VIRUS ATTACKS

OUTLINE
What are viruses? Symptoms of viruses. Classification of viruses. What are Worms? What are Trojan Horse? What is Spyware? What is KeyLogger? What are Mobile viruses? Prevention.

What are Computer Viruses ?

Computer viruses are software programs deliberately designed to interfere with computer operation to record, corrupt, or delete data, or spread themselves to other computers

 A computer virus is a computer program that is written by a malicious author They spread by copying themselves, then transferring on to other computers, for e.g. through e-mails or by downloading. There are around 56,000 computer viruses in existence, with a new one detected every 18 seconds

A virus must meet two criteria:

It must execute itself. It often places its own code in the path of execution of another program. It must replicate itself. e.g. it may replace other executable files with a copy of the virus infected file.

Virus Languages
ANSI COBOL C/C++ Pascal VBA Unix Shell Scripts JavaScript Basically any language that works on the system that is the target

Symptoms of viruses
The infected file may make copies of itself. This may use all the free space in your hard disk A copy of infected file may be sent to all the addresses in your e-mail address list The virus may reformat your disk drive and delete your files and programs The virus may install hidden programs, such as pirated software The virus may reduce security. this could allow intruders to remotely access your computer or network

 You received an e-mail message that has a strange attachment. When you open the attachment ,dialog boxes appear or a sudden degradation in system performance occurs There is a double extension on an attachment that you recently opened ,such as .JPG.VBS or .GIF.EXE , TXT.VBS An antivirus program is disabled for no reason and it cannot be restarted An antivirus program can not be installed on the computer or it will not run. Someone told you that they have recently received e-mail messages from you containing attached files that you did not send New icons appear on desktop that you did not put there A program disappears from your computer, but you did not intentionally remove it Antivirus software indicates that a virus is present

Virus What are Its Classification ?

Viruses are classified by the portion of the system they affect and amount of damage.
Boot Viruses File Viruses Multi-partite Viruses Macro-viruses Stealth Viruses Meta Viruses Companion Viruses Logic bombs and Time bombs

Boot Viruses
Infect the boot record on a hard disk. Usually replaces the boot block with all or part of a virus program. Most have trigger dates, when booted on that day severe damage will be done. Virus loads into memory and infects other disks. Example is Form, Disk killer and Stone Virus

File Viruses / Program viruses

Infect .EXE or .COM files. Usually append the virus code to the file. Damage is done when program is running and the virus will attach to other files. Example- is Friday the 13th - if the date matches Friday the 13th then the virus is executed, all .EXE files are deleted. Other e.g. are Sunday and Cascade.

Macro viruses
A macro-virus often written in scripting languages infects word processor files, such as Microsoft Word documents, templates, spread sheet documents. Although not as dangerous as other viruses, they can spread quickly if a Word file is sent via email. They are platform independent. Can spread via FTP. After an initial scare, Microsoft added protection into later versions of Word, so you receive a warning about infected documents. Examples: Nuclear, Word concept, Relax

Multi-partite Viruses
A hybrid of Boot and Program Viruses. Firstly they infect program files and when the infected program is executed , these viruses infect the boot record. When u boot the computer next time the virus from boot record loads in memory n starts infecting other program files on disk Example is Tequila - will display graphics and text rather than running programs.

Meta Viruses- Hacking the Brains of people

They dont infect ur computer,they infect ur brain First virus to infect data files and to work on multiple platforms. Carried with MS-Word data files. Example is Concept - which will infect the global template and all files loaded from then on. Was distributed by Microsoft on a CD-ROM called Microsoft Windows 95 Software Compatibility Test.

Stealth Viruses
These viruses use certain techniques to avoid their detection. They may either redirect the disk head to read another sector instead of one in which they reside or they may alter the reading of the infected files size shown in the directory listing. For example :- whale.

Companion Viruses
It does not have host file but exploits MS-DOS. It creates new files with .COM or .EXD as extension and have same file as .EXE If user types file name and not extension, DOS assumes the file with ext that comes first in the alphabetical order and run the virus. Rare in Windows XP but found in Windows 95

Logic Bombs and Time Bombs

A logic bomb employs code that lies inert until specific conditions are met. The resolution of the condition will trigger a certain function (printing msg to user or deleting files) Time bomb is a subset of logic bomb, which is set to trigger on a particular date or time .e.g. Friday the 13 virus.

