Cybercrime :Virus & Defense

MD. Tanvir Ul HaqueClass ID: 1109017

Session : 2011-12

What Is Cybercrime?

Also called computer crime.

It is any illegal or criminal act dealing with computers and networks.

Additionally, cyber crime also includes traditional crimes conducted through the Internet.

Example: hate crimes, telemarketing and Internet fraud, credit card account thefts etc.

Virus Sometimes elaborated as Vital Information Resources Under

Siege(Slang).

A type of malicious software program (Malware).

Loaded onto a computer without any acknowledgement and runs against the owner’s wish.

It has the capacity to modify or replicate itself, in which case it will continue spreading.

Viruses are asymptomatic, as their symptoms are really hard to identify most of the time.

Evaluation Of Viruses

1. The earliest malware-like program was ”Creeper” (1971),detected on ‘ARPANET’. Written by Bob Thomas. It was a self-replicating program. It displayed:

Continue2. First personal computer virus was invented by the programmer Richard Screnta , it was “Elk Cloner”. The virus was attached to a computer game for the Apple DOS system.(1982)

3. In 1984 Fred Cohen use the name “VIRUS” in his paper "Computer Viruses – Theory and Experiments“ for self reproducing program. The name is proposed by Len Adleman.

4. “Brain” is considered to be the first stealth computer virus for IBM-PC. Written by two brothers, Basit Farooq Alvi and Amjad Farooq Alvi, from Pakistan(1986). It was a boot sector virus.

Continue5. In 1988, the first truly dangerous computer virus, called the ’Festering Hate virus’ was released infecting Apple operating systems.

Instead of just stalling computer function, this virus infected every file on the hard drive, floppy disks, and memory drives and eventually destroyed all files.

Properties Of Viruses1. Like human virus it spreads from one computer to another computer and leaving infections as it travels.

2. It causes annoying effects to damaging data, software and denial of services(DoS). 3. Almost all viruses are attached to an executable file, which means the virus may exist on a system but will not be active or able to spread until a user runs or opens the malicious host file or program.

Continue4. Normally, the host program keeps functioning after it is infected by the virus. However, some viruses overwrite other programs with copies of themselves, which destroys the host program altogether.

5. Viruses spread when the software or document they are attached to is transferred from one computer to another using the network, a disk, file sharing, or infected e-mail attachments.

The virus waits until

user transmits

the infected object to another

computer

User transmits an

infected object to another

computer

The virus locates and

infects suitable

objects on the new

computer

Lifecycle Of Virus

What does Viruses Do Erase files. Display a message. Scramble data on a hard disk. Cause erratic screen behavior. Halt the PC. Many viruses do nothing obvious

at all except spread. Hide data. Allow someone to gain illicit

access to the computer. Redirect websites to the adverts

or other websites.

Causes pop-up and try to tempt users to buy kinds of software

program. Reduce memory space. Damage disks & programs. Can record keystrokes and screen

data. Can steal confidential passwords

& information and pass to the malware author.

Finally, virus can grab control from the authentic user.

Types

Boot Sector Virus File Infecting Virus Macro Virus Metamorphic & Polymorphic

Virus Multipartite Virus Note : worms or trojans , two common

threats that are similar to viruses but technically not the same.

ContinueBoot sector virus: A boot sector virus is a type of virus that infects the boot sector of floppy disks or the Master Boot Record (MBR) of hard disks. The infected code runs when the system is booted from an infected disk, but once loaded it will infect other disks when accessed in the infected computer. Removing a boot sector virus can be difficult because it may encrypt the boot sector. In many cases, users may not even be aware they have been infected with a virus until they run an antivirus protection program.

ContinueFile Infecting Virus: A file-infecting virus infects executable files with the intent to cause permanent damage or make them unusable. A file-infecting virus overwrites code or inserts infected code into a executable file. This type of virus can infect a number of operating systems, including Macintosh, Windows and Unix. Moreover, a severe form of file-infecting virus can also completely reformat a hard drive.Win32.Sality.BK is a popular file-infecting virus that was among the top 10 malware infections in 2011 and 2012.

ContinueMacro Virus: Macro viruses add their code to the macros associated with documents, spreadsheets and other data files.

The first macro virus, called “Concept”, appeared in July 1995 .

“Melissa” made history as the first macro virus with email. It started spreading via email on March 26, 1999 infecting tens of thousands within hours. Macro viruses subsequently became the dominant type of virus until the turn of the century, when Microsoft disabled macros by default in Office program (since Office v2000).

Metamorphic & Polymorphic Virus: Metamorphic malware is rewritten with each iteration and after each iteration the code is different from the preceding one. The code changes makes it difficult for signature-based antivirus software programs to recognize that different iterations are the same malicious program.

Polymorphic malware also makes changes to code to avoid detection. It has two parts, but one part remains the same with each iteration, which makes the malware a little easier to identify.

Continue

ContinueMultipartite Virus: Also called multi-part virus or hybrid virus. A multipartite virus is a fast-moving virus that uses file infectors or boot infectors to attack the executable files or the boot sector simultaneously. Most viruses either affect the boot sector or the program files. The multipartite virus can affect both the boot sector and the program files at the same time, thus causing more damage than any other kind of virus.This type of virus can re-infect a system over and over again if all parts of the virus are not eradicated.

Preventing Computer Virus

Never download programs from untrusted sites.

Be cautious when opening email attachments.

Disable image previews in your email client.

Use an anti-malware solution. Use a firewall. Regularly update your OS.

Monitor all devices proactively. Pay attention to virus warnings

and notifications. Inform your IT department. Take care in removing the virus.

Note : PLEASE , ALWAYS HAVE A BACKUP FILE

Reference List:https://answers.yahoo.com/question/index?qid=1006022302471http://www.cisco.com/c/en/us/about/security-center/virus-differences.htmlhttp://online.lewisu.edu/msis/resources/the-evolution-of-the-computer-viruswww.webopedia.comwww.techtarget.comwww.Wikipedia.comhttps://www.techopedia.com/definition/55/file-infecting-virushttps://usa.kaspersky.com/internet-security-center/definitionshttps://security4web.org/glossary.php?w=Encrypted%20Virushttps://blog.teamviewer.com/prevent-computer-virus/

THANK YOU