View
18
Download
1
Category
Tags:
Preview:
Citation preview
DEFINITIONA computer virus is a small software program that spreads from one
computer to another computer and interferes with computer operation and
causes damage to data and files on systems.
MAIN CHARACTERISTICS ARE:•It is able to replicate.
•It requires a host program as a carrier.
•It is activated by external action.
SOME WELL-KNOWN COMPUTER VIRUSESCreeper virus Elk Cloner The Morris worm Nimda
ACTIVITY
Find the name of any two viruses
with their description
INTERESTING FACTSINTERESTING FACTS
Experts estimate that the mydoom worm infected approximately a
quarter-million computers in a single day in January 2004.
In January 2007, a worm called Storm appeared -- by October, experts
believed up to 50 million computers were infected.
A program named “Rother J” was the first computer virus to come into
sight. Created in 1981 by Richard Skrenta, it attached itself to the Apple
DOS 3.3 operating system and spread via floppy disk.
SYMPTOMS OF A COMPUTER VIRUS•The computer runs slower than usual.
•The computer stops responding, or it locks up frequently.
•The computer restarts on its own. Additionally, the computer
does not run as usual.
•Applications on the computer do not work correctly.
•Disks or disk drives are inaccessible.
•You see distorted menus and dialog boxes.
•An antivirus program is disabled for no reason. Additionally, the
antivirus program cannot be restarted.
•A program disappears from the computer even though you did
not intentionally remove the program.
TYPES OF VIRUSES
•ARMORED VIRUS: An ARMORED virus is one that uses special tricks to make tracing, disassembling and understanding of its code more difficult. Like a Whale virus.
•CAVITY VIRUS: A Cavity virus is one which over writes a part of the host file that is filled with a constant (usually nulls), without increasing the length of the file, but preserving its functionality. The Lehigh virus was an early example of a cavity virus.
•COMPANION VIRUS: On exit, the new program executes the original program so that things appear normal. On PCs this has usually been accomplished by creating an infected .COM file with the same name as an existing .EXE file. COMPANION VIRUS 2:48 AM 20 A companion virus is that virus which is not modifying the original file but execute new program.
TYPES OF VIRUSES
•RESIDENT VIRUS: Resident Viruses This type of virus is settle in the RAM memory. From there it can overcome and interrupt all of the operations executed by the system: corrupting files and programs that are opened, closed, copied, renamed etc. Examples are: Randex, CMJ, Meve, and Mrklunky.
•POLYMORPHIC VIRUS: A polymorphic virus is one that produces varied but operational copies of itself. This is so that virus scanners will not be able to detect all instances of the virus. •FAT VIRUS: This type of virus attack on the individual files or on the directories resulting information losses because this virus wipeout the information from the infected files.
HOW TO PREVENT A VIRUS? •Load only software from original disks or CD's. Pirated or copied
software is always a risk for a virus.
•Execute only programs of which you are familiar as to their origin.
•Computer uploads and "system configuration" changes should
always be performed by the person who is responsible for the
computer.
•Password protection should be employed.
•Check all shareware and free programs downloaded from on-line
services with a virus checking program.
•Purchase or download a anti-virus program that runs as you boot
or work your computer. Up-date it frequently.
Other forms of computer attacks• SPAMMING- Sending of bulk email by an
unidentified source.• WORM- A self replicating program that eats
up the entire disk space or memory by creating its copies until all the memory is filled.
• SPYWARE- A software that is installed on the computer to spy on the activities and report this to people willing to pay for it.
•ADWARE- The program that deliver unwanted ads to the computer(generally in pop-up forms) and consume the network bandwidth.•TROJAN HORSE- A program that appears harmless but actually performs malicious functions such as deleting or damaging files.•SWEEPER- A malicious program used by hackers to sweep or deletes all the data from the system.•PHISHING- A process of attempting to acquire sensitive information such as user name, passwords, credit card information, account data etc.
HOW VIRUS SPREAD?
A virus runs first when a legitimate program is executed. •The virus loads itself into memory and looks to see if it can find any other programs on the disk. •If it can find one, it modifies it to add the virus's code to the new program. •Then the virus launches the "real program.“
The user has no way to know that the virus ever ran. •Unfortunately, the virus has now reproduced itself, so two programs are infected. •The next time either of those programs gets executed, they infect other programs, and the cycle cont
When the infected program is distributed by •floppy disk•uploaded to a bulletin board•zipped and delivered as an executablethen other programs get infected
This is how viruses spread
HOW VIRUS SPREAD?
How to prevent virus?•Run a secure operating system like UNIX or Windows NT
security features keep viruses away
•Buy virus protection software
•Avoid programs from unknown sources (like the Internet)
•Stick with commercial software purchased on CDs
•With E-mail viruses
Never double-click on an attachment that contains an
executable program
Attachments that come in as Word files (.DOC),
spreadsheets (.XLS), images (.GIF and .JPG), etc., are data
files and they can do no damage
How viruses get into computers ?The four most common virus infections come from:
• File – A virus type that infects existing files on the computer
(~40%)
• Macro – A virus that runs as a macro in a host application such as
the MS Office applications (~20%)
• VBScript – A virus that uses Windows Visual Basic Script
functionality (~10%)
• Internet Worm – A virus that is primarily characterized by it’s
replication across the Internet (~20%)
• The life cycle of a virus A virus enters the system passively, through an activity of the operator (inserting an infected disk, opening an infected mail attachment).
• A virus has to be compatible with the system to gain a foothold.
• A virus replicates at the cost of computer speed. Damage causes loss or inaccessibility of files, and sometimes loss of the complete hard disk.
• Transfer to the next computer can occur automatically when computers are interconnected, or requires human activity such as sharing of diskettes. Entry Foothold Replication & Damage Transfer to next host
The life cycle of a virus :
ANTIVIRUSAntivirus software is a computer program that
detects, prevents, and takes action to disarm or remove malicious software programs, such as
viruses and worms.
TOP 5 ANTI VIRUS SOFTWARESMCAFEE VIRUS SCAN AVG ANTIVIRUS ACTIVE VIRUS SHIELD ESET NOD 32 AVIRA ANTI VIRUS
ACTIVITY
Find the name of any two
antivirus softwares with their
description.
HOW ANTIVIRUS WORKS?
There are several methods which antivirus software can use to identify malware:
•Signature based detection is the most common method. To identify viruses
and other malware, antivirus software compares the contents of a file to a
did of virus signatures. Because viruses can embed themselves in existing
files, the entire file is searched, not just as a whole, but also in pieces.
•Heuristic-based detection, like malicious activity detection, can be used to
identify unknown viruses.
•File emulation is another heuristic approach. File emulation involves
executing a program in a virtual environment and logging what actions the
program performs. Depending on the actions logged, the antivirus software
can determine if the program is malicious or not and then carry out the
appropriate disinfection actions
Recommended