1 / 25

Viruses and Worms Definition and Prevention

Viruses and Worms Definition and Prevention. John Trifiletti Krishna Charles. What is a virus?. “A self-replicating computer program written to alter the way a computer operates, without the permission or knowledge of the user.” A true virus must replicate itself, and must execute itself.

emmly
Télécharger la présentation

Viruses and Worms Definition and Prevention

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Viruses and WormsDefinition and Prevention John Trifiletti Krishna Charles

  2. What is a virus? • “A self-replicating computer program written to alter the way a computer operates, without the permission or knowledge of the user.” • A true virus must replicate itself, and must execute itself. • A computer virus replaces an existing executable files with a virus-infected copy.

  3. Types of Viruses • Bootsector virus • Companion Viruses • E-Mail Virus • Logic Bomb • Time Bomb • Macro Virus • Trojan Horses • Worm

  4. What do Viruses Do? • Damage Programs • Delete Files • Reformat Hard Drives • Make themselves Known – Present Text, Video, Audio. • Take up Computer’s Memory • Cause System Crashes and data loss

  5. First Computer Virus Written by Rich Skrenta in 1982 Elk Cloner

  6. On every 50th boot you would get a poem saying: Elk Cloner: The program with a personality It will get on all your disks It will infiltrate your chips Yes it's Cloner! It will stick to you like glue It will modify RAM too Send in the Cloner!

  7. (c)Brainvirus • Created by Basit and Amjad Farooq Alvi

  8. (c)Brainvirus Welcome to the Dungeon (c) 1986 Brain & Amjads (pvt) Ltd VIRUS_SHOE RECORD V9.0 Dedicated to the dynamic memories of millions of viruses who are no longer with us today - Thanks GOODNESS!! BEWARE OF THE er..VIRUS : this program is catching program follows after these messages....$#@%$@!! Welcome to the Dungeon (c) 1986 Basit * Amjad (pvt) Ltd. BRAIN COMPUTER SERVICES 730 NIZAM BLOCK ALLAMA IQBAL TOWN LAHORE-PAKISTAN PHONE: 430791,443248,280530. Beware of this VIRUS....

  9. Viruses NOT just for windows Bliss – (1997)

  10. MyDoom Paid for by email spammers contained the test: andy; I'm just doing my job, nothing personal, sorry," sent through emails. A backdoor on port 3127/tcp putting its own SHIMGAPI.DLL file in the system32

  11. Melissa Virus • From: <name of the infected sender>Subject: Important message from <name of sender>To: <The recipients, from the 50 names>Attachment: LIST.DOC Body: Here is that document you asked for ... don't show anyone else ;-) David L. Smith

  12. Variations • Subject: Question for you...Body: It's fairly complicated so I've attached it. • Subject: Check this!!Body: This is some wicked stuff! • Subject: Cool Web SitesBody: Check out the Attached Document for a list of some of the best Sites on the Web • Subject: 80mb Free Web Space!Body: Check out the Attached Document for details on how to obtain the free space. It's cool, I've now got heaps of room. • Subject: Cheap SoftwareBody: The attached document contains a list of web sites where you can obtain Cheap Software • Subject: Cheap HardwareBody: I've attached a list of web sites where you can obtain Cheap Hardware" • Subject: Free MusicBody: Here is a list of places where you can obtain Free Music. • Subject: * Free DownloadsBody: Here is a list of sites where you can obtain Free Downloads.

  13. ILOVEYOU Onel A. de Guzman in the Fillipeans

  14. Variations • Attachment: LOVE-LETTER-FOR-YOU.TXT.vbsSubject Line: ILOVEYOUMessage Body: kindly check the attached LOVELETTER coming from me. • Attachment: Very Funny.vbsSubject Line: fwd: JokeMessage Body: empty • Attachment: mothersday.vbsSubject Line: Mothers Day Order ConfirmationMessage Body: We have proceeded to charge your credit card for the amount of $326.92 for the mothers day diamond special. We have attached a detailed invoice to this email. Please print out the attachment and keep it in a safe place.Thanks Again and Have a Happy Mothers Day! mothersday@subdimension.com • Attachment: virus_warning.jpg.vbsSubject Line: Dangerous Virus WarningMessage Body: There is a dangerous virus circulating. Please click attached picture to view it and learn to avoid it. • Attachment: protect.vbsSubject Line: Virus ALERT!!!Message Body: a long message regarding VBS.LoveLetter.A

  15. Attachment: Important.TXT.vbsSubject Line: Important! Read carefully!!Message Body: Check the attached IMPORTANT coming from me! • Attachment: Virus-Protection-Instructions.vbsSubject Line: How to protect yourself from the IL0VEY0U bug!Message Body: Here's the easy way to fix the love virus. • Attachment: KillEmAll.TXT.VBSSubject Line: I Cant Believe This!!!Message Body: I Cant Believe I have Just received This Hate Email .. Take A Look! • Attachment: ArabAir.TXT.vbsSubject Line: Thank You For Flying With Arab AirlinesMessage Body: Please check if the bill is correct, by opening the attached file • Attachment: IMPORTANT.TXT.vbsSubject Line: Variant TestMessage Body: This is a variant to the vbs virus. • Attachment: Vir-Killer.vbsSubject Line: Yeah, Yeah another time to DEATH...Message Body: This is the Killer for VBS.LOVE-LETTER.WORM. • Attachment: LOOK.vbsSubject Line: LOOK!Message Body: hehe...check this out. • Attachment: BEWERBUNG.TXT.vbsSubject Line: Bewerbung KreolinaMessage Body: Sehr geehrte Damen und Herren

  16. Blaster Worm ( Lovsan ) Jeffrey Lee Parson

  17. I just want to say LOVE YOU SAN!! billy gates why do you make this possible ? Stop making moneyand fix your software!!

  18. Re-Engineering Dan Dumitru Ciobanu

  19. WHY DO IT? • Pranks • Vandalism • Attacking products of specific companies • To distribute political messages, • Some view their viruses as ‘ART’

  20. Why Do It? cont… • Good viruses “Since self-replicating code causes many complications, it is questionable if a well-intentioned virus can ever solve a problem in a way that is superior to a regular program that does not replicate itself.” – wikopedia • Financial Game

  21. Way in which viruses replicate • Open the new file • Check if the executable file has already been infected (if it is, return to the finder module) • Append the virus code to the executable file • Save the executable's starting point • Change the executable's starting point so that it points to the start location of the newly copied virus code • Save the old start location to the virus in a way so that the virus branches to that location right after its execution. • Save the changes to the executable file • Close the infected file • Return to the finder so that it can find new files for the replicator to infect.

  22. Ways to fool virus scanners • “last-modified” date stays the same when the file is infected (doesn’t fool scanners anymore) • Infection does NOT increase file size. • Kill all tasks associated with antivirus before it can detect them. • Keep the old file and send it to the antivirus when it searches for it where the infected file is used to spread itself.

  23. What NOT to do • A virus CANNOT infect antivirus software or any file related to it. Antivirus software WILL check its’ own software first.

  24. What an antivirus software does • Creates bait (or goat) files. • Scan emails on the fly. • Examine memory (Ran / Boot Sectors) and files stored on hard drives and removable media.

  25. Popular Antivirus • Norton • Mcafee • AVG • Microsoft’s Antivirus • The Shield Pro • BitDefender • CA Antivirus • Kaspersky 5.0 • Panda Antivirus • TrendMicro

More Related