SlideShare una empresa de Scribd logo

virus,worms & analysis

Descargar como PPT, PDF
Priyatham Galisetty
Priyatham Galisetty
Educación
1 de 20
Virus & Worms – Virus Analysis
Session Flow • Spyware Overview. • Difference between Virus, Worms & Trojans. • Virus Life Cycle. • Modes of transmission • Methods to Avoid detection • Virus Analysis • Virus Detection
Spyware Overview • • Spyware is a piece of software that gets installed on computer without your consent. It collects your personal information without you being aware of it. • Change how your computer or web browser is configured and bombard you with online advertisements. • Spyware programs are notorious for being difficult to remove on your own and slows down your PC. • A program gets installed in the background while you are doing something else on Internet. • Spyware has fairly widespread because your cable modem or DSL connection is always connected.
Difference Between Virus,Worms & Trojans • Virus is an application that self replicates by injecting its code into other data files.Virus spreads and attempts to consume specific targets (corrupts) and are normally executables. • Worm copies itself over a network. Unlike a computer virus, it does not need to attach itself to an existing program .It consumes bandwidth and increase traffic in a network . • Trojan is a program that once executed performs a task other than expected.
Modes of Transmission • • • • • • • IRC Email Attachments Physical Access Browser & email Software Bugs Advertisements Fake Programs Untrusted Sites & freeware Software
• Your computer can be infected even if files are just copied • Can be a stealth virus • Viruses can carry other viruses • Can make the system never show outward signs • Can stay on the computer even if the computer is formatted.
Phases of virus • Most of the viruses operate in two phases. • Infection Phase – In this phase virus developers decide • • - • • • • • • • When to Infect program Which programs to infect Some viruses infect the computer as soon as virus file installed in computer. Some viruses infect computer at specific date,time or perticular event. Attack Phase - In this phase Virus will Delete files. Replicate itself to another PCs. Corrupt targets only
Virus Indications Following are some of the common indications of Virus when it infects system. Files have strange name than the normal. File extensions can also be changed. Program takes longer time to load than the normal. • Victim will not be able to open some programs. • Programs getting corrupted without any reasons. • • •
Trojans • Trojans – Trojans works on Client/Server model. • Hacker  Server  Victim • Hacker  Client  Victim • • • • Reverse Connection Trojans – Victim will connect to Client’s Computer after Infection phase. Example: Poison – Ivy , Dark comet. Direct Connection Trojans -- Client will connect to server after infection phase. Example: Prorat
Virus Types • Following are some of the common indications of Virus when it infects system. • Macro Virus – Spreads & Infects database files. • File Virus – Infects Executables. • Source Code Virus – Affects & Damage source code. • Network Virus – Spreads via network elements & protocols. • Boot Virus – Infects boot sectors & records. • Terminate & stay resident virus – remains permanently in the memory during the work session even after target host is executed & terminated.
Methods to Avoid Detection • Same “last Modified” Date. • Killing tasks of Antivirus Software • Avoiding Bait files & other undesirable hosts • Making stealth virus • Self Modification on each Infection • Encryption with variable key.
Same “last Modified” Date • Same “last Modified” Date. • In order to avoid detection by users, some viruses employ different kinds of deception. • Some old viruses, especially on the MS-DOS platform, make sure that the "last modified" date of a host file stays the same when the file is infected by the virus. • This approach sometimes fool anti-virus software.
Killing Antivirus Tasks • Some viruses try to avoid detection by killing the tasks associated with antivirus software before it can detect them.
Avoiding Bait files • Bait files (or goat files) are files that are specially created by anti-virus software, or by anti-virus professionals themselves, to be infected by a virus. • Many anti-virus programs perform an integrity check of their own code. • Infecting such programs will therefore increase the likelihood that the virus is detected. • Anti-virus professionals can use bait files to take a sample of a virus
Stealth Request • Some viruses try to trick anti-virus software by intercepting its requests to the operating system. • The virus can then return an uninfected version of the file to the anti-virus software, so that it seems that the file is "clean".
Self Modifications • Some viruses try to trick anti-virus software by modifying themselves on each modifications • As file signatures are modified, Antivirus softwares find it difficult to detect.
Encryption with variable key • Some viruses use simple methods to encipher the code. • The virus is encrypted with different encryption keys on each infections. • The AV cannot scan such files directly using conventional methods.
Virus Analysis • IDA Pro tool: • • • It is dissembler & debugger tool Runs both on Linux & windows Can be used in Source Code Analysis, Vulnerability Research & Reverse Engineering.
Autoruns
THANK YOU

