Virus Encyption CS 450 Joshua Bostic. topics Encryption as a deterent to virus scans. History of polymorphic viruses. Use of encryption by viruses.

Slides:

Advertisements

Similar presentations

By Hiranmayi Pai Neeraj Jain

Advertisements

 Application software consists of programs designed to make users more productive and/or assist with personal tasks.  Growth of internet simplified.

Day anti-virus anti-virus 1 detecting a malicious file malware, detection, hiding, removing.

Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.

Trojan Horse Program Presented by : Lori Agrawal.

What are Trojan horses?  A Trojan horse is full of as much trickery as the mythological Trojan horse it was named after. The Trojan horse, at first glance.

Polymorphism in Computer Viruses CS265 Security Engineering Term Project Puneet Mishra.

Computer Viruses. History Malicious software – 1970’s Programs distributed over exchange servers speeds spread of viruses Brain sparks term: Virus.

Metamorphic Viruses Pat Walpole. Introduction What are metamorphic viruses Why they are dangerous Defenses against them.

Anti Virus Techniques Jordan & Ryan Use of Checksum The Binary for key files is added up to a number especially in the boot files When these files are.

No.24 Prerawat Denvutivorkarn M.2/2. Definition: "antivirus" is protective software designed to defend your computer against malicious software. Malicious.

 Norton Antivirus, developed and distributed by Symantec Corporation, provides malware prevention and removal during a subscription period. It uses signatures.

Client-Server collaborative scanning Dumitru Codreanu R&D, BitDefender.

Beyond Anti-Virus by Dan Keller Fred Cohen- Computer Scientist “there is no algorithm that can perfectly detect all possible computer viruses”

Antivirus Software Detects malware (not just viruses) May eliminate malware as well Often sold with firewalls Two approaches: Dictionary-based - Compares.

R. FRANK NIMS MIDDLE SCHOOL A BRIEF INTRODUCTION TO VIRUSES.

TDL3 Rootkit A Sans NewsBite Analysis by Marshall Washburn.

Henric Johnson1 Chapter 10 Malicious Software Henric Johnson Blekinge Institute of Technology, Sweden

Video Following is a video of what can happen if you don’t update your security settings! security.

CISC Machine Learning for Solving Systems Problems Presented by: Akanksha Kaul Dept of Computer & Information Sciences University of Delaware SBMDS:

1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.

Staying Safe. Files can be added to a computer by:- when users are copying files from a USB stick or CD/DVD - downloading files from the Internet - opening.

BY ANDREA ALMEIDA T.E COMP DON BOSCO COLLEGE OF ENGINEERING.

 a crime committed on a computer network, esp. the Internet.

Virus and Antivirus Team members: - Muzaffar Malik - Kiran Karki.

Proof-Of-Concept: Signature Based Malware Detection for Websites and Domain Administrators - Anant Kochhar.

Viruses Reality and Myth. Virus – True or False Computer viruses happen naturally. FALSE.

PC Security: Antivirus Presentation done by Ming-Li Emily Chang (A2980) Raymond Chok (A2419)

A virus is software that spreads from program to program, or from disk to disk, and uses each infected program or disk to make copies of itself. Basically.

CHAPTER 14 Viruses, Trojan Horses and Worms. INTRODUCTION Viruses, Trojan Horses and worm are malicious programs that can cause damage to information.

1 Higher Computing Topic 8: Supporting Software Updated

1 Chap 10 Virus. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on an ever increasing.

Computer project – computer virus 1D Christy Chan (9) Patricia Cheung (14)

A computer virus is a computer program that can replicate itself and spread from one computer to another. The term "virus" is also commonly, but erroneously.

Physical ways of keeping your system secure. Unit 7 – Assignment 2. (Task1) By, Rachel Fiveash.

Dr. Richard Ford  Szor 12  Virus Scanners – why they need to scan memory and what issues there are in this area.

Recent Internet Viruses & Worms By Doppalapudi Raghu.

Get rid of troubles with Dr.Web CureNET! (Quick Start) If your house is on fire, you call for a fire brigade. When malware ravages through your network,

Virus and anti virus. Intro too anti virus Microsoft Anti-Virus (MSAV) was an antivirus program introduced by Microsoft for its MS-DOS operating system.

Copyright © 2006, Idea Group Inc. 1 Chapter IV Malware and Antivirus Deployment for Enterprise Security By: Raj Sharman,K. Pramod Krishna, H. Raghov Rao.

INTERNET SAFETY FOR KIDS

Viruses can get onto your computer via:  Junk mail  Downloads  Pop-ups.

Computer security virus, hacking and backups. Computer viruses are small software programs that are designed to spread from one computer to another.

All about viruses, hacking and backups By Harriet Thomas.

n Just as a human virus is passed from person from person, a computer virus is passed from computer to computer. n A virus can be attached to any file.

METAMORPHIC VIRUS NGUYEN LE VAN.

Flame: Modern Warfare Matthew Stratton. What is Flame? How it was found What are its capabilities How it is similar to Stuxnet and Duqu Implications.

