Virus and its CounterMeasures -- Pruthvi Monarch
6 likes10,374 views
This document discusses viruses and countermeasures against them. It begins by defining viruses and their operation modes and structure. It describes different types of viruses like macro viruses, email viruses, and Trojan horses. It then discusses recent malicious attacks like Code Red and Nimda. The document outlines various virus countermeasures like prevention, detection, and reaction techniques. It describes advanced techniques like digital immune systems, behavioral blocking software, and antivirus software programs. It concludes by emphasizing the importance of installing antivirus applications, regularly scanning for viruses, gaining knowledge about how viruses work, and using basic internet security applications.
Virus and its CounterMeasures -- Pruthvi Monarch
- 1. VIRUS and its Countermeasures Presented By, G Pruthvi Raj 1041310102
- 2. System Security Points to be discussed in the seminar Let`s start!
- 3. 1 2 3 4 Malicious Software Viruses Operation modes and Structure Types Of Viruses Real Time virus Attacks Host and Independent
- 4. 5 6 7 Virus Countermeasures Prevention Of Viruses & Malicious Softwares Digital Immune System Emulation & virus detection BEHAVIOURAL BLOCKING SOFTWARE Antivirus Software programs Conclusion Thank you for your attention
- 6. Viruses • Virus - Vital Information Resources Under Seize • A virus is a malware program that, when executed, replicates by inserting copies of itself (possibly modified) into other computer programs, data files, or the boot sector of the hard drive; • when this replication succeeds, the affected areas are then said to be "infected". • A piece of self-replicating code attached to some other code • both propagates itself & carries a payload • carries code to make copies of itself • as well as code to perform some covert task • They executes secretly when host program is run
- 7. Virus Operation • Virus phases: • dormant – waiting on trigger event • propagation – replicating to programs/disks • triggering – by event to execute payload • execution – of payload • Details usually machine/OS specific • exploiting features/weaknesses
- 8. Virus Structure program V := { goto main; 1234567; subroutine infect-executable := {loop: file := get-random-executable-file; if (first-line-of-file = 1234567) then goto loop else prepend V to file; } subroutine do-damage := {whatever damage is to be done} subroutine trigger-pulled := {return true if some condition holds} main: main-program := {infect-executable; if trigger-pulled then do-damage; goto next;} next: }
- 9. Types of Virus M MR Pol A2 P Stealth Virus Polymorhic Virus Parasitic Virus Residents in the memory for longer time Macro virus macro code attached to some data file . www.yourwebsite.comIDEA Memory Resident Virus
- 10. Macro Virus • macro code attached to some data file • interpreted by program using file • eg Word/Excel macros • esp. using auto command & command macros • code is now platform independent • is a major source of new viral infections • blurs distinction between data and program files making task of detection much harder • classic trade-off: "ease of use" vs "security"
- 11. Email Virus • spread using email with attachment containing a macro virus • cf Melissa • triggered when user opens attachment • or worse even when mail viewed by using scripting features in mail agent • usually targeted at Microsoft Outlook mail agent & Word/Excel documents
- 12. Trojan Horse • Program with hidden side-effects • Which is usually superficially attractive • eg game, s/w upgrade etc • When run performs some additional tasks • allows attacker to indirectly gain access they do not have directly • Often used to propagate a virus/worm or install a backdoor • or simply to destroy data
- 13. What Trojans can do? Modification or deletion of files. Data theft(e.g. retrieving username or postal code information) Erasing or overwriting data on a computer. Encrypting files in a crypto viral extortion attack. Crashing the computer. Corrupting files in a subtle way. Setting up networks of zombie computers in order to launch Dodos attacks or send spam.
- 14. Typical things that some current Personal Computer (PC) viruses do • Display a message. • Erase files • Scramble data on a hard disk • Cause erratic screen behavior • Halt the PC • Many viruses do nothing obvious at all except spread!
