Multipartite Viruses - PowerPoint PPT Presentation

1 / 21
About This Presentation
Title:

Multipartite Viruses

Description:

http://www.antivirus.com/pc-cillin/vinfo/virusencyclo/ Activation or Trigger ... Reboot computer from a clean disk then run anti-viral software ... – PowerPoint PPT presentation

Number of Views:635
Avg rating:3.0/5.0
Slides: 22
Provided by: wendyb97
Category:

less

Transcript and Presenter's Notes

Title: Multipartite Viruses


1
Multipartite Viruses
  • Wendy Bowman
  • ETEC 562

2
General Information
Activation
Payload
Removal
Transmission
Hidden
3
General Information
  • A computer virus is defined as a program or piece
    of code that is loaded onto your computer without
    your knowledge and runs against your wishes.
  • http//www.webopedia.com/TERM/v/virus.html

4
Viral Facts
  • Viruses can replicate.
  • All computer viruses are manmade.
  • Can infect other programs.
  • Viruses do not infect plain text files.
  • Viruses take up memory after replicating.
  • Viruses can not exist without a host.

5
Types of Viruses
  • Macros
  • Worms
  • Network and Multipartite viruses
  • Trojans and Stealth
  • Boot Sector
  • File

6
Network Viruses
  • Infect networks by making extensive use of
    network protocols.
  • Network viruses are able to transfer code to a
    remote server or workstation.
  • Reference http//www.viruslist.com/eng/viruslistbo
    oks.html?id24

7
Network Virus Facts
  • Called an octopus when it has one main segment
    that coordinates with what the other segments are
    doing.
  • Can steal password info and send it to a
    malicious source.
  • Separated into several segments that each run on
    a part of the network.
  • Use automated functions such as email to
    replicate.
  • Use programming built into the macros to spread
    themselves.

http//www.kaspersky.com/news.asp?tnews0nview1
id157page0
8
Multipartite Viruses
A multipartite virus is defined as a virus that
infects your boot sector as well as files.
9
Boot Sector
The area of the hard drive that is accessed when
the computer is first turned on.
Back to Show
10
Multipartite Facts
  • Can infect floppy disks.
  • Hardest virus to clean.
  • Are memory resident viruses.
  • Harder to spread across networks but isnt
    impossible.
  • To spread across a network, the server must be
    infected and an infected program must be accessed.

http//www.faqs.org/faqs/computer-virus/alt-faq/pa
rt1/
11
Viral Payload
Payload is defined as the action the virus
performs on the computer.
http//www.antivirus.com/pc-cillin/vinfo/virusenc
yclo/glossary.asppayload
12
Possible Payloads
  • Hangs the system during rebooting
  • Modifies available memory
  • Modify available resources
  • Corrupts the hard disk
  • Create files
  • Delete files
  • Modify files
  • Formats the hard drive

http//www.antivirus.com/pc-cillin/vinfo/virusency
clo/
13
Activation or Trigger
  • Refers to the condition or date in which the
    payload of the virus will occur.
  • Computer can be infected for months or years
    before the payload occurs.
  • Holidays are the most popular trigger date.
  • http//www.antivirus.com/pc-cillin/vinfo/virusency
    clo/glossary.asptrigger_condition_or_date

14
Hidden Dangers
  • Decrease the size of memory in BIOS, cut the last
    MCB (memory control block), and replicate in the
    free space left by the MCB
  • Disguise the virus as part of a downloadable
    shareware package
  • Interrupting the DOS language just enough to
    hook a viral code onto existing language
    (hooking) until a floppy disk can be infected.
  • Hooking on to the debugger.

http//www.virusbtn.com/VirusInformation/natas.htm
l
15
From here to there
  • Floppy disks
  • CD-ROMs
  • Shareware
  • New software
  • Network server
  • Email attachments
  • Hackers
  • Downloading material from the Internet

http//www.cuyamaca.net/rachael.holloway/ppt/virus
.ppt
16
Disposal
  • Run anti-viral software
  • Quarantine the virus (if possible)
  • Replace the MBR (master boot record)
  • Reboot computer from a clean disk then run
    anti-viral software
  • Reformat the hard drive through DOS
  • Costliest method, purchase a new memory chip

17
Payload
General Information
Activation
Click Here!
Transmission
Hidden
Removal
18
Anthrax
  • Writes its viral code to the last sector of the
    hard drive while overwriting data there.
  • Memory resident
  • DOS platform
  • Infects .COM, .EXE, MBR, and floppy boot sectors
  • Multipartite
  • Uses 1024 bytes (files) and 512 bytes (MBR)

http//www.symantec.com/avcenter/vinfodb.html
19
Clisti 1025 and Clisti 1025 (b)
  • No aliases
  • Memory resident
  • Uses encryption
  • Wild (
  • Can be transmitted through networks
  • Infects .COM, floppy boot sector, hard disk boot
    sector
  • Mainly, transmitted through emails

http//www.symantec.com/avcenter/vinfodb.html
20
One Half Boot
  • Infects .COM, .EXE, MBR
  • Memory resident
  • Slowly encrypts the hard drive
  • Uses 3155 bytes (files) and 512 bytes (MBR)
  • Multipartite, stealthing, and polymorphic
  • Transmitted through emails
  • All encrypted data is lost when virus is removed

http//www.symantec.com/avcenter/vinfodb.html
21
Is your computer a ticking time bomb?
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Multipartite Viruses" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!