Presentation is loading. Please wait.

Presentation is loading. Please wait.

COMPUTERVIRUSES MALICIOUS CODES  Malicious code: It is an undesired program or part caused by an agent intent to damage.  Agent is Writer or Distributor.

Published byMargaret O’Brien’ Modified over 8 years ago

Similar presentations

Presentation on theme: "COMPUTERVIRUSES MALICIOUS CODES  Malicious code: It is an undesired program or part caused by an agent intent to damage.  Agent is Writer or Distributor."— Presentation transcript:

1

2 COMPUTERVIRUSES

3 MALICIOUS CODES  Malicious code: It is an undesired program or part caused by an agent intent to damage.  Agent is Writer or Distributor.

4 WHAT MALICIOUS CODE CAN DO? 1. Writing a message on a computer screen. 2. Generating a sound. 3. Erasing a stored file. 4. Or can lie undetected until some event triggers the code to act.  Time or date, an interval.  An event.  A condition.  A count.  Some combination or random situation.

5 VIRUSES  Is a program that can pass on malicious code to other non malicious programs by modifying them.  When the program that a virus is attached to is executed, the virus code is also executed and performs its actions.

6 WHAT IS COMPUTER VIRUS ? * BE A SET OF COMPUTER INSTRUCTIONS. * BE DELIBERATELY CREATED. * DO UNDESIRABLE THINGS (DAMAGES). * PROPAGATE USING HOST PROGRAMS.

7 COMPUTER VIRUS COMPUTER COMPONENTS SOFTWARE ROGUE SOFTWARE LEGITIMATE SOFTWARE PRODUCTIVE DESTRUCTIVE

8 KINDS OF MALICIOUS CODE Viruses : It attaches itself to program and propagates copies of itself to other programs. Trojan horse: It contains unexpected, additional functionality. Logic bomb: It triggers action when condition occurs. Time bomb: It triggers actions when specified time occurs. Trapdoor: It allows unauthorized access to functionally. Worm: It propagates copies of itself through a network. Rabbit: It replicates itself without limit to exhaust resource.

9 ROGUE SOFTWARE * BUG-WARE - NOT MEANT FOR DESTRUCTION * THE TROJAN HORSE - APPEARS TO BE USEFUL * CHAMELEONS - MISCHIEF * REPLICATORS - COPY ITSELF TO EXHAUST DISK * WORMS - TRAVEL IN NETWORK

10 * SOFTWARE BOMBS - EXPLODE ON LAUNCH * LOGIC BOMBS - EXPLODE ON LOGIC * TIME BOMBS - EXPLODE ON TIME / DATE

11 WHO ARE ROUGE PROGRAMERS ? * PSYCHO CASES: COMPUTER VIRUS - FOR FUN - RELEASE ANGER - TAKE REVENGE

12 WHO ARE ROUGE PROGRAMERS ? COMPUTER VIRUS * PROFIT EARNERS: $$$$$ -MONEY -ESPIONAGE -FAME

13 WHO ARE ROUGE PROGRAMERS ? COMPUTER VIRUS * INFO ATTACKERS: - DISRUPT ENEMY’S INFORMATION & NETWORK

14 WHAT CAN THEY DO ? FORMAT DISK COPY, RENAME AND DELETE FILES COPY THEMSELVES WITH NEW CONFIGURATION INFORMATION MODIFY FILE DATES AND EXTENSIONS CALL OTHER COMPUTERS TO UPLOAD AND DOWN LOAD FILES

15

16

17 HOW DO THEY DO ?  APPENDING  SURROUNDING  INTEGRATING  OVERWRITING  CHANGING POINTERS

18 HOW VIRUSES ATTACH? Appended viruses: Virus Appended to a Program

19 HOW VIRUSES ATTACH? Viruses that surround a program.

20 HOW VIRUSES ATTACH? Integrated viruses:

21 HOW VIRUS GAIN CONTROL

22 HOW DO YOU NOTICE ?  COMPUTER OPERATION BECOMES SLUGGISH  PROGRAMS TAKE LONGER TO LOAD  DISK SPACE DECREASES RAPIDLY  BAD DISK SECTORS STEADILY INCREASE  RAM DECREASES SUDDENLY OR STEADILY  COMPUTER HALTS WITH OR WITHOUT FUNNY MESSAGES COMPUTER VIRUS

