Presentation is loading. Please wait.

Presentation is loading. Please wait.

Computer Viruses Preetha Annamalai Niranjan Potnis.

Published byDamian Thompson Modified over 9 years ago

Similar presentations

Presentation on theme: "Computer Viruses Preetha Annamalai Niranjan Potnis."— Presentation transcript:

1 Computer Viruses Preetha Annamalai Niranjan Potnis

2 Outline Computer Viruses – The Fundamentals The Modus Operandi of a Virus Virus Behavior and Symptoms Virus Detection -The “Heuristic” Approach A Sample Virus Code

3 What is a Computer Virus ? A malicious piece of executable code written with not so noble intentions Attaches itself to executable files Loads into memory and then kicks off Replication – a key operation

4 The Vulnerable Areas! EXE and COM files. Macros in Word. System sectors on Hard disk / Floppy disk Scripts for Internet /Email.

5 Virus Types File Infectors.COM,.EXE files Modify entry point of file Execute self first System Sector Viruses Sectors contain boot time executable code Boot Sector, MBR Relocate boot code

6 Virus Types Macro Viruses infect data files execute on opening a document modify global macro template Worms do not attach to host files/programs rapidly replicate over network can execute in a distributed fashion use up network bandwidth

7 Modus Operandi Infection Phase Attack Phase

8 Infection Phase The spreading of the virus Based on specific trigger/execution Trigger condition – disk access/copying a file/a day or time. Intention is to spread as far as possible before detection Act as TSR’s and can reside on any part of memory.

9 Attack Phase Actual function is performed Needs a trigger Typical attacks – Deleting files Formats/damages disk Slowing down the system Use up system resources, damages disk Optional phase : Viruses may infect but not attack (due to poorly written virus code)

10 Virus Symptoms Change in length of.exe or.com files. Change in the file date/time stamp Change to interrupt vectors Reassignment of system resources Reduction in amount of memory normally shown

11 Virus Detection and Prevention Anti-virus software Two Approaches Pattern Matching Approach The “Heuristic Approach”

12 Conventional Pattern Matching Approach Concept of “virus signature” Look for virus byte sequence in a file to be scanned Compare against a signature data file Pattern match has to be literal Problems – Detection of viruses not in data file Data file has to be updated. Viruses change the characteristic byte code from computer to computer

13 Heuristic Approach “Speculation and Investigation” Analyze program structure and behavior instead of looking for signature. How about an analogy ? Scan file for suspicious code Does a file have virus-like characteristics ?

14 Using Heuristics Content Filtering Like a “flexible” pattern matching approach Keep track of numerous ways to program virus like code Need additional criteria for detection Sandboxing Run suspicious code in protected space within the system Keep track of operating system calls Compare them to a user defined policy

15 A Typical Heuristic scanner Determines most likely location of the virus Analyze program logic contained in that region What are the computer instructions capable of doing ? Catalog a programs behavior

16 Typical Heuristic Scanner Many ways to write the same program Example: Routine to terminate itself and return to DOS prompt Simple Approach Roundabout Approach

17 Typical Heuristic Scanner MACHINE LANGUAGE USER-READABLE BYTES INSTRUCTIONS Example 1: B8 00 4C MOV AX,4C00 CD 21 INT 21 Example 2: B4 3C MOV AH,3C BB 00 00 MOV BX, 0000 88 D8 MOV AL,BL 80 C4 10 ADD AH,10 8E C3 MOV ES,BX 9C PUSH F 26 ES FF 1E 84 00 CALL FAR[0084]

18 Typical Heuristic Scanner Maintain a database of byte sequences Associate each byte sequence with its functional behavior Can use wildcards to match information that changes from virus to virus Example- B8 ?? 4C CD 21 – Terminate Program(perm1) B4 4C CD 21 – Terminate Program(perm2) B8 02 3D BA ?? ?? CD 21 – Open file (perm1) BA ? ?? B8 02 3D CD 21 – Open file (perm2)

19 Heuristic Engine Components of a Heuristic Scanner Disassembler Heuristic Engine Inference Engine Emulator Is Execution Recommended? Program Maintain set of registers Scoring Formula

20 Some Virus Characteristics Illicit writes to RAM Undocumented Call Hooks to standard interrupts Calls to next instruction

21 Scoring Formula Weight assigned to each virus characteristic depending on its strength Net score assigned to file depending on the characteristics found and their count Is Net-score higher than cut off value?

