Upload
ricky-marquez-flores
View
219
Download
0
Embed Size (px)
Citation preview
8/22/2019 Virus Antivirus - Ingles
1/44
Computer
Worms & Viruses
ERICA SANTIAGO
ASHLEY GUY
DAVID HOLLAND
ASHLEY WHITE
JESSICA PUETTNER
8/22/2019 Virus Antivirus - Ingles
2/44
Viruses
By: Erica Santiago
8/22/2019 Virus Antivirus - Ingles
3/44
What is a Virus?
a virus is software that spreads from
program to program, or from disk todisk, and uses each infected program ordisk to make copies of itself. basically
computer sabotage.
8/22/2019 Virus Antivirus - Ingles
4/44
The History of the Virus
the term comes from biology. acomputer virus reproduces by making,possibly modified, copies of itself in thecomputers memory, storage, or over anetwork. similar to the way a biological
virus would work. the very first virus to be created outsidethe single computer or lab was theprogram called "Elk Cloner. it waswritten by Rich Skrenta in 1982. thevirus attached itself to the Apple DOS3.3 operating system and spreadthrough floppy disk. the virus wasoriginally a joke, created by a highschool student and put onto a game.the 50th time someone played thegame, the virus would be released. soinstead of playing the game, the user
saw a blank screen that read a poemabout the virus named Elk Cloner.
8/22/2019 Virus Antivirus - Ingles
5/44
How does aVirusSpread?
first a programmer writes the virus most oftenbeing attached to a normal program;
unknown to the user, the virus spreads toother software. then the virus is passed bydisk or network to other users who use othercomputers. the virus then remains dormant
as it is passed on.The Internet
8/22/2019 Virus Antivirus - Ingles
6/44
The types of Viruses
the way viruses are usually categorized is bywhat they do.
the boot virus which infects the boot sector of disk storage
the program virus which infects the executable programs the multipartite virus which is a combination of the boot and
program virus the stealth virus which is able avoid detection by a variety of
means such as removing itself from the system registry, ormasquerading as a system file
the parasitic virus which embeds itself into another file orprogram such that the original file is still viable
the polymorphic virus which changes its code structure to avoiddetection and removal
the macro virus which exploits the macro language of a programlike Microsoft Word or Excel.
8/22/2019 Virus Antivirus - Ingles
7/44
Protect Yourselves run a more secure operating
system like UNIX, anothercomputer operating system inwhich you never hear aboutviruses on these operatingsystems because the of the
security features if you are using an unsecured
operating system, you can buyvirus protection software likeMcAfee or Norton AntiVirus
to help avoid viruses, its very
important that your computer iscurrent with the latest updateand antivirus tools, try to stayinformed with recent threatsabout viruses and that you becareful when surfing the Internet,downloading files and openingattachments
8/22/2019 Virus Antivirus - Ingles
8/44
Worms
By: Ashley Guy
8/22/2019 Virus Antivirus - Ingles
9/44
Worms 101 worms have been around since 1988. a computer worm is very similar to that of a normal
computer virus. unlike a virus though, the worm is a program that can
copy itself across a network and it can run on itself. a worm also has a unique feature in the sense itdoesnt have to have a host program in order to run.
a worm works by copying itself into nodes or networkterminals which does not require any intervention
from the user itself worms began to take off in the late 90s and early2000s.
these modern worms ran themselves through theinternet and many file sharing programs such as
KaZaa, a music file-sharing program.
8/22/2019 Virus Antivirus - Ingles
10/44
Types of Worms
the email worm the email worm spreads itself through email
the worm can hide itself in messages as a link or anattachment that will redirect the user to an infected website.
many users become victims to this particular worm due totheir vulnerability and willingness to read and openmessages that they think could be interesting.
the Instant Messaging worm
this worm masks itself in the form of an IM with thecontents of a link that will redirect the user to an infectedwebsite and then try to gain full access of the machine.
8/22/2019 Virus Antivirus - Ingles
11/44
Protect Yourselves
even though it seems impossible to not catch aworm, its not.
one of the best things a computer owner can do is
install and run anti-virus software, especially the kindthat updates automatically. anti-virus software will notify the user when a virus or worm
is found and prevent it from running and/or copying itself.
other precautions:
choosing secure passwords and changing them regularly not opening unfamiliar emails or attachments and most
importantly not running or copying software from anunsecured website.
8/22/2019 Virus Antivirus - Ingles
12/44
Virusesvs.Worms
spreads from programto program, or from diskto disk
uses each infectedprogram or disk to makecopies of itself
computer sabotage
destroys data or erasesdisks
operating systemspecific
uses computer hosts toreproduce themselves
travel independently
over computer networks
software sabotage
resides in memoryrather on disk
puts computers at astandstill
8/22/2019 Virus Antivirus - Ingles
13/44
AntiVirus Software
By: David Holland
8/22/2019 Virus Antivirus - Ingles
14/44
What is AntiVirus Software?
computer programs intended to identify
and eliminate computer viruses.
