Computer Viruses

Threats to security 

Computers are subjected to different types of network problems.



With the advent of web and networks attacks from outside by introduces have been added with malicious codes such as viruses & worms.

What is computer virus? 

A computer virus is a small software program that spreads from one computer to another computer and that interferes with computer operation. A computer virus may corrupt or delete data on a computer, use an e-mail program to spread the virus to other computers, or even delete everything on the hard disk.



The original virus may modify the copies, or the copies may modify themselves, as

How virus spreads? 

A virus can only spread from one computer to another when its host is taken to the uninfected computer, for instance by a user sending it over a network or the Internet, or by carrying it on a removable medium such as a floppy disk, CD, or USB drive .



It can also spread through connection of LAN, internet, e-mail, or file sharing.

Functional logic of virus 

Search for a file to infect it.



Open the file to see if its infected.



If infected, search for another file to infect.



Else, infect the opened file.



Return control to host program.

Types of viruses I. II. III. IV. V. VI. VII.

PC viruses. Stealth virus. Polymorphic virus. Fast and slow infectors. Companion virus. Armored virus. Macro virus.



PC virus



Consists of FILE INFECTORS  affects execution of .sys, .exe, .ovl, .prg, & .mnu files.



FILE INFECTORS can be DIRECT ACTION or RESIDENT  affects the memory.



E.g. Vienna is the virus in RESIDENT category.



SYSTEM or BOOT-RECORD INFECTORS  affects certain areas on disk such as DOS, MBR, DBR.



E.g. Brain, Stoned, Empire, etc. are some of



STEALTH virus



Hides the modifications it has made in the original file and copies the original file in the memory.



So during virus scan, by anti-viral program, it (stealth) copies /scans original file & hence the file gets undetected.



Hence, it can also be called as SMART virus.

 FAST

INFECTORS



It is a virus, affects not only executed programs but also which are merely open, if active in memory.



E.g. DARK AVENGER & FRODO virus.

 SLOW

INFECTORS



It is a virus, infects the file by modifying & fooling the integrity checkers, if active in memory.



E.g. DARTH VADER virus.



COMPANION virus



It is an virus which doesn’t modifies the files or programs.



It creates a new program (unknown to user) which gets executed instead of original file.





ARMORED virus it is an virus which uses special tricks to make their tracing, disassembling & understanding their code difficult. E.g.

CATEGORIES OF VIRUSES 

There are 2 major categories:-



Destructive viruses:- includes 1.massive destruction. 2.partial destruction. 3.selective destruction.



Non-destructive viruses:- they intend to cause attention or harass the end-user.

VIRUS SPREADING MECHANISM 

The virus may re-produce itself by delaying its attack.



It can have an active re-production by making copies of itself on other disks.



It can also have an passive reproduction by depending on the unsuspecting user to make the copies of it & pass them around.

TRIGGERS OF THE VIRUS ATTACK The virus may trigger upon:    



On a certain date/time. At a certain time of day. When a certain job is run. After “closing” itself n times. When a certain combinations of keystrokes occur. When the computer is restarted.

PROTECTION AGAINST VIRUSES There are 5 steps against virusprotection:

Education.



Back-up & recovery procedures.



Isolate software libraries.



Implement software library management procedures.



Develop a virus-alert procedure.

FACTORS AFFECTING LEVEL OF PROTECTION 1.

The sensitivity of the data on your PC.

3.

The number of personnel having access to your PC.

5.

The security awareness of computing personnel.

7.

The skills levels of computing personnel.

9.

Attitudes, ethics, & morale of computing



TROJAN HORSE



An unauthorized program contained within a legitimate program. this unauthorized program performs functions unknown to user.



It is an legitimate that has been altered by the placement of unauthorized code within it; this code performs functions unknown to user.



Trojan’s can also be called as Rat's, or

RECOVERY METHODS 

Once a computer has been compromised by a virus, it is usually unsafe to continue using the same computer without completely reinstalling the operating system.



However, there are a number of recovery options that exist after a computer has a virus. These actions depend on severity of the type of virus.

VIRUS REMOVAL 

One of the Virus Removal technique is to restore the whole system.



This service is provided on WINDOWS ME, WINDOWS XP, WINDOWS VISTA for the system restore.



A virus will cause a system to hang, and a subsequent hard reboot will render a system restore point from the same day corrupt.



Some viruses, however, disable system restore and other important tools such as Task Manager and Command Prompt.



An example of a virus that does this is Cia Door.

OPERATING SYSTEM REINSTALLATION 

Reinstalling the operating system is another approach to virus removal.



It involves simply reformatting the OS partition and installing the OS from its original media, or imaging the partition with a clean backup image.



For creating this type of Ghost image, ACRONIS , is the software required.

Thank you by :Mr. Shankar .l. Dhameja Mr. Jeetendra .r. Chhatpar