Viruses and Worms Definition and Prevention John Trifiletti
- Slides: 25
Viruses and Worms Definition and Prevention John Trifiletti Krishna Charles
What is a virus? n n n “A self-replicating computer program written to alter the way a computer operates, without the permission or knowledge of the user. ” A true virus must replicate itself, and must execute itself. A computer virus replaces an existing executable files with a virus-infected copy.
Types of Viruses n n n n Bootsector virus Companion Viruses E-Mail Virus Logic Bomb Time Bomb Macro Virus Trojan Horses Worm
What do Viruses Do? n n n Damage Programs Delete Files Reformat Hard Drives Make themselves Known – Present Text, Video, Audio. Take up Computer’s Memory Cause System Crashes and data loss
First Computer Virus Written by Rich Skrenta in 1982 Elk Cloner
On every 50 th boot you would get a poem saying: Elk Cloner: The program with a personality It will get on all your disks It will infiltrate your chips Yes it's Cloner! It will stick to you like glue It will modify RAM too Send in the Cloner!
(c)Brain virus n Created by Basit and Amjad Farooq Alvi
(c)Brain virus Welcome to the Dungeon (c) 1986 Brain & Amjads (pvt) Ltd VIRUS_SHOE RECORD V 9. 0 Dedicated to the dynamic memories of millions of viruses who are no longer with us today - Thanks GOODNESS!! BEWARE OF THE er. . VIRUS : this program is catching program follows after these messages. . $#@%$@!! Welcome to the Dungeon (c) 1986 Basit * Amjad (pvt) Ltd. BRAIN COMPUTER SERVICES 730 NIZAM BLOCK ALLAMA IQBAL TOWN LAHOREPAKISTAN PHONE: 430791, 443248, 280530. Beware of this VIRUS. .
Viruses NOT just for windows Bliss – (1997)
My. Doom Paid for by email spammers contained the test: andy; I'm just doing my job, nothing personal, sorry, " sent through emails. A backdoor on port 3127/tcp putting its own SHIMGAPI. DLL file in the system 32
Melissa Virus n From: <name of the infected sender>Subject: Important message from <name of sender>To: <The recipients, from the 50 names>Attachment: LIST. DOC Body: Here is that document you asked for. . . don't show anyone else ; -) David L. Smith
Variations n n n n Subject: Question for you. . . Body: It's fairly complicated so I've attached it. Subject: Check this!! Body: This is some wicked stuff! Subject: Cool Web Sites Body: Check out the Attached Document for a list of some of the best Sites on the Web Subject: 80 mb Free Web Space! Body: Check out the Attached Document for details on how to obtain the free space. It's cool, I've now got heaps of room. Subject: Cheap Software Body: The attached document contains a list of web sites where you can obtain Cheap Software Subject: Cheap Hardware Body: I've attached a list of web sites where you can obtain Cheap Hardware" Subject: Free Music Body: Here is a list of places where you can obtain Free Music. Subject: * Free Downloads Body: Here is a list of sites where you can obtain Free Downloads.
