computer virus and worms

7/31/2019 Computer Virus and Worms

1/28

SEMINAR ONSEMINAR ONCOMPUTER VIRUSCOMPUTER VIRUS

& WORMS& WORMS

reparedy :


2/28

SEMINAR ONSEMINAR ON

COMPUTER VIRUS &COMPUTER VIRUS &

WORMSWORMS

Scmpoo.exeMUKULOVING.EXE


3/28

ComputerComputer

VirusesViruses


4/28

IntroductionIntroduction

Computer virus haveComputer virus havebecome todays headlinebecome todays headline

newsnews With the increasing use ofWith the increasing use of

the Internet, it has becomethe Internet, it has becomeeasier for virus to spreadeasier for virus to spread

Virus show us loopholes inVirus show us loopholes insoftwaresoftware

Most virus are targeted atMost virus are targeted atthe MS Windows OSthe MS Windows OS


5/28

What is a virus?What is a virus?

Virus is vital Information&Virus is vital Information&

Resource under seize. A computerResource under seize. A computervirus is basically a programvirus is basically a program

written for destructive purpose. Itwritten for destructive purpose. It

is written in such a way that it canis written in such a way that it can

enter the computer without theenter the computer without the

knowledge of the machine or theknowledge of the machine or the

user. It is enters the machineuser. It is enters the machine

through an infected floppy or athrough an infected floppy or a

program. It has the capacity toprogram. It has the capacity to

make perfect copies of itself andmake perfect copies of itself andcause abnormal functioning of thecause abnormal functioning of the

machine.machine.


6/28


7/28

OverviewOverview

BackgroundBackground

SymptomsSymptoms

Classifying VirusesClassifying Viruses

ExamplesExamples

Protection/PreventionProtection/Prevention

ConclusionConclusion


8/28

BackgroundBackground

There are estimated 30,000There are estimated 30,000

computer viruses in existencecomputer viruses in existence

Over 300 new ones are createdOver 300 new ones are created

each montheach month

First virus was created to showFirst virus was created to show

loopholes in softwareloopholes in software


9/28

Virus LanguagesVirus Languages

ANSI COBOLANSI COBOL

C/C++C/C++ PascalPascal

VBAVBA

Unix Shell ScriptsUnix Shell ScriptsJavaScriptJavaScript

Basically any languageBasically any language

that works on thethat works on thesystem that is thesystem that is the

targettarget


10/28

Symptoms ofSymptoms of

Virus AttackVirus Attack Computer runs slowerComputer runs slower

then usualthen usual Computer no longerComputer no longer

boots upboots up Screen sometimesScreen sometimes

flickerflicker PC speaker beepsPC speaker beeps

periodicallyperiodically

System crashes for noSystem crashes for noreasonreason Files/directoriesFiles/directories

sometimes disappearsometimes disappear Denial of Service (DoS)Denial of Service (DoS)


11/28

Virus through theVirus through the

InternetInternet Today almost 87% of allToday almost 87% of all

viruses are spreadviruses are spread

through the internetthrough the internet(source: ZDNet)(source: ZDNet)

Transmission time to aTransmission time to a

new host is relativelynew host is relativelylow, on the order oflow, on the order of

hours todayhours today

Latent virusLatent virus


12/28

Classifying VirusClassifying Virus

- Types- Types

Trojan HorseTrojan Horse

WormWorm MacroMacro


13/28


Back OrificeBack Orifice

Discovery Date:Discovery Date:10/15/199810/15/1998

Origin:Origin: Pro-hackerPro-hacker

WebsiteWebsite

Length:Length: 124,928124,928

Type:Type: TrojanTrojan

SubType:SubType: RemoteRemote

AccessAccessRisk Assessment:Risk Assessment: LowLow

Category:Category: StealthStealth


14/28


About Back OrificeAbout Back Orifice requires Windows to workrequires Windows to work distributed by Cult of thedistributed by Cult of the

Dead CowDead Cow similar to PC Anywhere,similar to PC Anywhere,

Carbon Copy softwareCarbon Copy software

allows remote access andallows remote access andcontrol of other computerscontrol of other computers

install a reference in theinstall a reference in theregistryregistry

once infected, runs in theonce infected, runs in thebackgroundbackground by default uses UDP portby default uses UDP port

5432054320

TCP portTCP port5432154321


15/28

WormsWorms

Spread over networkSpread over network

connectionconnection

Worms replicateWorms replicate First worm released onFirst worm released on

the Internet was calledthe Internet was called

Morris worm, it wasMorris worm, it wasreleased on Nov 2,released on Nov 2,

1988.1988.


16/28

WormsWorms

BubbleboyBubbleboy

Discovery Date:Discovery Date:

11/8/199911/8/1999

Origin:Origin: Argentina (?)Argentina (?)

