5/4/12

Most Recent Attacks Virus, Worms & Trojans

Click to edit Master subtitle style

BY

INDEX
v

5/4/12

VIRUS
What Is Computer Virus? History Of Computer Virus. Background Virus Through The Internet. Symptoms Of Virus Attack. Typical Things That Computer Viruses Do. Prevention of Virus.

WORMS
What Is Worms? History Of Worms. Anatomy of Worms. Types Of Worms. Harmful Effects Of Worms. Prevention of Worms

TROJANS
What Are Trojans? Types Of Trojans. What Trojans Can Do. Detection Of Trojans. Prevention of Trojans

v COUNTER-MEASURE

OF TROJAN,VIRUS,WORMS v DIFFERENCE BETWEEN VIRUS,WORMS & TROJANS

5/4/12

VIRUS

A computer virus is a computer program that can copy itself and infect a computer. term "virus" is also commonly used to refer to other types of malware, adware and spyware. can increase their chances of spreading to other computers by infecting files on a network file system or a file system that is accessed by another computer. its running, it spreads by inserting copies of itself into other executable code or documents

The

Viruses

Once

The History of Computer Viruses

5/4/12

1981 Apple Viruses 1, 2, & 3 1980s Fred Cohen 1987 Lehigh Virus 1988 The first anti virus software 1990 The first polymorphic viruses 1991 Symantec releases Norton Anti Virus 1992 The Michelangelo Virus 1994 Kaos4 virus spreads via adult websites. 1996 The Concept virus

5/4/12

1999 The Melissa Virus 2000 The I Love You Virus 2001 The Code Red Worm 2003 The Slammer Worm. 2004 MyDoom

5/4/12

Background
There Over First

are estimated 30,000 computer viruses in existence

300 new ones are created each month virus was created to show loopholes in software

Virus through the Internet

Today almost 87% of all viruses are spread through the internet (source: ZDNet) Transmission time to a new host is relatively low, on the order of hours to days Latent virus

5/4/12

Symptoms of Virus Attack

Computer

runs slower then usual

Computer no longer boots up Screen sometimes flicker PC speaker beeps periodically System crashes for no reason Files/directories sometimes disappear Denial of Service (DOS)

Typical things that some current Personal Computer (PC) viruses do

Display Erase

5/4/12

a message. data on a hard disk

files erratic screen behavior viruses do nothing obvious at all except spread!

Scramble Cause Halt

the PC

Many

PREVENTION OF VIRUS
Most antivirus are capable of detecting and removal of major virus. Get the latest Anti-Virus Software. As prevention is concern use of any detection tool is preferred e.g. adware, spyware. Not to open any unknown source downloads. To prevent attacks. Even after using these precautions, if the virus creeps into your system, it can be detected in various ways apart from using a virus scanner for it. Always keep backup of your data/programs Keep floppies Write-protected (especially if they are bootable.)

5/4/12

5/4/12

WORMS
The

actual term "worm"' was first used in John Brunners 1975 novel, The Shockwave Rider. worm is a self-replicating malware computer program, which uses a computer network to send copies of itself to other nodes and it may do so without any user intervention. a computer virus, it does not need to attach itself to an existing program. Worms almost always cause at least some harm to the network, even if only by consuming bandwidth, whereas viruses almost always corrupt or modify files on a targeted computer.

A computer

Unlike

5/4/12

History of Worms
The first worm to attract wide attention, the Morris worm, was written by Robert Tappan Morris, who at the time was a graduate student at Cornell University. It was released on November 2, 1988
Morris

himself was convicted under the US Computer Crime and Abuse Act and received three years probation, community service and a fine in excess of $10,000.

5/4/12

Anatomy of Worms

Attack Mechanism Payload New target selection

5/4/12

TYPES OF WORMS

Conficker Worm Email and Instant Message Worms Internet Worms (Morris Worm) IRC Worms File-Sharing Network Worms Slapper Worm

5/4/12

Harmful Effects of Worms

A worm

uses a compromised system to spread through email, file sharing networks, instant messenger, online chats and unprotected network shares. files, corrupts installed applications and damages the entire system. or discloses sensitive personal information, Valuable documents, passwords, etc. worm installs a backdoor or drops other dangerous parasite. speed & System performance.

Infects Steals The

Connection

5/4/12

TROJANS
A Trojan The

horse or Trojan, is a destructive program that masquerades as an application. Trojan Horse, at first glance will appear to be useful software but will actually do damage once installed or run on your computer. are also known to create a backdoor on your computer that gives malicious users access to your system. viruses and worms, Trojans do not reproduce by infecting other files nor do they self-replicate. well known Trojans:Net-bus,Girl friend, Back orrifice ,Flooder, Vundo Trojan etc.

