Professional Documents
Culture Documents
MITESH SOLANKI
2K10/ME/070
Introduction
Computer viruses have become todays
headline news
With the increasing use of the Internet, it
has become easier for virus to spread
Virus show us loopholes in software
Most virus are targeted at the MS Windows
OS
Definition
Virus : A computer virus is a computer program
History of viruses
The first academic work on the theory of computer
Background
There are estimated 30,000 computer
viruses in existence
Over 300 new ones are created each
month
First virus was created to show loopholes
in software
Virus Languages
ANSI COBOL
C/C++
Pascal
VBA
Unix Shell Scripts
JavaScript
Basically any language that works on the
Infection strategies
In order to replicate itself, a virus must be
Symptoms of Virus
Attack
Computer runs slower than usual
Trojan Horse
Covert
Leaks information
Usually does not reproduce
Trojan Horse
Back Orifice
Discovery Date:
10/15/1998
Origin: Pro-hacker Website
Length: 124,928
Type: Trojan
SubType: Remote Access
Risk Assessment: Low
Category: Stealth
Trojan Horse
About Back Orifice
requires Windows to work
distributed by Cult of the Dead Cow
similar to PC Anywhere, Carbon Copy software
allows remote access and control of other
computers
install a reference in the registry
once infected, runs in the background
Trojan Horse
Features of Back Orifice
pings and query servers
reboot or lock up the system
list cached and screen saver password
display system information
logs keystrokes
edit registry
server control
receive and send files
display a message box
Worms
Spread over network connection
Worms replicate
First worm released on the Internet was
Worms
Bubbleboy
Discovery Date:11/8/1999
Origin: Argentina (?)
Length: 4992
Type:
Worm/Macro
SubType: VbScript
Risk Assessment: Low
Category: Stealth/Companion
Worms
Bubbleboy
requires WSL (windows scripting language),
Worms
How Bubbleboy works
Bubbleboy is embedded within an email
Worms
How Bubbleboy works
changes the registered owner/organization
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr
entVersion\RegisteredOwner = Bubble Boy
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr
entVersion\RegisteredOrganization = MICROSOFT
using the Outlook MAPI address book it sends
HKEY_LOCAL_MACHINE\Software\Outlook.bubbleboy =
OUTLOOK.Bubbleboy1.0 by Zulu
Macro
Specific to certain applications
Comprise a high percentage of the viruses
Usually made in WordBasic and Visual
Macro
Melissa
Discovery Date: 3/26/1999
Origin: Newsgroup Posting
Length: varies depending on variant
Type:
Macro/Worm
Subtype: Macro
Risk Assessment: High
Category: Companion
Macro
Melissa
requires WSL, Outlook or Outlook Express Word
Macro
How Melissa works
the virus is activated through a MS word
document
document displays reference to pornographic
websites while macro runs
1st lowers the macro protection security setting
for future attacks
checks to see is it has run in current session
before
HKEY_LOCAL_MACHINE\Software\Microsoft\Office\Meliss
a = by Kwyjibo
Protection/Prevention
Knowledge
Proper configurations
Run only necessary programs
Anti-virus software
Anti viruses
Many users install anti-virus software that can detect
Deceiving viruses
Installing anti viruses
Creating back up of important files
re-installation of damaged programs
System restore (Some viruses, however, disable
Conclusion
viruses work through your system to
make a better virus
Have seen how viruses show us a loophole
in popular software
Most viruses show that they can cause
great damage due to loopholes in
programming
Thank you