8/22/2019 Virus Antivirus - Ingles
15/44
The Best Defense
this years best defense against computer viruses, spyware,hackers and spam is an antivirus program called BitDefender.
has a user-friendly interface that scans all existing files on yourcomputer, all incoming and outgoing emails, and even IMtransfers.
features include privacy protection and web scanning forinternet use. a years subscription is about $24.99.
8/22/2019 Virus Antivirus - Ingles
16/44
NAV
the most widely used software is the Norton AntiVirus. (NAV) since its release in 1990, over 100 million people around the
world have used it.
its a free program but in order to receive live updates, a validsubscription is needed.
a yearly subscription is only $29.99.
8/22/2019 Virus Antivirus - Ingles
17/44
McAfee
McAfee VirusScan is another popular antivirus program.
its designed for home and home-office use.
its used specifically on a Microsoft Windows platform. the 2007 edition includes a number of features including on
access file sharing, inbound and outbound firewall protection,and daily definition updates.
8/22/2019 Virus Antivirus - Ingles
18/44
Sophos
Sophos AntiVirus is an antivirus and anti-spyware program thatis primarily aimed at corporate environments or businesses.
includes a number of security tools and advice.
also includes 24/7 support including upgrade alerts.
8/22/2019 Virus Antivirus - Ingles
19/44
Kasperski
for the average home user and advanced users the Kasperskiantivirus software has an easy to use interface.
the program uses 3 tabs for protection, settings and support.
it updates itself on an hourly basis and is one of the fastestantivirus programs available.
however, quality comes at a price and year subscription is$49.99.
8/22/2019 Virus Antivirus - Ingles
20/44
Antivirus software:How it works
By: Ashley White
8/22/2019 Virus Antivirus - Ingles
21/44
Antivirus software is the equivalent to
penicillin of the computer world.
like penicillin, antivirus applications act as aguard over your system, scanning incomingfiles and applications, quarantining or
cleaning up unwanted viruses looking tocause harm to your system
antivirus software is considered to be an aid
that detects, fixes and even prevents virusesand worms from spreading to your computeras well as connecting computers.
8/22/2019 Virus Antivirus - Ingles
22/44
Why is software an issue?
some antivirus software can considerablyreduce performance
there should not be more than one antivirussoftware installed on a single computer at anygiven time
its sometimes necessary to temporarily
disable virus protection when installing majorupdates
some argue that antivirus software often
delivers more pain than value to end users
8/22/2019 Virus Antivirus - Ingles
23/44
Two main types
there are different types of antivirussoftware for different computers
some are designed for personalcomputers
some are for servers and others forenterprises
there are mainly two types of antivirussoftware: specific and generic
8/22/2019 Virus Antivirus - Ingles
24/44
Specific Scanning
specific scanning or signature detection
the application scans files to look for knownviruses matching definitions in a virusdictionary
when the antivirus looks at a file it refers to adictionary of known viruses and matches apiece of code (specific patterns of bytes) fromthe new file to the dictionary.
8/22/2019 Virus Antivirus - Ingles
25/44
Specific scanning cont..
after recognizing the malicious softwarethe antivirus software can take one of
the following actions: (1): attempt to repair the file by
removing the virus itself from the file
(2): quarantine the file (3): or delete the file completely
8/22/2019 Virus Antivirus - Ingles
26/44
Specific Scanning cont
however, specific scanning is not always
reliable because virus authors are creatingnew ways of disguising their viruses so theantivirus software does not match the virus
signature to the virus dictionary.
8/22/2019 Virus Antivirus - Ingles
27/44
Generic Scanning
generic scanning is also referred to asthe suspicious behavior approach.
generic Scanning is used when newviruses appear.
in this method the software does not
look for a specific signature but insteadmonitors the behavior of all applications.
8/22/2019 Virus Antivirus - Ingles
28/44
Generic Scanning cont
if anything questionable is found by thesoftware the application is quarantined
and a warning is broadcasted to theuser about what the program may betrying to do.
if the software is found to be a virus theuser can send it to a virus vendor.
8/22/2019 Virus Antivirus - Ingles
29/44
Generic Scanning cont
there, researchers examine it,determine its signature, name and
catalogue it and release antivirussoftware to stop its spread.
if the virus never reappears the vendors
categorize the virus as dormant.
8/22/2019 Virus Antivirus - Ingles
30/44
Two other approaches
heuristic analysis
another form of generic scanning
the sandbox method
8/22/2019 Virus Antivirus - Ingles
31/44
Another Approach heuristic analysis
in the heuristic method the software, for example, could try toemulate the beginning of the code of each new executable thatthe system invokes before transferring control to that executable.if the program attempts to use self-modifying code or appears tobe a virus, its assumed that the virus has infected the
executable. in this method there are a lot of false positives.
sandbox method when an antivirus program will take suspicious code and run it in
a virtual machine to see the purpose of the code and exactlyhow the code works. after the program has terminated, thesoftware analyzes the sandbox for any changes, which couldindicate a virus.