ILOVEYOU Onel A. de Guzman in the Fillipeans
Variations n n n Attachment: LOVE-LETTER-FOR-YOU. TXT. vbs Subject Line: ILOVEYOU Message Body: kindly check the attached LOVELETTER coming from me. Attachment: Very Funny. vbs Subject Line: fwd: Joke Message Body: empty Attachment: mothersday. vbs Subject Line: Mothers Day Order Confirmation Message Body: We have proceeded to charge your credit card for the amount of $326. 92 for the mothers day diamond special. We have attached a detailed invoice to this email. Please print out the attachment and keep it in a safe place. Thanks Again and Have a Happy Mothers Day! mothersday@subdimension. com Attachment: virus_warning. jpg. vbs Subject Line: Dangerous Virus Warning Message Body: There is a dangerous virus circulating. Please click attached picture to view it and learn to avoid it. Attachment: protect. vbs Subject Line: Virus ALERT!!! Message Body: a long message regarding VBS. Love. Letter. A
n n n n Attachment: Important. TXT. vbs Subject Line: Important! Read carefully!! Message Body: Check the attached IMPORTANT coming from me! Attachment: Virus-Protection-Instructions. vbs Subject Line: How to protect yourself from the IL 0 VEY 0 U bug! Message Body: Here's the easy way to fix the love virus. Attachment: Kill. Em. All. TXT. VBS Subject Line: I Cant Believe This!!! Message Body: I Cant Believe I have Just received This Hate Email. . Take A Look! Attachment: Arab. Air. TXT. vbs Subject Line: Thank You For Flying With Arab Airlines Message Body: Please check if the bill is correct, by opening the attached file Attachment: IMPORTANT. TXT. vbs Subject Line: Variant Test Message Body: This is a variant to the vbs virus. Attachment: Vir-Killer. vbs Subject Line: Yeah, Yeah another time to DEATH. . . Message Body: This is the Killer for VBS. LOVE-LETTER. WORM. Attachment: LOOK. vbs Subject Line: LOOK! Message Body: hehe. . . check this out. Attachment: BEWERBUNG. TXT. vbs Subject Line: Bewerbung Kreolina Message Body: Sehr geehrte Damen und Herren
Blaster Worm ( Lovsan ) Jeffrey Lee Parson
I just want to say LOVE YOU SAN!! billy gates why do you make this possible ? Stop making money and fix your software!!
Re-Engineering Dan Dumitru Ciobanu
WHY DO IT? n n n Pranks Vandalism Attacking products of specific companies To distribute political messages, Some view their viruses as ‘ART’
Why Do It? n cont… Good viruses “Since self-replicating code causes many complications, it is questionable if a wellintentioned virus can ever solve a problem in a way that is superior to a regular program that does not replicate itself. ” – wikopedia n Financial Game
Way in which viruses replicate n n n n n Open the new file Check if the executable file has already been infected (if it is, return to the finder module) Append the virus code to the executable file Save the executable's starting point Change the executable's starting point so that it points to the start location of the newly copied virus code Save the old start location to the virus in a way so that the virus branches to that location right after its execution. Save the changes to the executable file Close the infected file Return to the finder so that it can find new files for the replicator to infect.
Ways to fool virus scanners n n “last-modified” date stays the same when the file is infected (doesn’t fool scanners anymore) Infection does NOT increase file size. Kill all tasks associated with antivirus before it can detect them. Keep the old file and send it to the antivirus when it searches for it where the infected file is used to spread itself.
What NOT to do n A virus CANNOT infect antivirus software or any file related to it. Antivirus software WILL check its’ own software first.
What an antivirus software does n n n Creates bait (or goat) files. Scan emails on the fly. Examine memory (Ran / Boot Sectors) and files stored on hard drives and removable media.
Popular Antivirus n n n n n Norton Mcafee AVG Microsoft’s Antivirus The Shield Pro Bit. Defender CA Antivirus Kaspersky 5. 0 Panda Antivirus Trend. Micro
Jeffrey lee parson
Primary prevention secondary prevention tertiary prevention
Unlike lytic viruses lysogenic viruses do not
/watch?v=chjprfgzh0k
Section 19-3 diseases caused by bacteria and viruses
Egrette chapter 21
Chapter 20 viruses and prokaryotes
Bacteria and viruses chapter 7 lesson 1 answer key
Chapter 20 viruses and prokaryotes
Chapter 18 section 1 bacteria
Section 1 studying viruses and prokaryotes
Phylum annelida
Why are viruses considered nonliving?
Bacteriophage characteristics
General characteristics of viruses
Viruses
Lysogenic viruses do not
Cultivation of viruses
Viral inoculation in embryonated egg
Blood borne viruses
Are viruses alive yes or no
Animal virus
Lytic infection
General characters of viruses
Biosynthesis of rna viruses
Mackay memorial hospital
