1 / 98

Viruses - the Digital War

Viruses - the Digital War. Northern New York Library Network Workshop Jim Crowley C3 - Crowley Computer Consulting 9148 State Highway 37 Ogdensburg NY 13669 315-394-7008 fax 315-394-7009 www.crowleycomputers.com jim@crowleycomputers.com. Experience.

rashad
Download Presentation

Viruses - the Digital War

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Viruses - the Digital War Northern New York Library NetworkWorkshopJim CrowleyC3 - Crowley Computer Consulting9148 State Highway 37Ogdensburg NY 13669315-394-7008fax 315-394-7009www.crowleycomputers.comjim@crowleycomputers.com

  2. Experience • At C3, all “in shop” computer work is preceded by a virus scan, almost regardless of PCs virus fighting measures. • You and I are prejudiced to the tools we use. Be sure to double check that your loyalties are well placed. I love Symantec.

  3. Virus • What: a program or piece of code that is loaded onto your computer (without your knowledge and against your wishes), that (generally) replicates itself and (generally) delivers a payload. All computer viruses are manmade and intentional.

  4. Viruses Reality and Myth

  5. Virus – True or False • Computer viruses happen naturally. FALSE

  6. Virus – True or False • My new computer has an antivirus program. I’m covered. FALSE

  7. Virus – True or False • I still use dial up for Internet access. I won’t get a virus FALSE

  8. Virus – True or False • I have a firewall, I don’t need virus protection FALSE

  9. Virus – True or False • I only use web based email, I can’t get a virus. FALSE

  10. Virus – True or False • I don’t use email, I can’t get a virus. FALSE

  11. Virus – True or False • My ISP virus scans my email for me. I don’t need an anti-virus program. FALSE

  12. Virus – True or False • I only read email from people I know. I won’t get a virus. FALSE

  13. Virus – True or False • Emailed viruses can only be “released” by opening an attachment. FALSE

  14. Virus – True or False • If your PC if infected, your computer cannot email viruses unless you open your email program. FALSE

  15. Virus – True or False • Including a fake e-mail address in your address book will prevent your PC from spreading computer viruses. FALSE

  16. Virus – True or False • My company filters viruses at the gateway/router/firewall. We don’t need virus protection on workstations. FALSE

  17. Virus – True or False • My company has virus protection on the server(s). We don’t need virus protection on the workstations. FALSE

  18. Virus – True or False • I got an email from xyz.mailserver.com telling me infected! Oh no! I’m infected! FALSE

  19. Virus – True or False A VIRUS could be in your computer files now, dormant but will become active on June 1. Try not to USE your Computer on June 1st. FOLLOW DIRECTIONS BELOW TO CHECK IF YOU HAVE IT AND TO REMOVE IT NOW. No Virus software can detect it. It will become active on June 1, 2001. It might be too late by then. It wipes out all files and folders on the hard drive. This virus travels thru E-mail and migrates to the 'C:\windows\command' folder. To find it and get rid of it off of your computer, do the following. Go to the "START" button. • Go to "FIND" or "SEARCH“ • Go to "FILES & FOLDERS“ • Make sure the find box is searching the "C:" drive. • Type in: SULFNBK.EXE • Begin search. FALSE

  20. Virus – True or False • A free immunity tool will protect your PC from the Klez.E virus. FALSE

  21. Virus – True or False • Companies that write anti-virus programs hire virus authors. FALSE

  22. Virus – True or False • My _________ is pretty computer savvy and says… Who cares. Do you take stock tips from them, too?

  23. Virus • Who: typical author is young, smart and male • Why: looking to fight the status quo, promote anarchy, make noise or simply show off to their peers. There is no financial gain to writing viruses.

  24. Virus structure • Replication: viruses must propagate themselves • Payload: the malicious activity a virus performs when triggered. • Payload trigger: the date or counter or circumstances present when a virus payload goes off.

  25. Payload examples • Nothing - just being annoying • Displaying messages • Launching DDoS attack • Erasing files randomly, by type or usage • Formatting hard drive • Overwrite mainboard BIOS

  26. Trigger examples • Date • Internet access • # emails sent

  27. How do anti-virus programs work? • File fingerprinting • Active scanning • Heuristics

  28. Virus • a program or piece of code that is loaded onto your computer (without your knowledge and against your wishes), that (generally) replicates itself and (generally) delivers a payload. All computer viruses are manmade.

  29. Boot sector virus • infects the first sector of a hard drive or disk. The first sector contains the MBR or master boot record.

  30. File infector virus • attaches itself to a file on the computer and is executed when that application is opened.

  31. Multipartite • combines properties of boot sector and file infector viruses.

  32. Memory resident • virus that sits continuously in memory to do its work, often making it more difficult to clean. Most viruses now are memory resident.

  33. Polymorphic virus • a virus that alters its signature or footprint, to avoid detection.

  34. Stealth virus • a virus that actively hides from anti-virus programs by altering it’s state or hiding copies of itself or replacing needed files.

  35. Trojan • technically not a virus, a destructive program that masquerades as a benign application. • Generally, trojans do not replicate.

  36. Macro virus • virus written using script or macro languages such as Microsoft Office’s VBA, executes when a document containing the virus is opened.

  37. Worm • virus replicates itself over a network (or the Internet).

  38. Affected systems • viruses tend to be written for a particular platform or operating system. • DOS • Windows versions or version specific • Macintosh • Unix • Other OS • Palm • Pocket PC • Cell phone

  39. DDoS • “distributed denial of service” creates an attack on a server by sending massive requests for information or sending massive floods of email to the computer to simply overload it. d.

  40. Dropper • the application that carries a trojan virus

  41. Hoax • there are many hoaxes out there!

  42. False positive • anti-virus application incorrectly reports the presence of a virus due to a file containing a string of characters matching an actual virus or an application performing virus like activities such as formatting drives, changing system files, or executing Office macros.

  43. Social engineering • using a variety of manipulative techniques—together known as social engineering—that exploit a human being's natural desire to trust and help others, or to gain something for nothing, hackers can learn user names, passwords, and other information that allows them to penetrate networks—even those secured with the most advanced technology.

  44. Unprotected computer • a computer with • no anti-virus application • an inadequate anti-virus application • an out-of-date anti-virus application • out-of-date virus definitions due to • Expired subscription • Inadequate Internet access

  45. Virus signature • code pattern that makes up the core of a virus. • Virus definitions contain patterns used to search for these signatures.

  46. Virus History

  47. Platform and operating systems • Virus infection by operating system (OS) corresponds to popularity. It’s no fun writing the greatest virus in the world, if no one gets to experience it. • Frequency of new viruses appearing is increasing due to increasing number of connected people.

  48. Resources - Recommended • Anti-virus vendors • Symantec Antivirus Research Center www.sarc.com • McAfee Virus Information us.mcafee.com/virusInfo/default.asp • Trend Micro Security Information www.trendmicro.com/vinfo/

  49. Resources – Recommended • “Full time” virus / security web sites • CERT www.cert.org • Professional, computer media • PC Magazine www.pcmag.com/category2/0,1738,4796,00.asp

  50. Resources – Recommended • Anti-virus application testing • AV-Test.org www.av-test.org/index.php3?lang=en • ICA Labs www.icsalabs.com/html/communities/antivirus/index.shtml • Virus Bulletin www.virusbtn.com/vb100/about/index.xml

More Related