1 / 34

Computer Virus and Anti-virus

Computer Virus and Anti-virus. Professor Dr. Suraiya Pervin Dept of Computer Science & Engineering University of Dhaka. What is a Computer Virus?. A kind of software programs produced by unknown people and harmful to the computers Some varieties of these software are the

lhilton
Download Presentation

Computer Virus and Anti-virus

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Computer Virus and Anti-virus Professor Dr. Suraiya Pervin Dept of Computer Science & Engineering University of Dhaka

  2. What is a Computer Virus? • A kind of software programs • produced by unknown people and harmful to the computers • Some varieties of these software are the • Viruses, Worms and Trojan horses • The term “Virus" is often used in common • to describe all kinds of malware (malicious software)

  3. Virus and Worm 􀂍Virus: a segment of executable code or script that implants itself into an executable file and spreads systematically from one file to another. This systematic process of self-replication differentiates viruses from other virus-like computer infections such as Trojan horse programs and worms. Worm: worms replicate themselves. However, instead of spreading from file to file they spread from computer to computer, infecting an entire system.

  4. Trojan Horse 􀂍A Trojan horse program comes with a hidden surprise intended by the programmer but unexpected by the user. Trojan horses are often designed to cause damage or do something malicious to a system, but are disguised as something useful. Unlike viruses, Trojan horses don't make copies of themselves. Like viruses, they can cause significant damage to a computer.

  5. Types of viruses macro viruses which active within standard applications such as Microsoft Word and Excel e-mail viruses which are the most commonly distributed viruses and can infect systems without user intervention HTML viruses which cause infection while users visit certain Internet pages file viruses which are normally attached to files transferred by disc, CD, file transfer or are attached as files to e-mails morphing viruses which are able to modify their form to avoid detection. They can even change the method by which they cause damage stealth viruses which are able to hide themselves by separating their component parts or by scrambling (encrypting) their codes.

  6. Famous Computer Viruses • Morris worm • Exploited a known vulnerability • Mistake in programming caused it to spread faster than intended • Effect was a denial of service, affecting a large portion of the Internet • Michelangelo virus • First computer virus to make national news • First to really make the general public aware of viruses • Because it had little effect, the public did not take computer viruses seriously

  7. Virus & Worm Symptoms • Strange behavior such as • Computer is slow • Hard disk is suddenly full • Unable to run or install certain software like anti-virus or firewall • A sudden increase in network traffic (network connection lights are constantly blinking) • Documents have been deleted • Computer will not start

  8. Virus & Worm Symptoms • Sometimes display unwanted messages • Some tend to destroy programs or data • Clog computer memory and hence sometimes result in system crashes • Format hard disks, Damage programs, Delete files • Simply replicate themselves • Presents text, video, or audio messages making the user know their presence

  9. Virus spreading methods • A viruses can copy itself and infect a computer without permission or knowledge of the user • Attaches itself to other software programs or data files • Spreads from computer to computer when the host is taken to the uninfected computer • over a network such as over the Internet or carrying it on a removable medium - a floppy disk, CD, or USB drive

  10. Virus spreading methods • Many viruses are existed in the Internet today and new ones are discovered every day. • spread via downloaded software and data files, and email attachments, etc • Some old viruses are installed themselves into the disk boot sector • runs when the user boot the computer from the disk

  11. Virus spreading methods • Some viruses spread through instant messaging • A virus, in an infected machine, may send a web-address-link as a message to other contacting machines • Thinking the link is from a friend (a trusted source), the recipient may sometimes follow the link to the websit.

  12. How Viruses are borne • Unlike biological viruses, computer viruses do not simply evolve by themselves • deliberately created by programmers, or by people who use virus creation software • Some virus writers • consider their creations to be works of art • See virus writing as a creative hobby

  13. How Viruses are borne • Viruses are written as • research projects, pranks, vandalism, • to attack the products of specific companies, • to distribute political messages, • and financial gain from identity theft, Releasing computer viruses is a crime in most jurisdictions

  14. Viruses can avoid detection • To avoid detection by users, viruses employ different deception methods • They do not make themselves to • change the date of last modified • increase file sizes • damage the files • They kill the tasks associated with antivirus software before it can detect them

  15. Antivirus Strategy • Knowledge– Understanding how viruses will help identify some bad computing habits that would otherwise increase your susceptibility to virus attack Antivirus software – Programs such as McAfee and Norton are very popular Backup– Make clean copies of your precious data and files. (The Midnight virus, once removed leaves your files encrypted) Macro Protection – Turn on Macro Virus Protection in all Microsoft applications…..

  16. Antivirus Strategy

  17. Macro Viruses • Macro viruses are the most common virus today Unlike executable viruses, macro viruses cannot infect any file Microsoft Word documents & Excel spreadsheets The reason is the convenient macro languages that automatically perform tasks with little to no user input Once an infected file is opened, the virus copies itself into the global template used to store global macros

  18. How Antivirus software works? • Detect using a list of virus signature definitions • comparing the files stored on fixed or removable drives (hard drives, floppy drives), against a database of known virus "signatures". • Use a heuristic algorithm to find viruses based on common behaviors • Examin the content heuristics of the computer's memory (its RAM, and boot sectors)

  19. How Antivirus software works? • Some anti-virus programs gives you a real time protection • Examin files as they are being opened, downloaded, copied, accessed, and transmitted etc • They need regular updates • in order to gain knowledge about the latest threats

  20. Damage prevention & data recovering • Take regular backups (including OS) on different media, unconnected to the system (most of the time) • Use backups on optical media like CD and DVD (read-only), as they can no longer be affected by viruses. How to prevent damages caused by viruses?

