study of computer virus worms sampath yerramalla 04/17/02
TRANSCRIPT
![Page 1: Study of Computer Virus Worms Sampath Yerramalla 04/17/02](https://reader036.vdocuments.net/reader036/viewer/2022062802/56649e905503460f94b940f4/html5/thumbnails/1.jpg)
Study of Computer Virus Study of Computer Virus WormsWorms
Sampath Yerramalla04/17/02
![Page 2: Study of Computer Virus Worms Sampath Yerramalla 04/17/02](https://reader036.vdocuments.net/reader036/viewer/2022062802/56649e905503460f94b940f4/html5/thumbnails/2.jpg)
Survey Virus Appearance
– National Press– Faster than in papers
• Melissa• The Love Letter• Anna Kournikova
Vulnerabilities– Computer hardware based on single trusted user– Software loop-holes
Research : Any machine with almost any OS can support virus
![Page 3: Study of Computer Virus Worms Sampath Yerramalla 04/17/02](https://reader036.vdocuments.net/reader036/viewer/2022062802/56649e905503460f94b940f4/html5/thumbnails/3.jpg)
Difference Virus
– A computer program that replicates by attaching itself to some other object
– Usually small size programs ( 3-30k )– Designed to evade detection
Worm– First reported ed by John Shoh and Jon Hupp of XEROX
PARC– Sends itself to other systems– Bigger in size than virus– More abilities– Not easy to write
![Page 4: Study of Computer Virus Worms Sampath Yerramalla 04/17/02](https://reader036.vdocuments.net/reader036/viewer/2022062802/56649e905503460f94b940f4/html5/thumbnails/4.jpg)
Virus Spread Medium
– Hard disk– Floppy disks– Tape– Optical media– Memory
Internet– E-mail attachments– .exe .bat .vbs
Incentive and trap– Money – Sex – Humor
Research : One in every five hundred e-mail messages contain a virus.
![Page 5: Study of Computer Virus Worms Sampath Yerramalla 04/17/02](https://reader036.vdocuments.net/reader036/viewer/2022062802/56649e905503460f94b940f4/html5/thumbnails/5.jpg)
Types
Effect on OS, programming used and size.– Boot sector virus– Polymorphic virus – Time Bomb– Shell virus– Add-on virus– Trojan horse– Internet worms
![Page 6: Study of Computer Virus Worms Sampath Yerramalla 04/17/02](https://reader036.vdocuments.net/reader036/viewer/2022062802/56649e905503460f94b940f4/html5/thumbnails/6.jpg)
Polymorphic virus
Mutates Hard to detect All parts of the multipartite virus needs to
be cleaned Different kinds of damages
• Amusing screen displays• Unusual sound displays• System reboots• Reformatting the hard disk
![Page 7: Study of Computer Virus Worms Sampath Yerramalla 04/17/02](https://reader036.vdocuments.net/reader036/viewer/2022062802/56649e905503460f94b940f4/html5/thumbnails/7.jpg)
Shell Virus
Uninfected Program
Infected Program
![Page 8: Study of Computer Virus Worms Sampath Yerramalla 04/17/02](https://reader036.vdocuments.net/reader036/viewer/2022062802/56649e905503460f94b940f4/html5/thumbnails/8.jpg)
Add-on Virus
Uninfected Program
Infected Program
![Page 9: Study of Computer Virus Worms Sampath Yerramalla 04/17/02](https://reader036.vdocuments.net/reader036/viewer/2022062802/56649e905503460f94b940f4/html5/thumbnails/9.jpg)
Trojan Horse
A program that hides it true intention e-mail attachments Trick into installing malicious software
– Droppers– Backdoors
Hackers– Subseven– Back Orifice– Netbus
![Page 10: Study of Computer Virus Worms Sampath Yerramalla 04/17/02](https://reader036.vdocuments.net/reader036/viewer/2022062802/56649e905503460f94b940f4/html5/thumbnails/10.jpg)
Internet Worms Use complex e-mal functions and network
software Steals addresses from your address book New hosts through un-protected system drives W32/ska W32/Navidad@M VBS/Netlog W32/Explorezip W32/Qaz W32/SaddamHussain,…… Virus Hackers
![Page 11: Study of Computer Virus Worms Sampath Yerramalla 04/17/02](https://reader036.vdocuments.net/reader036/viewer/2022062802/56649e905503460f94b940f4/html5/thumbnails/11.jpg)
Hackers attack Microsoft
![Page 12: Study of Computer Virus Worms Sampath Yerramalla 04/17/02](https://reader036.vdocuments.net/reader036/viewer/2022062802/56649e905503460f94b940f4/html5/thumbnails/12.jpg)
Virus programmers Common languages to create virus
– Assembler– C– Visual Basic– Java
Unfortunately, virus are created by people for all usual reasons– Dirty tricks– Make a living
Fortunately, not all virus programmers aren’t in “ boy or girl genius league ”.