23 HOW DO YOU NOTICE ?  PROGRAMS ENCOUNTER ERRORS  PROGRAMS GENERATE UNDOCUMENTED ERRORS  FILES REPLACED WITH GARBAGE  FILES MYSTERIOUSLY DISAPPEAR  FILE ATTRIBUTES AND DATA CHANGE  DATA FILES OR DIRECTORIES OF UNKNOWN ORIGIN APPEAR COMPUTER VIRUS

24

25 NETWORK VIRUS: Spreads through a local network area. TYPES OF COMPUTER VIRUS BOOT SECTOR VIRUS MEMORY RESIDENT VIRUS MULTI-PARTITE VIRUS: Infecting more than one class of basic target. TRANSIENT RESIDENT

26 MACRO VIRUS: It is often scripted into common application programs such as Word or Excel, is spread by infecting documents. DOCUMENT VIRUS: Implemented within a formatted document E.g. A written document, a database, a slide presentation, or a spreadsheet. POLYMOPRPHIC VIRUS: That can change its appearance.

27 BOOT SECTOR VIRUS RELOCATING CODE:

28

29

30 WHAT TO DO ?  ANTI VIRUS TECHNIQUES

31

32

33

34

35 WHAT TO DO ?  SAFE COMPUTING METHODS  ANTIVIRUS SOFTWARE SYSTEMS PREVENTION SYSTEM DETECTION SYSTEM COMPUTER ANTI VIRUS

36 WHAT TO DO ? SAFE COMPUTING METHODS * YOU MUST: COMPUTER ANTI VIRUS - DISCOURAGE PIRATED SOFTWARE - TAKE BACKUP

37 WHAT TO DO ? SAFE COMPUTING METHODS COMPUTER ANTI VIRUS  YOU MAY: – USE PRE RUN CHECKUPS – CHANGE FILE ATTRIBUTES – REINITIALIZE SYSTEM – REINSTALL APPLICATIONS – REFORMAT HARD DISK – OBSERVE OPERATION TIMINGS – LOG DISK SPACE – LOG BAD SECTORS

38 WHAT TO DO ? ANTIVIRUS SOFTWARE SYSTEMS:  PREVENTION SYSTEMS: –TO STOP VIRUS ATTACKS IN REAL TIME. –BLOCK ILLEGAL DISK ACCESS AND PROGRAM LOADING. –PASSWORD PROTECTION: -SLOW SPEED. -UNNECESSARY INTERRUPTS. -CAN BE INFECTED BY VIRUS.

39 WHAT TO DO ? ANTIVIRUS SOFTWARE SYSTEMS: DETECTION SYSTEMS: – LOAD, RUN AND EXIT. – CHECK PROGRAM BEFORE EXECUTION. – COMPLEMENT PREVENTION SYSTEM.

40 HOMES FOR VIRUSES  The virus writer may find these qualities appealing in a virus:  It is hard to detect.  It is not easily destroyed or deactivated.  It spreads infection widely.  It can re-infect its home program or other programs.  It is easy to create.  It is machine independent and OS independent.

41 VIRUS SIGNATURES  Virus cannot be completely invisible.  A telltale pattern, called a signature.  Virus scannerSign of Code Red worm /default.ida?NNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNN %u9090%u6858%ucbd3 ---------------------- HTTP/1.0

42 Polymorphic Malware  Polymorphic worm (usually) encrypted  New key is used each time worm propagates  Worm body has no fixed signature  Worm must include code to decrypt itself  Signature detection searches for decrypt code  Detectable by signature-based method  Though more challenging than non-polymorphic…

43 Metamorphic Malware  A metamorphic worm mutates before infecting a new system  Such a worm can avoid signature-based detection systems  The mutated worm must do the same thing as the original

44 RECOGNIZABLE PATTERNS IN VIRUSES

45 EXECUTION PATTERNS– EFFECTS & CAUSES  Attach to executable program: It modifies file directory, write to executable program file.  Attach to data or control file: It modifies directory, rewrite data, append to data, appended data to itself.  Remain in memory: It intercepts, interrupts, load self in non transient memory area.  Infect disks – It intercepts, interrupts, intercept OS calls, modifies system file, modifies ordinary executable program.  Conceal self – It classify self as hidden file.  Spread infection – infect boot sector, infect system program, infect ordinary program.  Prevent deactivation – activate before deactivating program and block deactivation.

