Presentation is loading. Please wait.

Presentation is loading. Please wait.

By Thomas Pantone Cosc 380.  A virus is a type of malware that self replicates after being executed and inserts itself into other programs, data files,

Published byEsther Ward Modified over 8 years ago

Similar presentations

Presentation on theme: "By Thomas Pantone Cosc 380.  A virus is a type of malware that self replicates after being executed and inserts itself into other programs, data files,"— Presentation transcript:

1 By Thomas Pantone Cosc 380

2  A virus is a type of malware that self replicates after being executed and inserts itself into other programs, data files, and/or the boot sector of the hard disk  Upon Infection the virus performs malicious activities that include corrupting data, logging keystrokes, stealing personal and any number of other damaging actions.  The two key points of a computer virus are it is program that makes unauthorized changes to the system when it is executed and a virus will not do anything until the file is opened or executed.

3  10. Melissa: This virus rapidly spread due being from an email attachment that once run took over the victim’s email and sent copies of itself to everyone in the victim’s address book. This caused servers to crash from overload.  9. ILOVEYOU: This Virus is more of a worm but it is similar to Meilissa in it’s spread by email but this was more malignant. ILOVEYOU copied itself into the victim’s system, replaced files with copies of itself, downloaded another executable that stole the victim’s information and relayed it to the original hacker.  8.Klez Virus: This Virus spread via hijacking email address books bit it spread faster by spoofing changing the from field of the email to circumvent address blocking and trick victim’s with a trusted identity.  7.Code Red and Code II: Exploited an OS vulnerability in Windows 2000 and WindowNT, a buffer overflow issue which meant when the computers received more info than the buffers could handle the adjacent memory would be overwritten. Creating a backdoor to take over the system all part of a plan for a DDoS attack on the Whitehouse.  6.The Nimda worm created a backdoor into the victim's operating system. It allowed the person behind the attack to access the same level of functions as whatever account was logged into the machine currently. In other words, if a user with limited privileges activated the worm on a computer, the attacker would also have limited access to the computer's functions. On the other hand, if the victim was the administrator for the machine, the attacker would have full control.

4  5.SQL SLAMMER:The worm exploited the buffer overflow vulnerability in the Microsoft SQL server. It is a small piece of code that does little other than generate random IP addresses and send itself out to those addresses. If a selected address happens to belong to a host that is running an unpatched copy of Microsoft SQL Server Resolution Service, the host immediately becomes infected and begins spraying the Internet with more copies of the worm program. This caused server crashes and global internet slowdowns.  4. The MyDoom (or Novarg) virus is another worm that can create a backdoor in the victim computer's operating system. The original MyDoom virus -- there have been several variants -- had two triggers. One trigger caused the virus to begin a DoS attack starting Feb. 1, 2004. The second trigger commanded the virus to stop distributing itself on Feb. 12, 2004. Even after the virus stopped spreading, the backdoors created during the initial infections remained active. This also spread by spoofing emails  3. The Sasser worm attacked computers through a Microsoft Windows vulnerability. Unlike other worms, it didn't spread through e-mail. Instead, once the virus infected a computer, it looked for other vulnerable systems. It contacted those systems and instructed them to download the virus. The virus would scan random IP addresses to find potential victims. The virus also altered the victim's operating system in a way that made it difficult to shut down the computer without cutting off power to the system.  2.The Netsky virus moves through e-mails and Windows networks. It spoofs e-mail addresses and propagates through a 22,016-byte file attachment As it spreads, it can cause DoS attack as systems collapse while trying to handle all the Internet traffic. At one time, security experts at Sophos believed Netsky and its variants accounted for 25 percent of all computer viruses on the Internet

5  1. The Storm Worm is a Trojan horse program. Its payload is another program, though not always the same one. Some versions of the Storm Worm turn computers into zombies or bots. As computers become infected, they become vulnerable to remote control by the person behind the attack. Some hackers use the Storm Worm to create a botnet and use it to send spam mail across the Internet. Although the Storm Worm is widespread, it's not the most difficult virus to detect or remove from a computer system. If you keep your antivirus software up to date and remember to use caution when you receive e-mails from unfamiliar people or see strange links, you'll save yourself some major headaches.

6 There are Three main methods of Virus Detection  Signature Based Detection: This is the standard method used by anti-virus software, using a dictionary of virus/malware signatures each file is scanned in its entirety for a match if there is a match the software takes actions. The flaw of this method is viruses without definitions are undetectable by the software.  Heuristics: This method searches for Viruses using generic signatures to detect the various mutations of viruses and it can detect viral behaviors in files and respond to them. The issue with this method it takes time and is donw by the Anti-virus firm not the indvidual users.  Real Time Protection: This applies the above two methods in real time every time a file is opened/executed or new files enter the system.  Also according to Fredrick B. Cohen’s 1987 Demonstration there is no algorithm that can detect all possible viruses.

7  When an infected file is detected the anti-virus software quarantines the file before it spreads. Next it removes the file from the system and asks the user to shutdown and reboot the system. After the reboot the virus may still exist in the system which indicates it’s severity.  There are some viruses that are not detected until they have thoroughly corrupted the system. In this case they have taken control of the system, disabled the anti-virus, and generally ruining the system.  At this point the only course of action would be to completely wipe the system clean and reinstall the Operating System.

