8/7/2019 Virus & Antivirus general presentataion
1/29
LOVELY PROFESSIONAL UNIVERSITY
Compiled By :
Puneet GoyalPuneet Goyal
B.Tech (CSE)B.Tech (CSE)
RG1901B45RG1901B45
February, 2011
8/7/2019 Virus & Antivirus general presentataion
2/29
LOVELY PROFESSIONAL UNIVERSITY
What is a VirusWhat is a Virus ??
A virus is just a computer program. LikeA virus is just a computer program. Like
any other program, it containsany other program, it contains
instructions that tell your computer whatinstructions that tell your computer what
to do.to do.
But unlike an application, a virus usuallyBut unlike an application, a virus usually
tells your computer to do something youtells your computer to do something you
don't want it to do, and it can usuallydon't want it to do, and it can usuallyspread itself to other files on yourspread itself to other files on your
computercomputer ---- and other people'sand other people's
computers.computers.
8/7/2019 Virus & Antivirus general presentataion
3/29
LOVELY PROFESSIONAL UNIVERSITY
InIn somesome cases,cases, aa virusvirus willwill executeexecute
onlyonly aa gentlegentle "personality"personality quirk,"quirk,"suchsuch asas causingcausing youryour computercomputer toto
makemake seeminglyseemingly randomrandom bleepsbleeps..
ButBut aa virusvirus cancan bebe veryvery destructivedestructive;; itit
couldcould formatformat youryour hardhard drive,drive,
overwriteoverwrite youryour hardhard drivedrive bootboot sector,sector,oror deletedelete filesfiles andand renderrender youryour
machinemachine inoperableinoperable..
8/7/2019 Virus & Antivirus general presentataion
4/29
LOVELY PROFESSIONAL UNIVERSITY
General virus typesGeneral virus types
WhileWhile therethere areare thousandsthousands ofof
variationsvariations ofof viruses,viruses, mostmost fallfall
intointo oneone ofof thethe followingfollowing generalgeneral
categories,categories, eacheach ofof whichwhich worksworks
slightlyslightly differentlydifferently..
8/7/2019 Virus & Antivirus general presentataion
5/29
General virus typesGeneral virus typesBOOT SECTOR VIRUSBOOT SECTOR VIRUS
MACRO VIRUSMACRO VIRUS
MULTIPARTITE VIRUSMULTIPARTITE VIRUS
POLYMORPHIC VIRUSPOLYMORPHIC VIRUS
STEATH VIRUSSTEATH VIRUS
EE--MAIL VIRUSESMAIL VIRUSES
WORMSWORMS
TROJAN HORSESTROJAN HORSES
8/7/2019 Virus & Antivirus general presentataion
6/29
LOVELY PROFESSIONAL UNIVERSITY
BootBoot SectorSector VirusVirus::
ReplacesReplaces oror implantsimplants itselfitself inin
thethe bootboot sectorsector.. ThisThis kindkind ofofvirusvirus cancan preventprevent youyou fromfrom
beingbeing ableable toto bootboot youryour hardhard
diskdisk..
8/7/2019 Virus & Antivirus general presentataion
7/29
LOVELY PROFESSIONAL UNIVERSITY
MacroMacro VirusVirus::WrittenWritten usingusing aa simplifiedsimplified macromacroprogrammingprogramming language,language, thesethese virusesviruses
affectaffect MicrosoftMicrosoft OfficeOffice applications,applications,
suchsuch asas WordWord andand ExcelExcel.. AA documentdocumentinfectedinfected withwith aa macromacro virusvirus generallygenerally
modifiesmodifies aa prepre--existing,existing, commonlycommonly usedused
commandcommand (such(such asas Save)Save) toto triggertrigger itsits
payloadpayload uponupon executionexecution ofof thatthat
commandcommand..
8/7/2019 Virus & Antivirus general presentataion
8/29
LOVELY PROFESSIONAL UNIVERSITY
MultipartiteMultipartite VirusVirusInfectsInfects bothboth filesfiles andand thethe bootboot
sectorsector---- aa doubledouble whammywhammy thatthat
cancan reinfectreinfect youryour systemsystem dozensdozens ofof
timestimes beforebefore it'sit's caughtcaught..
8/7/2019 Virus & Antivirus general presentataion
9/29
LOVELY PROFESSIONAL UNIVERSITY
Polymorphic VirusPolymorphic Virus::
ChangesChanges codecode wheneverwhenever ititpassespasses toto anotheranother machinemachine..
