1 / 25

Virus – Antivirus Software

Virus – Antivirus Software.

trang
Télécharger la présentation

Virus – Antivirus Software

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Virus – Antivirus Software

  2. Many thought (including experts in the field) that it was simply a myth invented a science fiction book, and that the media is trying to solidify in the minds of people a reality Although it does not correspond to reality. It is no more than a few viruses on the number of fingers in the first year to more than (15000) virus in the present day. • The Creeper virus was first detected on ARPANET, in early 1970s • The first pc virus was a boot sector virus called “brain”, created by Basit and Amjad Farooq Alvi, in 1986, Lahore, Pakistan. • This virus copies itself from the software. History  Page 2

  3. Computer viruses are small software programs designed to transfer from one computer to another. • “A virus is simply a computer program that is intentionally written to attach itself to other programs and replicate whenever those programs are executed ”. • Viruses can easily spread by e-mail attachment or instant messaging messages. • Virus can be spread by downloading unnecessary files from Internet. • Viruses can be disguised as attachments of funny images, greeting cards, or audio and video files. Virus  Page 3

  4. 1. Reduction of copies of programs, as in the brain or virus. Pakistani . 2. Scientific research as in the virus STONED. Written by the famous and a graduate student in New Zealand and robbed by his brother, who eluded his friends wanted to transfer the virus to 3. The desire to challenge and highlight the intellectual capability of some people who mock their intelligence and abilities are bad, such as viruses. V2P. 4. The desire for revenge by some expelled from their programmers. 5. To encourage the purchase of anti-virus programs, as some companies to deploy the programming of new viruses, and then announce the new product to detect.   Reasons for writing viruses  Page 4

  5. When we run infected program it loads into the memory and stars running as well. It also has an ability to infect other programs. • When virus runs unidentified programs it adds itself to it. • When we transfer some programs and files to our friend either through email, cd, and floppy disk, our friend’s computer can also be affected as well. How Virus Works?  Page 5

  6. In fact, the cases of the virus in the file by adding the same at the beginning or the end of the infected file, without actually is any change in the components of the original file. To consider the following picture shows the format of the non-infected?? Note that when the program call, it works normally?? • Now imagine that the HIV infection. In fact, the same virus Paste As we have said in the program without • changing anything in the contents of the file. And how to be a paste, either by pasting the same at the • beginning of the program, is to be operated by the same program??? Enrollment may be a way that the • virus file itself in the end of the program involved. And mark at the beginning, then?? That this virus is • hiding at the end of the infected file, and put a sign in the introduction to the program so that when they • are called in the program and its operation, prevents the control of the virus, rather than the operation • of the program? In both cases, the virus may return after the completion of the the implementation of • work harmful to the operation of the program, but may not return as well. And cause damage to the • device. How Virus Works?  Page 6

  7. Worm: affects computers connected to the network automatically and non-human intervention, and this makes them spread faster and wider on the viruses. The difference between them is that the worms do not change or delete the files but the destroy system resources and the use of memory is terrible, which leads to a very noticeable slow system. • Disseminated through email in a very large • Trojan: It is a program of the temptation of the importance of the user name or form or, if attractive, and in fact is the program opened a back door so to speak once the operation, and through the back door by breaking the system is broken and can control the device significantly. • virus : virus needs to be intervention by the user in order to spread, of course, is to intervene after the operation had been downloaded from email or downloaded from the Internet or through the exchange of floppy disks . The difference between…  Page 7

  8. start-up virus or Boot Sector Virus This type of boot sector viruses infect the body, may prevent the user from access to the system. • virus files or File Virus: Usually affects the programs, the spread between the other files and other programs at the operation. • virus or Micro Macro Virus These viruses affect Microsoft Office programs such as camping materials and Alixl, • multi-parts of the virus Multipartite Virus And that file is infected with a boot at the same time and be devastating in many cases, if not prevent it. • the evolving virus Polymorphic Virus Viruses rather sophisticated in that they change the code as it moved from one organ to another. • the virus disappeared Stealth Virus The same mask that the patient makes a sound file and fool anti-virus and a sound file that is infected with a virus. With the development of anti-virus has become easy to detect this type. Type  Page 8

  9. Type : Virus • Category : Win32 • Also known as:  W32.HLLP.Sality (Symantec) Characteristics  Page 9

  10. Win32/Sality is a polymorphic virus that infects Win32 PE executable files. It also contains trojan components. Win32/Sality has been known to be downloaded by variants of the Win32/Bagle family. Description  Page 10

  11. When an infected file is executed the virus decrypts itself and drops a DLL file into the %System% directory. The DLL file is injected into other running processes. The virus then executes the host program code. • Many variants of Sality also attempt to infect executable files referenced by values in the following registry keys: • HKLM\Software\Microsoft\Windows\CurrentVersion\Run • the virus to run at each Windows start. Method of Infection  Page 11

  12. Via File Infection • Via Network Shares Method of Distribution  Page 12

  13. Steals System Information • Some Sality variants collect information about the infected system and e-mail this information to the domain mail.ru. • The information sent includes, but is not limited to, the following: • OS version • IP address • Computer name • Recent URLs visited • Passwords • ISP Dial up Connection details and Password Payload  Page 13

  14. Sality searches subdirectories on drives C:\ to Y:\ for files with the following extensions • .vdb • .avc • .exe Deletes files  Page 14

  15. Sality searches for and terminates any processes which match a list contained in its code; the following is an example of such a list: • When a processes is terminated Sality displays an error message to indicate a fake error condition. Terminates Processes  Page 15

  16. Some Sality trojan components modify the Windows Firewall settings to add themselves as authorized applications. This effectively allows these components to bypass the firewall. Changes Firewall Settings  Page 16

  17. Some Sality variants run an HTTP proxy on port 80 of the affected machine. The trojan contacts the domain shared-admin.com, and receives instructions to connect to the domain connect2me.org, which then returns an IP address. All requests sent to the proxy running on the affected machine are forwarded to the previously returned IP address. HTTP Proxy  Page 17

  18. - Must be found of the virus protection program on your computer. - Must be updated by periodically, and not only benefit from its existence. - Do not open attachments in any email sent is not known. - Do not open attachments in e-friends, if found end with exe or bat, or any extension you do not. - Update your operating system. - Enable a firewall How protect to your computer?  Page 18

  19. Software's that attempt to identify and eliminate computer viruses and other malicious software (malware). • Sophisticated - But virus creators are always one step ahead. • Detection - This is the key to antivirus software. Antivirus-Software  Page 19

  20. Scanning • Integrity Checking • Interception/ Heuristic Detection Scanning is the most commonly used technique in antivirus software. Detection Techniques  Page 20

  21. Also known as Virus Dictionary Approach. • Scanner scans the hard disk, memory, boot sector for code snippets. • If code snippet in a file matches any virus in the dictionary, appropriate action is taken. Scanning  Page 21

  22. Keeps track of threats by monitoring changes to files. • Maintains information about important files on disk, usually by calculating checksums • If a file changes due to virus activity, its checksum will change. • E.g. Norman Virus Control. Integrity Checker  Page 22

  23. Generic mechanism for virus detection. • Rule based. • Rules differentiate a virus from a non virus. • If a code snippet follows the defined rules, it is marked as a virus. • E.g. F-secure antivirus software. Heuristic Virus Checking  Page 23

  24. Zyoome.com • Microsoft .com • Wikepidia.com Reference  Page 24

  25. Thank you

More Related