Recomendados

Computer worms viruses and Prevention
Computer worms viruses and PreventionComputer worms viruses and Prevention
Computer worms viruses and Prevention
Pratimesh Pathak
 
Virus worm trojan
Virus worm trojanVirus worm trojan
Virus worm trojan
100701982
 
Virus and worms
Virus and wormsVirus and worms
Virus and worms
Vikas Sharma
 
Virus, Worms And Antivirus
Virus, Worms And AntivirusVirus, Worms And Antivirus
Virus, Worms And Antivirus
Lokesh Kumar N
 
Computer virus
Computer virusComputer virus
Computer virus
Walden University
 
Computer virus
Computer virusComputer virus
Computer virus
Priti Singh
 
Viruses ppt
Viruses pptViruses ppt
Viruses ppt
Kartik Kalpande Patil
 
Introduction to Computer Virus
Introduction to Computer VirusIntroduction to Computer Virus
Introduction to Computer Virus
Imtiaz Ahmed
 

Recomendados

Computer worms viruses and Prevention
Computer worms viruses and PreventionComputer worms viruses and Prevention
Computer worms viruses and Prevention
Pratimesh Pathak
 
Virus worm trojan
Virus worm trojanVirus worm trojan
Virus worm trojan
100701982
 
Virus and worms
Virus and wormsVirus and worms
Virus and worms
Vikas Sharma
 
Virus, Worms And Antivirus
Virus, Worms And AntivirusVirus, Worms And Antivirus
Virus, Worms And Antivirus
Lokesh Kumar N
 
Computer virus
Computer virusComputer virus
Computer virus
Walden University
 
Computer virus
Computer virusComputer virus
Computer virus
Priti Singh
 
Viruses ppt
Viruses pptViruses ppt
Viruses ppt
Kartik Kalpande Patil
 
Introduction to Computer Virus
Introduction to Computer VirusIntroduction to Computer Virus
Introduction to Computer Virus
Imtiaz Ahmed
 
Computer virus
Computer virusComputer virus
Computer virus
Hemn Amin
 
Computer virus
Computer virusComputer virus
Computer virus
Aarya Khanal
 
Computer worm
Computer wormComputer worm
Computer worm
zelkan19
 
COMPUTERS ( types of viruses)
COMPUTERS ( types of viruses)COMPUTERS ( types of viruses)
COMPUTERS ( types of viruses)
Sowjanya Sampathkumar
 
Computer virus
Computer virusComputer virus
Computer virus
hrithikjha
 
Computer viruses and prevention techniques
Computer viruses and prevention techniquesComputer viruses and prevention techniques
Computer viruses and prevention techniques
Prasad Athukorala
 
Viruses, Worms And Trojan Horses
Viruses, Worms And Trojan HorsesViruses, Worms And Trojan Horses
Viruses, Worms And Trojan Horses
Mario Reascos
 
What is a virus and anti virus
What is a virus and anti virusWhat is a virus and anti virus
What is a virus and anti virus
Leonor Costa
 
Virus and Worms
Virus and WormsVirus and Worms
Virus and Worms
DINESH KAMBLE
 
Computer virus
Computer virusComputer virus
Computer virus
Sahib Sethi
 
Virus
VirusVirus
Virus
Mukul Kumar
 
Computer Viruses
Computer VirusesComputer Viruses
Computer Viruses
Annies Minu
 
computer virus
computer viruscomputer virus
computer virus
Kunal Yadav
 
Computer viruses, types and preventions
Computer viruses, types and preventionsComputer viruses, types and preventions
Computer viruses, types and preventions
Prem Kumar Bonam
 
