Introduction to Virus,Worms,Trojans & Malwares - NullAhm pre-meet

Transcript

1. By Pranjal Vyas

2. Who Am I ? • Mozillian • Founder of Cyberhex

3. None

4. • “Malicious software” designed to infiltrate a computer without the

   owner's informed consent. • Malware includes: • Computer viruses • Worms • Trojan horses • Backdoors (Method of bypassing normal authentication procedures and usually installed using Trojan horses or worms.) • For profit (Spyware, botnets, keyloggers, ransomware, adware and dialers) Malwares

5. Backdoor or Trapdoor • secret entry point into a program

   • allows those who know access bypassing usual security procedures • have been commonly used by developers • a threat when left in production programs allowing exploited by attackers • very hard to block in OS • requires good s/w development & update
6. None

7. Vital Information Resources Under Seize (Virus) • A computer virus

   is a malicious computer program (executable file) that can copy itself and infect a computer without permission or knowledge of the user. • A virus can only spread from one computer to another by: • Sending it over a network as a file or as an email payload. • Carrying it on a removable medium. • Viruses need USER INTERVENTION to spread … • Some viruses are programmed to damage the computer by damaging programs, deleting files, or reformatting the hard disk. • Others are not designed to do any damage, but simply replicate themselves and perhaps make their presence known by presenting text, video, or audio messages.

8. Terms used in Virus • Infection mechanism: The means by

   which a virus spreads, enabling it to replicate. The mechanism is also referred to as the infection vector. • Trigger: The event or condition that determines when the payload is activated or delivered. • Payload: What the virus does, besides spreading. The payload may involve damage or may involve benign but noticeable activity.

9. Phase of Virus • Dormant phase: The virus is idle.

   The virus will eventually be activated by some event, such as a date, the presence of another program or file, or the capacity of the disk exceeding some limit. Not all viruses have this stage. • Propagation phase: The virus places a copy of itself into other programs or into certain system areas on the disk. The copy may not be identical to the propagating version; viruses often morph to evade detection. Each infected program will now contain a clone of the virus, which will itself enter a propagation phase.

10. Phase of Virus(cont.) • Triggering phase: The virus is activated

    to perform the function for which it was intended. As with the dormant phase, the triggering phase can be caused by a variety of system events, including a count of the number of times that this copy of the virus has made copies of itself. • Execution phase: The function is performed. The function may be harmless, such as a message on the screen, or damaging, such as the destruction of programs and data files.

11. Types of viruses ▪ boot sector virus that infects the

    boot sector of floppy disks or the Master Boot Record (MBR) of hard disks (some infect the boot sector of the hard disk instead of the MBR). ▪ file infector virus that usually infects memory and executable files, Once they are in system they remain for a long time. ▪ macro virus virus that "infects" a Microsoft Word or similar application and causes a sequence of actions to be performed automatically when the application is started or something else triggers it. Macro viruses tend to be surprising but relatively harmless. ▪ encrypted virus virus using encryption to hide itself from virus scanners. That is, the encrypted virus jumbles up its program code to make it difficult to detect. An encrypted virus's code begins with a decryption algorithm and continues with scrambled or encrypted code for the remainder of the virus.

12. Types of viruses(cont.) ▪ stealth virus virus that uses various

    mechanisms to avoid detection by antivirus software ▪ polymorphic virus virus which is able to modify itself and making clone of it ▪ metamorphic virus virus that can transform based on the ability to translate, edit and rewrite its own code. It is considered the most infectious computer virus, and it can do serious damage to a system if it isn't detected quickly.

13. Viruses • alcon • brain • creeper

14. None

15. Worms • replicating program that propagates over net ==>using email,

    remote exec, remote login • has phases like a virus • may disguise itself as a system process • implemented by Xerox Palo Alto labs in 1980’s

16. SQL slammer Worm • In January 2001, the SQL Slammer

    Worm slowed down global Internet traffic as a result of DoS. • The worm exploited a buffer overflow bug in Microsoft's SQL Server.

17. Worms • hybris • dabber • brontok

18. None

19. Trojans • A Trojan is a program that appears, to

    the user, to perform a desirable function but, in fact, facilitates unauthorized access to the user's computer system. • Trojans may appear to be useful or interesting programs, or at the very least harmless to an unsuspecting user, but are actually harmful when executed. • Trojans are not self-replicating which distinguishes them from viruses and worms.

20. Trojans • Code red • Backdoor.acidoor • Adware.arcadewe!gen

21. Thank you vyaspranjal33 vyas_pranjal [email protected] pranjalvyas96