Professional Documents
Culture Documents
OUTLINE
What are viruses? Symptoms of viruses. Classification of viruses. What are Worms? What are Trojan Horse? What is Spyware? What is KeyLogger? What are Mobile viruses? Prevention.
A computer virus is a computer program that is written by a malicious author They spread by copying themselves, then transferring on to other computers, for e.g. through e-mails or by downloading. There are around 56,000 computer viruses in existence, with a new one detected every 18 seconds
Virus Languages
ANSI COBOL C/C++ Pascal VBA Unix Shell Scripts JavaScript Basically any language that works on the system that is the target
Symptoms of viruses
The infected file may make copies of itself. This may use all the free space in your hard disk A copy of infected file may be sent to all the addresses in your e-mail address list The virus may reformat your disk drive and delete your files and programs The virus may install hidden programs, such as pirated software The virus may reduce security. this could allow intruders to remotely access your computer or network
You received an e-mail message that has a strange attachment. When you open the attachment ,dialog boxes appear or a sudden degradation in system performance occurs There is a double extension on an attachment that you recently opened ,such as .JPG.VBS or .GIF.EXE , TXT.VBS An antivirus program is disabled for no reason and it cannot be restarted An antivirus program can not be installed on the computer or it will not run. Someone told you that they have recently received e-mail messages from you containing attached files that you did not send New icons appear on desktop that you did not put there A program disappears from your computer, but you did not intentionally remove it Antivirus software indicates that a virus is present
Boot Viruses
Infect the boot record on a hard disk. Usually replaces the boot block with all or part of a virus program. Most have trigger dates, when booted on that day severe damage will be done. Virus loads into memory and infects other disks. Example is Form, Disk killer and Stone Virus
Macro viruses
A macro-virus often written in scripting languages infects word processor files, such as Microsoft Word documents, templates, spread sheet documents. Although not as dangerous as other viruses, they can spread quickly if a Word file is sent via email. They are platform independent. Can spread via FTP. After an initial scare, Microsoft added protection into later versions of Word, so you receive a warning about infected documents. Examples: Nuclear, Word concept, Relax
Multi-partite Viruses
A hybrid of Boot and Program Viruses. Firstly they infect program files and when the infected program is executed , these viruses infect the boot record. When u boot the computer next time the virus from boot record loads in memory n starts infecting other program files on disk Example is Tequila - will display graphics and text rather than running programs.
Stealth Viruses
These viruses use certain techniques to avoid their detection. They may either redirect the disk head to read another sector instead of one in which they reside or they may alter the reading of the infected files size shown in the directory listing. For example :- whale.
Companion Viruses
It does not have host file but exploits MS-DOS. It creates new files with .COM or .EXD as extension and have same file as .EXE If user types file name and not extension, DOS assumes the file with ext that comes first in the alphabetical order and run the virus. Rare in Windows XP but found in Windows 95
Worms What?
A computer worm is a selfcontained, self-replicating computer program. A well-known example of a worm is the ILOVEYOU worm, It invaded millions of computers through e-mail in 2000 as workers clicked on an e-mail attachment called
LOVE-LETTER-FOR YOU.TXT.vbs E.g Sasser Worm, Blaster Worm
Viruses
They Require user interaction. Propagate slower than worms, because of the need for human interaction. Primarily attack workstations, as users must be on the console machine to initiate the virus infection. Can be caught via the user of antivirus software.
Vs
They
Worms
Do not require any interaction. Propagate quickly, because there is no need for human interaction. Can attack any unmatched machine that is on the network both servers and workstations. Cannot be easily detected by antivirus software.
Trojan Horse
A harmful piece of software that is disguised as legitimate software Appear to be useful software but that actually does damage The program claims to do one thing e.g. game but instead does damage when you run it (it may erase your hard disk). Trojan horses have no way to replicate automatically. E.g. e-mail that included attachment that claimed to be MS security updates but were viruses to disable antivirus n firewall software.
SPYWARE ?
Programs that have the ability to scan systems or monitor activity and relay information to other computers or Advertisers. The information that may be gathered and disseminated by spyware are: passwords, log-in details, account numbers, personal information, individual files, or other personal documents. computing habits. E.g. Limewire, KaZaA, iMesh. Anti spyware- Ad Aware, SpybotSearch and destroy.
Adware
Programs that facilitate delivery of advertising content to the user through their own or another program's interface. Usually displays banners and pop-ups. These programs may gather information from the user's computer, including information related to Internet browser usage or other computing habits, and relay this information back to a remote computer or other locations in cyberspace.
KEY LOGGER
o Is a hardware device or a small program that monitors each key stroke a user types on a specific computers keyboard. o As a H/W device it is a small battery sized plug that serves as a connector between the user keyboard and the computer. o It collects keystrokes n saves it as a text in its miniature hard drive.
Inoculate
Do not run programs found randomly on the Internet If you use Microsoft Word or Excel, disable macros
Prevention (continued)
Only open expected email attachments. oDo not open anything from people you do not know oIf you are not expecting it, even from someone you know, do not open it! Disable auto-run features in email programs Use Virus Scanner before opening downloaded Internet files Keep your operating system and programs up-to-date
Latest Anti-Viruses
Alwil Antivirus(Awast). McAfee antivirus. Zone-Alarm Norton Antivirus.
Automatically detects & removes viruses Protects against spy ware & ad ware Updates itself Automatically
Norton 360, the latest security solution provided by Symantec company, is Vista (OS) compatible. Panda Antivirus. Anti spy ware- Ad Aware, Spybot-Search and destroy.
Anti-Key logger
Donts
1. Don't open any attachment you are not sure about, even if you have a virus scanner
2. Don't forward any attachment to a friend without being sure it is safe. 3. Don't place backup floppy disks in your computer if you think you have a virus, as the virus could spread to your backups
4. Send any email you think is infected to an anti-virus company (you may have to own a copy of their virus software). They can tell you if it is a virus or not. 5. If you get a computer virus you'll need to use a virus scanner to get rid of it.
4. Don't send mail that may contain a virus to anyone other than official virus companies. Mail filtering systems will probably delete it anyway. 5. Don't be blas just because you have a virus scanner. You will still need to keep your eyes open in case a new virus emerges.
THANK YOU