Viruses and Worms Definition and Prevention - PowerPoint PPT Presentation

About This Presentation
Title:

Viruses and Worms Definition and Prevention

Description:

... and keep it in a safe place.Thanks Again and Have a ... Pranks. Vandalism. Attacking products of specific companies. To distribute political messages, ... – PowerPoint PPT presentation

Number of Views:681
Avg rating:3.0/5.0
Slides: 26
Provided by: johntri
Learn more at: http://www.cs.fsu.edu
Category:

less

Transcript and Presenter's Notes

Title: Viruses and Worms Definition and Prevention


1
Viruses and WormsDefinition and Prevention
  • John Trifiletti
  • Krishna Charles

2
What is a virus?
  • A self-replicating computer program written to
    alter the way a computer operates, without the
    permission or knowledge of the user.
  • A true virus must replicate itself, and must
    execute itself.
  • A computer virus replaces an existing executable
    files with a virus-infected copy.

3
Types of Viruses
  • Bootsector virus
  • Companion Viruses
  • E-Mail Virus
  • Logic Bomb
  • Time Bomb
  • Macro Virus
  • Trojan Horses
  • Worm

4
What do Viruses Do?
  • Damage Programs
  • Delete Files
  • Reformat Hard Drives
  • Make themselves Known Present
  • Text, Video, Audio.
  • Take up Computers Memory
  • Cause System Crashes and data loss

5
First Computer Virus
  • Written by Rich Skrenta in 1982
  • Elk Cloner

6
  • On every 50th boot you would get a poem saying
  • Elk Cloner The program with a personality
  • It will get on all your disks
  • It will infiltrate your chips
  • Yes it's Cloner!
  • It will stick to you like glue
  • It will modify RAM too
  • Send in the Cloner!

7
(c)Brain virus
  • Created by Basit and Amjad Farooq Alvi

8
(c)Brain virus
  • Welcome to the Dungeon (c) 1986 Brain Amjads
    (pvt) Ltd VIRUS_SHOE RECORD V9.0 Dedicated to the
    dynamic memories of millions of viruses who are
    no longer with us today - Thanks GOODNESS!!
    BEWARE OF THE er..VIRUS  this program is
    catching program follows after these
    messages...._at__at_!!
  • Welcome to the Dungeon (c) 1986 Basit Amjad
    (pvt) Ltd. BRAIN COMPUTER SERVICES 730 NIZAM
    BLOCK ALLAMA IQBAL TOWN LAHORE-PAKISTAN PHONE
    430791,443248,280530. Beware of this VIRUS....

9
Viruses NOT just for windows
  • Bliss (1997)

10
MyDoom
  • Paid for by email spammers
  • contained the test
  • andy I'm just doing my job, nothing personal,
    sorry,"
  • sent through emails.
  • A backdoor on port 3127/tcp
  • putting its own SHIMGAPI.DLL file in the system32

11
Melissa Virus
  • From ltname of the infected sendergtSubject
    Important message from ltname of sendergtTo ltThe
    recipients, from the 50 namesgtAttachment
    LIST.DOC Body Here is that document you asked
    for ... don't show anyone else -)
  • David L. Smith

12
Variations
  • Subject Question for you...Body It's fairly
    complicated so I've attached it.
  • Subject Check this!!Body This is some wicked
    stuff!
  • Subject Cool Web SitesBody Check out the
    Attached Document for a list of some of the best
    Sites on the Web
  • Subject 80mb Free Web Space!Body Check out the
    Attached Document for details on how to obtain
    the free space. It's cool, I've now got heaps of
    room.
  • Subject Cheap SoftwareBody The attached
    document contains a list of web sites where you
    can obtain Cheap Software
  • Subject Cheap HardwareBody I've attached a
    list of web sites where you can obtain Cheap
    Hardware"
  • Subject Free MusicBody Here is a list of
    places where you can obtain Free Music.
  • Subject Free DownloadsBody Here is a list of
    sites where you can obtain Free Downloads.

