Now System goes
Down…......:D
Virus:
It is an application that self replicates by injecting its code into other data files.
It spreads and attempts to consume specific targets and are normally executables.
Worm: It copies itself over a network.
It is a program that views the infection point as another computer rather than as other executables files
Define them:……
IRC ICQ Email Attachments Physical Access Browser & email Software
Bugs Advertisements NetBIOS Fake Programs Fake
Programs Untrusted Sites & freeware
Software
Mode of Transmission
Your computer can be infected even if files are
just copied Can be memory or non-memory resident Can be a stealth virus Viruses can carry other viruses Can make the system never show outward
signs Can stay on the computer even if the
computer is formatted.
Properties
In this phase virus
developers decide
When to Infect program
Which programs to infect
Phases1. Infection Phase
Some viruses infect the computer as soon as virus file installed in computer.
Some viruses infect computer at specific date, time or particular event.
TSR viruses loaded into memory & later infect the PCs.
Continued…..
In this phase Virus will:
Delete files.
Replicate itself to another PCs.
Corrupt targets only
2. Attack Phase
Indication
Files have strange name than the normal.
File extensions can also be changed
Program takes longer time to load than the normal.
Computer’s hard drives constantly runs out of free space.
Victim will not be able to open some programs.
Programs getting corrupted without any reasons.
3.
5.
2.
1.
4.
6.
Macro Virus –
Spreads & Infects database files.
File Virus – Infects Executables.
Source Code Virus – Affects & Damage source code.
Network Virus – Spreads via network elements & protocols.
Types Of Virus
Boot Virus –
Infects boot sectors & records.
Shell Virus – Virus Code forms shell around target host’s genuine
program & host it as sub routine.
Terminate & Stay Resident Virus – Remains permanently in the memory during the work
session even after target host is executed & terminated.
Continued…..
Same “last Modified” Date. Overwriting Unused areas of
the .exe files. Killing tasks of Antivirus Software Avoiding Bait files & other
undesirable hosts Making stealth virus Self Modification on each Infection Encryption with variable key. Polymorphic code Polymorphic code
Method to Avoid Detection
Same “last Modified” Date.
In order to avoid detection by users, some viruses employ different kinds of deception.
Some old viruses, especially on the MS-DOS platform, make sure that the "last modified" date of a host file stays the same when the file is infected by the virus.
This approach sometimes fool anti-virus s/w
Same Last Modified Date
Bait files (or goat files) are files that are
specially created by anti-virus software, or by anti-virus professionals themselves, to be infected by a virus.
Many anti-virus programs perform an integrity check of their own code.
Infecting such programs will therefore increase the likelihood that the virus is detected.
Anti-virus professionals can use bait files to take a sample of a virus
Avoid .Bat Files