46 PREVENTION OF VIRUS INFECTION:  Use only commercial software acquired from reliable, well-established vendors.  Test all new software on an isolated computer.  Open attachments only when you know them to be safe.  Make a recoverable system image and store it safely.  Make and retain backup copies of executable system files.  Use virus detectors regularly and update them daily.

47 TRUTHS AND MISCONCEPTION ABOUT VIRUSES  Viruses can infect only Microsoft windows system.  False.  Viruses can modify “hidden” or “read only” files.  True.  Viruses can appear only in data files, or only in Word documents, or only in programs.  False.  Viruses spreads only on disks or only in e-mail.  False.  Viruses cannot remain in memory after a complete power off/power on reboot.  True.  Viruses can be malevolent, benign, or benevolent.  True.

48 MALICIOUS CODES  The Brain Virus.  Internet Worm.  Code Red Worm.  Web Bugs.

49 THE BRAIN VIRUS  W hat it does?  Locates itself in upper memory.  How it spreads?  Through the boot sector.  What was learned.  It affects the boot sector.

50 INTERNET WORM  It caused serious damage to network.  What effect it had: The disconnection of systems from internet, system burdened with many copies of worm.  6000 installations to shut down, $ 97 million loss was incurred.  How it worked : E-mail.  Remain undiscovered and undiscoverable.

51 CODE RED  What it did?  Day 1 to 19 of month: tried to spread infection  Day 20 to 27: distributed denial of service attack on www.whitehouse.gov. www.whitehouse.gov  Microsoft’s IIS (Internet Information Server).  Overflows buffer in the idq.dllW (dynamic link library).  Infected 250,000 systems in 10 minutes!

52 Trojan Horse Example  A trojan has unexpected function  File icon for freeMusic.mp3 :  For a real mp3, double click on icon o iTunes opens o Music in mp3 file plays  But for freeMusic.mp3, unexpected results…

53 Trojan Example  Double click on freeMusic.mp3  iTunes opens (expected)  “Wild Laugh” (probably not expected)  Message box (unexpected)

54 Trojan Example  How does freeMusic.mp3 trojan work?  This “mp3” is an application, not data!  This trojan is harmless, but…  Could have done anything user can do o Delete files, download files, launch apps, etc.

55

56

57

58 ABOUT THE “I LOVE YOU” VIRUS:  VBS/LoveLetter is a VB Script uses Microsoft outlook to spread. It is spreading faster than Melissa virus. It causes heavy e-mail traffic and downs many mail servers. The new variant VBS/NewLove charges deadly payload and it will damage all files in the system.  When opening the e-mail attachment, will create MSKernel32.vbs, LOVE-LETTER-FOR-YOU.TXT.VBS files in windows system folder and Win32Dll.VBS in windows folder. Then it changes the registry settings so that the script is automatically executed when the system is restarted. The.VBS extension will not appear if windows scripting host is installed. This worm takes advantage of this and blinds the user to open attachment.

59  It opens the Microsoft Outlook Address book and sends email to all the email ids stored in that. The message subject will be "I Love you", the message body will be "kindly check the attached love letter coming from me" and the attachment name will be "LOVE-LETTER-FOR-YOU.TXT.VBS". Then the virus searches for all local and remote drives and overwrites.js,.hta,.css,.wsh,.sct and.hta files with the script. It overwrites jpg, jpeg files with the virus code and renames to.vbs extension. In case of mp2 and mp3 files it hides the original file and creates a new file with.vbs extension and writes its code there. 