What is a computer virus
What is a computer virusWhat is a computer virus
What is a computer virus
Kriti kohli
 
MALICIOUS SOFTWARE VIRUS WORM TROJAN HORSE ANTI VIRUS
MALICIOUS SOFTWARE VIRUS WORM TROJAN HORSE ANTI VIRUS MALICIOUS SOFTWARE VIRUS WORM TROJAN HORSE ANTI VIRUS
MALICIOUS SOFTWARE VIRUS WORM TROJAN HORSE ANTI VIRUS
sohail awan
 
Computer virus and anti virus presentation
Computer virus and anti virus presentationComputer virus and anti virus presentation
Computer virus and anti virus presentation
Sardar Kaukaz
 
Computer virus
Computer virusComputer virus
Computer virus
karniksingh
 
Computer virus
Computer virusComputer virus
Computer virus
Shubham Kafle
 
Computer virus
Computer virusComputer virus
Computer virus
Kaushik Vemani Venkata
 
Internet Security
Internet SecurityInternet Security
Internet Security
Manoj Sahu
 
Virus & Worms(20120628)
Virus & Worms(20120628)Virus & Worms(20120628)
Virus & Worms(20120628)
Tejas Kolge
 

Más contenido relacionado

La actualidad más candente

Computer virus
Computer virusComputer virus
Computer virus
Hemn Amin
 
Computer worm
Computer wormComputer worm
Computer worm
zelkan19
 
Viruses, Worms And Trojan Horses
Viruses, Worms And Trojan HorsesViruses, Worms And Trojan Horses
Viruses, Worms And Trojan Horses
Mario Reascos
 

La actualidad más candente (20)

Computer virus
Computer virusComputer virus
Computer virus
 
Computer virus
Computer virusComputer virus
Computer virus
 
Computer worm
Computer wormComputer worm
Computer worm
 
COMPUTERS ( types of viruses)
COMPUTERS ( types of viruses)COMPUTERS ( types of viruses)
COMPUTERS ( types of viruses)
 
Computer virus
Computer virusComputer virus
Computer virus
 
Computer viruses and prevention techniques
Computer viruses and prevention techniquesComputer viruses and prevention techniques
Computer viruses and prevention techniques
 
Viruses, Worms And Trojan Horses
Viruses, Worms And Trojan HorsesViruses, Worms And Trojan Horses
Viruses, Worms And Trojan Horses
 
What is a virus and anti virus
What is a virus and anti virusWhat is a virus and anti virus
What is a virus and anti virus
 
Virus and Worms
Virus and WormsVirus and Worms
Virus and Worms
 
Computer virus
Computer virusComputer virus
Computer virus
 
Virus
VirusVirus
Virus
 
Computer Viruses
Computer VirusesComputer Viruses
Computer Viruses
 
computer virus
computer viruscomputer virus
computer virus
 
Computer viruses, types and preventions
Computer viruses, types and preventionsComputer viruses, types and preventions
Computer viruses, types and preventions
 
What is a computer virus
What is a computer virusWhat is a computer virus
What is a computer virus
 
MALICIOUS SOFTWARE VIRUS WORM TROJAN HORSE ANTI VIRUS
MALICIOUS SOFTWARE VIRUS WORM TROJAN HORSE ANTI VIRUS MALICIOUS SOFTWARE VIRUS WORM TROJAN HORSE ANTI VIRUS
MALICIOUS SOFTWARE VIRUS WORM TROJAN HORSE ANTI VIRUS
 
Computer virus and anti virus presentation
Computer virus and anti virus presentationComputer virus and anti virus presentation
Computer virus and anti virus presentation
 
Computer virus
Computer virusComputer virus
Computer virus
 
Computer virus
Computer virusComputer virus
Computer virus
 
Computer virus
Computer virusComputer virus
Computer virus
 

Destacado

Internet Security
Internet SecurityInternet Security
Internet Security
Manoj Sahu
 
