuments.in/reader030/viewer/2022032616/55a8ea4c1a28abc10e8b45d6/html5/thumbnails/25.jpg)
MacroHow Melissa works
infects the Normal.dot template file with it’s own codeLastly if the minutes of the hour match up to the date
the macro inserts a quote by Bart Simpson into the current document “Twenty two points, plus triple word score, plus fifty points for
using all my letters. Game’s over. I’m outta here.”
![Page 26: Computer virus](https://reader030.fdocuments.in/reader030/viewer/2022032616/55a8ea4c1a28abc10e8b45d6/html5/thumbnails/26.jpg)
Protection/Prevention
KnowledgeProper configurationsRun only necessary programsAnti-virus software
![Page 27: Computer virus](https://reader030.fdocuments.in/reader030/viewer/2022032616/55a8ea4c1a28abc10e8b45d6/html5/thumbnails/27.jpg)
ConclusionYou know know more about virus and how:
viruses work through your system to make a better virus
Have seen how viruses show us a loophole in popular software
Most viruses show that they can cause great damage due to loopholes in programming