8/7/2019 Virus & Antivirus general presentataion
10/29
LOVELY PROFESSIONAL UNIVERSITY
StealthStealth VirusVirus::
hideshides itsits presencepresence byby
makingmaking anan infectedinfected filefile
notnot appearappear infectedinfected
8/7/2019 Virus & Antivirus general presentataion
11/29
LOVELY PROFESSIONAL UNIVERSITY
EE--mailmail virusesviruses::AnAn ee--mailmail virusvirus movesmoves aroundaround
inin ee--mailmail messages,messages, andand
usuallyusually replicatesreplicates itselfitself byby
automaticallyautomatically mailingmailing itselfitself toto
dozensdozens ofof peoplepeople inin thethe victim'svictim'see--mailmail addressaddress bookbook..
8/7/2019 Virus & Antivirus general presentataion
12/29
LOVELY PROFESSIONAL UNIVERSITY
WormsWorms::AA wormworm isis aa computercomputer programprogram thatthathashas thethe abilityability toto copycopy itselfitself fromfrom
machinemachine toto machinemachine.. WormsWorms
normallynormally movemove aroundaround andand infectinfect
otherother machinesmachines throughthrough computercomputer
networksnetworks.. WormsWorms eateat upup storagestorage
spacespace andand slowsslows downdown thethe computercomputer..
ButBut wormsworms don'tdon't alteralter oror deletedelete filesfiles..
8/7/2019 Virus & Antivirus general presentataion
13/29
LOVELY PROFESSIONAL UNIVERSITY
Trojan horsesTrojan horses ::AA TrojanTrojan horsehorse isis simplysimply aa
computercomputer programprogram thatthat claimsclaims
toto dodo oneone thingthing (it(it maymay claimclaim totobebe aa game)game) butbut insteadinstead doesdoes
damagedamage whenwhen youyou runrun itit (it(it
maymay eraseerase youryour hardhard disk)disk)..
8/7/2019 Virus & Antivirus general presentataion
14/29
LOVELY PROFESSIONAL UNIVERSITY
WhenWhen loadedloaded ontoonto youryour machine,machine, aa
TrojanTrojan horsehorse cancan capturecaptureinformationinformation fromfrom youryour systemsystem ----
suchsuch asas useruser namesnames andand passwordspasswords
oror couldcould allowallow aa maliciousmalicious hackerhacker
toto remotelyremotely controlcontrol youryour
computercomputer..
TrojanTrojan horseshorses havehave nono wayway toto
replicatereplicate automaticallyautomatically..
8/7/2019 Virus & Antivirus general presentataion
15/29
LOVELY PROFESSIONAL UNIVERSITY
Origins of Viruses :Origins of Viruses :
PPeopleeople createcreate virusesviruses.. AA personperson hashas totowritewrite thethe code,code, testtest itit toto makemake suresure itit
spreadsspreads properlyproperly andand thenthen releaserelease thethe
virusvirus.. AA personperson alsoalso designsdesigns thethe virus'svirus's
attackattack phase,phase, whetherwhether it'sit's aa sillysilly
messagemessage oror destructiondestruction ofof aa hardhard diskdisk..
InIn mostmost ofof thethe casescases peoplepeople createcreate virusesviruses
justjust forfor thethe thrillthrill oror funfun..
8/7/2019 Virus & Antivirus general presentataion
16/29
LOVELY PROFESSIONAL UNIVERSITY
HowHow TheyThey SpreadSpread ??EarlyEarly virusesviruses werewere piecespieces ofof codecode attachedattached
toto aa commoncommon programprogram likelike aa popularpopular gamegame
oror aa popularpopular wordword processorprocessor.. AA personperson
mightmight downloaddownload anan infectedinfected gamegame fromfrom thethe
internetinternet oror copycopy itit fromfrom aa floppyfloppy diskdisk andand
runrun itit.. AA virusvirus likelike thisthis isis aa smallsmall piecepiece ofof
codecode embeddedembedded inin aa larger,larger, legitimatelegitimate
programprogram.. AnyAny virusvirus isis designeddesigned toto runrun firstfirst
whenwhen thethe legitimatelegitimate programprogram getsgets
executedexecuted..
