Virus on computer


Presentation Description

No description available.


Presentation Transcript

Computer Viruses : 

Computer Viruses 1.june.2010 1 Siddhant Mishra_iLEAD Moradabad

Introduction : 

Introduction Computer virus have become today’s headline news With the increasing use of the Internet, it has become easier for virus to spread Virus show us loopholes in software Most virus are targeted at the MS Windows OS 1.june.2010 2 Siddhant Mishra_iLEAD Moradabad

Definition : 

Definition Virus : A true virus is capable of self replication on a machine. It may spread between files or disks, but the defining character is that it can recreate itself on it’s own with out traveling to a new host 1.june.2010 3 Siddhant Mishra_iLEAD Moradabad

Overview : 

Overview Background Symptoms Classifying Viruses Examples Protection/Prevention Conclusion 1.june.2010 4 Siddhant Mishra_iLEAD Moradabad

Background : 

Background There are estimated 30,000 computer viruses in existence Over 300 new ones are created each month First virus was created to show loopholes in software 1.june.2010 5 Siddhant Mishra_iLEAD Moradabad

Virus Languages : 

Virus Languages ANSI COBOL C/C++ Pascal VBA Unix Shell Scripts JavaScript Basically any language that works on the system that is the target 1.june.2010 6 Siddhant Mishra_iLEAD Moradabad

Symptoms of Virus Attack : 

Symptoms of Virus Attack Computer runs slower then usual Computer no longer boots up Screen sometimes flicker PC speaker beeps periodically System crashes for no reason Files/directories sometimes disappear Denial of Service (DoS) 1.june.2010 7 Siddhant Mishra_iLEAD Moradabad

Virus through the Internet : 

Virus through the Internet Today almost 87% of all viruses are spread through the internet (source: ZDNet) Transmission time to a new host is relatively low, on the order of hours to days “Latent virus” 1.june.2010 8 Siddhant Mishra_iLEAD Moradabad

Classifying Virus - General : 

Classifying Virus - General Virus Information Discovery Date: Origin: Length: Type: SubType: Risk Assessment: Category: 1.june.2010 9 Siddhant Mishra_iLEAD Moradabad

Classifying Virus - Categories : 

Classifying Virus - Categories Stealth Polymorphic Companion Armored 1.june.2010 10 Siddhant Mishra_iLEAD Moradabad

Classifying Virus - Types : 

Classifying Virus - Types Trojan Horse Worm Macro 1.june.2010 11 Siddhant Mishra_iLEAD Moradabad

Trojan Horse : 

Trojan Horse Covert Leaks information Usually does not reproduce 1.june.2010 12 Siddhant Mishra_iLEAD Moradabad

Trojan Horse : 

Trojan Horse Back Orifice Discovery Date: 10/15/1998 Origin: Pro-hacker Website Length: 124,928 Type: Trojan SubType: Remote Access Risk Assessment: Low Category: Stealth 1.june.2010 13 Siddhant Mishra_iLEAD Moradabad

Trojan Horse : 

Trojan Horse About Back Orifice requires Windows to work distributed by “Cult of the Dead Cow” similar to PC Anywhere, Carbon Copy software allows remote access and control of other computers install a reference in the registry once infected, runs in the background by default uses UDP port 54320 TCP port 54321 In Australia 72% of 92 ISP surveyed were infected with Back Orifice 1.june.2010 14 Siddhant Mishra_iLEAD Moradabad

Trojan Horse : 

Trojan Horse Features of Back Orifice pings and query servers reboot or lock up the system list cached and screen saver password display system information logs keystrokes edit registry server control receive and send files display a message box 1.june.2010 15 Siddhant Mishra_iLEAD Moradabad

Worms : 

Worms Spread over network connection Worms replicate First worm released on the Internet was called Morris worm, it was released on Nov 2, 1988. 1.june.2010 16 Siddhant Mishra_iLEAD Moradabad