VIRUSES AND ANTI-VIRUSES
VIRUSES AND ANTI-VIRUSESVIRUSES AND ANTI-VIRUSES
VIRUSES AND ANTI-VIRUSES
HARSORA_SEJAL
 
Internet Security Threat Report 2014 :: Volume 19 Appendices - The hardcore n...
Internet Security Threat Report 2014 :: Volume 19 Appendices - The hardcore n...Internet Security Threat Report 2014 :: Volume 19 Appendices - The hardcore n...
Internet Security Threat Report 2014 :: Volume 19 Appendices - The hardcore n...
Symantec
 

Destacado (20)

Internet Security
Internet SecurityInternet Security
Internet Security
 
Virus & Worms(20120628)
Virus & Worms(20120628)Virus & Worms(20120628)
Virus & Worms(20120628)
 
Viruses
VirusesViruses
Viruses
 
Virus and worms analysis
Virus and worms analysisVirus and worms analysis
Virus and worms analysis
 
Computer viruses
Computer virusesComputer viruses
Computer viruses
 
VIRUSES AND ANTI-VIRUSES
VIRUSES AND ANTI-VIRUSESVIRUSES AND ANTI-VIRUSES
VIRUSES AND ANTI-VIRUSES
 
Ceh v5 module 16 virus and worms
Ceh v5 module 16 virus and wormsCeh v5 module 16 virus and worms
Ceh v5 module 16 virus and worms
 
Internet Security Threat Report 2014 :: Volume 19 Appendices - The hardcore n...
Internet Security Threat Report 2014 :: Volume 19 Appendices - The hardcore n...Internet Security Threat Report 2014 :: Volume 19 Appendices - The hardcore n...
Internet Security Threat Report 2014 :: Volume 19 Appendices - The hardcore n...
 
Outpost Network Security Suite 3.0
Outpost Network Security Suite 3.0Outpost Network Security Suite 3.0
Outpost Network Security Suite 3.0
 
Annual security report cisco 2016 persian revision
Annual security report cisco 2016 persian revisionAnnual security report cisco 2016 persian revision
Annual security report cisco 2016 persian revision
 
Ce hv6 module 63 botnets
Ce hv6 module 63 botnetsCe hv6 module 63 botnets
Ce hv6 module 63 botnets
 
Ceh v8 labs module 07 viruses and worms
Ceh v8 labs module 07 viruses and wormsCeh v8 labs module 07 viruses and worms
Ceh v8 labs module 07 viruses and worms
 
Cisco 2016 Security Report
Cisco 2016 Security Report Cisco 2016 Security Report
Cisco 2016 Security Report
 
Virus ,Worms and steganography
Virus ,Worms and steganographyVirus ,Worms and steganography
Virus ,Worms and steganography
 
Ce hv6 module 62 case studies
Ce hv6 module 62 case studiesCe hv6 module 62 case studies
Ce hv6 module 62 case studies
 
Lecture11 syntax analysis_7
Lecture11 syntax analysis_7Lecture11 syntax analysis_7
Lecture11 syntax analysis_7
 
Ceh v5 module 00 student introduction
Ceh v5 module 00 student introductionCeh v5 module 00 student introduction
Ceh v5 module 00 student introduction
 
2016 Symantec Internet Security Threat Report
2016 Symantec Internet Security Threat Report2016 Symantec Internet Security Threat Report
2016 Symantec Internet Security Threat Report
 
Types of attacks and threads
Types of attacks and threadsTypes of attacks and threads
Types of attacks and threads
 
Ceh v5 module 01 introduction to ethical hacking
Ceh v5 module 01 introduction to ethical hackingCeh v5 module 01 introduction to ethical hacking
Ceh v5 module 01 introduction to ethical hacking
 

Similar a virus,worms & analysis

Rajul computer presentation
Rajul computer presentationRajul computer presentation
Rajul computer presentation
Neetu Jain
 

