virus & antivirus general presentataion

8/7/2019 Virus & Antivirus general presentataion

1/29

LOVELY PROFESSIONAL UNIVERSITY

Compiled By :

Puneet GoyalPuneet Goyal

B.Tech (CSE)B.Tech (CSE)

RG1901B45RG1901B45

February, 2011


2/29


What is a VirusWhat is a Virus ??

A virus is just a computer program. LikeA virus is just a computer program. Like

any other program, it containsany other program, it contains

instructions that tell your computer whatinstructions that tell your computer what

to do.to do.

But unlike an application, a virus usuallyBut unlike an application, a virus usually

tells your computer to do something youtells your computer to do something you

don't want it to do, and it can usuallydon't want it to do, and it can usuallyspread itself to other files on yourspread itself to other files on your

computercomputer ---- and other people'sand other people's

computers.computers.


3/29


InIn somesome cases,cases, aa virusvirus willwill executeexecute

onlyonly aa gentlegentle "personality"personality quirk,"quirk,"suchsuch asas causingcausing youryour computercomputer toto

makemake seeminglyseemingly randomrandom bleepsbleeps..

ButBut aa virusvirus cancan bebe veryvery destructivedestructive;; itit

couldcould formatformat youryour hardhard drive,drive,

overwriteoverwrite youryour hardhard drivedrive bootboot sector,sector,oror deletedelete filesfiles andand renderrender youryour

machinemachine inoperableinoperable..


4/29


General virus typesGeneral virus types

WhileWhile therethere areare thousandsthousands ofof

variationsvariations ofof viruses,viruses, mostmost fallfall

intointo oneone ofof thethe followingfollowing generalgeneral

categories,categories, eacheach ofof whichwhich worksworks

slightlyslightly differentlydifferently..


5/29

General virus typesGeneral virus typesBOOT SECTOR VIRUSBOOT SECTOR VIRUS

MACRO VIRUSMACRO VIRUS

MULTIPARTITE VIRUSMULTIPARTITE VIRUS

POLYMORPHIC VIRUSPOLYMORPHIC VIRUS

STEATH VIRUSSTEATH VIRUS

EE--MAIL VIRUSESMAIL VIRUSES

WORMSWORMS

TROJAN HORSESTROJAN HORSES


6/29


BootBoot SectorSector VirusVirus::

ReplacesReplaces oror implantsimplants itselfitself inin

thethe bootboot sectorsector.. ThisThis kindkind ofofvirusvirus cancan preventprevent youyou fromfrom

beingbeing ableable toto bootboot youryour hardhard

diskdisk..


7/29


MacroMacro VirusVirus::WrittenWritten usingusing aa simplifiedsimplified macromacroprogrammingprogramming language,language, thesethese virusesviruses

affectaffect MicrosoftMicrosoft OfficeOffice applications,applications,

suchsuch asas WordWord andand ExcelExcel.. AA documentdocumentinfectedinfected withwith aa macromacro virusvirus generallygenerally

modifiesmodifies aa prepre--existing,existing, commonlycommonly usedused

commandcommand (such(such asas Save)Save) toto triggertrigger itsits

payloadpayload uponupon executionexecution ofof thatthat

commandcommand..


8/29


MultipartiteMultipartite VirusVirusInfectsInfects bothboth filesfiles andand thethe bootboot

sectorsector---- aa doubledouble whammywhammy thatthat

cancan reinfectreinfect youryour systemsystem dozensdozens ofof

timestimes beforebefore it'sit's caughtcaught..


9/29


Polymorphic VirusPolymorphic Virus::

ChangesChanges codecode wheneverwhenever ititpassespasses toto anotheranother machinemachine..


10/29


StealthStealth VirusVirus::

hideshides itsits presencepresence byby

makingmaking anan infectedinfected filefile

notnot appearappear infectedinfected


11/29


EE--mailmail virusesviruses::AnAn ee--mailmail virusvirus movesmoves aroundaround

inin ee--mailmail messages,messages, andand

usuallyusually replicatesreplicates itselfitself byby

automaticallyautomatically mailingmailing itselfitself toto

dozensdozens ofof peoplepeople inin thethe victim'svictim'see--mailmail addressaddress bookbook..


12/29


WormsWorms::AA wormworm isis aa computercomputer programprogram thatthathashas thethe abilityability toto copycopy itselfitself fromfrom

machinemachine toto machinemachine.. WormsWorms

normallynormally movemove aroundaround andand infectinfect

otherother machinesmachines throughthrough computercomputer

networksnetworks.. WormsWorms eateat upup storagestorage

spacespace andand slowsslows downdown thethe computercomputer..

ButBut wormsworms don'tdon't alteralter oror deletedelete filesfiles..


13/29


Trojan horsesTrojan horses ::AA TrojanTrojan horsehorse isis simplysimply aa

computercomputer programprogram thatthat claimsclaims

toto dodo oneone thingthing (it(it maymay claimclaim totobebe aa game)game) butbut insteadinstead doesdoes

damagedamage whenwhen youyou runrun itit (it(it

maymay eraseerase youryour hardhard disk)disk)..


