1 / 7

Viruses

Viruses. A virus is program code that causes some undesirable and unexpected event to happen in a computer. Viruses are usually disguised as something innocent and are designed so that they automatically spread within or between computer systems. Viruses.

hawa
Download Presentation

Viruses

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Viruses • A virus is program code that causes some undesirable and unexpected event to happen in a computer. • Viruses are usually disguised as something innocent and are designed so that they automatically spread within or between computer systems.

  2. Viruses • Viruses can enter a system as an attachment to an e-mail, download from the web, or from on a disk or CD. • Some viruses take effect as soon as their code is executed. • Others can wait until circumstances cause their code to be executed by the computer. • Viruses can be quite harmful and erase data or close down a system.

  3. Virus Types • File Virus • Attached to .exe or .com files or complete program or script attached to e.g. e-mail • Resident in computer ready to cause havoc • Boot Sector Virus • These infect executable code found in boot sector on disks or the master boot record on hard disks. • To infiltrate the boot sector, the virus is read while the system is running and then activated the next time the operating system is loaded. • Macro Code Virus • Macro viruses are fairly common viruses, but tend to do the least damage. Macro viruses infect applications and typically cause a sequence of actions within the application e.g. inserting unwanted words or phrases in a document.

  4. 8 – Supporting Software8.3.1 Virus Code Actions • Viruses use a combination of actions • Replication • Virus attaches itself to any type of file and replicates very quickly. Can replicate many times before activation • Camouflage • Takes on characteristics that detection software looks for. Good anti-virus s/w aware of this and makes more checks (check sum etc.). • Watching • Lies in wait and ambushes when codintion is met e.g. correct date. • Delivery • Used to be floppy disks, now e-mail. Virus waits for trigger to drop its payload.

  5. Other Infections • A worm is a self-replicating virus that does not alter any files but takes up residence in the computer’s active memory and duplicates itself. They only become noticeable once their replication consumes the memory to the extent that the system slows down or is unable to carry out particular tasks. Worms tend to use the parts of the computer’s operating system that is not seen by the user until it is too late. • A Trojan horse is a program where harmful code is contained inside another code which can appear to be harmless. Once the apparently harmless code is in the computer, it releases the malicious code to do its damage.

  6. Anti-Virus Techniques • Checksum • A checksum of key files is recorded. At run time checksum run again – if discrepancy then file could be infected. • Virus Signatures • Signature is unique pattern of bits within a virus. Once it is known anti-virus s/w uses it to identify and remove virus. • Heuristic detection • Approaches problem through past knowledge. Works on probability of file being infected e.g. finds file that checks for date. • Memory Resident Monitoring • Anti-virus s/w stays in memory at start-up and actively monitors the system. Delays in loading and execution of programs.

  7. Virus Information Library • Using a virus information library • Literally thousands of viruses have been detected and catalogued using a Virus Information Library (VIL). One such VIL can be found at: • http://vil.nai.com/vil/ • Using this or another source, find the details of at least one of each type of virus: For each one, make a note of the following: 1. name: 2. type: 3. symptoms: 4. date discovered (find a recent one): 5. medium for infection (e.g. email, website): 6. cure (if any): • file • boot • macro • worm • trojan

More Related