Presentation is loading. Please wait.

Presentation is loading. Please wait.

Recent Internet Viruses & Worms By Doppalapudi Raghu.

Published byWilfred Cummings Modified over 9 years ago

Similar presentations

Presentation on theme: "Recent Internet Viruses & Worms By Doppalapudi Raghu."— Presentation transcript:

1 Recent Internet Viruses & Worms By Doppalapudi Raghu

2 Outline History of Malicious Logic Types of Viruses & Worms Recent Internet viruses Recent Internet Worms Defense Good Habits in Computer world

3 History Definition of malicious logic Fred cohen Brain Virus(1986) MacMag peace virus(1987) Duff’s Experiment virus(1987)

4 Difference between Internet virus and Internet worm Virus Worm Need a host fileNo need of host file It’s a variant of virus Human interventionNo human Intervention It infects the files and infect other systems by sharing these files Infects computers and spread over network Causes damage to hardware, software Consumes too much system resources or N/W bandwidth.

5 Understanding Virus names Symantec Notation Family name Names for the variants in a virus family Suffix is added to the names in the same virus family Examples badvirus.a----------badvirus.z badvirus.aa--------badvirus.az badvirus.ba--------badvirus.bz

6 Terminology in virus world ZERO DAY EXPLOIT Proof of concept Zombie computer Ethical Hacker Payload Honey pots

7 Types of viruses Boot sector Infectors Executable Infectors Multipartite Viruses TSR Viruses Stealth Viruses Encrypted Viruses Polymorphic Viruses Macro Viruses Many new virus types are added to the list

8 Companion virus file with same name is created but with extension higher in execution hierarchy Link virus These viruses create changes to the File allocation table

9 Types of Worms worms Email worms IRC worms File sharing network worms Internet worms Instant Messaging worms

10 Virus.win32.VB.cx Jan 12 th 2007 Virus scans victims machine for executable files. Virus itself is a windows PE.exe files Contents of the files with extension.cpp,.doc,.htm,.html,.txt,.xls will be overwritten with following text "Sorry!!!! $%#@&re*$%$rthn#$^&&!f#&%$$f$#df#@^%$~`<:JHFgYt trt" "$%%7``0924ksh<:{[86#$36455hgf#$45"

11 W32/FUJACKS.AB 4/7/2007 Infects.exe files also infects web pages by Inserting malicious hyperlinks of windows ani exploit It creates the following registry key to start itself at boot up time: HKEY_CURRENT_USER\Software\Microsoft\Win dows\CurrentVersion\Run\Death.exe\"\%system%\ Death. Terminates the processes containing the strings like zone alarm, Symantec anti virus. It also attempts to download other malware

12 Effects of Win32.fujacks Infected through network shares which are protected with very weak passwords. This virus tries with passwords present in the directory. Change in the executable file sizes. Creates the following files in root directory: setup.inf, setup.exe, GameSetup.exe

13 Windows Vulnerabilities W1 Web Servers & Services W2 Workstation Service W3 Windows Remote Access Services W4 Microsoft SQL Server (MSSQL) W5 Windows Authentication W6 Web Browsers W7 File-Sharing Applications W8 LSAS Exposures W9 Mail Client W10 Instant Messaging W11 ani vulnerability

14 Windows.ANI vulnerability Determina security User32.DLL code has vulnerability Buffer overflow Remote code execution Microsoft released patches on April 5 th

15 Code Red Worm July 13 2001 Worm spread using.ida (indexing service) vulnerability in Microsoft Internet Information Server Damage caused: Infected machines randomly attacked other web servers Performed denial of service attack on www.whitehouse.govwww.whitehouse.gov The homepage of infected machines is defaced

16 Code red worm working

17 Spida Worm Microsoft SQL server vulnerability Different worm exploiting databases On SQL server 7.0 password is blank by default Connect to sa with blank password The worm uses the extended stored procedure xp_cmdshell

18 My tob worm Mass mailing worm It can use even the LSASS vulnerability of windows Stack based buffer overflow It sends itself to all email addresses harvested from the victim machine using its own email engine Aug 9 2005 the proof of concept was released & by aug 11 th worms started attacking. My tob worm was designed from some version of my doom

