Computer Viruses Preetha Annamalai Niranjan Potnis.

Slides:

Advertisements

Similar presentations

Higher Computing Computer Systems S. McCrossan Higher Grade Computing Studies 8. Supporting Software 1 Software Compatibility Whether you are doing a fresh.

Advertisements

Thank you to IT Training at Indiana University Computer Malware.

 Application software consists of programs designed to make users more productive and/or assist with personal tasks.  Growth of internet simplified.

Lecturer: Fadwa Tlaelan

Unit 18 Data Security 1.

________________ CS3235, Nov 2002 Viruses Adapted from Pfleeger[Chap 5]. A virus is a program [fragment] that can pass on malicious code [usually itself]

1 Pertemuan 05 Malicious Software Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci530 Computer Security Systems Lecture.

1 Computer Viruses (and other “Malicious Programs) Computer “Viruses” and related programs have the ability to replicate themselves on an ever increasing.

Computer Viruses By Patsy Speer What is a Virus? Malicious programs that cause damage to your computer, files and information They slow down the internet.

R. FRANK NIMS MIDDLE SCHOOL A BRIEF INTRODUCTION TO VIRUSES.

Henric Johnson1 Chapter 10 Malicious Software Henric Johnson Blekinge Institute of Technology, Sweden

Viruses A virus is a self-replicating program which attaches to other files or disc/floppy sectors and spreads in this way. A virus may have a payload.

1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.

Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)

The Utility Programs: The system programs which perform the general system support and maintenance tasks are known as utility programs. Tasks performed.

Understanding and Troubleshooting Your PC. Chapter 12: Maintenance and Troubleshooting Fundamentals2 Chapter Objectives  In this chapter, you will learn:

BY ANDREA ALMEIDA T.E COMP DON BOSCO COLLEGE OF ENGINEERING.

C HAPTER 5 General Computer Topics. 5.1 Computer Crimes Computer crime refers to any crime that involves a computer and a network. Net crime refers to.

Virus and Antivirus Team members: - Muzaffar Malik - Kiran Karki.

Lecture 14 Overview. Program Flaws Taxonomy of flaws: – how (genesis) – when (time) – where (location) the flaw was introduced into the system 2 CS 450/650.

VIRUS Is a computer program that can copy itself and infect a computer without permission or knowledge of the user or is a program or piece of code that.

A virus is software that spreads from program to program, or from disk to disk, and uses each infected program or disk to make copies of itself. Basically.

CHAPTER 14 Viruses, Trojan Horses and Worms. INTRODUCTION Viruses, Trojan Horses and worm are malicious programs that can cause damage to information.

1 What is a computer virus? Computer program Replicating Problematic "Event" Types Detection and prevention.

RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line Trend Micro Confidential 1 Virus/ Trojans/ Worms etc and some Common issues.

1 Higher Computing Topic 8: Supporting Software Updated

1 Chap 10 Virus. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on an ever increasing.

10/11/2015 Computer virus By Al-janabi Rana J 1. 10/11/2015 A computer virus is a computer program that can copy itself and infect a computer without.

Chapter 5 Protecting Your PC from Viruses Prepared by: Khurram N. Shamsi.

Virus Detection Mechanisms Final Year Project by Chaitanya kumar CH K.S. Karthik.

Everything you wanted to know about Computer Viruses.

1 Figure 4-16: Malicious Software (Malware) Malware: Malicious software Essentially an automated attack robot capable of doing much damage Usually target-of-opportunity.

Malicious Code By Diana Peng. What is Malicious Code? Unanticipated or undesired effects in programs/program parts, caused by an agent with damaging intentions.

Chapter 10 Malicious software. Viruses and ” Malicious Programs Computer “ Viruses ” and related programs have the ability to replicate themselves on.

Name: Perpetual Ifeanyi Onyia Topic: Virus, Worms, & Trojan Horses.

30.1 Lecture 30 Security II Based on Silberschatz & Galvin’s slides And Stallings’ slides.

For any query mail to or BITS Pilani Lecture # 1.

CIS 442: Chapter 2 Viruses. Malewares Maleware classifications and types Viruses Logical and time bombs Trojan horses and backdoors Worms Spam Spyware.

Biologically Inspired Defenses against Computer Viruses International Joint Conference on Artificial Intelligence 95’ J.O. Kephart et al.

Copyright © 2007 Heathkit Company, Inc. All Rights Reserved PC Fundamentals Presentation 25 – Virus Detection and Prevention.

Computer Viruses and Worms By: Monika Gupta Monika Gupta.

ANITVIRUSES TECHNIQUES

Malicious Logic and Defenses. Malicious Logic Trojan Horse – A Trojan horse is a program with an overt (documented or known) effect and covert (undocumented.

CONTENTS What is Virus ? Types of computer viruses.

n Just as a human virus is passed from person from person, a computer virus is passed from computer to computer. n A virus can be attached to any file.

Chapter 19 – Malicious Software What is the concept of defense: The parrying of a blow. What is its characteristic feature: Awaiting the blow. —On War,

Computer Systems Viruses. Virus A virus is a program which can destroy or cause damage to data stored on a computer. It’s a program that must be run in.

Computer virus Speaker : 蔡尚倫.  Introduction  Infection target  Infection techniques Outline.

Virus. What is a virus ? A virus is a programme that is loaded onto your computer without your knowledge. Most viruses ‘infect’ other programmes by modifying.

W elcome to our Presentation. Presentation Topic Virus.

VIRUSES AND SECURITY  In an information-driven world, individuals and organization must manage and protect against risks such as viruses, which are spread.