8/7/2019 Virus & Antivirus general presentataion
17/29
LOVELY PROFESSIONAL UNIVERSITY
TheThe virusvirus loadsloads itselfitself intointo memorymemory andand lookslooks
aroundaround toto seesee ifif itit cancan findfind anyany otherother programsprograms
onon thethe diskdisk.. IfIf itit cancan findfind one,one, itit modifiesmodifies itit toto
addadd thethe virus'svirus's codecode toto thethe unsuspectingunsuspecting
programprogram.. ThenThen thethe virusvirus launcheslaunches thethe "real"real
programprogram.."" TheThe useruser reallyreally hashas nono wayway toto knowknowthatthat thethe virusvirus everever ranran.. Unfortunately,Unfortunately, thethe
virusvirus hashas nownow reproducedreproduced itself,itself, soso twotwo
programsprograms areare infectedinfected.. TheThe nextnext timetime eithereither ofofthosethose programsprograms getsgets executed,executed, theythey infectinfect otherother
programs,programs, andand thethe cyclecycle continuescontinues..
8/7/2019 Virus & Antivirus general presentataion
18/29
LOVELY PROFESSIONAL UNIVERSITY
IfIf oneone ofof thethe infectedinfected programsprograms isis givengiventoto anotheranother personperson onon aa floppyfloppy disk,disk, oror ifif
itit isis uploadeduploaded toto internet,internet, thenthen otherother
programsprograms getget infectedinfected..
ThisThis isis howhow thethe virusvirus spreadsspreads..
8/7/2019 Virus & Antivirus general presentataion
19/29
LOVELY PROFESSIONAL UNIVERSITY
Run a secure operating system like UNIX orRun a secure operating system like UNIX or
Windows NT.Windows NT.
InstallInstall virusvirus protectionprotection softwaresoftware..
Avoid programs from unknown sources.Avoid programs from unknown sources.
Disable floppy disk bootingDisable floppy disk booting
Macro Virus Protection is enabled in allMacro Virus Protection is enabled in all
Microsoft applications.Microsoft applications.Never doubleNever double--click on an attachment thatclick on an attachment that
contains an executable that arrives as an econtains an executable that arrives as an e--
mail attachment.mail attachment.
Prevention is the best cure :Prevention is the best cure :
8/7/2019 Virus & Antivirus general presentataion
20/29
ANTIVIRUS PROTECTIONANTIVIRUS PROTECTION
SignatureSignature--based virus scanning in files,based virus scanning in files,
message bodies and attachmentsmessage bodies and attachments
Scanning of archived and compressed filesScanning of archived and compressed files
Scanning for unknown viruses usingScanning for unknown viruses using
analyzeranalyzer
Message rescanning for new viruses everyMessage rescanning for new viruses every
time antitime anti--virus databases are updated or onvirus databases are updated or on
scheduleschedule
PROTECTIVE ROTECTION: Detection andPROTECTIVE ROTECTION: Detection and
prevention of virus outbreaksprevention of virus outbreaks
8/7/2019 Virus & Antivirus general presentataion
21/29
LOVELY PROFESSIONAL UNIVERSITY
How antivirus software works :How antivirus software works :
ScanningScanning softwaresoftware lookslooks forfor aa virusvirus inin oneone ofoftwotwo waysways.. IfIf it'sit's aa knownknown virusvirus (one(one thatthat hashas
alreadyalready beenbeen detecteddetected inin thethe wildwild andand hashas anan
antidoteantidote writtenwritten forfor it)it) thethe softwaresoftware willwill looklookforfor thethe virus'svirus's signaturesignature ---- aa uniqueunique stringstring ofof
bytesbytes thatthat identifiesidentifies thethe virusvirus likelike aa fingerprintfingerprint
---- andand willwill zapzap itit fromfrom youryour systemsystem.. MostMost
scanningscanning softwaresoftware willwill catchcatch notnot onlyonly anan initialinitial
virusvirus butbut manymany ofof itsits variantsvariants asas well,well, sincesince thethe
signaturesignature codecode usuallyusually remainsremains intactintact..
8/7/2019 Virus & Antivirus general presentataion
22/29
LOVELY PROFESSIONAL UNIVERSITY
InIn thethe casecase ofof newnew virusesviruses forfor whichwhich nono antidoteantidote hashas
beenbeen created,created, scanningscanning softwaresoftware usesuses methodsmethods thatthat
looklook forfor unusualunusual virusvirus likelike activityactivity onon youryour systemsystem..
IfIf thethe programprogram seessees anyany funnyfunny business,business, itit
quarantinesquarantines thethe questionablequestionable programprogram andand
broadcastsbroadcasts aa warningwarning toto youyou aboutabout whatwhat thetheprogramprogram maymay bebe tryingtrying toto dodo (such(such asas modifymodify youryour
WindowsWindows Registry)Registry).. IfIf youyou andand thethe softwaresoftware thinkthink
thethe programprogram maymay bebe aa virus,virus, youyou cancan sendsend thethe
quarantinedquarantined filefile toto thethe antivirusantivirus vendor,vendor, wherewhereresearchersresearchers examineexamine it,it, determinedetermine itsits signature,signature,
namename andand catalogcatalog it,it, andand releaserelease itsits antidoteantidote.. It'sIt's
nownow aa knownknown virusvirus..
