Professional Documents
Culture Documents
Antivir
contains Graphical
information on VIRUSES.
Viewer Discretion is
Abhyank 93
Made By-:
Akshit 105
Eijaz 119
Yohan 124
Antivir
COMPUTE
R
Antivir
Agenda
•Computer Virus Concept
•Analyze three common computer viruses
•Antivirus Technologies
•Company Policy Issues
•Conclusion
Antivir
Computer Virus
Concept
•What is Computer Virus?
•Computer Virus Time Line
•Types of Computer Virus
•Virus Hoax
•How does computer virus works?
Computer Virus Concept
Antivir
What is Computer
Virus?
•Definition -- Virus: A self-replicating piece of computer
code that can partially or fully attach itself to files or
applications, and can cause your computer to do
something you don't want it to do.
•Similarities between biological virus (like " HIV " ) and
computer virus:
•Need a host for residence.
•Capable of self-replicate
•Cause damage to the host.
Computer Virus Concept
Antivir
Types of Computer
Virus
•Boot Sector Virus - Michelangelo
Boot sector viruses infect the boot sectors on floppy disks and hard
disks, and can also infect the master boot record on a user's hard drive.
•File Infector Virus - CIH
Operate in memory and usually infect executable files.
•Multi-partite Virus
Multi-partite viruses have characteristics of both boot sector viruses and
file infector viruses.
•Macro Virus - Melissa Macro Virus
They infect macro utilities that accompany such applications as Microsoft
Computer Virus Concept
Antivir
Types of Computer Virus
- Continue
•Trojan / Trojan Horse – Back Orifice
A Trojan or Trojan Horse is a program that appears legitimate, but performs some malicious and
illicit activity when it is run.
•Examples:
•Work Virus Hoax (keyword: a virus called "work"), Phantom Menace Virus Hoax
(keyword: Virus Alert, Phantom Menace)
Computer Virus Concept
Antivir
Virus Characteristics
•Memory Resident:
Loads much like a TSR staying in memory where it can easily replicate itself into
programs of boot sectors. Most common.
•Non-Resident:
Does not stay in memory after the host program is closed, thus can only infect while the
program is open. Not as common.
•Stealth:
The ability to hide from detection and repair in two ways.
- Virus redirects disk reads to avoid detection.
- Disk directory data is altered to hide the additional bytes of the virus.
Computer Virus Concept
Antivir
Virus Characteristics
(contd..)
•Encrypting:
Technique of hiding by transformation. Virus code converts itself into cryptic symbols. However, in
order to launch (execute) and spread the virus must decrypt and can then be detected.
•Polymorphic:
Ability to change code segments to look different from one infection to another. This type of virus is
a challenge for ant-virus detection methods.
•Triggered Event:
An action built into a virus that is triggered by the date, a particular keyboard action or DOS
function. It could be as simple as a message printed to the screen or serious as in reformatting the
hard drive or deleting files.
•Boot Infectors: If the boot code on the drive is infected, the virus will be
loaded into memory on every startup. From memory, the boot virus can
travel to every disk that is read and the infection spreads.
•CIH
•Macro Virus
Analyze three common computer
viruses
Antivir
CIH
•Type: Resident, EXE-files
•Origin: Taiwan
•History: The CIH virus was first located in Taiwan in early
June 1998. After that, it has been confirmed to be in the wild
worldwide. It has been among the ten most common viruses for
several months.
•Infects Windows 95 and 98 EXE files, but it does not work
under Windows NT.
•After an infected EXE is executed, the virus will stay in memory
and will infect other programs as they are accessed.
Analyze three common computer
Antivir
CIH viruses
- Continue
•Four Variants
•CIH v1.2 (CIH.1003): Activates on April 26th.
•CIH v1.3 (CIH.1010.A and CIH.1010.B): Activates on June 26th.
•CIH v1.4 (CIH.1019): Activates on 26th of every month.
Analyze three common computer
viruses
Antivir
CIH - Continue
•How to prevent?
If your PC has a flash BIOS write protect jumper on the motherboard,
you can put it in the write-protect position to prevent CIH from
overwriting your BIOS.
Analyze three common computer
viruses
Antivir
Macro Virus
•What is Macro virus
•A type of computer virus that is encoded as a macro embedded in a
document.
•According to some estimates, 75% of all viruses today are macro viruses.
•Once a macro virus gets onto your machine, it can embed itself in all future
documents you create with the application.
•In many cases macro viruses cause no damage to data; but in some cases
malicious macros have been written that can damage your work.
•The first macro virus was discovered in the summer of 1995. Since that time,
other macro viruses have appeared.
Analyze three common computer
viruses
Antivir
Macro Virus
•How does it spread?
•When you share the file with another user, the attached macro or script goes with the
file. Most macro viruses are designed to run, or attack, when you first open the file. If the file
is opened into its related application, the macro virus is executed and infect other
documents.
•The infection process of the macro virus can be triggered by opening a Microsoft Office
document or even Office Application itself, like Word, Excel. The virus can attempt to avoid
detection by changing or disabling the built-in macro warnings, or by removing menu
commands.
•For Word, after a macro virus triggers, it usually copies itself to Normal.dot, which is
the template that Word loads with every file. from there, it can copy itself to every file that
you open or create.
