600 likes | 1.16k Vues
Virus, Worms and Trojans. Sumitter Josan Lecturer (Info. Tech.) Govt. Poly. College Amritsar. Introduction to Virus.
E N D
Virus, Worms and Trojans Sumitter Josan Lecturer (Info. Tech.) Govt. Poly. College Amritsar
Introduction to Virus A computer virus is a computer program that can copy itself and infect a computer without permission or knowledge of the user. The term “virus” is also commonly, but erroneously, used to refer to other types of malware, including but not limited to adware and spyware programs that do not have a reproductive ability. Some viruses and other malware have symptoms noticeable to the computer user.
Introduction to Virus (contd.) But many are surreptitious or simply do nothing to call attention to themselves. Some viruses do nothing beyond reproducing themselves. Any virus will by definition make unauthorised changes to a computer, which is undesirable even if no damage is done or intended.
What Is Computer Virus A computer virus is an executable program. Depending upon the nature of a virus, it may cause damage of your hard disk contents and/or interface normal operation of your computer. A virus can be introduced to a computer system along with any software program. For internet users, this threat can come from downloading files through FTP (File transfer protocol) or refreshing e-mail attachments.
What Is Computer Virus (contd.) When a virus introduced to a computer system, it can attach itself to, or sometimes even replace, an existing program. Thus, when the user runs the program in question, the virus is also executed. This usually happens without the user being aware of it. A virus program contains instruction to initiate some sort of “event” that affects the infected computer. Each virus has an unique event associated with it. These events and their effects can range from harmless to devastating.
For examples: 1An annoying message appearing on the computer system. 2 Reduced memory or disk space. 3Modification of data. 4 Files overwritten or damaged. 5 Hard drive erased.
Types of Viruses There are different types of viruses which can be classified according to their origin, techniques, types of files they infect, where they hide, the kind of damage they cause, the type of operating system, or platform they attack. Following are the main types of computer viruses:
1. Trojan Horse A Trojan horse program has the appearance of heaving a useful and desired function. While it may advertise its activity after launching, this information is not apparent to the user beforehand. Secretly the program performs other, undesired functions. A Trojan Horse neither replicates nor copies itself, but causes damage or compromises the security of the computer. A Trojan Horse must be sent by someone or carried by another program and may arrive in form of joke.
1. Trojan Horse (contd.) For example, you download what appears to be a movie or music file, but when you click on it, you unleash a dangerous program that erases your disk, sends your credit card numbers and passwords to a stranger. The malicious functionality of a Trojan Horse may be anything undesirable for a computer user, including data or destruction or compromising system by providing a means for another computer to gain access, thus bypassing normal access controls.
2. Worms A worm is a program that makes and facilitates the distribution of copies of itself. For example, from one disk drive to another or by copying itself using e-mail or another transport mechanism. The worm may do damage and compromise the security of the computer. It may arrive via exploitation of a system vulnerability or by clicking on an infected e-mail.
3. Boot Sector Virus The term “boot sector” is a generic name that seems to originally come from MS-DOS but is now applied generally to the boot information used by any operating system. In modern computers this is usually called the “master boot record,”. Boot sector viruses became popular because of the use of floppy disks to boot a computer. Boot sector virus affects the boot sector of a hard disk. This is a crucial part of the disk, in which information of the disk itself is stored along with a program that makes it possible to boot computer from the disk.
4. Direct Action Virus The main purpose of direct action virus is to replicate and take action when it is executed. When a specific condition is met, the virus will go into action and infect files in the directory. AUTOEXEC.BAT batch file is always located in the root directory of the hard disk and carries out certain operations when the computer is booted. This type of virus, unlike most, only comes into action when the file the containing.
5. File Infector Virus File action virus is the most common type of virus, the file infector takes root in a host file and then begins its operation when the file is executed. The virus may completelyoverwrite the file that it infects, or may only replace the parts of file or may not replace anything but instead re-write the files so that the virus is executed rather then the program the user intended. The widespread usage of the internet and the death of the floppy has made other means of virus.
