Computer Virus and Antivirus 1211556532039865 9

7/28/2019 Computer Virus and Antivirus 1211556532039865 9

1/22

1

Computer Virus and Antivirus

A presentation by Sumon chakreborty

Roll no-91/CSE/060024

Reg.no-0028438 of 2002-2003


2/22

2

Agenda

Computer Virus Concept

Analyze three common computer viruses

Antivirus Technologies Conclusion


3/22

3


What is Computer Virus?

Computer Virus Time Line

Types of Computer Virus How does computer virus works?


4/22

4

Computer virus concept

What is Computer Virus?

Definition -- Virus: A self-replicating piece of computer code that

can partially or fully attach itself to files or applications, and can

cause your computer to do something you don't want it to do.

Similarities between biological virus (like " HIV " )

and computer virus:

Need a host for residence. Capable of self-replicate

Cause damage to the host.

Difference:Computer viruses are created by human.


5/22

5


Computer Virus Time Line

1949 - Theories forself-replicating programs was first developed.

1981 - Apple Viruses 1, 2, and 3 was some of the first viruses in

public.

1988 Jerusalem was detected. Activated every Friday the 13th, the

virus affects both .EXE and .COM files and deletes any programs run

on that day.

1991 - Tequila is the first widespread polymorphic virus found.

1999 - The Melissa virus, W97M/Melissa, executed a macro in a

document attached to an email. Melissa spread faster than any otherprevious virus.

2000 - The Love Bug, also known as the ILOVEYOU virus, sent itself

out via Outlook, much like Melissa.

2001 - The Code Red I and II worms attacked computer networks in

July and August. They affected over 700,000 computers and causedupwards of 2 billion in damages.


6/22

6


Types of Computer Virus

Boot Sector Virus - Michelangelo

Boot sector viruses infect the boot sectors on floppy disks and hard disks,and can also infect the master boot record on a user's hard drive.

File Infector Virus - CIH

Operate in memory and usually infect executable files.

Multi-partite Virus

Multi-partite viruses have characteristics of both boot sector viruses and

file infector viruses.

Macro Virus - Melissa Macro Virus

They infect macro utilities that accompany such applications as MicrosoftWord, Excel and outlook.


7/227


Types of Computer Virus - Continue

Trojan / Trojan Horse Back Orifice

A Trojan or Trojan Horse is a program that appears legitimate, but

performs some malicious and illicit activity when it is run.

Worm Red Code

A worm is a program that spreads over network. Unlike a virus, worm

does not attach itself to a host program. It uses up the computer

resources, modifies system settings and eventually puts the

system down.

Worms are very similar to viruses in that they are computer programsthat replicate themselves. The difference is that unlike viruses,

worms exist as a separate small piece of code. They do not attach

themselves to other files or programs.


8/228


Virus Characteristics

Memory Resident:

Loads in memory where it can easily replicate itself into programs of bootsectors. Most common.

Non-Resident:

Does not stay in memory after the host program is closed, thus can onlyinfect while the program is open. Not as common.

Stealth:

The ability to hide from detection and repair in two ways.

- Virus redirects disk reads to avoid detection.

- Disk directory data is altered to hide the additional bytes of the virus.


9/229


Virus Characteristics

Encrypting:Technique of hiding by transformation. Virus code converts itself into

cryptic symbols. However, in order to launch (execute) and spread the

virus must decrypt and can then be detected.

Polymorphic:Ability to change code segments to look different from one infection to

another. This type of virus is a challenge for ant-virus detection

methods.


10/2210


How does computer virus work?

The Basic Rule: A virus is inactive until the infected program is run orboot record is read. As the virus is activated, it loads into the computers

memory where it can spread itself. Boot Infectors: If the boot code on the drive is infected, the virus will

be loaded into memory on every startup. From memory, the boot virus

can travel to every disk that is read and the infection spreads.

Program Infectors: When an infected application is run, the virus

activates and is loaded into memory. While the virus is in memory, anyprogram file subsequently run becomes infected.


11/2211

Analyze three common viruses

CIH

Type: Resident, EXE-files

Origin: Taiwan

History: The CIH virus was first located in Taiwan in early June1998. After that, it has been confirmed to be in the wildworldwide. It has been among the ten most common viruses forseveral months.

Infects Windows 95 and 98 EXE files, but it does not work

under Windows NT.

After an infected EXE is executed, the virus will stay in memoryand will infect other programs as they are accessed.


12/2212


Macro Virus

What is Macro virus

A type of computer virus that is encoded as a macro embedded ina document.

According to some estimates, 75% of all viruses today are macroviruses.

Once a macro virus gets onto your machine, it can embed itself inall future documents you create with the application.

In many cases macro viruses cause no damage to data; but insome cases malicious macros have been written that can damageyour work.

The first macro virus was discovered in the summer of 1995. Sincethat time, other macro viruses have appeared.


13/2213


Macro Virus

How does it spread?

When you share the file with another user, the attached macro or

script goes with the file. Most macro viruses are designed to run, orattack, when you first open the file. If the file is opened into its related

application, the macro virus is executed and infect other documents.

The infection process of the macro virus can be triggered by opening

a Microsoft Office document or even Office Application itself, like

Word, Excel. The virus can attempt to avoid detection by changing or

disabling the built-in macro warnings, or by removing menu commands


14/2214


ILOVE YOUVBS/LoveLetter is a VBScript worm. It spreads through e-

mail as a chain letter.

This worm sends itself to email addresses in the MicrosoftOutlook address book and also spreads to Internet

chatrooms.

This worm overwrites files on local and remote drives,

including files with the extensions .html, .c,.bat,.mp3 etc.


15/2215

Antivirus Technologies

How to detect virus?

How to clean virus?

Best Practices


16/2216

Antivirus technology


Some Symptoms

Program takes longer to load.

The program size keeps changing.

The drive light keeps flashing when you are not doing

anything.

User created files have strange names.

The computer doesn't remember CMOS settings.


17/2217

Antivirus technology


Use Antivirus Software to scan the computer memory and

disks.

A memory-resident anti-virus software can be used tocontinuously monitor the computer for viruses.

Scan your hard disk with an anti-virus software. You

should make sure that an up-to-date virus definition

data have been applied.

Use server-based anti-virus software to protect your

network.


18/2218

Antivirus Technology

How to clean virus?

All activities on infected machine should be stopped and it

should be detached from the network.

Recover from backup is the most secure and effective wayto recover the system and files.

In some cases, you may recover the boot sector, partition

table and even the BIOS data using the emergency recovery

disk.

In case you do not have the latest backup of your files, you

may try to remove the virus using anti-virus software.


19/22


20/2220

Antivirus TechnologyBest Practices

Regular Backup

Backup your programs and data regularly. Recover frombackup is the most secure way to restore the files after avirus attack.

Install Anti-virus SoftwareInstall an anti-virus software to protect your machine and make

sure that an up-to-date virus definition file has been applied.

Daily Virus Scan

Schedule a daily scan to check for viruses. The schedule scancould be done in non-peak hours, such as during the lunch-break or after office hour.

Check Downloaded Files And Email Attachments

Do not execute any downloads and attachment unless you are

sure what it will do


21/22


22/22

22

Thank You

Computer Virus and Antivirus 1211556532039865 9

Documents

Transcript of Computer Virus and Antivirus 1211556532039865 9