19 Worms at a glance Vulnerability Spreading methods Infecting

20 Fighting Internet worms Honey pots Computer elements to delude aggressors 2 kinds of honey pots are used High Interaction Low Interaction Honey pots versus worms Honey pots and worm infections Honey pots and payload worms Honey pots and propagation of worms

21 How anti-virus software works Virus dictionary approach DAT files are released by the Anti virus company. These DAT files have virus definitions and signatures of the virus. Suspicious behavior approach Other ways to detect viruses Sandboxing

22 Good practices Install the patches supplied by the software vendors Keep your Antivirus software updated Do not open the email attachments from the unknown. Configure the firewall properly Use strong passwords so that others cant brute force Be aware of the Internet viruses and worms Zero day exploits cannot be avoided.

23 Kaspersky discovers an iVirus Even the I pods are effected with viruses Last year 2 viruses were found which infected during manufacturing process Podloso virus is the proof of concept Currently it does not have any malicious payload It just display a message on the screen that “You are infected with Oslo the first iPodLinux Virus.”

24

Download ppt "Recent Internet Viruses & Worms By Doppalapudi Raghu."

Similar presentations

By Hiranmayi Pai Neeraj Jain

By Hiranmayi Pai Neeraj Jain
CSE331: Introduction to Networks and Security Lecture 32 Fall 2002.

CSE331: Introduction to Networks and Security Lecture 32 Fall 2002.
 Application software consists of programs designed to make users more productive and/or assist with personal tasks.  Growth of internet simplified.

 Application software consists of programs designed to make users more productive and/or assist with personal tasks.  Growth of internet simplified.
1 Anti Virus vs virus System i-Specific Anti-Virus Product Ali ameen al said.

1 Anti Virus vs virus System i-Specific Anti-Virus Product Ali ameen al said.
1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?

1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
Telnet and FTP. Telnet Lets you use the resources of some other computer on the Internet to access files, run programs, etc. Creates interactive connection.

Telnet and FTP. Telnet Lets you use the resources of some other computer on the Internet to access files, run programs, etc. Creates interactive connection.
Computer Viruses.

Computer Viruses.
Lesson 14-Desktop Protection. Overview Protect against malicious code. Use the Internet. Protect against physical tampering.

Lesson 14-Desktop Protection. Overview Protect against malicious code. Use the Internet. Protect against physical tampering.
Computer Viruses. History Malicious software – 1970’s Programs distributed over exchange servers speeds spread of viruses Brain sparks term: Virus.

Computer Viruses. History Malicious software – 1970’s Programs distributed over exchange servers speeds spread of viruses Brain sparks term: Virus.
Copyright © 1995-2009 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci530 Computer Security Systems Lecture.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci530 Computer Security Systems Lecture.
Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.

Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.
By Hassan Abu daqen & montaser elsabe3 & Nidal Abu saif.

By Hassan Abu daqen & montaser elsabe3 & Nidal Abu saif.
Chapter Nine Maintaining a Computer Part III: Malware.

Chapter Nine Maintaining a Computer Part III: Malware.
Computer security virus, hacking and backups. Computer viruses are small software programs that are designed to spread from one computer to another.

Computer security virus, hacking and backups. Computer viruses are small software programs that are designed to spread from one computer to another.
Video Following is a video of what can happen if you don’t update your security settings! security.

Video Following is a video of what can happen if you don’t update your security settings! security.
1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.

1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.
1 Internet Security Threat Report X Internet Security Threat Report VI Figure 1.Distribution Of Attacks Targeting Web Browsers.

1 Internet Security Threat Report X Internet Security Threat Report VI Figure 1.Distribution Of Attacks Targeting Web Browsers.
Chapter 15: Security (Part 1). The Security Problem Security must consider external environment of the system, and protect the system resources Intruders.

Chapter 15: Security (Part 1). The Security Problem Security must consider external environment of the system, and protect the system resources Intruders.
1. 2 What is security? Computer Security deals with the prevention and detection of, and the reaction to, unauthorized actions by users of a computer.

1. 2 What is security? Computer Security deals with the prevention and detection of, and the reaction to, unauthorized actions by users of a computer.
Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)

Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)

Similar presentations

Ads by Google