Computer Viruses & Other Malware CONTENT Definition of Virus/Malware Classification of V/M New generation viruses New technology How to design a powerful V/M Definition of a Computer Virus An executable code That could make copies of itself or attach itself to other executable codes
WORD MacrosMacro Viruses
With the Macro Virus resident in the Global Template, it can now reproduce copies of itself to other documents opened.
When an infected Document is opened in Word, it will copy its macro codes in the Global Template
Excel MacrosMacro Viruses
With the Macro Virus resident every time Excel is opened, it can now infect every sheet opened in Excel
When an infected sheet is opened in Excel, it will create an excel file in the directory \Microsoft Office\Office\XLStart
Infected FileMacro Viruses
Using DFVIEW.EXE to view a Word 2K Document
An infected file will show that it has a MACROS folder
Other locations of macro viruses in Excel
The remaining 5% can be seen in the WORKBOOK Stream
95 % of Excel Viruses can be seen here
INFECTED FILEWindows Viruses
Checking the Registry for possible Virus residence
Thus enabling them to replicate to other mail recipients or web page users
If a mail or a web page has some malicious scripts
These malicious scripts utilizes Scripting Host execution capabilities of Browsers and Mail Systems
Upon receiving an e-mail with script in it, the following message will appear
Clicking Yes will run the Script, which might contain malicious codes. Clicking No will show this message.
Now you can see that the mail has some script in it because of this script icon
Now you can verify the contents of the saved HTM file if it has some malicious codes or notScript Viruses
Script Viruses in E-mails / Web
Two Types of Java Viruses
Hacker message will appearTrojans, Worms & Net Hacking Tools
A computer worm is a self-contained program that is able to spread functional copies of itself to other computer systems.
Trojans are malicious codes that create havoc to files or systems
Net Hacking tools are malicious codes that has the sole purpose of controlling computers remotely and to exploit some backdoors in some systems.
Ordinary executable programs created to make fun of users.
You can only go back to what you are doing after you solve the puzzle
Upon Execution this malware will drop a virus or other malwares.
If the dropped malware is executed, then it can already infect or do some payload
JMP message will appear
65 7a 4e 2a
0x484How to catch a virus(Virus ‘TEST-ABC’)
E9 fd 02 00
01 02 03 04
0xe9 (JMP xx)
0x65, 0x7a, 0x4e, 0x2a
Unite multiple infective tech
Hard to Identify malicious behavior