14/29


WhenWhen loadedloaded ontoonto youryour machine,machine, aa

TrojanTrojan horsehorse cancan capturecaptureinformationinformation fromfrom youryour systemsystem ----

suchsuch asas useruser namesnames andand passwordspasswords

oror couldcould allowallow aa maliciousmalicious hackerhacker

toto remotelyremotely controlcontrol youryour

computercomputer..

TrojanTrojan horseshorses havehave nono wayway toto

replicatereplicate automaticallyautomatically..


15/29


Origins of Viruses :Origins of Viruses :

PPeopleeople createcreate virusesviruses.. AA personperson hashas totowritewrite thethe code,code, testtest itit toto makemake suresure itit

spreadsspreads properlyproperly andand thenthen releaserelease thethe

virusvirus.. AA personperson alsoalso designsdesigns thethe virus'svirus's

attackattack phase,phase, whetherwhether it'sit's aa sillysilly

messagemessage oror destructiondestruction ofof aa hardhard diskdisk..

InIn mostmost ofof thethe casescases peoplepeople createcreate virusesviruses

justjust forfor thethe thrillthrill oror funfun..


16/29


HowHow TheyThey SpreadSpread ??EarlyEarly virusesviruses werewere piecespieces ofof codecode attachedattached

toto aa commoncommon programprogram likelike aa popularpopular gamegame

oror aa popularpopular wordword processorprocessor.. AA personperson

mightmight downloaddownload anan infectedinfected gamegame fromfrom thethe

internetinternet oror copycopy itit fromfrom aa floppyfloppy diskdisk andand

runrun itit.. AA virusvirus likelike thisthis isis aa smallsmall piecepiece ofof

codecode embeddedembedded inin aa larger,larger, legitimatelegitimate

programprogram.. AnyAny virusvirus isis designeddesigned toto runrun firstfirst

whenwhen thethe legitimatelegitimate programprogram getsgets

executedexecuted..


17/29


TheThe virusvirus loadsloads itselfitself intointo memorymemory andand lookslooks

aroundaround toto seesee ifif itit cancan findfind anyany otherother programsprograms

onon thethe diskdisk.. IfIf itit cancan findfind one,one, itit modifiesmodifies itit toto

addadd thethe virus'svirus's codecode toto thethe unsuspectingunsuspecting

programprogram.. ThenThen thethe virusvirus launcheslaunches thethe "real"real

programprogram.."" TheThe useruser reallyreally hashas nono wayway toto knowknowthatthat thethe virusvirus everever ranran.. Unfortunately,Unfortunately, thethe

virusvirus hashas nownow reproducedreproduced itself,itself, soso twotwo

programsprograms areare infectedinfected.. TheThe nextnext timetime eithereither ofofthosethose programsprograms getsgets executed,executed, theythey infectinfect otherother

programs,programs, andand thethe cyclecycle continuescontinues..


18/29


IfIf oneone ofof thethe infectedinfected programsprograms isis givengiventoto anotheranother personperson onon aa floppyfloppy disk,disk, oror ifif

itit isis uploadeduploaded toto internet,internet, thenthen otherother

programsprograms getget infectedinfected..

ThisThis isis howhow thethe virusvirus spreadsspreads..


19/29


Run a secure operating system like UNIX orRun a secure operating system like UNIX or

Windows NT.Windows NT.

InstallInstall virusvirus protectionprotection softwaresoftware..

Avoid programs from unknown sources.Avoid programs from unknown sources.

Disable floppy disk bootingDisable floppy disk booting

Macro Virus Protection is enabled in allMacro Virus Protection is enabled in all

Microsoft applications.Microsoft applications.Never doubleNever double--click on an attachment thatclick on an attachment that

contains an executable that arrives as an econtains an executable that arrives as an e--

mail attachment.mail attachment.

Prevention is the best cure :Prevention is the best cure :


20/29

ANTIVIRUS PROTECTIONANTIVIRUS PROTECTION

SignatureSignature--based virus scanning in files,based virus scanning in files,

message bodies and attachmentsmessage bodies and attachments

Scanning of archived and compressed filesScanning of archived and compressed files

Scanning for unknown viruses usingScanning for unknown viruses using

analyzeranalyzer

Message rescanning for new viruses everyMessage rescanning for new viruses every

time antitime anti--virus databases are updated or onvirus databases are updated or on

scheduleschedule

PROTECTIVE ROTECTION: Detection andPROTECTIVE ROTECTION: Detection and

prevention of virus outbreaksprevention of virus outbreaks


21/29


How antivirus software works :How antivirus software works :

ScanningScanning softwaresoftware lookslooks forfor aa virusvirus inin oneone ofoftwotwo waysways.. IfIf it'sit's aa knownknown virusvirus (one(one thatthat hashas

alreadyalready beenbeen detecteddetected inin thethe wildwild andand hashas anan

antidoteantidote writtenwritten forfor it)it) thethe softwaresoftware willwill looklookforfor thethe virus'svirus's signaturesignature ---- aa uniqueunique stringstring ofof

bytesbytes thatthat identifiesidentifies thethe virusvirus likelike aa fingerprintfingerprint

---- andand willwill zapzap itit fromfrom youryour systemsystem.. MostMost

scanningscanning softwaresoftware willwill catchcatch notnot onlyonly anan initialinitial

virusvirus butbut manymany ofof itsits variantsvariants asas well,well, sincesince thethe

signaturesignature codecode usuallyusually remainsremains intactintact..


