University of Colombo

Consumes resources (i.e. Processor + Memory) of your PC at an extraordinary (abnormal) higher rate (while do nothing useful) causing Drop performance Remove / Block access to important files

Delete
Logically Physically

Hide
Make them System Files (attrib +h +s)

Access Deny
3

What a virus can do further Spying Copy / Download your important / secret files without your permission
Hacking

Switch on / off computer at unexpected time

Remote Log

Restart (without allowing you to save documents)

4

A computer virus is a computer program that can replicate itself and spread from one computer to another via Removable device
CD / DVD ROM USB Thumb drives Memory Cards External Hard Disk

Network
Wired Wireless
Bluetooth Wi-Fi GPRS (W@P)

Internet
Any Internet Connection i.e. Broadband / Modem
5

The first theory of computer viruses (although the term "computer virus" was not used at that time) John von Neumann (1949)

The actual term "virus" was first used to denote a self-reproducing program in a short story by David Gerrold in Galaxymagazine in 1969 - and later in his 1972 novel, When HARLIE Was One. In that novel, a sentient computer named HARLIE writes viral software to retrieve damaging personal information from other computers to blackmail the man who wants to turn him off.
7

The Terminal Man, a science fiction novel by Michael Crichton (1972), told (as a sideline story) of a computer with telephone modem dialing capability, which had been programmed to randomly dial phone numbers until it hit a modem that is answered by another computer. It then attempted to program the answering computer with its own program, so that the second computer would also begin dialing random numbers, in search of yet another computer to program. The program is assumed to spread exponentially through susceptible computers.

In order to replicate itself, Attach themselves to executable files that may be part of legitimate programs. If a user attempts to launch an infected program, Sorry ! (the virus' code may be executed simultaneously)

Nonresident viruses
Immediately search for other hosts that can be infected, infect those targets, and finally transfer control to the application program they infected

Resident viruses
Do not search for hosts when they are started Instead, loads itself into memory on execution and transfers control to the host program
10

Malware Computer Worms Trojan horses Rootkits Spyware Bootsector Virus Memory Resident Polymorphic Logic / Time Bombs Dishonest Adware and Other malicious or unwanted software
11

Malware, short for malicious software, is software (or script or code) designed to disrupt computer operation, gather sensitive information, or gain unauthorized access to computer systems

12

A computer worm is a selfreplicating malware computer program, which uses a computer network to send copies of itself to other nodes (computers on the network) and it may do so without any user intervention This is due to security shortcomings on the target computer

13

A Trojan horse, or Trojan, is software that is intended to perform, simultaneously, a desirable (expected) effect and a covert (unexpected) effect Trojan horses can make copies of themselves, steal information, or harm the computer system
The term is derived from the Trojan Horse story in Greek mythology

Some of the most popular trojan horses are

Netbus Subseven Y3K RAT

14

A rootkit is a stealthy type of malicious software (malware) designed to hide the existence of certain processes or programs from normal methods of detection and enables continued privileged access to a computer. The term rootkit is a concatenation of "root"(the traditional name of the privileged account on Unix operating systems) and the word "kit" (which refers to the software components that implement the tool)

15

A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met. For example, a programmer may hide a piece of code that starts deleting files (such as a database trigger)
A time bomb is a piece of code intentionally inserted into a software system that will set off a malicious function after a specified time
16

A macro virus is a virus that is written in a macro language: that is to say, a language built into a software application such as a word processor. Since some applications (notably, but not exclusively, the parts of Microsoft Office) allow macro programs to be embedded in documents, so that the programs may be run automatically when the document is opened, this provides a distinct mechanism by which viruses can be spread. This is why it may be dangerous to open unexpected attachments in e-mails. Modern antivirus software detects macro viruses as well as other type
17

Adware, or advertising-supported software, is any software package which automatically plays, displays, or downloads advertisements to a computer These advertisements can be in the form of a pop-ups

18

Temporary / Permanently Disable AutoPlay Never Double Click & Open Devices i.e. Pen Drives / Suspicious (Infected) Drives (Hard Disk) & Folders
Use Navigation Pane instead Right Click Open Options are NOT safe !

Do not Click / Double Click or navigate into suspicious files Use Setups from Trusted resources only Use Strong Anti-Virus Software

Pointless if you dont update them at least every other day! (Recommended Daily Update) Update ?
19

Go to Contro Panel

20

Select AutoPlay

21

Uncheck Use AutoPlay for all media and devices

22

23

24

Wanna See a Virus ? First Disable AutoPlay Connect the Suspicious Device to Computer (That infected from malicious) But Still You Cant Open ! (Remember Never Double Click) Enable View System Files (See Next Slide)

25

Open ANY Folder (OR Folder Options from the Control Panel)

26

A Message Box will appear. Select YES

27

Now, Using the Navigation Pane, Open the device

Actual Virus Autorun File

Icon of Virus can be different Description i.e. File Folder also can differ

28

Actually not a virus ! but a supportive Here are the instructions written
How to and where to install the virus on computer

It is OK to double click and open. No harm at all!

What are the things can be determined ?

The actual Virus (usbdur.exe) contains in sysusb

Targeted System file to be infected is SHELL32.dll, located on%SystemRoot%\system32\SHELL32.dll

%SystemRoot% is the hard-disk partition where the Operating System is installed i.e. C:\
29

Smaller in Size (Most Probably less than 1024 KB) Changes the standard icons for devices

Not Infected

Infected
30

Delete Permanently Move to vault a place where collected viruses are kept under restricted execution Disinfect (Detach the virus from original file)

Update virus definition (Train themselves) Send info to parent company (To study them and create anti-virus)
31

Free
Microsoft Security Essentials Avira AntiVir

Non-Free
Avast AVG Symentec Norton Kaspersky Bit-Defender
32

There is a database / knowledgebase about almost all viruses up to date of last update in all strong virus guards A virus guard can detect a virus only if it is known to the knowledgebase (of virus guard software)
At least similar patterns (behavior) should follow

That means if a new virus (not similar to a known) comes and tries to infect, which is unknown to the virus guard, the virus guard cannot protect the computer from it further Therefore, updating a virus guard is nothing but Enriching the knowledgebase about new viruses with virus definition (files) enabling the virus guard to detect them as viruses
33

If you cant see your important files and folders (suddenly missing) and seems deleted, dont worry! Because most probably (if the compiler of the virus is aware of ethical hacking / computer ethics) they are not actually deleted, but hidden ! Even in case of a physical (permanent) deletion, you still can recover!!

34

Anatomy of HDD

35

Anatomy of HDD

36

Recover ? Can you believe this story ?

Whatever you delete (not only logically even physically with Shift + Del) are actually not deleted on your hard disk Only path (where its is located on HDD) is made unknown to the file management system of the operating system When you store new files on your HDD, those files are replaced by new files If you sure you didnt do so, the recovery software can perform their task!
37

38

sunethpathirana@hotmail.com (+94) 77 567 5 416

39