Length:Length: 49924992

Type:Type:Worm/MacroWorm/Macro

SubType:SubType: VbScriptVbScript

Risk Assessment:Risk Assessment: LowLowCategory:Category:

Stealth/CompanionStealth/Companion


17/28

WormsWorms

BubbleboyBubbleboy requires WSLrequires WSL

(windows scripting(windows scriptinglanguage), Outlook orlanguage), Outlook orOutlook Express, andOutlook Express, andIE5IE5

Does not work inDoes not work inWindows NTWindows NT

Effects Spanish andEffects Spanish and

English version ofEnglish version ofWindowsWindows

2 variants have been2 variants have been

identifiedidentified

Is a latent virus onIs a latent virus on


18/28

WormsWorms

How Bubbleboy worksHow Bubbleboy works

Bubbleboy isBubbleboy isembedded within anembedded within an

email message ofemail message of

HTML format.HTML format. a VbScript while thea VbScript while the

user views a HTMLuser views a HTML

pagepage

a file nameda file named

Update.hta isUpdate.hta is

placed in the start upplaced in the start up

directorydirectory


19/28

MacroMacro

Specific to certainSpecific to certainapplicationsapplications

Comprise a high percentage ofComprise a high percentage ofthe virusesthe viruses

Usually made in WordBasic andUsually made in WordBasic andVisual Basic for ApplicationsVisual Basic for Applications

(VBA)(VBA) Microsoft shipped Concept,Microsoft shipped Concept,

the first macro virus, on a CDthe first macro virus, on a CDROM called "Windows 95ROM called "Windows 95

Software Compatibility Test" inSoftware Compatibility Test" in19951995


20/28

MacroMacro

MelissaMelissa

Discovery Date:Discovery Date: 3/26/19993/26/1999

Origin:Origin: NewsgroupNewsgroupPostingPosting

Length:Length: variesvaries

depending on variantdepending on variantType:Type: Macro/WormMacro/Worm

Subtype:Subtype: MacroMacro

Risk Assessment:Risk Assessment: HighHighCategory:Category: CompanionCompanion


21/28

Protection/PreveProtection/Preve

ntionntion

KnowledgeKnowledge

Proper configurationsProper configurations

Run only necessaryRun only necessary

programsprograms Anti-virus softwareAnti-virus software


22/28

PREVANTION OFPREVANTION OF

VIRUS ATTACK:VIRUS ATTACK: The following precaution should beThe following precaution should be

taken to prevent the entry of virus intaken to prevent the entry of virus into a machineto a machine

Avoid booting the machine with aAvoid booting the machine with afloppy i.e. from A drive.floppy i.e. from A drive.

If it is required to boot from floppyIf it is required to boot from floppyuse a known floppy that is virus freeuse a known floppy that is virus free

and with a write protect .and with a write protect . Write protect disk when using it onWrite protect disk when using it on

unknown machine. No program andunknown machine. No program andhence virus can infect a floppyhence virus can infect a floppy

that is write protected the floppythat is write protected the floppy

disk controller and drive mechanismdisk controller and drive mechanismof a properly working diskof a properly working disk drivedrivedoes not allow to write on to a writedoes not allow to write on to a writeprotected floppy.protected floppy.


23/28

Never use software that is notNever use software that is notoriginal or doe not come from aoriginal or doe not come from a

authorizedauthorized dealer .The chancedealer .The chance

that the pirated software may bethat the pirated software may be

infected areinfected are highhigh If it is necessary to use borrowedIf it is necessary to use borrowed

software (As long as it is notsoftware (As long as it is not

illegal)illegal) scan it for being virusscan it for being virus

free.free.


24/28

Antivirus:Antivirus:

The Antivirus softwares areThe Antivirus softwares are

used to scan and removeused to scan and remove

viruses. To protect the systemviruses. To protect the system

with the dangerous viruses onewith the dangerous viruses oneshould keep any antivirusshould keep any antivirus

software in the system. Itsoftware in the system. It

always take care of the virusalways take care of the virus

and when a virus is intended toand when a virus is intended toenter in the system theenter in the system the

antivirus activates and alert theantivirus activates and alert the

user about the virus. It asks theuser about the virus. It asks the

user either to remove or repairuser either to remove or repair

the viruses.the viruses.


25/28

Some of popularSome of popularAntivirusAntivirussoftware's are assoftware's are as

followsfollows ::Norton AntivirusNorton AntivirusAVGAVG

PC CILINPC CILIN

McAfeeMcAfee

NashotNashot

Smartdog.Smartdog.

Vaccine.Vaccine.QuickHillQuickHill


26/28

ConclusionConclusion

You know know moreYou know know more

about virus and how:about virus and how:

viruses work throughviruses work throughyour systemyour system

to make a better virusto make a better virus

Have seen how virusesHave seen how virusesshow us a loophole inshow us a loophole in

popular softwarepopular software

Most viruses show thatMost viruses show thattheythey cancan cause greatcause great

damage due todamage due to

loopholes inloopholes in

programmingprogramming


27/28

THANKSTHANKS


28/28

computer virus and worms

Documents