5. File Infector Virus (contd.) Although called a “file virus” the definition doesn’t apply to all viruses in all files generally for example, the macro virus below is not referred to by the file virus. Instead, the definition is usually meant to refer only to viruses which use an executable file format, such as .exe, as their host. The virus may completely overwrite the file that it infects, or may only replace parts of the file or may not replace anything .
6. Macro Virus Macro viruses infect files that are created using certain applications or programs that contain macros, like .doc, .xls, .pps, .mdb, etc. These mini-programs make it possible to automate series of operations so that they are performed as a single action, thereby saving the user from having to carry them out one by one. These viruses automatically infect the file that contains macros and also infects the templates and document that the file contains.
7. Overwrite Viruses A virus of this kind is characterized by the fact that it deletes the information contained in the files that in infects, rendering them partially or totally useless once they have been infected.
8. Directory Virus Directory viruses (also called Cluster Virus/File System Virus) infect the directory your computer changing the path that indicates the location.
8. Directory Virus When you execute the a program file with an extension .EXE or .COM that has been infected by a virus, you are unknowingly running the virus program, while the original file and program is previously moved by the virus. Once infected, it become impossible to locate the original files. These virus automatically infect the file that contains macros and also infect the templates and documents that the file contains.
9. Rootkit Virus A rootkit virus is an undetectable virus which attempts to allow someone to gain control of a computer system. The term rootkit comes from the linux administrator root user. These viruses are usually installed by trojans and are normally disguised as operating system files.
10. Polymorphic Viruses A polymorphic virus not only replicates itself by creating multiple files of itself, but it also changes it’s digital signature every time it replicates. This makes it difficult for less sophisticated antivirus software to detect.
Preventive Measures Preventive measures comprise a combination of procedural and technical measures : 1. Process that prevent the automatic execution of imported macros in the absence of express permission for their execution. 2.Effective, current anti-virus policies. This includes screening of all imported and exported material for recognizable virus signature or other unwanted content. In addition are imports transaction should be recorded for audit purposes.
Preventive Measures (contd.) 3.Procedures that discourage employees of e-business service provider from accessing websites that are not pertinent to their job function. Import of material should be controlled and limited as far as possible to that which is necessary to carry out job. Where software is imported it should preferably be restricted to ‘trusted’ (i.e. digitally signed) objects. Where appropriate, PKI-based certification of software and objects should be used.
Preventive Measures (contd.) 4. Using suitably configured firewalls to prevent hacking attacks. System responses service refusal should be designed to prevent a potential hacker deducing useful system information such as physical.
Preventive Measures (contd.) 5.Restricting access to e-business services in accordance with agreed user profiles. 6.Setting up arrangements with an appropriate national or international security incident and response organization (CERT) to obtains information about potential attack and to report and disseminate security incidence.
An Ounce of Prevention Is Worth • Enable on-access scanning • Enable periodic automatic scanning of the all files in the file system • Enable Heuristic Scanning if available for program and macro files • Disable automatic execution of VBS files if possible
Access control Access control refers to security features that controls who can access resources in the operating system.Application call access control function to set who can access specific resources or control access to resources provided by the application. There are four primary methods to protect computer system:
1. System Access Controls Ensuring that unauthorized users don’t get into the system and by encouraging authorized user to be security-conscious. For example, by changing their passwords on a regular basis. The system also protects password data and keeps track of who’s doing what in the system, especially if what they’re doing is security-related (e.g., logging in, trying to open a file, using special privileges).
2. Data Access Controls Monitoring who can access what data and for what purpose. Your system might support discretionary access controls; with these, you determine whether other people can read or change your data. Your system might also support mandatory access controls; with these, the system determines access rules based on the security levels of the people, the files and the other objects in your system.
3. System and Security Administration Performing the offline procedures that make or break a secure system by clearly delineating system administrator responsibilities, by training users appropriately and by monitoring users to make sure that security policies are observed. This category also involves more global security management ; for example, figuring out what security threats face your system and what it will cost to protect against them.
4. System Design Taking advantage of basic hardware and software security characteristics; for example, using a system architecture that’s able to segment memory, thus isolating privileged processes from non-privileged processes.