8/7/2019 Virus & Antivirus general presentataion
23/29
LOVELY PROFESSIONAL UNIVERSITY
IfIf thethe virusvirus nevernever appearsappears againagain ----
whichwhich oftenoften happenshappens whenwhen thethe virusvirus isistootoo poorlypoorly writtenwritten toto spreadspread ---- thenthen
vendorsvendors categorizecategorize thethe virusvirus asas
dormantdormant.. ButBut virusesviruses areare likelikeearthquakesearthquakes:: TheThe initialinitial outbreakoutbreak isis
usuallyusually followedfollowed byby aftershocksaftershocks..
VariantsVariants (copycat(copycat virusesviruses thatthat emergeemergeinin drovesdroves afterafter thethe initialinitial outbreak)outbreak)
makemake upup thethe bulkbulk ofof knownknown virusesviruses..
8/7/2019 Virus & Antivirus general presentataion
24/29
SOME COMMON ANTI_VIRUSESSOME COMMON ANTI_VIRUSES
ARE:ARE:
AVAST 5.0AVAST 5.0
AVG 9AVG 9
KASPERSKYKASPERSKYZONEALARMZONEALARM
PANDA INTERNET SECURITYPANDA INTERNET SECURITY
ESET NOD32ESET NOD32MACFEE ANTIVIRUSMACFEE ANTIVIRUS
8/7/2019 Virus & Antivirus general presentataion
25/29
LOVELY PROFESSIONAL UNIVERSITY
Practice safe computingPractice safe computing
TheThe bestbest wayway toto protectprotect yourselfyourself fromfrom virusesvirusesisis toto avoidavoid openingopening unexpectedunexpected ee--mailmail
attachmentsattachments andand downloadsdownloads fromfrom unreliableunreliable
sourcessources.. ResistResist thethe urgeurge toto doubledouble--clickclickeverythingeverything inin youryour mailboxmailbox.. IfIf youyou getget aa filefile
attachmentattachment andand youyou aren'taren't expectingexpecting one,one, ee--
mailmail thethe personperson whowho sentsent itit toto youyou beforebefore youyou
openopen thethe attachmentattachment.. AskAsk themthem ifif theythey meantmeanttoto sendsend youyou thethe file,file, whatwhat itit is,is, andand whatwhat itit
shouldshould dodo..
8/7/2019 Virus & Antivirus general presentataion
26/29
LOVELY PROFESSIONAL UNIVERSITY
ForFor addedadded safety,safety, youyou needneed toto installinstall
reliablereliable antivirusantivirus scanningscanning softwaresoftware andanddownloaddownload updatesupdates regularlyregularly.. MajorMajor
antivirusantivirus softwaresoftware vendors,vendors, includingincluding
Symantec,Symantec, NetworkNetwork Associates,Associates, ComputerComputerAssociates,Associates, andand TrendTrend Micro,Micro, provideprovide
regularregular updatesupdates.. (Computer(Computer Associates'Associates'
InoculateITInoculateIT isis alsoalso freefree..)) SomeSome ofof thethe
vendorsvendors alsoalso offeroffer aa serviceservice thatthat willwill
automaticallyautomatically retrieveretrieve updatesupdates forfor youyou
fromfrom thethe company'scompany's WebWeb sitesite..
8/7/2019 Virus & Antivirus general presentataion
27/29
LOVELY PROFESSIONAL UNIVERSITY
RegularRegular updatesupdates areare essentialessential..ResearchersResearchers atat ComputerComputer EconomicsEconomics
estimateestimate thatthat 3030 percentpercent ofof smallsmall
businessesbusinesses areare vulnerablevulnerable toto virusesviruseseithereither becausebecause theythey don'tdon't keepkeep theirtheir
virusvirus--scanningscanning softwaresoftware updatedupdated oror
becausebecause theythey don'tdon't installinstall itit correctlycorrectly..
8/7/2019 Virus & Antivirus general presentataion
28/29
Conclusion:Mostly I conclude updating our ANTIVIRUS is
important because viruses are increasing day by day.
First, understand how your anti-virus productworks. Then, start with a known-clean computer and
follow specific steps to assure good virus
detection/protection.
LOVELY PROFESSIONAL UNIVERSITY
8/7/2019 Virus & Antivirus general presentataion
29/29
LOVELY PROFESSIONAL UNIVERSITY
Recommended