60  It also tries to download a file from virus author's site. If the file is downloaded it modifies the registry to run the file on each reboot. It is a password stealing trojan will be stored in the name of WIN-BUGFIX.EXE. There are several variants of VBS/LoveLetter is reported in the wild. Most of them arrives with different names like LOVE-LETTER-FOR-YOU.TXT.VBS, mothersday.vbs, Urgent_virus_warning.vbs, IMPORTANT.TXT.VBS, etc.

61 MELISSA VIRUS:  Melissa is a Macro Virus which are embedded in a spreadsheet or word-processor document. When the document is opened the macro virus does its bad work. In the case of the Melissa virus, it uses your email program to send a copy of its self to the first 50 people in your email address book.

62

63

64  Received email: From: billgates@microsoft.combillgates@microsoft.com To: recipient@yahoo.comrecipient@yahoo.com Subject: Hi from Bill Gates Hi, I am Bill gates

65

66

67

68 THANK YOU…

Download ppt "COMPUTERVIRUSES MALICIOUS CODES  Malicious code: It is an undesired program or part caused by an agent intent to damage.  Agent is Writer or Distributor."

Similar presentations

Thank you to IT Training at Indiana University Computer Malware.

Thank you to IT Training at Indiana University Computer Malware.
UNIT 6 DIGITAL LITERACY STUDY S3 OBJ 1 VIRUSES & DESTRUCTIVE PROGRAMS.

UNIT 6 DIGITAL LITERACY STUDY S3 OBJ 1 VIRUSES & DESTRUCTIVE PROGRAMS.
Presented by: Melissa Dark CERIAS, Purdue University.

Presented by: Melissa Dark CERIAS, Purdue University.
 Application software consists of programs designed to make users more productive and/or assist with personal tasks.  Growth of internet simplified.

 Application software consists of programs designed to make users more productive and/or assist with personal tasks.  Growth of internet simplified.
Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.

Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
Dr. John P. Abraham Professor UTPA 2 – Systems Threats and Risks.

Dr. John P. Abraham Professor UTPA 2 – Systems Threats and Risks.
Lecturer: Fadwa Tlaelan

Lecturer: Fadwa Tlaelan
Chapter 3 (Part 1) Network Security

Chapter 3 (Part 1) Network Security
Unit 18 Data Security 1.

Unit 18 Data Security 1.
ITMS- 3153 Information Systems Security 1. Malicious Code Malicious code or rogue program is the general name for unanticipated or undesired effects in.

ITMS Information Systems Security 1. Malicious Code Malicious code or rogue program is the general name for unanticipated or undesired effects in.
Computer Viruses.

Computer Viruses.
________________ CS3235, Nov 2002 Viruses Adapted from Pfleeger[Chap 5]. A virus is a program [fragment] that can pass on malicious code [usually itself]

________________ CS3235, Nov 2002 Viruses Adapted from Pfleeger[Chap 5]. A virus is a program [fragment] that can pass on malicious code [usually itself]
1 Pertemuan 05 Malicious Software Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 05 Malicious Software Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.

Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.
CSE331: Introduction to Networks and Security Lecture 31 Fall 2002.

CSE331: Introduction to Networks and Security Lecture 31 Fall 2002.
1 Computer Viruses (and other “Malicious Programs) Computer “Viruses” and related programs have the ability to replicate themselves on an ever increasing.

1 Computer Viruses (and other “Malicious Programs) Computer “Viruses” and related programs have the ability to replicate themselves on an ever increasing.
Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.

Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.
Summary Notes TERM TWO BASIC SEVEN 7 Prepared by Sir Lexis Oppong Prepared by Sir Lexis Oppong ACADEMIC YEAR 2013/2014 ACADEMIC YEAR 2013/2014.

Summary Notes TERM TWO BASIC SEVEN 7 Prepared by Sir Lexis Oppong Prepared by Sir Lexis Oppong ACADEMIC YEAR 2013/2014 ACADEMIC YEAR 2013/2014.
Viruses & Destructive Programs

Viruses & Destructive Programs
Henric Johnson1 Chapter 10 Malicious Software Henric Johnson Blekinge Institute of Technology, Sweden

Henric Johnson1 Chapter 10 Malicious Software Henric Johnson Blekinge Institute of Technology, Sweden

Similar presentations

Ads by Google