Analyze three common computer
viruses
Antivir
Macro Virus
• How to prevent?
In your Office programs, make sure that you have macro virus protection turned on.
4. On the Tools menu, click Options.
5. On the General tab, select the Macro virus protection check box.
6. If you have turned on macro virus protection, each time you want to open a document
with macros, the Macro Virus Protection dialog box appears and gives you three
choices.
• Disable Macros
• Enable Macros
• Do Not Open
Antivir
Selection
Group
Analyze three common computer
viruses
Antivir
ILOVEYOU
•VBS/LoveLetter is a VBScript worm. It spreads through e-mail as a
chain letter.
•The latest is VBS.LoveLetter.CN. Virus definitions dated May 31, 2007.
•82 variants of this worm.
•This worm sends itself to email addresses in the Microsoft Outlook
address book and also spreads to Internet chatrooms.
•This worm overwrites files on local and remote drives, including files
with the extensions .vbs, .vbe, .js, .jse, .css, .wsh, .sct, .hta, .jpg, .jpeg,
.wav, .txt, .gif, .doc, .htm, .html, .xls, .ini, .bat, .com, .avi, .qt, .mpg,
.mpeg, .cpp, .c, .h, .swd, .psd, .wri, .mp3, and .mp2.
•The contents of most of these files are replaced with the source code
of the worm, destroying the original contents. The worm also appends
the .vbs extension to each of these files. For example, image.jpg
becomes image.jpg.vbs.
Analyze three common computer
viruses
Antivir
ILOVEYOU
•Damage
•Large scale e-mailing:
Sends itself to all addresses in the Microsoft Outlook Address Book
•Modifies files:
Overwrites files with the following extensions: .vbs, .vbe, .js, .jse, .css, .wsh, .
sct, .hta, .jpg, .jpeg, .wav, .txt, .gif, .doc, .htm, .html, .xls, .ini, .bat, .com, .mp3, and
.mp2. Files with extensions of .mp2 and .mp3 will be hidden from the user by setting
the hidden directory attribute. Variant G also overwrites .bat and .com files.
•Degrades performance:
Might create a lot of traffic to the email server
Analyze three common computer
viruses
Antivir
ILOVEYOU
•Distribution
•Subject of email: ILOVEYOU
•Name of attachment: Love-letter-for-you.txt.vbs
•Size of attachment: 10,307 bytes
•Inside the mail is a short text message saying "Kindly check the attached
LOVELETTER coming from me" and an attachment named LOVE-
LETTER-FOR-YOU.txt.vbs. This is the virus body.
•It's important to note that the virus cannot run by itself. In order for it to run,
the recipient must open the mail, launch the attachment by double-clicking
on it, and answer "yes" to a dialogue that warns of the dangers of running
untrusted programs. (Microsoft)
Analyze three common computer
viruses
Antivir
ILOVEYOU
•How to prevent?
•Do not launch attachments in emails from unknown
sources!
•Uninstalling the Windows Script Host.
Check http://www.sarc.com/avcenter/venc/data/win.script.hosting.html for more
information
Antivir
Antivirus
Technologies
•How to detect virus?
•How to clean virus?
•Best Practices
Antivirus Technologies Antivir
How to
CHKDSK has NOT checked this drive for errors.
You must use SCANDISK to detect and fix errors on this drive.
Memory Summary:
•Use Debug Or Other Tools to check FAT Table, MBR and partition on your
system.
•Best Practices
•Regular Backup
Backup your programs and data regularly. Recover from backup is the most secure way to
restore the files after a virus attack.
•Resources
•Antivirus Software
• McAfee Virus Scan
• F-Secure
• Symantec
• Trend Micro
•Shareware, www.grisoft.com
•Free Virus Tool, http://www.antivirus.com/free_tools/
Antivir
Company Policy
Issues
3. Education
4. Updating
5. Warning
6. Technical Support
7. Reporting
Antivir
Kaspersky Lab’s classification system
divides malicious programs
into three classes:
TrojWar
e
VirWar
e
MalWar
e
E-mail Worm
IM-Worm
IRC-Worm
NET-
Worm
P2P-
Worm
Worm
s
Viru
s
Antivirus Antivir
Kaspersky
database Lab has shortened its
response time to the growing
number and increasing speed of new threats by releasing
an increased
Forecast Antivir
In light of all of the trends and events described above, we expect
that in 2009
virus writers will continue to concentrate their efforts on various
types of Trojans
used to steal personal information.
A "worm type" virus was found on laptop computers that astronauts use to send
and receive email from the station by relaying messages through a mission control
center in Texas, according to NASA spokesman Kelly Humphries.
The virus is reported to be malicious software that logs keystrokes in order to steal
passwords or other sensitive data by sending the information to hackers via the
Internet.
The laptop computers are not linked to any of the space station's control systems
or the Internet.
Antivir
Conclusion
•Be careful when use new software and files
•Be alert for virus activities
•Be calm when virus attacks
•And all will be fine!
SO REMEMBER………
EVERYTHING Antivir
THAT
HAS A BEGINNING…
VIRUSES
HAS AN
END.
RELOADE
D
ANY SMART Antivir
QUESTIONS ??
Reference: Antivir