© Joe Cleetus
Download
1 / 23

- PowerPoint PPT Presentation


  • 195 Views
  • Uploaded on

© Joe Cleetus Concurrent Engineering Research Center, Lane Dept of Computer Science and Engineering, WVU. Computer Network Forensics Lecture - Virus. Viruses, Trojan Horses, and Worms: What’s the technical definition of a virus?.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about '' - kris


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Slide1 l.jpg

© Joe Cleetus

Concurrent Engineering Research Center,

Lane Dept of Computer Science and Engineering, WVU

Computer Network ForensicsLecture - Virus


Slide2 l.jpg

Viruses, Trojan Horses, and Worms: What’s the technical definition of a virus?

  • A computer virus is a program that attaches itself to a file, reproduces itself, and spreads to other files

  • A virus can perform a trigger event:

    • corrupt and/or destroy data

    • display an irritating message

  • Key characteristic is their ability to “lurk” in a computer for days or months quietly replicating themselves


Slide3 l.jpg

What’s the technical definition of a virus? definition of a virus?

  • File virus - a virus that attaches itself to an application program

    • Chernobyl - designed to lurk in computer until April 26

  • A boot sector virus infects the system files that your computer uses every time you turn it on

    • A macro virus infects a set of instructions called a “macro”.

    • Macro - a miniature program that usually contains legitimate instructions to automate document and worksheet production


Slide4 l.jpg

How is a Trojan horse different from a virus? definition of a virus?

  • A modern day Trojan horse is a computer program that appears to perform one function while actually doing something else

    • Not a virus, but may carry a virus

    • Does not replicate itself

  • Another type of Trojan horse looks like a log-in screen

  • PictureNote.Trojan – arrives as e-mail named picture.exe and then tries to steal login and e-mail passwords


Slide5 l.jpg

What’s a worm? definition of a virus?

  • A software worm is a program designed to enter a computer system through security holes

    • usually through a network

    • does not need to be attached to a document to reproduce

  • “Love Bug” – arrives as e-mail attachment and overwrites most music, graphic, document, spreadsheet and web files on your disks

  • Denial of Service attacks


Slide6 l.jpg

How are viruses spread? definition of a virus?


Slide7 l.jpg

How are viruses spread? definition of a virus?

  • Viruses are spread through e-mails as well

  • Macro viruses are usually found in MS Word and MS Excel files (.doc and .xls)

  • To keep safe, you can disable macros on files you do not trust


Slide8 l.jpg

What are the symptoms of a virus? definition of a virus?

  • Your computer displays a vulgar, embarrassing or annoying message

  • Your computer develops unusual visual or sound effects

  • You have difficulty saving files: files mysteriously disappear

  • Your computer reboots suddenly

  • Your computer works very slowly

  • Your executable files unaccountably increase in size

  • Your computer starts sending out lots of e-mail messages on its own


Slide9 l.jpg

Antivirus Software: What’s antivirus software? definition of a virus?

  • Antivirus software is a set of utility programs that looks for and eradicates a wide spectrum of problems such as viruses, Trojan horses, and worms


Slide10 l.jpg

How does antivirus software work? definition of a virus?

  • Hackers have created viruses that can insert themselves into unused portions of a program.

  • To counterattack the work of hackers, antivirus software designers created software with a checksum - a number calculated by combining binary values of all bytes in a file

    • compares checksum each time you run a program


Slide11 l.jpg

How does antivirus software work? definition of a virus?

  • Antivirus software also checks for a virus signature – a unique series of bytes used to identify a known virus

  • Write-protecting a floppy disk will not prevent virus infection because you need to remove write protection each time you save a file to disk

Page 189


Slide12 l.jpg

When should I use antivirus software? definition of a virus?

  • “All the time”

  • Most antivirus software allows you to specify what to check and when to check it

  • Norton Antivirus

  • McAfee Antivirus


Slide13 l.jpg

How often should I get an update? definition of a virus?

  • New viruses and variations of old viruses are unleashed just about everyday

  • Check website of antivirus software publisher for periodic updates

  • Some software updates itself automatically


Slide14 l.jpg

How reliable is antivirus software? definition of a virus?

  • Antivirus software is pretty reliable, but viruses try to get around detection

    • Multi-partite viruses

    • Polymorphic viruses

    • Stealth viruses

    • Retro viruses

  • Antivirus software is not 100% reliable, but protection is worth the risk


Slide15 l.jpg

How do I recognize a hoax? definition of a virus?

  • Bogus virus e-mail message usually contain a long list of people in the To: and CC: boxes and have been forwarded to a lot of people

  • List some “authority”

  • Most recommend reformatting

  • Fake viruses are often characterized as doing bizarre deeds

  • You can validate the hoax by going to a reliable website that lists hoaxes and viruses


Slide16 l.jpg

Virus Hoaxes: What’s a virus hoax? definition of a virus?

Chapter

4

  • Some viruses don’t really exists

  • A virus hoax arrives as an e-mail message containing dire warnings about a supposedly new virus that is on the loose

    • Recommends a strategy

    • Recommends forwarding the email

    • Says no one has a fix for it yet

  • Most cases it is a fake


Slide17 l.jpg

How do I recognize a hoax? definition of a virus?


How can i protect myself l.jpg
How can I protect myself? definition of a virus?

  • PRACTICE SAFE SURF!

  • Step One: Purchase a good antivirus program like Norton AntiVirus or McAfee Viruscan.


How can i protect myself19 l.jpg
How can I protect myself? definition of a virus?

  • Step Two: Update your virus definitions once a week!

  • If you don’t,

    YOU AREN’T PROTECTED!


How can i protect myself20 l.jpg
How can I protect myself? definition of a virus?

  • Step Three: Never double-click (or launch) ANY file, especially an email attachment, regardless of who the file is from, until you first scan that file with your antivirus program.

  • How did Melissa, Bubbleboy, and WormExploreZip come to infect so many computers? Simple! People ignored this step.


How can i protect myself21 l.jpg
How can I protect myself? definition of a virus?

  • Step Four: Turn on macro virus protection in Microsoft Word, especially if you don’t know what macros are.

  • To find out how, go to NetSquirrel.com and look in the Urban Legend Combat Kit.


Questions l.jpg
Questions definition of a virus?

  • What is the:

    • I Love You Virus?

    • Sircam?

    • Code Red II?

  • How can you protect yourself from it?

  • What virus is current?


More references l.jpg
More References definition of a virus?

  • http://www.symantec.com/avcenter/


ad