![Page 13: Study of Computer Virus Worms Sampath Yerramalla 04/17/02](https://reader036.vdocuments.net/reader036/viewer/2022062802/56649e905503460f94b940f4/html5/thumbnails/13.jpg)
Viral Signatures
Repeated infection – early detection Unique virus signatures Mixed blessing
– Fake Viral signatures to protect against virus
![Page 14: Study of Computer Virus Worms Sampath Yerramalla 04/17/02](https://reader036.vdocuments.net/reader036/viewer/2022062802/56649e905503460f94b940f4/html5/thumbnails/14.jpg)
Why should I care ? Reproduce
– Stealing addresses from your Address Book– Write files to a Local directory / Network computer– Appears to be done by you
Un-authorized Access– Passwords– Credit card numbers– Destroy the computer– Computer un-usable
Allow other people (anywhere on internet), to get control of your computer
![Page 15: Study of Computer Virus Worms Sampath Yerramalla 04/17/02](https://reader036.vdocuments.net/reader036/viewer/2022062802/56649e905503460f94b940f4/html5/thumbnails/15.jpg)
Have I Been a Victim ?
Reproduction stage Alert box Too late Virus hoax are common than virus itself
![Page 16: Study of Computer Virus Worms Sampath Yerramalla 04/17/02](https://reader036.vdocuments.net/reader036/viewer/2022062802/56649e905503460f94b940f4/html5/thumbnails/16.jpg)
Getting Rid of Virus
Virus code is tagged at the end of a program Placed in the empty slots of a program Both types can be cleaned Unfortunately, virus world doesn’t end here Some virus replace the program code with their
own code Can’t be cleaned, hence deleted
![Page 17: Study of Computer Virus Worms Sampath Yerramalla 04/17/02](https://reader036.vdocuments.net/reader036/viewer/2022062802/56649e905503460f94b940f4/html5/thumbnails/17.jpg)
Getting Rid of Virus…
Some can be removed Others may require part or all of the OS to be
removed or re-installed Retrieval of files Damage cannot be undone
![Page 18: Study of Computer Virus Worms Sampath Yerramalla 04/17/02](https://reader036.vdocuments.net/reader036/viewer/2022062802/56649e905503460f94b940f4/html5/thumbnails/18.jpg)
Prevention better than any cure
Technical measures– Anti-virus software
– Update
Check mail-servers Reject all e-mails of dangerous or unknown
extensions Suspect even safe extensions Disabling functions Removing windows script hosting
![Page 19: Study of Computer Virus Worms Sampath Yerramalla 04/17/02](https://reader036.vdocuments.net/reader036/viewer/2022062802/56649e905503460f94b940f4/html5/thumbnails/19.jpg)
Do’s and Don’ts Always update your anti-virus software at least weekly
Back up your important files and ensure that they can be restored
Change the computer's boot sequence to always start the PC from its hard drive
Don't share Drive C: without a password and without read-only restrictions
Empty floppy drives of diskettes before turning on computers, especially laptops
Forget opening unexpected e-mail attachments, even if they're from friends
Get trained on your computer's anti-virus software and use it
![Page 20: Study of Computer Virus Worms Sampath Yerramalla 04/17/02](https://reader036.vdocuments.net/reader036/viewer/2022062802/56649e905503460f94b940f4/html5/thumbnails/20.jpg)
Do’s and Don’ts….
Have multiple backups of important files
Install security updates for your operating system and programs as soon as possible
Jump at the chance to learn more about your computer. This will help you spot viruses
KKnowledge is contagious, infect the truthnowledge is contagious, infect the truth
![Page 21: Study of Computer Virus Worms Sampath Yerramalla 04/17/02](https://reader036.vdocuments.net/reader036/viewer/2022062802/56649e905503460f94b940f4/html5/thumbnails/21.jpg)
References
I’ll include them in the term paper !
Sampath Yerramalla