Similar a virus,worms & analysis (20)

Virus and its CounterMeasures -- Pruthvi Monarch
Virus and its CounterMeasures -- Pruthvi Monarch Virus and its CounterMeasures -- Pruthvi Monarch
Virus and its CounterMeasures -- Pruthvi Monarch
 
6unit1 virus and their types
6unit1 virus and their types6unit1 virus and their types
6unit1 virus and their types
 
Computer Virus
Computer VirusComputer Virus
Computer Virus
 
Malicious software and software security
Malicious software and software securityMalicious software and software security
Malicious software and software security
 
Virus and Worms
Virus and WormsVirus and Worms
Virus and Worms
 
Kinds of Viruses
Kinds of VirusesKinds of Viruses
Kinds of Viruses
 
Virus and malware presentation
Virus and malware presentationVirus and malware presentation
Virus and malware presentation
 
anti_virus
anti_virusanti_virus
anti_virus
 
Virus and Anti Virus - Types of Virus and Anti Virus
Virus and Anti Virus - Types of Virus and Anti VirusVirus and Anti Virus - Types of Virus and Anti Virus
Virus and Anti Virus - Types of Virus and Anti Virus
 
Virussss.pdf
Virussss.pdfVirussss.pdf
Virussss.pdf
 
Malicious
MaliciousMalicious
Malicious
 
Introduction to Virus,Worms,Trojans & Malwares - NullAhm pre-meet
Introduction to Virus,Worms,Trojans & Malwares - NullAhm pre-meet Introduction to Virus,Worms,Trojans & Malwares - NullAhm pre-meet
Introduction to Virus,Worms,Trojans & Malwares - NullAhm pre-meet
 
Virus vs worms vs trojans
Virus vs worms vs trojansVirus vs worms vs trojans
Virus vs worms vs trojans
 
Botnets Attacks.pptx
Botnets Attacks.pptxBotnets Attacks.pptx
Botnets Attacks.pptx
 
How do antivirus works
How do antivirus worksHow do antivirus works
How do antivirus works
 
Anti Virus Software
Anti Virus SoftwareAnti Virus Software
Anti Virus Software
 
Isys20261 lecture 05
Isys20261 lecture 05Isys20261 lecture 05
Isys20261 lecture 05
 
Rajul computer presentation
Rajul computer presentationRajul computer presentation
Rajul computer presentation
 
Computer virus & its cure
Computer virus & its cure Computer virus & its cure
Computer virus & its cure
 
ANTIVIRUS AND VIRUS Powerpoint presentation
ANTIVIRUS AND VIRUS Powerpoint presentationANTIVIRUS AND VIRUS Powerpoint presentation
ANTIVIRUS AND VIRUS Powerpoint presentation
 

Último

The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
heathfieldcps1
 
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
ZurliaSoop
 

Último (20)

How to Add New Custom Addons Path in Odoo 17
How to Add New Custom Addons Path in Odoo 17How to Add New Custom Addons Path in Odoo 17
How to Add New Custom Addons Path in Odoo 17
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
 
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17
 
Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)
 
Towards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptxTowards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptx
 
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
 
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
 
ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docx
 
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdfUnit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdf
 
Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024
 
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfUGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
 
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptx
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptxOn_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptx
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptx
 
How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 
FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024
 
REMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptxREMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptx
 