- 15. Morris Worm • best known classic worm • released by Robert Morris in 1988 • targeted Unix systems • using several propagation techniques • simple password cracking of local pw file • exploit bug in finger daemon • exploit debug trapdoor in sendmail daemon • if any attack succeeds then replicated self
- 16. Recent Malacious Attacks • new spate of attacks from mid-2001 • Code Red • exploited bug in MS IIS to penetrate & spread • probes random IPs for systems running IIS • had trigger time for denial-of-service attack • 2nd wave infected 360000 servers in 14 hours • Code Red 2 • had backdoor installed to allow remote control • Nimda • used multiple infection mechanisms • email, shares, web client, IIS, Code Red 2 backdoor
- 17. Virus Countermeasures • viral attacks exploit lack of integrity control on systems • to defend need to add such controls • typically by one or more of: • prevention - block virus infection mechanism • detection - of viruses in infected system • reaction - restoring system to clean state
- 18. Virus removal techique VIRUS DETECTION VIRUS IDENTIFICATION VIRUS REMOVAL
- 19. Advanced Anti-Virus Techniques • generic decryption • use CPU simulator to check program signature & behavior before actually running it • digital immune system (IBM) • general purpose emulation & virus detection • any virus entering org is captured, analyzed, detection/shielding created for it, removed
- 20. DIGITAL IMMUNE SYSTEM • Developed by IBM and refined by Symantec. • Motivation: Internet based virus propagation. • Antivirus was updated monthly. • Two major trends in Internet technology have had an increasing impact on rate of virus propagation: • INTEGRATED MAIL SYSTEMS: Microsoft outlook, Lotus notes. • MOBILE-PROGRAM SYSTEMS: JAVA and ActiveX.
- 22. BEHAVIOURAL BLOCKING SOFTWARE • It integrates with the operating system of host computer and monitors program behavior in real-time for malicious actions. • It blocks malicious actions before they affect the system. • Monitored behavior may include: • Attempts to open , view, delete or modify the files. • To format disk drives. • Modifications to the logic of executable files. • Modifications to the startup settings. • Scripting of e-mail.
- 23. CONCLUSION In order to countermeasure the threats of virus , the user should: • Installing Anti-virus Applications. • Often Get the data drive Scan and analyzed. • Gaining basic knowledge about the way virus work. • Installing Basic internet Security Applications.
- 24. CounterMeasures V T 03 04 Trojans SandBoxing , Usage of Firewalls Adware Anti-Malware Softwares And Browser Reset Techiques. Worms Firewalls , Antivirus and Spyware softwares. VIRUS Virus Detection, Prevention , Antivirus Softwares www.yourwebsite.comIDEA
- 25. Difference Between Virus,Worms & Trojans Definition VIRUS A computer virus attaches itself it travels to a program or file enabling it to spread from one computer to another, leaving infections WORMS A computer WORM is a self- contained program (or set of programs), that is able to spread functional copies of itself or its segments to other computer systems (usually via network connections). TROJANS A Trojan, is software that appears to perform a desirable function for the user prior to run or install, but steals information or harms the system
- 26. TYPES VIRUS 1.Trojan Horse 2.Worm 3.Macro WORMS 1. “host computer worms” & 2.”network worms”. TROJANS 1.Remote Access Trojans 2.Data Sending Trojans 3.Destructive Trojans 4.Proxy Trojans 5.FTP Trojans 6.security software disabler Trojans 7.DoS Trojans
- 27. What they do? VIRUS virus may exist on your computer but it actually cannot infect your computer unless you run or open the malicious program WORMS the worm consumes too much system memory (or network bandwidth), causing Web servers, network servers and individual computers to stop responding TROJANS cause serious damage by deleting files and destroying information on your system. EXISTENCE NOT INDEPENDENT NOT INDEPENDENT INDEPENDENT
- 28. SELF- REPLICATION VIRUS . A virus attaches itself to, and becomes part of, another executable program WORMS a worm is self- contained and does not need to be part of another program to propagate itself. TROJANS Unlike virus and worms Trojans do not reproduce by infecting other files nor do they self-replicate.
- 29. Propagation VIRUS virus does not have a propagation vector. i.e., it will only effect one host and does not propagate to other hosts. WORMS Worms propagate and infect other computers. TROJANS . Trojans are also known to create a backdoor on your computer that gives malicious users access to your system, possibly allowing confidential or personal information to be compromised
- 31. Thank you!