NETWORK SECURITY Definitions and Preventions Toby Wilson.

1 Computer Virus and Antivirus A presentation by Sumon chakreborty Roll no-91/CSE/ Reg.no of

Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,

Malicious Programs (1) Viruses have the ability to replicate themselves Other Malicious programs may be installed by hand on a single machine. They may.

COMPUTER VIRUSES ….! Presented by: BSCS-I Maheen Zofishan Saba Naz Numan Sheikh Javaria Munawar Aisha Fatima.

Detected by, M.Nitin kumar ( ) Sagar kumar sahu ( )

Protecting Computers From Viruses and Similarly Programmed Threats Ryan Gray COSC 316.

Cosc 4765 Antivirus Approaches. In a Perfect world The best solution to viruses and worms to prevent infected the system –Generally considered impossible.

VIRUSES & ANTI- VIRU-SES. WHAT IS A COMPUTER VIRUS? A computer virus is a small software program that spreads from one computer to another computer and.

Chapter Objectives In this chapter, you will learn:

SEMINAR ON PC SECURITY FROM VIRUSES

WHAT IS A VIRUS? A Computer Virus is a computer program that can copy itself and infect a computer A Computer Virus is a computer program that can copy.

Chap 10 Malicious Software.

UNIT 18 Data Security 1.

Chapter 22: Malicious Logic

Chap 10 Malicious Software.

Malicious Program and Protection

Presentation transcript:

Computer Viruses Preetha Annamalai Niranjan Potnis

Outline Computer Viruses – The Fundamentals The Modus Operandi of a Virus Virus Behavior and Symptoms Virus Detection -The “Heuristic” Approach A Sample Virus Code

What is a Computer Virus ? A malicious piece of executable code written with not so noble intentions Attaches itself to executable files Loads into memory and then kicks off Replication – a key operation

The Vulnerable Areas! EXE and COM files. Macros in Word. System sectors on Hard disk / Floppy disk Scripts for Internet / .

Virus Types File Infectors.COM,.EXE files Modify entry point of file Execute self first System Sector Viruses Sectors contain boot time executable code Boot Sector, MBR Relocate boot code

Virus Types Macro Viruses infect data files execute on opening a document modify global macro template Worms do not attach to host files/programs rapidly replicate over network can execute in a distributed fashion use up network bandwidth

Modus Operandi Infection Phase Attack Phase

Infection Phase The spreading of the virus Based on specific trigger/execution Trigger condition – disk access/copying a file/a day or time. Intention is to spread as far as possible before detection Act as TSR’s and can reside on any part of memory.

Attack Phase Actual function is performed Needs a trigger Typical attacks – Deleting files Formats/damages disk Slowing down the system Use up system resources, damages disk Optional phase : Viruses may infect but not attack (due to poorly written virus code)

Virus Symptoms Change in length of.exe or.com files. Change in the file date/time stamp Change to interrupt vectors Reassignment of system resources Reduction in amount of memory normally shown

Virus Detection and Prevention Anti-virus software Two Approaches Pattern Matching Approach The “Heuristic Approach”

Conventional Pattern Matching Approach Concept of “virus signature” Look for virus byte sequence in a file to be scanned Compare against a signature data file Pattern match has to be literal Problems – Detection of viruses not in data file Data file has to be updated. Viruses change the characteristic byte code from computer to computer

Heuristic Approach “Speculation and Investigation” Analyze program structure and behavior instead of looking for signature. How about an analogy ? Scan file for suspicious code Does a file have virus-like characteristics ?

Using Heuristics Content Filtering Like a “flexible” pattern matching approach Keep track of numerous ways to program virus like code Need additional criteria for detection Sandboxing Run suspicious code in protected space within the system Keep track of operating system calls Compare them to a user defined policy

A Typical Heuristic scanner Determines most likely location of the virus Analyze program logic contained in that region What are the computer instructions capable of doing ? Catalog a programs behavior

Typical Heuristic Scanner Many ways to write the same program Example: Routine to terminate itself and return to DOS prompt Simple Approach Roundabout Approach

Typical Heuristic Scanner MACHINE LANGUAGE USER-READABLE BYTES INSTRUCTIONS Example 1: B8 00 4C MOV AX,4C00 CD 21 INT 21 Example 2: B4 3C MOV AH,3C BB MOV BX, D8 MOV AL,BL 80 C4 10 ADD AH,10 8E C3 MOV ES,BX 9C PUSH F 26 ES FF 1E CALL FAR[0084]

Typical Heuristic Scanner Maintain a database of byte sequences Associate each byte sequence with its functional behavior Can use wildcards to match information that changes from virus to virus Example- B8 ?? 4C CD 21 – Terminate Program(perm1) B4 4C CD 21 – Terminate Program(perm2) B8 02 3D BA ?? ?? CD 21 – Open file (perm1) BA ? ?? B8 02 3D CD 21 – Open file (perm2)

Heuristic Engine Components of a Heuristic Scanner Disassembler Heuristic Engine Inference Engine Emulator Is Execution Recommended? Program Maintain set of registers Scoring Formula

Some Virus Characteristics Illicit writes to RAM Undocumented Call Hooks to standard interrupts Calls to next instruction

Scoring Formula Weight assigned to each virus characteristic depending on its strength Net score assigned to file depending on the characteristics found and their count Is Net-score higher than cut off value?

An Example Virus The Michaelangelo Virus Code

Conclusion Virus writers have too much time! Heuristic approach is robust Not totally reliable – subject to false positives and false negatives Anti-virus software needs to be updated frequently