22 An Example Virus The Michaelangelo Virus Code

23 Conclusion Virus writers have too much time! Heuristic approach is robust Not totally reliable – subject to false positives and false negatives Anti-virus software needs to be updated frequently

Download ppt "Computer Viruses Preetha Annamalai Niranjan Potnis."

Similar presentations

Higher Computing Computer Systems S. McCrossan Higher Grade Computing Studies 8. Supporting Software 1 Software Compatibility Whether you are doing a fresh.

Higher Computing Computer Systems S. McCrossan Higher Grade Computing Studies 8. Supporting Software 1 Software Compatibility Whether you are doing a fresh.
Thank you to IT Training at Indiana University Computer Malware.

Thank you to IT Training at Indiana University Computer Malware.
 Application software consists of programs designed to make users more productive and/or assist with personal tasks.  Growth of internet simplified.

 Application software consists of programs designed to make users more productive and/or assist with personal tasks.  Growth of internet simplified.
Lecturer: Fadwa Tlaelan

Lecturer: Fadwa Tlaelan
Unit 18 Data Security 1.

Unit 18 Data Security 1.
________________ CS3235, Nov 2002 Viruses Adapted from Pfleeger[Chap 5]. A virus is a program [fragment] that can pass on malicious code [usually itself]

________________ CS3235, Nov 2002 Viruses Adapted from Pfleeger[Chap 5]. A virus is a program [fragment] that can pass on malicious code [usually itself]
1 Pertemuan 05 Malicious Software Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 05 Malicious Software Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
Copyright © 1995-2009 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci530 Computer Security Systems Lecture.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci530 Computer Security Systems Lecture.
1 Computer Viruses (and other “Malicious Programs) Computer “Viruses” and related programs have the ability to replicate themselves on an ever increasing.

1 Computer Viruses (and other “Malicious Programs) Computer “Viruses” and related programs have the ability to replicate themselves on an ever increasing.
Computer Viruses By Patsy Speer What is a Virus? Malicious programs that cause damage to your computer, files and information They slow down the internet.

Computer Viruses By Patsy Speer What is a Virus? Malicious programs that cause damage to your computer, files and information They slow down the internet.
R. FRANK NIMS MIDDLE SCHOOL A BRIEF INTRODUCTION TO VIRUSES.

R. FRANK NIMS MIDDLE SCHOOL A BRIEF INTRODUCTION TO VIRUSES.
Henric Johnson1 Chapter 10 Malicious Software Henric Johnson Blekinge Institute of Technology, Sweden

Henric Johnson1 Chapter 10 Malicious Software Henric Johnson Blekinge Institute of Technology, Sweden
Viruses A virus is a self-replicating program which attaches to other files or disc/floppy sectors and spreads in this way. A virus may have a payload.

Viruses A virus is a self-replicating program which attaches to other files or disc/floppy sectors and spreads in this way. A virus may have a payload.
1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.

1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.
Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)

Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)
The Utility Programs: The system programs which perform the general system support and maintenance tasks are known as utility programs. Tasks performed.

The Utility Programs: The system programs which perform the general system support and maintenance tasks are known as utility programs. Tasks performed.
Understanding and Troubleshooting Your PC. Chapter 12: Maintenance and Troubleshooting Fundamentals2 Chapter Objectives  In this chapter, you will learn:

Understanding and Troubleshooting Your PC. Chapter 12: Maintenance and Troubleshooting Fundamentals2 Chapter Objectives  In this chapter, you will learn:
BY ANDREA ALMEIDA T.E COMP DON BOSCO COLLEGE OF ENGINEERING.

BY ANDREA ALMEIDA T.E COMP DON BOSCO COLLEGE OF ENGINEERING.
C HAPTER 5 General Computer Topics. 5.1 Computer Crimes Computer crime refers to any crime that involves a computer and a network. Net crime refers to.

C HAPTER 5 General Computer Topics. 5.1 Computer Crimes Computer crime refers to any crime that involves a computer and a network. Net crime refers to.
Virus and Antivirus Team members: - Muzaffar Malik - Kiran Karki.

Virus and Antivirus Team members: - Muzaffar Malik - Kiran Karki.

Similar presentations

Ads by Google