13
ILOVEYOU
  • Onel A. de Guzman in the Fillipeans

14
Variations
  • Attachment LOVE-LETTER-FOR-YOU.TXT.vbsSubject
    Line ILOVEYOUMessage Body kindly check the
    attached LOVELETTER coming from me.
  • Attachment Very Funny.vbsSubject Line fwd
    JokeMessage Body empty
  • Attachment mothersday.vbsSubject Line Mothers
    Day Order ConfirmationMessage Body We have
    proceeded to charge your credit card for the
    amount of 326.92 for the mothers day diamond
    special. We have attached a detailed invoice to
    this email. Please print out the attachment and
    keep it in a safe place.Thanks Again and Have a
    Happy Mothers Day! mothersday_at_subdimension.com
  • Attachment virus_warning.jpg.vbsSubject Line
    Dangerous Virus WarningMessage Body There is a
    dangerous virus circulating. Please click
    attached picture to view it and learn to avoid
    it.
  • Attachment protect.vbsSubject Line Virus
    ALERT!!!Message Body a long message regarding
    VBS.LoveLetter.A

15
  • Attachment Important.TXT.vbsSubject Line
    Important! Read carefully!!Message Body Check
    the attached IMPORTANT coming from me!
  • Attachment Virus-Protection-Instructions.vbsSubj
    ect Line How to protect yourself from the
    IL0VEY0U bug!Message Body Here's the easy way
    to fix the love virus.
  • Attachment KillEmAll.TXT.VBSSubject Line I
    Cant Believe This!!!Message Body I Cant Believe
    I have Just received This Hate Email .. Take A
    Look!
  • Attachment ArabAir.TXT.vbsSubject Line Thank
    You For Flying With Arab AirlinesMessage Body
    Please check if the bill is correct, by opening
    the attached file
  • Attachment IMPORTANT.TXT.vbsSubject Line
    Variant TestMessage Body This is a variant to
    the vbs virus.
  • Attachment Vir-Killer.vbsSubject Line Yeah,
    Yeah another time to DEATH...Message Body This
    is the Killer for VBS.LOVE-LETTER.WORM.
  • Attachment LOOK.vbsSubject Line LOOK!Message
    Body hehe...check this out.
  • Attachment BEWERBUNG.TXT.vbsSubject Line
    Bewerbung KreolinaMessage Body Sehr geehrte
    Damen und Herren

16
Blaster Worm ( Lovsan )
  • Jeffrey Lee Parson

17
  • I just want to say LOVE YOU SAN!!
  • billy gates why do you make this possible ?
    Stop making money and fix your software!!

18
Re-Engineering
  • Dan Dumitru Ciobanu

19
WHY DO IT?
  • Pranks
  • Vandalism
  • Attacking products of specific companies
  • To distribute political messages,
  • Some view their viruses as ART

20
Why Do It? cont
  • Good viruses
  • Since self-replicating code causes many
    complications, it is questionable if a
    well-intentioned virus can ever solve a problem
    in a way that is superior to a regular program
    that does not replicate itself. wikopedia
  • Financial Game

21
Way in which viruses replicate
  • Open the new file
  • Check if the executable file has already been
    infected (if it is, return to the finder module)
  • Append the virus code to the executable file
  • Save the executable's starting point
  • Change the executable's starting point so that it
    points to the start location of the newly copied
    virus code
  • Save the old start location to the virus in a way
    so that the virus branches to that location right
    after its execution.
  • Save the changes to the executable file
  • Close the infected file
  • Return to the finder so that it can find new
    files for the replicator to infect.

22
Ways to fool virus scanners
  • last-modified date stays the same when the file
    is infected (doesnt fool scanners anymore)
  • Infection does NOT increase file size.
  • Kill all tasks associated with antivirus before
    it can detect them.
  • Keep the old file and send it to the antivirus
    when it searches for it where the infected file
    is used to spread itself.

23
What NOT to do
  • A virus CANNOT infect antivirus software or any
    file related to it. Antivirus software WILL check
    its own software first.

24
What an antivirus software does
  • Creates bait (or goat) files.
  • Scan emails on the fly.
  • Examine memory (Ran / Boot Sectors) and files
    stored on hard drives and removable media.

25
Popular Antivirus
  • Norton
  • Mcafee
  • AVG
  • Microsofts Antivirus
  • The Shield Pro
  • BitDefender
  • CA Antivirus
  • Kaspersky 5.0
  • Panda Antivirus
  • TrendMicro
Write a Comment
User Comments (0)
About PowerShow.com