Presentation is loading. Please wait.

Presentation is loading. Please wait.

Computer virus Speaker : 蔡尚倫.  Introduction  Infection target  Infection techniques Outline.

Published byVirgil Stewart Modified over 8 years ago

Similar presentations

Presentation on theme: "Computer virus Speaker : 蔡尚倫.  Introduction  Infection target  Infection techniques Outline."— Presentation transcript:

1 Computer virus Speaker : 蔡尚倫

2  Introduction  Infection target  Infection techniques Outline

3  A malware  Need permission( by accident ) to execute  Will replicate, spread  May have destruction Computer virus - definition

4  Stealing hard disk space or CPU time  Accessing private information  Corrupting data  Displaying political or humorous messages  Spamming their contacts  Logging their keystrokes Purpose

5 Tools, like language, tool kits Design Spread, how to extend Replication Active, what to do Launch Evade, try not be found Detection Elimination Lifetime of a virus

6  System sector  Network  Source code  File  Macro Infection target

7  Two type of system sector:  DBR (DOS Boot Record; DBS, DOS Boot sector)  MBR (Master Boot Record; Partition sectors)  Booting process:  Boot computer → BIOS → POST → DBR → MBR → Boot Sector → OS  Medium:  Floppy disk  Bootable CD-ROM System sector

8  Replicate by commands or protocols of network  Remote-controllable  Results:  Degrade the performance of a network  Disable critical devices  Network connections  Stealing personnel data Network

9  Different compiler, different source code  Make modifications to source code  Rare Source code

10  Executable file  files with.BAT,.COM,.EXE,.BIN and so on  May be partially or completely overwritten  Infected files can spread across the system, network Files

11 Macro  Input sequence(short) map to output sequence(long)  A piece of code executes if a certain event occurs  Blur the line between executable files and data files

12  Stealth  Polymorphic  Metamorphic  Cavity  Tunneling  Camouflage  Bootable CD-ROM Infection techniques

13  Intercept requests  Return a uninfected file  Hide the modified file Stealth Anti-virus program Infected file OS Request: Ask a file Return another file

14  To confuse anti-virus programs  Change characteristics with each infection  By Encryption/decryption module  But keep the algorithm intact  Insert junk instructions  Exchange independent instructions  Change the start address Polymorphic

15  Will reprogram itself  Can translate into a temporary code  Then converted back to normal code  Avoid pattern recognition of anti-virus program Metamorphic Virus (original) Virus (temporary code ) Translate Convert back Mutate

16  Also known as space-fillers  Maintain a constant file-size  Overwrite empty part of a target file with its code  Limit on small number of host, it is hard to write  Means rare Cavity Null Null Null Some info…. code code ….code code ….code code …. Some info…. Fill the empty part Original fileInfected file

17  One way to detect virus is intercepting interrupts:  Look for specific action that may signify the presence of a virus  Intercepting interrupt from the OS directly to avoid anti-virus program use them Tunneling

18 Normal Program send interrupt requests Anti-virus software Intercepting the request and check it Operation system Give it the permission Tunneling - cont’d Infected program Back trace to the directory of DOS and BIOS interrupt handlers Install itself beneath this interrupt handlers Contact with OS directly

19  Pretend itself as a normal program  Usage of anti-virus program’s ignore logic  Thanks to advanced virus detection, it’s rare Camouflage

20  Through infected CD-ROM  If system is booted by the CD-ROM, the hard disk must be destroyed  No anti-virus program can stop it Bootable CD-ROM

21  Worms  A special type of virus that can replicate itself and use memory, but it cannot attach itself to other executable codes  Trojans  A small destructive program that runs hidden on an infected computer Other malware

22  Characteristics  Standalone malware  Propagation for spread from machine to machine  Do not attach themselves to an existing program  Infection techniques  Aim at security failures  Via network, usually with attachment of email Worms

23 Gathering information Location, port, configuration, identification Infecting target Send itself to the target machine Payload Create back door, alter or destroy files, transmit psw.. Any action other than spreading itself Network propagation Select the next target by choosing randomly or others Worms - infecting phases

24  Characteristics  Non-self-replicating  Do not attach themselves into files or propagate  Infection techniques (always associated with network)  with malicious programs or drive-by download  Normally down by social engineering  Running  Automatically run after being installed  Hiding in background, and create a backdoor(s), usually Trojans

25  Destruction  Password thievery  Remote control  Key logger  DoS attack  Zombie  FTP Trojan Trojans - purposes

26 Thanks for listening

Download ppt "Computer virus Speaker : 蔡尚倫.  Introduction  Infection target  Infection techniques Outline."

Similar presentations

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.
September,2012 Managing Files and Folders 4/23/2015 Compiled By:- Solomon W. Demissie 1.

September,2012 Managing Files and Folders 4/23/2015 Compiled By:- Solomon W. Demissie 1.
30/04/2015Tim S Roberts 20081 COIT13152 Operating Systems T1, 2008 Tim S Roberts.

30/04/2015Tim S Roberts COIT13152 Operating Systems T1, 2008 Tim S Roberts.
 Application software consists of programs designed to make users more productive and/or assist with personal tasks.  Growth of internet simplified.

 Application software consists of programs designed to make users more productive and/or assist with personal tasks.  Growth of internet simplified.
Multipartite Viruses Wendy Bowman ETEC 562 General Information Payload Activation Hidden Transmission Removal.

Multipartite Viruses Wendy Bowman ETEC 562 General Information Payload Activation Hidden Transmission Removal.
Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.

Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?

1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
Malware Ge Zhang Karlstad Univeristy. Focus What malware are Types of malware How do they propagate How do they hide How to detect them.

Malware Ge Zhang Karlstad Univeristy. Focus What malware are Types of malware How do they propagate How do they hide How to detect them.
Chapter 14 Computer Security Threats Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Operating Systems: Internals and Design Principles,

Chapter 14 Computer Security Threats Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Operating Systems: Internals and Design Principles,
1 Pertemuan 05 Malicious Software Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 05 Malicious Software Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.

Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.
Copyright © 1995-2009 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci530 Computer Security Systems Lecture.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci530 Computer Security Systems Lecture.
1 Computer Viruses (and other “Malicious Programs) Computer “Viruses” and related programs have the ability to replicate themselves on an ever increasing.

1 Computer Viruses (and other “Malicious Programs) Computer “Viruses” and related programs have the ability to replicate themselves on an ever increasing.
Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.

Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.
Created by Dragon Lee May-2003. Computer Virus What is computer virus? Computer virus refers to a program which damages computer systems and/or destroys.

Created by Dragon Lee May Computer Virus What is computer virus? Computer virus refers to a program which damages computer systems and/or destroys.
Chapter Nine Maintaining a Computer Part III: Malware.

Chapter Nine Maintaining a Computer Part III: Malware.
Internet safety Viruses A computer virus is a program or piece of code that is loaded onto your computer without your knowledge and runs against your.

Internet safety Viruses A computer virus is a program or piece of code that is loaded onto your computer without your knowledge and runs against your.
Henric Johnson1 Chapter 10 Malicious Software Henric Johnson Blekinge Institute of Technology, Sweden

Henric Johnson1 Chapter 10 Malicious Software Henric Johnson Blekinge Institute of Technology, Sweden
Video Following is a video of what can happen if you don’t update your security settings! security.

Video Following is a video of what can happen if you don’t update your security settings! security.
1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.

1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.

Similar presentations

Ads by Google