A Seminar On

  • Uploaded by: api-26349602
  • 0
  • 0
  • November 2019
  • PDF

This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA


Overview

Download & View A Seminar On as PDF for free.

More details

  • Words: 1,125
  • Pages: 23
A seminar on

By, A.Ramya 06B01A0587

Contents • History of virus. • Introduction. • Virus Languages. • Classification. • Infamous viruses. • Recovery methods. • Conclusion. • References.

History of Virus . • The idea of VIRUSES started with the possibility of writing selfreplication software. John Von Neuman put this idea forward in 1950. • This was introduced in AT&T Labs as a recreational game. Each would write the codes destroy other programmers’ code and the winner would be person left with the more living code. • This was the beginning and with in a short time viruses emerge that destroy data.

Introduction • A virus is a program that reproduces its own code by attaching itself to other executable files. • A virus reproduces, usually without your permission or knowledge. • They have an infection phase where they reproduce widely. • Attack phase where they do whatever damage they are programmed to do. • Most virus are targeted at the MS Windows OS

Virus Languages • ANSI COBOL • C/C++ • Pascal • VBA • Unix Shell Scripts • JavaScript

Classification of viruses Macro viruses Network viruses Logic bomb Trojan Horses Archaic Forms Companion virus Boot sector viruses

Macro Virus • Written in Scripting Languages. Such as MS-WORD, MSEXCEL, etc… • Its targets are Word, Excel & Spreadsheet documents. • Platform independent. • Covers 2/3rd of computer viruses. • First Macro virus written in MS-WORD discovered in 1995. Examples are Relax, MelissaA, Bablaspc

Network Virus • Uses Local Area Network (LAN) & even spreads over Internet. • Its propagation is through shared resources in the network. • From an infected system in the network it searches for noninfected system & there by affecting all computers on that network. • Examples are Nimda and SQL Slammer

Logic Bomb • A logic bomb will lie inert until triggered by some conditions are met. • These reside within a program or they may be a part of Worms or virus. • First Logic bomb was coded by Tim Lloyd of Omega Engg. USA, named ‘FRIDAY THE 13TH’

Trojan Horses • Needs Host program for its execution. • Mainly used to access files of other users on an multiuser operating system. • Another motivation is data destruction, which deletes files on an computer. • Examples: Back-orifice.

Companion Virus Was found in MS-DOS systems, which makes use of command console. • A companion virus installs a .COM file (the virus) for every .EXE file found on the disk. • DOS runs .COM files before .EXE files and so the virus will run first, going into memory and then will execute the related .EXE file. • Companion viruses are relatively easy to find and eliminate.

Boot sector viruses • A boot sector virus hides in the boot sector, usually the 1st sector, of a bootable disk or hard drive. • Virus loads into memory during every boot sequence. • A boot virus does not affect files; instead, it affects the disks that contain them, by erasing boot records .MBR files

Infamous Viruses 1. Back Orifice 2. CIH Spacefiller 3. Kakworm 4. Laroux 5. Nimda 6. Love Letter

Back Orifice • Back Orifice is a Trojan that provides a backdoor into your Computer when active and you are connected to the Internet. • The original program came out in August 1998 with an bogus OS update called BO-2000 later. (update was called network management program) • It is produced by the group Cult of the Dead Cow (cDc). • It installs silently, and potentially allows a remote user to take complete control of your computer without your permission

CIH Spacefiller • It was first reported in June 1998. •

It infects files written in the Portable Executable. It infects files written in the Portable Executable (Windows 95 executable) format.

• This format allows blocks of blank space in the executable. • This virus exploits that by attempting to install itself into a single block (or multiple blocks if necessary).

Kakworm • Kakworm (KAK) is a worm. It affects Microsoft's Internet Explorer browser and Outlook Express mail program. •

KAK is written in JavaScript. KAK is transmitted by embedding in the HTML signature to a message. Users don't see it there because there is no displayable text.

7. Once activated, KAK saves the file KAK.HTA into the Windows Startup folder. 8. The next time the computer is started, KAK.HTA runs and creates KAK.HTM in the Windows directory. 9. The registry is changed so that KAK.HTM is included as a signature on all outgoing mails.

Laroux • Laroux is a fairly simple macro virus. Affects Excel documents. • It contains two macros: AUTO_OPEN and CHECK_FILES. • The first tells Excel to run the second as soon as a worksheet is opened. CHECK_FILES will look in the Excel startup path (usually the XLSTART directory) for a file called PERSONAL.XLS • Since PERSONAL.XLS is automatically opened whenever Excel is run and the virus will be loaded every time Excel is started and all accessed worksheets infected. • Laroux is written in Visual Basic for Applications (VBA).

Nimda • Nimda is one of the more complex virus/worm constructs released. It infects files, spreads itself via E-mail, spreads via Web sites, and spreads via local area network exploits. • It infects all versions of Windows from Win95 through Win2000. • Its infects .EXE files by embedding them into itself as a resource. It also infects most secured files in Windows directory which are responsible for operation of a system • It also infects Web pages so unsecured browsers will infect upon viewing the Web page.

Love Letter • A Visual Basic script. A virus that was attached to e-mail. • Mail subject was “ILOVEYOU” • Message text was “Please check the attached LOVELETTER coming from me” • Attachment called “LOVE-LETTER-FOR-YOU.TXT.vbs” • When clicked on attachment, virus program runs thus damaging Windows Scripting Host, integrity of the system breaks and shuts down.

Recovery methods



Virus removal



Operating system reinstallation

Conclusion •

Computer runs slower then usual or no longer boots up. • System crashes for no reason. • Files/directories sometimes disappear.

• Check all your portable storage devices with a anti-virus software. • Update your anti-virus regularly. • Be sure not to download a infected file from the internet. • Be sure to check all new software for viruses.

References •

Kaspersky Lab. Companion virus, Glossary.



"Why people write computer viruses", BBC News, August 23, 2003.



Malware Evolution: MacOS X Vulnerabilities 2005 - 2006. Kaspersky Lab



John Leyden. McAfee warns over Apple virus risk. News Article.



McAfee. McAfee discovers first Linux virus. news article.



Axel Boldt. Bliss, a Linux "virus". News article.



Mark Russinovich, Advanced Malware



http://www.en.wikipedia.org/wiki/virus

Thank You

Related Documents

A Seminar Report On
June 2020 11
A Seminar On
November 2019 19
A Seminar: Presentation On
December 2019 29
Seminar On :
June 2020 17