Worms What?
A computer worm is a selfcontained, self-replicating computer program. A well-known example of a worm is the ILOVEYOU worm, It invaded millions of computers through e-mail in 2000 as workers clicked on an e-mail attachment called
LOVE-LETTER-FOR YOU.TXT.vbs E.g Sasser Worm, Blaster Worm

Viruses
They Require user interaction. Propagate slower than worms, because of the need for human interaction. Primarily attack workstations, as users must be on the console machine to initiate the virus infection. Can be caught via the user of antivirus software.

Vs
They

Worms

Do not require any interaction. Propagate quickly, because there is no need for human interaction. Can attack any unmatched machine that is on the network both servers and workstations. Cannot be easily detected by antivirus software.

Trojan Horse
A harmful piece of software that is disguised as legitimate software Appear to be useful software but that actually does damage The program claims to do one thing e.g. game but instead does damage when you run it (it may erase your hard disk). Trojan horses have no way to replicate automatically. E.g. e-mail that included attachment that claimed to be MS security updates but were viruses to disable antivirus n firewall software.

SPYWARE ?
Programs that have the ability to scan systems or monitor activity and relay information to other computers or Advertisers. The information that may be gathered and disseminated by spyware are: passwords, log-in details, account numbers, personal information, individual files, or other personal documents. computing habits. E.g. Limewire, KaZaA, iMesh. Anti spyware- Ad Aware, SpybotSearch and destroy.

Adware
Programs that facilitate delivery of advertising content to the user through their own or another program's interface. Usually displays banners and pop-ups. These programs may gather information from the user's computer, including information related to Internet browser usage or other computing habits, and relay this information back to a remote computer or other locations in cyberspace.

KEY LOGGER
o Is a hardware device or a small program that monitors each key stroke a user types on a specific computers keyboard. o As a H/W device it is a small battery sized plug that serves as a connector between the user keyboard and the computer. o It collects keystrokes n saves it as a text in its miniature hard drive.

Key logger software

It does not require physical access to the users computer. Can be downloaded as a spyware or the Trojan horse. It consists of two files that get installed in same directory i.e. DLL(Dynamic link library) does recording and executable file (.EXE) that installs DLL file n triggers it to work.

Common Ways of Spreading Viruses

Email attachments Shared files Floppy disks Infected documents and infected word processors Portable storage devices like pen drive,cd etc

How do I know if I have a virus?

Virus checker gives a detected virus warning Strange messages appear Computer crashes more frequently Strange files you do not recognize start appearing Files get bigger or disk space disappears for no apparent reason Programs stop working as expected

Ways to Prevent Viruses

Install a virus scanner
Many are free Keep it updated Program it to run automatically
A few examples are: Virus Scan Anti Virus F-Prot

Inoculate
Do not run programs found randomly on the Internet If you use Microsoft Word or Excel, disable macros

Prevention (continued)
Only open expected email attachments. oDo not open anything from people you do not know oIf you are not expecting it, even from someone you know, do not open it! Disable auto-run features in email programs Use Virus Scanner before opening downloaded Internet files Keep your operating system and programs up-to-date

Latest Anti-Viruses
Alwil Antivirus(Awast). McAfee antivirus. Zone-Alarm Norton Antivirus.
Automatically detects & removes viruses Protects against spy ware & ad ware Updates itself Automatically

Norton 360, the latest security solution provided by Symantec company, is Vista (OS) compatible. Panda Antivirus. Anti spy ware- Ad Aware, Spybot-Search and destroy.

Scanning ur computer or disk using McAfee Virex 7.3

Anti-Key logger

How to avoid catching a virus. Dos

1. A computer virus isn't dangerous until the infected email is opened. Delete any mail you think is infected and empty your deleted items folder 2. Read the email. Check that the contents of the message makes sense before you open any attachments.
3. Make sure you have a recent backup of your most important work

Donts
1. Don't open any attachment you are not sure about, even if you have a virus scanner
2. Don't forward any attachment to a friend without being sure it is safe. 3. Don't place backup floppy disks in your computer if you think you have a virus, as the virus could spread to your backups

4. Send any email you think is infected to an anti-virus company (you may have to own a copy of their virus software). They can tell you if it is a virus or not. 5. If you get a computer virus you'll need to use a virus scanner to get rid of it.

4. Don't send mail that may contain a virus to anyone other than official virus companies. Mail filtering systems will probably delete it anyway. 5. Don't be blas just because you have a virus scanner. You will still need to keep your eyes open in case a new virus emerges.

THANK YOU