22/29


InIn thethe casecase ofof newnew virusesviruses forfor whichwhich nono antidoteantidote hashas

beenbeen created,created, scanningscanning softwaresoftware usesuses methodsmethods thatthat

looklook forfor unusualunusual virusvirus likelike activityactivity onon youryour systemsystem..

IfIf thethe programprogram seessees anyany funnyfunny business,business, itit

quarantinesquarantines thethe questionablequestionable programprogram andand

broadcastsbroadcasts aa warningwarning toto youyou aboutabout whatwhat thetheprogramprogram maymay bebe tryingtrying toto dodo (such(such asas modifymodify youryour

WindowsWindows Registry)Registry).. IfIf youyou andand thethe softwaresoftware thinkthink

thethe programprogram maymay bebe aa virus,virus, youyou cancan sendsend thethe

quarantinedquarantined filefile toto thethe antivirusantivirus vendor,vendor, wherewhereresearchersresearchers examineexamine it,it, determinedetermine itsits signature,signature,

namename andand catalogcatalog it,it, andand releaserelease itsits antidoteantidote.. It'sIt's

nownow aa knownknown virusvirus..


23/29


IfIf thethe virusvirus nevernever appearsappears againagain ----

whichwhich oftenoften happenshappens whenwhen thethe virusvirus isistootoo poorlypoorly writtenwritten toto spreadspread ---- thenthen

vendorsvendors categorizecategorize thethe virusvirus asas

dormantdormant.. ButBut virusesviruses areare likelikeearthquakesearthquakes:: TheThe initialinitial outbreakoutbreak isis

usuallyusually followedfollowed byby aftershocksaftershocks..

VariantsVariants (copycat(copycat virusesviruses thatthat emergeemergeinin drovesdroves afterafter thethe initialinitial outbreak)outbreak)

makemake upup thethe bulkbulk ofof knownknown virusesviruses..


24/29

SOME COMMON ANTI_VIRUSESSOME COMMON ANTI_VIRUSES

ARE:ARE:

AVAST 5.0AVAST 5.0

AVG 9AVG 9

KASPERSKYKASPERSKYZONEALARMZONEALARM

PANDA INTERNET SECURITYPANDA INTERNET SECURITY

ESET NOD32ESET NOD32MACFEE ANTIVIRUSMACFEE ANTIVIRUS


25/29


Practice safe computingPractice safe computing

TheThe bestbest wayway toto protectprotect yourselfyourself fromfrom virusesvirusesisis toto avoidavoid openingopening unexpectedunexpected ee--mailmail

attachmentsattachments andand downloadsdownloads fromfrom unreliableunreliable

sourcessources.. ResistResist thethe urgeurge toto doubledouble--clickclickeverythingeverything inin youryour mailboxmailbox.. IfIf youyou getget aa filefile

attachmentattachment andand youyou aren'taren't expectingexpecting one,one, ee--

mailmail thethe personperson whowho sentsent itit toto youyou beforebefore youyou

openopen thethe attachmentattachment.. AskAsk themthem ifif theythey meantmeanttoto sendsend youyou thethe file,file, whatwhat itit is,is, andand whatwhat itit

shouldshould dodo..


26/29


ForFor addedadded safety,safety, youyou needneed toto installinstall

reliablereliable antivirusantivirus scanningscanning softwaresoftware andanddownloaddownload updatesupdates regularlyregularly.. MajorMajor

antivirusantivirus softwaresoftware vendors,vendors, includingincluding

Symantec,Symantec, NetworkNetwork Associates,Associates, ComputerComputerAssociates,Associates, andand TrendTrend Micro,Micro, provideprovide

regularregular updatesupdates.. (Computer(Computer Associates'Associates'

InoculateITInoculateIT isis alsoalso freefree..)) SomeSome ofof thethe

vendorsvendors alsoalso offeroffer aa serviceservice thatthat willwill

automaticallyautomatically retrieveretrieve updatesupdates forfor youyou

fromfrom thethe company'scompany's WebWeb sitesite..


27/29


RegularRegular updatesupdates areare essentialessential..ResearchersResearchers atat ComputerComputer EconomicsEconomics

estimateestimate thatthat 3030 percentpercent ofof smallsmall

businessesbusinesses areare vulnerablevulnerable toto virusesviruseseithereither becausebecause theythey don'tdon't keepkeep theirtheir

virusvirus--scanningscanning softwaresoftware updatedupdated oror

becausebecause theythey don'tdon't installinstall itit correctlycorrectly..


28/29

Conclusion:Mostly I conclude updating our ANTIVIRUS is

important because viruses are increasing day by day.

First, understand how your anti-virus productworks. Then, start with a known-clean computer and

follow specific steps to assure good virus

detection/protection.



29/29


virus & antivirus general presentataion

Documents