PPT ON COMPUTER VIRUSES

CLICK HERE TO DOWNLOAD PPT ON COMPUTER VIRUSES

Computer Viruses  Presentation Transcript

1. Computer Viruses

2. COMPUTER VIRUS

3. Introduction

z Computer virus have become today’s headline news.

z With the increasing use of the Internet, it has become easier for virus to spread.

z Most virus are targeted at the MS Windows OS.

4. Definition Þ Virus : A true virus is capable of self replication on a machine. It may spread between files or disks, but the defining character is that it can recreate itself on it’s own with out traveling to a new host

5. Overview

z Background

z Symptoms

z Classifying Viruses

z Examples Protection/Prevention

6. Background

z There are estimated 30,000 computer viruses in existence

z Over 300 new ones are created each month

z First virus creeper was detected in 1970 by Arpanet in Telenex Os to show loopholes in software & shows a message “ I am creeper, catch me if you can “

7. Virus Languages z ANSI COBOL

z C/C++

z Pascal

z VBA

z Unix Shell Scripts

z JavaScript z Basically any language that works on the system that is the target

8. Symptoms of Virus Attack 

z Computer runs slower then usual

z Computer no longer boots up

z Screen sometimes flicker z PC speaker beeps periodically

z System crashes for no reason

z Files/directories sometimes disappear

z Denial of Service (DoS)

9. Virus through the Internet

z Today almost 87% of all viruses are spread through the internet (source: ZDNet)

z Transmission time to a new host is relatively low, on the order of hours to days

z “Latent virus”

10. Typical things that some current Personal Computer (PC) viruses do z Display a message

11. Classifying Virus – General z Virus Information Discovery Date: Origin: Length: Type: SubType: Risk Assessment: Category:

12. Classifying Virus – Categories z Stealth z Polymorphic z Companion z Armored 13. Classifying Virus – Types z Trojan Horse z Worm z Macro

14. Trojan Horse z Covert z Leaks information z Usually does not reproduce

15. Trojan Horse z Back Orifice Discovery Date: 10/15/1998 Origin: Pro-hacker Website Length: 124,928 Type: Trojan SubType: Remote Access Risk Assessment: Low Category: Stealth

16. Trojan Horse z About Back Orifice y requires Windows to work y distributed by “Cult of the Dead Cow” y similar to PC Anywhere, Carbon Copy software y allows remote access and control of other computers y install a reference in the registry y once infected, runs in the background y by default uses UDP port 54320 TCP port 54321 y In Australia 72% of 92 ISP surveyed were infected with Back Orifice

17. Worms z Spread over network connection

z Worms replicate

z First worm released on the Internet was called Morris worm, it was released on Nov 2, 1988.

18. Worms z Bubbleboy Discovery Date: 11/8/1999 Origin: Argentina (?) Length: 4992 Type: Worm/Macro SubType: VbScript Risk Assessment: Low Category: Stealth/Companion

19. Worms z Bubbleboy y requires WSL (windows scripting language), Outlook or Outlook Express, and IE5 y Does not work in Windows NT y Effects Spanish and English version of Windows y 2 variants have been identified y Is a “latent virus” on a Unix or Linux system y May cause DoS

20. Worms z How Bubbleboy works y Bubbleboy is embedded within an email message of HTML format. y a VbScript while the user views a HTML page y a file named “Update.hta” is placed in the start up directory y upon reboot Bubbleboy executes

21. Worms z How Bubbleboy works y changes the registered owner/organization x HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RegisteredOwner = “Bubble Boy” x HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RegisteredOrganization = “Vandalay Industry” y using the Outlook MAPI address book it sends itself to each entry y marks itself in the registry x HKEY_LOCAL_MACHINE\Software\Outlook.bubbleboy = “OUTLOOK.Bubbleboy1.0 by Zulu”

22. Macro z Specific to certain applications

z Comprise a high percentage of the viruses

z Usually made in WordBasic and Visual Basic for Applications (VBA)

z Microsoft shipped “Concept”, the first macro virus, on a CD ROM called "Windows 95 Software Compatibility Test" in 1995

23. Macro z Melissa Discovery Date: 3/26/1999 Origin: Newsgroup Posting Length: varies depending on variant Type: Macro/Worm Subtype: Macro Risk Assessment: High Category: Companion

24. Macro z Melissa y requires WSL, Outlook or Outlook Express Word 97 SR1 or Office 2000 y 105 lines of code (original variant) y received either as an infected template or email attachment y lowers computer defenses to future macro virus attacks y may cause DoS y infects template files with it’s own macro code y 80% of of the 150 Fortune 1000 companies were affected

25. Macro z How Melissa works y infects the Normal.dot template file with it’s own code y Lastly if the minutes of the hour match up to the date the macro inserts a quote by Bart Simpson into the current document x “Twenty two points, plus triple word score, plus fifty points for using all my letters. Game’s over. I’m outta here.”

26. Protection/Prevention

z Knowledge

z Proper configurations

z Run only necessary programs

z Anti-virus software