8  Vaccine is a colloquial term to describe the solution to a computer virus. Creating a vaccine involves analyzing a previously unknown virus using several methods.  Code Analysis which involves reading the machine code of the file without executing it to detect and malware behaviors. This method is limited by the complexity of the file as some are designed to counter this method.  Emulation which creates a virtual machine that can safely run portions of the file to determine the results without infecting the machine in use. This is faster than Code Analysis  Generic Signatures from preexisting viruses can be applied to newer ones as most new viruses are redesigns of older viruses completely new viruses are rare. Logically counter-measures to older versions could be applied to new versions.  Logically after finding solutions they are distributed to the clients of Anti-virus programs in the form of updates.  In some cases special Virus Removal Tools are created to deal with the more severe viruses that cannot be attached to a simple update.

9  Computer Viruses are self-replicating files that once executed make unauthorized malicious changes to the system  Over the decades there have been dozens of dangerous viruses  Viruses are detected with three main methods Signature Based Detections, Heuristics, and Real time protections.  Viruses are usually quarantined and removed by anti- virus software but more damaging viruses require more drastic measure to resolve  Vaccines are created after the Virus goes through Code Analysis, Emulation and Generic Signature then distributed once solutions are found.

10  http://computer.howstuffworks.com/virus.htm http://computer.howstuffworks.com/virus.htm  http://computer.howstuffworks.com/worst- computer-viruses.htm#page=1 http://computer.howstuffworks.com/worst- computer-viruses.htm#page=1  http://en.wikipedia.org/wiki/Antivirus_softwar e#Issues_of_concern http://en.wikipedia.org/wiki/Antivirus_softwar e#Issues_of_concern  http://en.wikipedia.org/wiki/Computer_virus http://en.wikipedia.org/wiki/Computer_virus  http://electronics.howstuffworks.com/how- to-tech/how-to-remove-computer-virus.htm http://electronics.howstuffworks.com/how- to-tech/how-to-remove-computer-virus.htm

Download ppt "By Thomas Pantone Cosc 380.  A virus is a type of malware that self replicates after being executed and inserts itself into other programs, data files,"

Similar presentations

Thank you to IT Training at Indiana University Computer Malware.

Thank you to IT Training at Indiana University Computer Malware.
Protect your PC virus, worm, Trojan horse, phishing, spam, botnet and zombies, spoofing, social engineering, identity theft, spyware, rootkits Click.

Protect your PC virus, worm, Trojan horse, phishing, spam, botnet and zombies, spoofing, social engineering, identity theft, spyware, rootkits Click.
Computer Viruses and Worms* *Referred to slides by Dragan Lojpur, Zhu Fang at Florida State University.

Computer Viruses and Worms* *Referred to slides by Dragan Lojpur, Zhu Fang at Florida State University.
 Application software consists of programs designed to make users more productive and/or assist with personal tasks.  Growth of internet simplified.

 Application software consists of programs designed to make users more productive and/or assist with personal tasks.  Growth of internet simplified.
CHAPTER 2 KNOW YOUR VILLAINS. Who writes it: Malware writers vary in age, income level, location, social/peer interaction, education level, likes, dislikes.

CHAPTER 2 KNOW YOUR VILLAINS. Who writes it: Malware writers vary in age, income level, location, social/peer interaction, education level, likes, dislikes.
By: Jason Boylan and Jeff George. Table of Contents  Definition  History  Vulnerability  How it works  Types of viruses  Virus Removal  Summary.

By: Jason Boylan and Jeff George. Table of Contents  Definition  History  Vulnerability  How it works  Types of viruses  Virus Removal  Summary.
Computer Viruses.

Computer Viruses.
What are Trojan horses?  A Trojan horse is full of as much trickery as the mythological Trojan horse it was named after. The Trojan horse, at first glance.

What are Trojan horses?  A Trojan horse is full of as much trickery as the mythological Trojan horse it was named after. The Trojan horse, at first glance.
1 Pertemuan 05 Malicious Software Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 05 Malicious Software Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:

What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:
Copyright © 1995-2009 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci530 Computer Security Systems Lecture.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci530 Computer Security Systems Lecture.
INTERNET THREATS AND HOW TO PROTECT YOUR COMPUTER -BRIAN ARENDT.

INTERNET THREATS AND HOW TO PROTECT YOUR COMPUTER -BRIAN ARENDT.
Chapter Nine Maintaining a Computer Part III: Malware.

Chapter Nine Maintaining a Computer Part III: Malware.
Henric Johnson1 Chapter 10 Malicious Software Henric Johnson Blekinge Institute of Technology, Sweden

Henric Johnson1 Chapter 10 Malicious Software Henric Johnson Blekinge Institute of Technology, Sweden
Video Following is a video of what can happen if you don’t update your security settings! security.

Video Following is a video of what can happen if you don’t update your security settings! security.
Introduction to Honeypot, Botnet, and Security Measurement

Introduction to Honeypot, Botnet, and Security Measurement
1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.

1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.
Network and Internet Security SYSTEM SECURITY. Virus Countermeasures Antivirus approach ◦Ideal solution: Prevention ◦Not allowing the virus to infect.

Network and Internet Security SYSTEM SECURITY. Virus Countermeasures Antivirus approach ◦Ideal solution: Prevention ◦Not allowing the virus to infect.
Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)

Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)
Malware  Viruses  E-mail Virus  Worms  Trojan Horses  Spyware –Keystroke Loggers  Adware.

Malware  Viruses  Virus  Worms  Trojan Horses  Spyware –Keystroke Loggers  Adware.

Similar presentations

Ads by Google