virus,worms & analysis

  • 1. Virus & Worms – Virus Analysis
  • 2. Session Flow • Spyware Overview. • Difference between Virus, Worms & Trojans. • Virus Life Cycle. • Modes of transmission • Methods to Avoid detection • Virus Analysis • Virus Detection
  • 3. Spyware Overview • • Spyware is a piece of software that gets installed on computer without your consent. It collects your personal information without you being aware of it. • Change how your computer or web browser is configured and bombard you with online advertisements. • Spyware programs are notorious for being difficult to remove on your own and slows down your PC. • A program gets installed in the background while you are doing something else on Internet. • Spyware has fairly widespread because your cable modem or DSL connection is always connected.
  • 4. Difference Between Virus,Worms & Trojans • Virus is an application that self replicates by injecting its code into other data files.Virus spreads and attempts to consume specific targets (corrupts) and are normally executables. • Worm copies itself over a network. Unlike a computer virus, it does not need to attach itself to an existing program .It consumes bandwidth and increase traffic in a network . • Trojan is a program that once executed performs a task other than expected.
  • 5. Modes of Transmission • • • • • • • IRC Email Attachments Physical Access Browser & email Software Bugs Advertisements Fake Programs Untrusted Sites & freeware Software
  • 6. • Your computer can be infected even if files are just copied • Can be a stealth virus • Viruses can carry other viruses • Can make the system never show outward signs • Can stay on the computer even if the computer is formatted.
  • 7. Phases of virus • Most of the viruses operate in two phases. • Infection Phase – In this phase virus developers decide • • - • • • • • • • When to Infect program Which programs to infect Some viruses infect the computer as soon as virus file installed in computer. Some viruses infect computer at specific date,time or perticular event. Attack Phase - In this phase Virus will Delete files. Replicate itself to another PCs. Corrupt targets only
  • 8. Virus Indications Following are some of the common indications of Virus when it infects system. Files have strange name than the normal. File extensions can also be changed. Program takes longer time to load than the normal. • Victim will not be able to open some programs. • Programs getting corrupted without any reasons. • • •
  • 9. Trojans • Trojans – Trojans works on Client/Server model. • Hacker  Server  Victim • Hacker  Client  Victim • • • • Reverse Connection Trojans – Victim will connect to Client’s Computer after Infection phase. Example: Poison – Ivy , Dark comet. Direct Connection Trojans -- Client will connect to server after infection phase. Example: Prorat
  • 10. Virus Types • Following are some of the common indications of Virus when it infects system. • Macro Virus – Spreads & Infects database files. • File Virus – Infects Executables. • Source Code Virus – Affects & Damage source code. • Network Virus – Spreads via network elements & protocols. • Boot Virus – Infects boot sectors & records. • Terminate & stay resident virus – remains permanently in the memory during the work session even after target host is executed & terminated.
  • 11. Methods to Avoid Detection • Same “last Modified” Date. • Killing tasks of Antivirus Software • Avoiding Bait files & other undesirable hosts • Making stealth virus • Self Modification on each Infection • Encryption with variable key.
  • 12. Same “last Modified” Date • Same “last Modified” Date. • In order to avoid detection by users, some viruses employ different kinds of deception. • Some old viruses, especially on the MS-DOS platform, make sure that the "last modified" date of a host file stays the same when the file is infected by the virus. • This approach sometimes fool anti-virus software.
  • 13. Killing Antivirus Tasks • Some viruses try to avoid detection by killing the tasks associated with antivirus software before it can detect them.
  • 14. Avoiding Bait files • Bait files (or goat files) are files that are specially created by anti-virus software, or by anti-virus professionals themselves, to be infected by a virus. • Many anti-virus programs perform an integrity check of their own code. • Infecting such programs will therefore increase the likelihood that the virus is detected. • Anti-virus professionals can use bait files to take a sample of a virus
  • 15. Stealth Request • Some viruses try to trick anti-virus software by intercepting its requests to the operating system. • The virus can then return an uninfected version of the file to the anti-virus software, so that it seems that the file is "clean".
  • 16. Self Modifications • Some viruses try to trick anti-virus software by modifying themselves on each modifications • As file signatures are modified, Antivirus softwares find it difficult to detect.
  • 17. Encryption with variable key • Some viruses use simple methods to encipher the code. • The virus is encrypted with different encryption keys on each infections. • The AV cannot scan such files directly using conventional methods.
  • 18. Virus Analysis • IDA Pro tool: • • • It is dissembler & debugger tool Runs both on Linux & windows Can be used in Source Code Analysis, Vulnerability Research & Reverse Engineering.