8/22/2019 Virus Antivirus - Ingles
32/44
Heuristic Analysis
software tries to emulate the beginning of thecode of each new executable that the systeminvokes before transferring control to thatexecutable.
if the program attempts to use self-modifyingcode or appears to be a virus, its assumed
the virus has infected the executable. there are many false positives in this
approach.
8/22/2019 Virus Antivirus - Ingles
33/44
Sandboxing
in this approach an antivirus programwill take suspicious code and run it in a
virtual machine to see the purpose ofthe code and exactly how the codeworks.
after the program is terminated thesoftware analyzes the sandbox for anychanges, which might indicate a virus.
8/22/2019 Virus Antivirus - Ingles
34/44
Specific worms & virus attacks
By: Jessica Puettner
8/22/2019 Virus Antivirus - Ingles
35/44
The Macro Virus
one of the most common viruses is a macro virus,which is usually contracted through emails.
macro viruses attach themselves to a document
usually created in one of the applications in MicrosoftOffice.
when one of these infected documents is sentthrough an email.
it infects the computer by getting into an email
account and reproducing itself by sending it to all thepeople in that persons email address list.
8/22/2019 Virus Antivirus - Ingles
36/44
The Melissa Virus
one of the biggest virus incidents was the Melissavirus in 1999.
this was a macro virus that was built into a MicrosoftWord document and in it was a list of different
pornography websites. what the user did not know was the fact that when he
or she opened the document the virus went straightto Microsoft Outlook and sent the same email to thefirst 50 addresses in their address book.
it was not a destructive virus and there was not reallyany damage done to any computers. the man whocreated the virus got fined $5,000 and got sentencedto 20 months in prison.
8/22/2019 Virus Antivirus - Ingles
37/44
The Aftermath
after the Melissa virus, the door for many wasopened to new viruses.
one of them was Chernobyl. Unlike Melissa,
this one was destructive and infected over600,000 computers all over the world. Chernobyl infected 300,000 computers in
South Korea and it cost about $250 million indamages.
in the Philippines, a virus now known as theLove Bug infected their computer systemsand cost them billions of dollars in damages
8/22/2019 Virus Antivirus - Ingles
38/44
The Boot Virus
boot viruses are viruses that infect either the floppydisk boot records or the master boot records in harddisks.
most of the time what happens is the virus overwrites
the boot record program and this is a problembecause the boot record program is what loads theoperating system.
boot viruses often load into the memory of thecomputer while the disk is in use because the virus is
there instead of the operating systems program. some examples of these types of viruses would be
Disk Killer or Stone virus.
8/22/2019 Virus Antivirus - Ingles
39/44
The Program Virus
program viruses are viruses that attack theexecutable program files.
the files it infects are .bin, .com, .exe, .ovl,
.drv, or .sys. these kinds of viruses are loaded onto the
computer when the file is being downloaded. once the infected program is loaded then the
virus starts making copies of itself. examples of these would be Sunday orCascade.
8/22/2019 Virus Antivirus - Ingles
40/44
The Stealth Virus
stealth viruses are very tricky viruses.
they usually are very hard to detect
because they take up exactly theamount of space as the program shouldso it is very hard to discover the virusbecause it is so well hidden.
an example of this kind of virus wouldbe the Whale virus.
8/22/2019 Virus Antivirus - Ingles
41/44
The Polymorphic Virus
polymorphic viruses are also very hardto detect.
this virus can actually use an encryptedcode so it looks like a different virusevery time.
different examples of this type of viruswould be Stimulate or Phoenix.
8/22/2019 Virus Antivirus - Ingles
42/44
Worms Attack
the first major worm was in 1988 when a student atCornell made an experiment that accidentally gotonto the Internet.
this worm caused 6,000 computers all over the
United States to freeze. all the infected computershad to be shut off and the worm had to beterminated.
there was no really money damage but there was alot of lost time at different research institutions.
one of the most damaging worms in history is namedCode Red in 2001.
more than 359,000 computers all over the world wereinfected with this worm in less than 14 hours.
the estimate cost of damages due to the worm was
about $2.6 billion.
8/22/2019 Virus Antivirus - Ingles
43/44
Types of Worms
a few different types of worms are emailing worms, instantmessaging worms, internet worms and file-sharing networksworms. emailing worms are those in the attachments that are
sometimes sent with emails. instant messaging worms usually infect a computer when an
infected link is sent to a person and they open it. these alsoget into computers and automatically send to most if not allof the people on your buddy list.
internet worms usually scan different computers and try toget into their systems. a lot of times they will try and be
downloaded onto the computer by sending a request to bedownloaded.
file-sharing networks worms usually copy itself in a sharedfile under a name that is not suspicious and will start to infectthe computer as well as those in the same network.
8/22/2019 Virus Antivirus - Ingles
44/44
Conclusion
Computer viruses and worms can so easilybe placed into your work station so you mustbe careful when going on the internet,opening emails from unknown users, makesure you have some kind of anti-virussoftware and always get updates so that you
arent helping to spread viruses and worms toother people as well as harming yourself andyour pocket.