Computer Viruses
Goals:
• Attributes of a virus
• An example of a virus
• Attributes of a worm
• Examples of worms
• The Conficker and Stuxnet worms
Computer Virus
Computer virus is a small software program
that is designed to spread from one computer to another and to hold up with computer
operation. A true virus is capable of self
replication on a machine. Virus may spread between files or disks
OR
A computer virus is a malicious piece of
Typical hosts for computer
viruses are:
Executable files (such as the ‘.exe’ files
in Windows machines) that may be sent
around as email attachments
– Boot sectors of disk partitions
– Script files for system administration
(such as the batch files in Windows
machines, shell script files in Unix, etc.)
– Documents that are allowed to contain
macros (such as Microsoft Word
Brain virus
(known as first Computer
Virus):
Brain affects the IBM PC
computer by replacing the
boot sector
of a
floppy disk
with a
copy of the virus. The real boot
sector is moved to another sector
and marked as bad. Infected
disks usually have five
kilobytes
S
ign of Virus Attack
1. Computer runs slower than usual 2. Computer no longer boots up
3. CD/DVD drive opening and closing by itself 4. Screen sometimes flicker
5. Speaker beeps periodically 6. System crashes for no reason
7. Files/directories sometimes disappear 8. Denial of Service (DoS)
9. Numerous pop-ups 10.Hard Drive filling up
Worm
The main difference between a virus and
a worm is that a worm does not need a
host document. In other words, a worm
does not need to attach itself to another
program. In that sense, a worm is
self-contained.
Just a nasty little program to cause
slowness in a network. A worm will
replicate itself and spread from computer
to computer. Worms are commonly
Worm
On its own, a worm is able to send copies of itself to other machines over a network.
A worm is a small piece of software that uses computer networks and security holes to
replicate itself. A copy of the worm scans the network for another machine that has a
specific security hole. It copies itself to the new machine using the security hole, and then starts replicating from there, as well. Worms use computer time and network
bandwidth when they replicate. A worm called Code Red made huge headlines in
2001. Experts predicted that this worm could clog the Internet so effectively that things
Difference Between Virus & Worm
Therefore, whereas a worm can harm a
network and consume network
bandwidth, the damage caused by a
virus is mostly local machine.
But note that a lot of people use the
terms ‘virus’ and ‘worm’ synonymously.
That is particularly the case with the
vendors of anti-virus software. A
commercial anti-virus program is
THE CONFICKER WORM
The conficker worm has infected a
large number of machines around
the world, only not in the intensive
manner people thought it was going
to.
The worm infects only the Windows
machines.
More commonly, though, the worm
THE CONFICKER WORM
• The Conficker worm is no longer a single
worm. Since it was first discovered in October 2008, the worm has been made increasingly more potent by its creators, with each version more potent than the previous. The different versions of the worm are are labeled
Conficker.A, Conficker.B, Conficker.C, and Conficker.D.
On the basis of the research carried out by the
SRI team, as described in the publications cited above, we know that the worm infection
spreads by exploiting a vulnerability in the
THE CONFICKER WORM
Therefore, let’s first talk about the
file svchost.exe. This file is
fundamental to the functioning of
the Windows platform. The job of
the always-running process that
executes the svchost.exe file is to
facilitate the execution of the
dynamically-linkable libraries
(DLLs) that the different
Types of the Viruses
Trojan Horse:
A program written to deliver a
malicious program that may then
cause destruction to your computer.
A Trojan horse is delivered by
someone or hidden within another
program that may seem harmless.
Requires Windows to work
Once infected, runs in the
Types of the Viruses
Spyware A program written to monitor your actions
on a computer. A common type of
spyware is a key-logger program. This program can record every key stroke and mouse click you make. Spyware can be delivered via a Trojan horse program. Some spyware is not meant to be
malicious, such as tracking cookies. A
tracking cookie tracks your internet usage and sends the information back to its
Types of the Viruses
Adware
Adware is a form of malware.
One word - pop-ups. Adware is
designed to pop up
Types of the Viruses
Boot Sector Virus
Not so common anymore, but they
were nasty little programs that got
loaded into your master boot record.
Most commonly spread by floppy
disks. These viruses could then
launch themselves before your
operating system even loaded.
Types of the Viruses
Time Bomb
A virus written to execute at a
later date or upon an action
Types of the Viruses
Browser Hijacker
A virus that will over take your web
browser and automatically redirect you to
another website.
File Infector Virus
A virus that lives within a file, typically
a .exe file. When the file is executed, it
will then run its nasty code.
Polymorphic Virus
A virus written to change itself in order to
Types of the Viruses
Macro Virus
A virus that hides itself inside of
macros used by programs such as
Microsoft Excel.
Web Scripting Virus
A virus that hides within a website.
How to get rid from
Viruses
Use the Linux OS like Ubuntu.
Don't click double on the file or folder. Just
give the path of it
Vaccines or Antivirus software is a computer
program that detects, prevents, and takes
action to disarm or remove malicious software programs, such as viruses and worms. New
viruses, worms, and other threats are created by cyber terrorists and discovered every day. So updating antivirus software is periodically mandatory. List of some top Anti Virus
