View
50
Download
1
Category
Preview:
DESCRIPTION
Multipartite Viruses. Wendy Bowman ETEC 562. General Information. Activation. Payload. Removal. Transmission. Hidden. General Information. A computer virus is defined as a program or piece of code that is loaded onto your computer without your knowledge and runs against your wishes. - PowerPoint PPT Presentation
Citation preview
Multipartite Viruses
Wendy Bowman
ETEC 562
General Information
PayloadActivation
Hidden Transmission Removal
General Information• A computer virus is defined as a program
or piece of code that is loaded onto your computer without your knowledge and runs against your wishes.
• http://www.webopedia.com/TERM/v/virus.html
Viral Facts• Viruses can
replicate.
• All computer viruses are manmade.
• Can infect other programs.
• Viruses do not infect plain text files.
• Viruses take up memory after replicating.
• Viruses can not exist without a host.
Types of Viruses
• Trojans and Stealth
• Boot Sector
• File
• Macros• Worms• Network and
Multipartite viruses
Network Viruses• Infect networks by making extensive
use of network protocols.
• Network viruses are able to transfer code to a remote server or workstation.
Reference http://www.viruslist.com/eng/viruslistbooks.html?id=24
Network Virus Facts• Separated into
several segments that each run on a part of the network.
• Use automated functions such as email to replicate.
• Use programming built into the macros to spread themselves.
• Called an octopus when it has one main segment that coordinates with what the other segments are doing.
• Can steal password info and send it to a malicious source.
http://www.kaspersky.com/news.asp?tnews=0&nview=1&id=157&page=0
Multipartite Viruses
A multipartite virus is defined as a virus that infects your boot sector as well as files.
Boot Sector
The area of the hard drive that is accessed when the computer is first turned on.
Back to Show
Multipartite Facts• Can infect
floppy disks.
• Hardest virus to clean.
• Are memory resident viruses.
• Harder to spread across networks but isn’t impossible.
• To spread across a network, the server must be infected and an infected program must be accessed.
http://www.faqs.org/faqs/computer-virus/alt-faq/part1/
Viral Payload
Payload is defined as the action the virus performs on the computer.
http://www.antivirus.com/pc-cillin/vinfo/virusencyclo/glossary.asp#payload
Possible Payloads
• Corrupts the hard disk
• Create files• Delete files• Modify files• Formats the hard
drive
• Hangs the system during rebooting
• Modifies available memory
• Modify available resources
http://www.antivirus.com/pc-cillin/vinfo/virusencyclo/
Activation or Trigger• Refers to the
condition or date in which the payload of the virus will occur.
• Computer can be infected for months or years before the payload occurs.
• Holidays are the most popular trigger date.
• http://www.antivirus.com/pc-cillin/vinfo/virusencyclo/glossary.asp#trigger_condition_or_date
Hidden Dangers• Decrease the size of
memory in BIOS, cut the last MCB (memory control block), and replicate in the free space left by the MCB
• Disguise the virus as part of a downloadable shareware package
• Interrupting the DOS language just enough to “hook” a viral code onto existing language (hooking) until a floppy disk can be infected.
• Hooking on to the debugger.
http://www.virusbtn.com/VirusInformation/natas.html
From here to there…• Floppy disks
• CD-ROMs
• Shareware
• New software
• Network server
• Email attachments
• Hackers
• Downloading material from the Internet
http://www.cuyamaca.net/rachael.holloway/ppt/virus.ppt
Disposal• Run anti-viral
software
• Quarantine the virus (if possible)
• Replace the MBR (master boot record)
• Reboot computer from a clean disk then run anti-viral software
• Reformat the hard drive through DOS
• Costliest method, purchase a new memory chip
General Information
Payload
Activation
Hidden Transmission Removal
Click Here!
Anthrax• Writes its viral
code to the last sector of the hard drive while overwriting data there.
• Memory resident• DOS platform
• Infects .COM, .EXE, MBR, and floppy boot sectors
• Multipartite
• Uses 1024 bytes (files) and 512 bytes (MBR)
http://www.symantec.com/avcenter/vinfodb.html#
Clisti 1025 and Clisti 1025 (b)
• No aliases
• Memory resident
• Uses encryption
• Wild (
• Can be transmitted through networks
• Infects .COM, floppy boot sector, hard disk boot sector
• Mainly, transmitted through emails
http://www.symantec.com/avcenter/vinfodb.html#
One Half Boot• Infects .COM, .EX
E, MBR• Memory resident• Slowly encrypts
the hard drive• Uses 3155 bytes
(files) and 512 bytes (MBR)
• Multipartite, stealthing, and polymorphic
• Transmitted through emails
• All encrypted data is lost when virus is removed
http://www.symantec.com/avcenter/vinfodb.html#
Is your computer a ticking time
bomb?
Recommended