CHAPTER 2 Laws of Security. Introduction Laws of security enable user make the judgment about the security of a system. Some of the “laws” are not really.

W elcome to our Presentation. Presentation Topic Virus.

1 3 Computing System Fundamentals 3.7 Utility Software.

Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,

Antivirus Software Troy Behmer. Outline Topics covered: – What is Antivirus software (AVS)? – What are the advantages and disadvantages of AVS? – What.

CIW Lesson 8 Part B. Malicious Software application that installs hidden services on systems term for software whose specific intent is to harm computer.

1 Botnets Group 28: Sean Caulfield and Fredrick Young ECE 4112 Internetwork Security Prof. Henry Owen.

Sniper Corporation. Sniper Corporation is an IT security solution company that has introduced security products for the comprehensive protection related.

COMPUTER SYSTEM FUNDAMENTAL Genetic Computer School COMPUTER AND INTERNET SECURITY LESSON 9.

ANTIVIRUS ANTIVIRUS Author: Somnath G. Kavalase Junior Software developer at PBWebvsion PVT.LTD.

By Thomas Pantone Cosc 380.  A virus is a type of malware that self replicates after being executed and inserts itself into other programs, data files,

Week-14 (Lecture-1) Malicious software and antivirus: 1. Malware A user can be tricked or forced into downloading malware comes in many forms, Ex. viruses,

Information Systems Design and Development Security Precautions Computing Science.

R ANSOMWARE CAN ORIGINATE FROM A MALICIOUS WEBSITE THAT EXPLOITS A KNOWN VULNERABILITY, PHISHING CAMPAIGNS,

Protecting Computers From Viruses and Similarly Programmed Threats Ryan Gray COSC 316.

Cosc 4765 Antivirus Approaches. In a Perfect world The best solution to viruses and worms to prevent infected the system –Generally considered impossible.

SAMET KARTAL No one wants to share own information with unknown person. Sometimes while sharing something with someone people wants to keep.

VIRUSES & ANTI- VIRU-SES. WHAT IS A COMPUTER VIRUS? A computer virus is a small software program that spreads from one computer to another computer and.

Chap 10 Malicious Software.

Chap 10 Malicious Software.

Introduction to Internet Worm

Presentation transcript:

Virus Encyption CS 450 Joshua Bostic

topics Encryption as a deterent to virus scans. History of polymorphic viruses. Use of encryption by viruses.

Why encrypt the code? The ability of a virus to change it's code/form is known as polymorphism. Changing the code prevents anti-virus programs from matching the encryped virus to well known patterns for that virus.

How to find viruses If you find the code to decrypt the virus then you can remove the virus. The solution is to make the decrypt code polymorphic as well. To do this the virus can scatter different parts of it's code around by using jumps.

Repositioning of code Program code Portion of virus code and a jump to end of program code Remainder of virus code

So now what? Encrypted polymorphic viruses are capable of fooling anti-virus for only so long. After enough versions of the decryption code are seen virus scanners can detect in general what a virus will look like. This is done thanks to heuristics.

Heuristics Emulation and analysis. Emulation tests the questionable code in a virtual machine. If the code acts in a malicious way it's considered a virus. Analysis views the code and determines its intent. Benefit: can find unknown variants. Con: can take a long time and can produce false positives.

Spreading Speed of mutation can also be controlled. Encryption changes with every new infection, but this can be changed by how fast the mutation is. If the mutation is slow then it makes it harder to determine what different combinations of the code are still the same virus.

Current example Virut virus Infects.exe and.src files. Each time it spreads it mutates. Opens a backdoor and connects to an internet relay chat server. This allows someone to remotely download malware onto the computer.

Early examples The dark avenger was one of the first polymorphic viruses. First noticed in the early 1990's. Would add extra code to.com and.exe files in MS-DOS. When the infected program ran 16 times the virus would randomly overwrite a section of the hard drive. Was created in Bulgaria, but the creater is still unknown.

Inventor of polymorphism Fred Cohen invented polymorphism for viruses. Also credited with being the first to define the term computer virus. Currently works on virus defense techniques.

Other uses for encryption virus can cause files to be encrypted. One virus that is known to do this is gpcode. Gpcode encrypts some of your data and then offers to decrypt your data once you've paid a ransom. Gpcode uses 1024 bit RSA encryption. Encrypts files that end with doc, txt, pdf, xls, jpg, png, and others.

Work arounds Kaspersky labs (anti-virus company) suggests using photorec to recover the encrypted data. Photorec is freeware. Only problem is that if you turned the computer off after your computer was infected then photorec won't work.

Full fixes Currently there is no known fix to the problem. Kaspersky is trying to find the proper key to decrypt the files, but nothing prevents the creater from changing the key. Kaspersky is also trying to find a solution to the virus as well.

Conclusion Use of encryption with polymorphism. Effects of polymorphism. Virus encryption.

Questions?

resources m m Security in Computing central/kaspersky-workaround-encryption- virus-comes-catch central/kaspersky-workaround-encryption- virus-comes-catch /06/ransomware_encrypts_victim_fil.html 008/06/ransomware_encrypts_victim_fil.html hic_Code