CHECKSUM Checksum is an error checking technique in which the number of bits in a unit of data is summed, transmitted along with data and checked by receiving computer. If the sum differs, an error probably occurred in transmission and transmission is repeated. A commonly used personal computer communication protocol called XMODEM uses checksum technique. In some virus scanning integrity software checksum are calculated for every file in a directory and the results are stored in the directory. When the program is scanning it compares the checksum information stored in the directory with current checksum for each scanned file.
VIRUS SCANNER Virus scanner is the type of antivirus program that search files or storage devices for virus signatures that have attached to executable programs and application such as e-mail clients. A virus scanner can either search all executable when a system is booted or scan a file only when a change is made to the file as viruses will change the data in a file. It is a useful preventative measure to avoid contagion.
Anti-Virus, The Conqueror • Network Associates/McAfee • Symantec/Norton • Trend Micro • F-Secure • Panda • Sophos
HEURISTIC SCAN A Heuristic scanis used to detect new , unknown viruses in your system that have not been identified. Only some antiviruses can do this type of scan, the majority are only able to detect known viruses. Heuristic scan have their share of scan inconveniences such as the length of time the scan takes, which is longer than other types. Also, depending on data an increased number of false positives can occur.
HEURISTIC SCAN The principle advantage of this method is the ability to detect known and unknown viruses, based on common characteristics shared by different users. Virus detection is based on the recognition of a signature or string of code which identified a certain virus. Similar to how investigator use characteristics to identify criminals. Heuristic methods are based on the piece by piece examination of virus, looking for sequences of instruction that differentiate the virus from normal programs.
Virus Protection Virus protectionsoftware is designed to prevent viruses, worms and trojan horses from getting onto a computer as well as remove any malicious software code that has already infected a computer. Internet security suites go a step further by including additional capabilities like anti-spam, firewall, file protection. There are a no of things you can do for free to keep your computer save from viruses which are as follow:
1. Stay up-to-date This not only applies to your antivirus software, but also your operating system, browser and e-mail client. Most viruses take advantage of known security problems in your computer’s software. If you use Microsoft Windows and Microsoft Office, Windows Update and Office Update respectively provide an easy way to keep up-to-date with security patches.
2. Use Common Sense This may sound harsh, but most virus infectious wouldn’t happen if the computer user would think about what they are doing and use a little common sense. If you get strange looking e-mail message delete it instead of opening it to satisfy your curiosity. If a message, even a normal looking one, has an attachment you were not expecting to receive, don’t click on it to see what it is. Much of the secret to safe computing is smart computing.
3. Avoid Dangerous Neighbourhoods Just like in the real world, if you go looking for trouble in cyberspace, you are bound to find it. Don’t visit questionable sites like those with pirated software, hacker sites or sites that promise you software keys and other ways to break the law.
4. Don’t Follow the Crowd Almost all viruses use flaws or features of Microsoft products. Using alternative software, especially Web browsers and e-mail programs will thwart most viruses. Mozilla is good choice for both Web browsers and email client. Using a Non- Microsoft operating system such as Linux can also be a good choice for some. These measures won’t prevent all viruses but they will greatly improve your chances of not becoming infected with the most prevalent.
General Security Tips • Turn off file sharing on the desktop or if you need some kind of file sharing, apply user-level security. • 2.Don't open email attachments from unknown senders. • 3. Use rich text files instead of word documents. RTF files prevent the spread of micro viruses, because they do not contain virus.
General Security Tips (contd.) 4. When possible, use viewers instead of applications to read your email attachments. This will prevent any macros from executing. 5. Change your CMOS boot-up sequence to boot from drive C: first. This will prevent a disk left in the floppy drive from infecting a system on boot-up. 6. Setup Microsoft Office so that it runs macros and Active X controls from only trusted sources.
General Security Tips (contd.) 7. Use screen saver password protection. Many users leave their desks with applications wide open for unauthorized access by anyone passing by. A password protected screen saver will activate after five minutes and require a password to deactivate. 8. Don't write passwords on sticky notes. Password can't protect your system from anything if they're stuck to the side of the monitor.
General Security Tips (contd.) 9. All downloaded files from email should be saved to disk first and then virus scanned to determine if they are virus free before executing them. 10. Sign up for several different vendor’s anti-virus alert notification email service.