Worms : 

Worms Bubbleboy Discovery Date: 11/8/1999 Origin: Argentina (?) Length: 4992 Type: Worm/Macro SubType: VbScript Risk Assessment: Low Category: Stealth/Companion 1.june.2010 17 Siddhant Mishra_iLEAD Moradabad

Worms : 

Worms Bubbleboy requires WSL (windows scripting language), Outlook or Outlook Express, and IE5 Does not work in Windows NT Effects Spanish and English version of Windows 2 variants have been identified Is a “latent virus” on a Unix or Linux system May cause DoS 1.june.2010 18 Siddhant Mishra_iLEAD Moradabad

Worms : 

Worms How Bubbleboy works Bubbleboy is embedded within an email message of HTML format. a VbScript while the user views a HTML page a file named “Update.hta” is placed in the start up directory upon reboot Bubbleboy executes 1.june.2010 19 Siddhant Mishra_iLEAD Moradabad

Worms : 

Worms How Bubbleboy works changes the registered owner/organization HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RegisteredOwner = “Bubble Boy” HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RegisteredOrganization = “Vandalay Industry” using the Outlook MAPI address book it sends itself to each entry marks itself in the registry HKEY_LOCAL_MACHINE\Software\Outlook.bubbleboy = “OUTLOOK.Bubbleboy1.0 by Zulu” 1.june.2010 20 Siddhant Mishra_iLEAD Moradabad

Macro : 

Macro Specific to certain applications Comprise a high percentage of the viruses Usually made in WordBasic and Visual Basic for Applications (VBA) Microsoft shipped “Concept”, the first macro virus, on a CD ROM called "Windows 95 Software Compatibility Test" in 1995 1.june.2010 21 Siddhant Mishra_iLEAD Moradabad

Macro : 

Macro Melissa Discovery Date: 3/26/1999 Origin: Newsgroup Posting Length: varies depending on variant Type: Macro/Worm Subtype: Macro Risk Assessment: High Category: Companion 1.june.2010 22 Siddhant Mishra_iLEAD Moradabad

Macro : 

Macro Melissa requires WSL, Outlook or Outlook Express Word 97 SR1 or Office 2000 105 lines of code (original variant) received either as an infected template or email attachment lowers computer defenses to future macro virus attacks may cause DoS infects template files with it’s own macro code 80% of of the 150 Fortune 1000 companies were affected 1.june.2010 23 Siddhant Mishra_iLEAD Moradabad

Macro : 

Macro How Melissa works the virus is activated through a MS word document document displays reference to pornographic websites while macro runs 1st lowers the macro protection security setting for future attacks checks to see is it has run in current session before HKEY_LOCAL_MACHINE\Software\Microsoft\Office\Melissa = “by Kwyjibo” propagates itself using the Outlook MAPI address book (emails sent to the first 50 addresses) 1.june.2010 24 Siddhant Mishra_iLEAD Moradabad

Macro : 

Macro How Melissa works infects the template file with it’s own code Lastly if the minutes of the hour match up to the date the macro inserts a quote by Bart Simpson into the current document “Twenty two points, plus triple word score, plus fifty points for using all my letters. Game’s over. I’m outta here.” 1.june.2010 25 Siddhant Mishra_iLEAD Moradabad

Protection/Prevention : 

Protection/Prevention Knowledge Proper configurations Run only necessary programs Anti-virus software 1.june.2010 26 Siddhant Mishra_iLEAD Moradabad

Conclusion : 

Conclusion You know know more about virus and how: viruses work through your system to make a better virus Have seen how viruses show us a loophole in popular software Most viruses show that they can cause great damage due to loopholes in programming 1.june.2010 27 Siddhant Mishra_iLEAD Moradabad

Thanx & Regards : 

Thanx & Regards 28 Siddhant Mishra_iLEAD Moradabad 1.june.2010

authorStream Live Help