Trojans

Unlike Some

PREVENTION OF WORMS
A personal firewall should be run on any system that is not behind a corporate firewall. This should be done on any computer that connects to the internet.

5/4/12

Patching your system with updates to fix the vulnerabilities.

Patching is the act of downloading updates to the vulnerable operating system or application and applying the update to the program.

sometimes the worm can infect the system before the anti-virus software can detect it.

5/4/12

Types of Trojans
1) 2) 3) 4) 5) 6) 7) 8) 9)

Remote access Trojans Password sending Trojans Keyloggers Destructive Denial of service(DOS) Attack Trojans Mail-Bomb Trojans Proxy-Wingate Trojans FTP Trojans Software Detection Trojans

5/4/12

What Trojans can do?

q

Use of the machine as part of a Botnet (e.g. to perform automated spamming or to distribute Denial-of-service.) Uninstallation of software, including thirdparty router drivers. Downloading or uploading of files on the network hdd. Watching the users screen. Spreading other malware? Such as viruses. In this case? The Trojan horse is called a

q q

5/4/12

What Trojans can do?

q q

Modification or deletion of files. Data theft(e.g. retrieving username or postal code information) Erasing or overwriting data on a computer. Encrypting files in a crypto viral extortion attack. Crashing the computer. Corrupting files in a subtle way. Setting up networks of zombie computers in order to launch Dodos attacks or send spam.

q q q q q

5/4/12

What Trojans can do?

q

Spying on the user of a computer and covertly reporting data like browsing habits to other people. Logging keystrokes to stealing formation such as passwords and credit card numbers (also known as a key logger) Phish for bank or other account details? Which can be used for criminal activities. Installing a backdoor on a computer system

5/4/12

Detection of Trojans
a) b) c) d)

Suspicious open ports: Monitoring outgoing traffic: Detection tools: Start up files:

5/4/12

PREVENTION OF TROJAN

One of most important difference between Trojan and his friends is that it does not replicate. Thus limit the destruction. Anti-virus can detect and safely deleted the Trojan.

COUNTER-MEASURE OF

5/4/12

TROJAN,VIRUS,WORMS
Virus -Virus detection/disinfection software

Trojan -Sandboxing - Code reviews

Worms -Sandboxing -Quick patching: fix holes, stop worm

Difference Between Virus,Worms & Trojans

VIRUS
Definition

5/4/12

WORMS

TROJANS

Acomputer A computer ATrojan, is WORM is a self- software that virus contained attaches appears to program (or set perform a itself it of programs), travels to a that is able to desirable programor spread function for file the user prior functional enabling it to copies of itself to run or spread from or its segments install, but to other one steals computer to computer information or systems (usually harms the another, via network leaving system connections). infections

TYPES

VIRUS

WORMS

TROJANS
1.Remote Access Trojans 2.Data Sending Trojans 3.Destructive Trojans 4.Proxy Trojans 5.FTP Trojans 6.security software disabler Trojans 7.DoS Trojans

5/4/12

1.Trojan Horse 1. host 2.Worm computer 3.Macro worms & 2.network worms.

What they do?

VIRUS

WORMS

TROJANS

5/4/12

virus may exist the worm cause serious on your consumes too damage by computer but it much system deleting files actually cannot memory(or and destroying infect your network information on computer unlessbandwidth), your system. you run or open causing Web the malicious servers, program network servers and individual computers to stop responding

EXISTENCE

NOT NOT INDEPENDENT INDEPENDENT

INDEPENDENT

5/4/12

SELF.Avirusattaches REPLICATION itselfto,and

VIRUS

WORMS

TROJANS
Unlike virus and worms Trojans do not reproduce by infecting other files nor do they self-replicate.

awormisself containedanddoes becomespartof, notneedtobepart anotherexecutable ofanotherprogram program topropagateitself.

Propagation

VIRUS

WORMS

TROJANS
. Trojans are also known to create a backdooron your computer that gives malicious users access to your system, possibly allowing confidential or personal information to be compromised

5/4/12

virus does not Worms have a propagate and propagation infect other vector. i.e., it computers. will only effect one host and does not propagate to other hosts.

5/4/12

EXAMPLES Melissa

VIRUS

WORMS TROJANS
Nimda, Code Red I Love You

5/4/12

Bibliography

Virushttp:// en.wikipedia.org/wiki/Computer_virus Trojan http:// en.wikipedia.org/wiki/Trojan_horse Wormhttp://en.wikipedia.org/wiki/Computer_w orm Trojan Horses http://www.mpsmits.com/highlights/trojan_horses

5/4/12

THANK
YOU