Embed Size (px)
Citation preview
OVERVIEW OF VIRUSESOVERVIEW OF VIRUSES
BY:BY:
SAHITHI NARAPARAJUSAHITHI NARAPARAJU
VIRUS DEFINITIONVIRUS DEFINITION
A virus is a program that can “infect” other programs by modifying them.A virus is a program that can “infect” other programs by modifying them.
The modification includes a copy of the virus program which can go on to infect The modification includes a copy of the virus program which can go on to infect
other programsother programs..
A computer virus carries its instructional code for making perfect copies of itself.A computer virus carries its instructional code for making perfect copies of itself.
Lodged in a host computer virus gains temporary control of computer’s disk Lodged in a host computer virus gains temporary control of computer’s disk
operating system.operating system.
Whenever the infected computer comes into contact with an uninfected piece of Whenever the infected computer comes into contact with an uninfected piece of
software/computer, a fresh copy of virus passes into new program.software/computer, a fresh copy of virus passes into new program.
Thus, virus can be spread from one computer to other.Thus, virus can be spread from one computer to other.
NATURE OF VIRUSESNATURE OF VIRUSES
A virus can do anything that other programs do. The only difference is that it A virus can do anything that other programs do. The only difference is that it
attaches itself to another program and executes secretly when the host program attaches itself to another program and executes secretly when the host program
is run.is run.
Once a virus is executing, it can perform any function, such as erasing files and Once a virus is executing, it can perform any function, such as erasing files and
programs.programs.
A virus goes through following four stages:A virus goes through following four stages:
1.1. DORMANT PHASE : DORMANT PHASE : In this phase virus is idle. The virus will eventually In this phase virus is idle. The virus will eventually
activated by some event.activated by some event.
2.2. PROPAGATION PHASE:PROPAGATION PHASE: In this stage the virus places an identical copy of In this stage the virus places an identical copy of
itself into other programs or into certain system areas on disk.itself into other programs or into certain system areas on disk.
Each infected program will contain a clone of virus, which will itself enter a Each infected program will contain a clone of virus, which will itself enter a
propagation phase..propagation phase..
3. 3. TRIGGERING PHASE: TRIGGERING PHASE: The virus is activated to perform the function for which it The virus is activated to perform the function for which it
was intended. Triggering phase can be caused by variety of system event.was intended. Triggering phase can be caused by variety of system event.
4. 4. EXECUTION PHASE: EXECUTION PHASE: In this phase the function is performed . The function may In this phase the function is performed . The function may
be harmless, such as message on screen or damaging, such as the destruction of be harmless, such as message on screen or damaging, such as the destruction of
program and data files.program and data files.
Most viruses carry out their work in a manner that is specific to a Most viruses carry out their work in a manner that is specific to a
particular operating system and in some cases, specific to a particular hardware particular operating system and in some cases, specific to a particular hardware
platform.platform.
Virus structureVirus structure
A virus is prepended or postpended to an executable program or it can be A virus is prepended or postpended to an executable program or it can be
embedded in some other fashion.embedded in some other fashion.
The key operation of virus that the infected program, when invoked, will first The key operation of virus that the infected program, when invoked, will first
execute the virus code and then execute the original code of the program.execute the virus code and then execute the original code of the program.
An example of simple virus: An example of simple virus:
Program V : =Program V : =
{ go to main;{ go to main;
1234567;1234567;
Subroutine infect-executable :=Subroutine infect-executable :=
{ loop:{ loop:
file : = get-random-executable file;file : = get-random-executable file;
if (first-line-of-file =1234567)if (first-line-of-file =1234567)
then goto loopthen goto loop
else prepend V to file; }else prepend V to file; }
subroutine do-damage : ={whatever damage is to be done}subroutine do-damage : ={whatever damage is to be done}
Subroutine trigger-pulled :={return true if some condition holds}Subroutine trigger-pulled :={return true if some condition holds}
MainMain : main_program :={infect-executable;: main_program :={infect-executable;
if trigger-pulled then do-damage;if trigger-pulled then do-damage;
goto next; }goto next; }
next:next:
}} The first line of code jumps to main virus program.The first line of code jumps to main virus program. The second line is a special marker that is used by the virus to determine whether The second line is a special marker that is used by the virus to determine whether
or not potential victim program has been infected with this virus.or not potential victim program has been infected with this virus. When program is invoked control is immediately transferred to main virus When program is invoked control is immediately transferred to main virus
program.program. Virus seeks out uninfected executable files and infects them.Virus seeks out uninfected executable files and infects them.
Next, the virus may perform some action, determined to the system.Next, the virus may perform some action, determined to the system.
This action could be performed every time the program is invoked.This action could be performed every time the program is invoked.
Finally, virus transfers the control to original program.Finally, virus transfers the control to original program.
If the infection phase is reasonably rapid; a user can notice difference between the If the infection phase is reasonably rapid; a user can notice difference between the
execution of infected and uninfected program.execution of infected and uninfected program.
TYPES OF VIRUSESTYPES OF VIRUSES
Most significant types of viruses are :Most significant types of viruses are :
I I Parasitic virus:Parasitic virus: A Parasitic virus attaches itself to executable files and replicates, A Parasitic virus attaches itself to executable files and replicates,
when the infected program is executed.when the infected program is executed.
II II Memory-resident virus:Memory-resident virus: It lodges the main memory as part of a resident system It lodges the main memory as part of a resident system
program. Form that point virus infect every program that executes.program. Form that point virus infect every program that executes.
III III Boot sector virus:Boot sector virus: Infects a master boot record or boot record and spreads when a Infects a master boot record or boot record and spreads when a
system is booted from the disk containing the virus.system is booted from the disk containing the virus.
IV IV Stealth virus:Stealth virus: A form of virus explicitly designed to hide itself from antivirus A form of virus explicitly designed to hide itself from antivirus
software.software.
V V Polymorphic virus:Polymorphic virus: A virus that mutates with every infection making detection by A virus that mutates with every infection making detection by
the “signature” of virus is impossible.the “signature” of virus is impossible.
A polymorphic virus creates copies during replication that are functionally A polymorphic virus creates copies during replication that are functionally
equivalent but have different bit patterns.equivalent but have different bit patterns.
Signature of virus will vary with each copy. To achieve this variation the virus may Signature of virus will vary with each copy. To achieve this variation the virus may
randomly insert unnecessary instructions.randomly insert unnecessary instructions.
