computer virus.ppt
DESCRIPTION
PPT On Computer VirusTRANSCRIPT
Computer Viruses
Definition
A computer virus is a computer program that can spread across computers and networks by making copies of itself, usually without the user’s knowledge. Viruses can have harmful side-effects. These can range from displaying irritating messages to deleting all the files on your computer.
Background
Evolution of virus In the mid-1980s Basit and Amjad Alvi of Lahore, Pakistan discovered that people were pirating their software. They responded by writing the first computer virus, a program that would put a copy of itself and a copyright message on any floppy disk copies their customers made. From these simple beginnings, an entire virus counter-culture has emerged. Today new viruses sweep the planet in hours and virus scares are major news.
They can attach themselves to other programs or hide in code that is run automatically when you open certain types of files. You might receive an infected file on a disk, in an email attachment, or in a download from the internet. As soon as you launch the file, the virus code runs. Then the virus can copy itself to other files or disks and make changes on your computer.
How does a virus infect computers?
• Virus writers don’t gain in financial or career terms; they rarely achieve real fame; and, unlike hackers, they don’t usually target particular victims, since viruses spread too indiscriminately. Virus writers tend to be male, under 25 and single. Viruses also give their writers powers in cyberspace that they could never hope to have in the real world.
Who writes viruses?
Virus Languages
Symptoms of Virus Attack
Viruses and Virus Like Programs
Virus & Worms
Classifying Virus - General
Classifying Virus - Categories
Trojan Horse
Back Orifice Discovery Date: 10/15/1998
Origin: Pro-hacker Website
Length: 124,928
Type: Trojan
SubType: Remote Access
Risk Assessment: Low
Category: Stealth
Trojan Horse
About Back Orifice requires Windows to work distributed by “Cult of the Dead Cow” similar to PC Anywhere, Carbon Copy software allows remote access and control of other
computers install a reference in the registry once infected, runs in the background by default uses UDP port 54320 TCP port 54321 In Australia 72% of 92 ISP surveyed were infected
with Back Orifice
Trojan Horse
Features of Back Orifice pings and query servers reboot or lock up the system list cached and screen saver password display system information logs keystrokes edit registry server control receive and send files display a message box
Torjans…..
Worms
Bubbleboy
Discovery Date:11/8/1999
Origin: Argentina
Length: 4992
Type: Worm/Macro
SubType: VbScript
Risk Assessment: Low
Category: Stealth/Companion
Worms
Bubbleboy requires WSL (windows scripting language),
Outlook or Outlook Express, and IE5 Does not work in Windows NT Effects Spanish and English version of Windows 2 variants have been identified Is a “latent virus” on a Unix or Linux system May cause DoS
Worms
How Bubbleboy works Bubbleboy is embedded within an email
message of HTML format. a VbScript while the user views a HTML page a file named “Update.hta” is placed in the start
up directory upon reboot Bubbleboy executes
Worms
How Bubbleboy works changes the registered owner/organization
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RegisteredOwner = “Bubble Boy”
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RegisteredOrganization = “Vandalay Industry”
using the Outlook MAPI address book it sends itself to each entry
marks itself in the registry HKEY_LOCAL_MACHINE\Software\Outlook.bubbleboy =
“OUTLOOK.Bubbleboy1.0 by Zulu”
Macro
Specific to certain applications Comprise a high percentage of the virusesUsually made in WordBasic and Visual
Basic for Applications (VBA) Microsoft shipped “Concept”, the first
macro virus, on a CD ROM called "Windows 95 Software Compatibility Test" in 1995
Macro
MelissaDiscovery Date: 3/26/1999
Origin: Newsgroup Posting
Length: varies depending on variant
Type: Macro/Worm
Subtype: Macro
Risk Assessment: High
Category: Companion
Macro
Melissa requires WSL, Outlook or Outlook Express Word
97 SR1 or Office 2000 105 lines of code (original variant) received either as an infected template or
email attachment lowers computer defenses to future macro virus
attacks may cause DoS infects template files with it’s own macro code 80% of of the 150 Fortune 1000 companies
were affected
Macro
How Melissa works the virus is activated through a MS word document document displays reference to pornographic
websites while macro runs 1st lowers the macro protection security setting for
future attacks checks to see is it has run in current session before
HKEY_LOCAL_MACHINE\Software\Microsoft\Office\Melissa = “by Kwyjibo”
propagates itself using the Outlook MAPI address book (emails sent to the first 50 addresses)
Viruses That Travelled Furthest..!
Love Bug VBS/Love Let-A Best known & pretends to
be a LL First seen : May 2000 Origin : Philippines Trigger : On initial infection Effect :E-mail with subject
LL,distribute via MS-outlook, Steal user info, overwrites cert files
Melissa WM97/Melissa-Word 97
macro virus Uses psychological subtlety First seen : March 1999 Origin : A 31 yr old US
programmer, David .L.Smith Trigger : On initial infection Effect :Sends message to
first fifty in all address books ,Attaches infected document
Viruses That Travelled Furthest..!
CIH (Chernobyl) W95/CIH-10xx-parasitic
virus, runs on Win-95 First virus to damage
hardware First seen : June 1998 Origin :Written by Chen Ing
Hau of Taiwan Trigger :April-26th,June 26th
or 26th of any month Effect :Overwrites
HD,overwrites BIOS, needs BIOS chip replacement
Overview
Questions?