  21. Keep your computer Virus free • Install reliable anti-virus software • the most important step you can take towards keeping your computer clean of viruses • Update your anti-virus software regularly • variations of viruses and new ones can be slipped if your software is not current. Over 200 viruses are discovered each month, so you'll want to be protected.

  22. Keep your computer Virus free Get immediate protection • Configure your anti-virus software to boot automatically on start-up and run at all times • Don't automatically open attachments • ensure that you examine and scan email and other attachments before they run as they might contain viruses • Scan all incoming email attachments • Do not open any email attached files if the subject line is questionable, unexpected or the source (address) is unknown, suspicious or untrustworthy

  23. Keep your computer Virus free • Delete chain emails and junk email • Do not forward or reply to any of them, they clogs up the network • Some viruses can replicate themselves and spread through email as a chain • Be careful when downloading files from the Internet • Ensure that the source is a legitimate and reputable one • save all downloads to one folder and test them with your own anti-virus software before use

  24. Keep your computer Virus free • Always scan new files for viruses before you use them • Backup your files on a regular basis • If your computer is on a network, make sure you have security steps in place to prevent unauthorized users putting files on your computer

  25. Keep your computer Virus free • Take care using USB flash cards, CDs, zip and floppy disks • The more computers flash cards, CDs, zip cards and floppies have been used on, the better the chance of a virus infecting them – clean them before use

  26. The following file types should never be opened: .EXE .PIF .BAT .VBS .COM Examples of risky file types

  27. Recovery Process Follow these initial steps to start the recovery process. Step 1: Tell everyone who needs to know If the virus is spread through e-mail, tell everyone who has an e-mail account on the infected system about it as quickly as you can. If there is a specific file attachment that contains the malicious virus programmed, name it and threaten anyone who opens it thereafter with drastic action. There are many methods of letting people know about the problem such as: -- putting up warning posters at all entrances and exits to company offices. -- sending out SMS messages to staff mobile phones. These methods are especially useful if the initial attack has happened overnight, as users may open the malicious e-mail before they have seen any warning sent by e-mail.

  28. Recovery Process Step 2: Eradicate the virus • You can often download free fixes and patches from the Internet. Make sure your software is up-to date before starting the eradication process and keep the following points in mind: • When attempting to remove a virus always ensure that your virus scanner is updated using the latest pattern files. Failure to do so may result in damage to your data. • Close all applications and disconnect affected computers from all networks. You should also disconnect any modems or external connections. • Use your virus defense software to scan all hard discs on the affected computers and files. Examine any resulting report carefully. • Never reconnect affected machines until they are confirmed to be 100% virus-free.

  29. Recovery Process • Scan any external storage devices that may have been in contact with the affected machines. • Tell anyone that you think may have been infected and advise them of the necessary steps to take to remove the virus. • Make use of your virus defense software supplier. They can supply direct services to assist you and help to make sure your own actions are appropriate. Step 3: Organize a clean-up operation • Plan a systematic sweep of all affected machines; sometimes you have to clean every machine, even if it has not displayed any signs of infection. • Contain the spread of the virus by quarantining and disconnect infected machines or systems from the rest of the network.

  30. Recovery Process • If the entire system seems to be infected you may need to disconnect it from any external networks in order to contain the virus. • Once you are sure the infected systems are quarantined, you need to use the following virus recovery steps: 1. The system administrator should check virus bulletin services from the virus defense software vendors as they often post quick fixes or interim notices. When the relevant anti-virus fix becomes available, roll it out to all system machines and install it on disconnected machines.

  31. Recovery Process 2. If there are no mentions of the virus from any of the virus alert mailing companies it is best practice to send a copy of the virus to your anti-virus vendor. Then if your company was the first to be infected the anti-virus vendor can start work on the fix. 3. Once the fix has been implemented, ensure the virus has not spread to the main servers. Run the anti-virus scanner against each of the servers sequentially, fixing any infected files and ensuring they are clean. This method should systematically clean the entire network of the virus as well as minimizing the possibility of infecting the entire system. Although swift implementation of the quarantine method will still result in the temporary loss of a small part of the network but it save the whole system.

  32. Recovery Process Step 4: Make sure there are no re-infections Ensure that everyone knows what to do and what not to do. Keep emergency security measures in place until: • the clean-up is complete • additional patches are in place to prevent infection. The system administrator should ensure the business has the latest virus definitions and software patches implemented system-wide. He or she should also install these manually on the infected computers, in an attempt to clean the virus from those machines.

  33. Recovery Process Step 5: Manage outgoing e-mail traffic during the crisis Use whatever facilities you have to prevent malicious programmes being exported through e-mail. You may even consider closing down the outgoing e-mail service.

  34. Summary • Most virus infections can be prevented by knowledge and common sense. • Make sure you and your staff know the basic rules and treat suspicious files and e-mails appropriately. • Develop a strategy which anticipates virus threats. This should include software, reporting, recovery and communication. • Install virus defense software and keep it up-to-date. Remember that it has to be managed. It will become less effective if ignored. • Keep your Internet browser up-to-date. • Have a recovery plan and keep lists of relevant telephone numbers, especially your software vendor’s. • If you suffer an infection, tell anyone whom you may have infected. Otherwise there could be substantial adverse PR should they subsequently be affected.

More Related