Escolar Documentos
Profissional Documentos
Cultura Documentos
CSE-3
A12405215129
Introduction
Computer virus have become todays
headline news
With the increasing use of the Internet, it
has become easier for virus to spread
Virus show us loopholes in software
Most virus are targeted at the MS Windows
OS
What is a computer
virus?
A computer virus is a malicious program that
spreads from computer to computer.
Background
There are estimated 30,000 computer
viruses in existence
Over 300 new ones are created each
month
First virus was created to show loopholes
in software
Malware
The most general name for a malicious
web
By downloading a program that claims to be
a game or cool picture
Others?
Virus Languages
ANSI COBOL
C/C++
Pascal
VBA
Unix Shell Scripts
JavaScript
Basically any language that works on the
Trojan Horse
Covert
Leaks information
Usually does not reproduce
Trojan Horse
Back Orifice
Discovery Date:
10/15/1998
Origin:
Pro-hacker Website
Length:
124,928
Type:
Trojan
Low
Trojan Horse
About Back Orifice
requires Windows to work
distributed by Cult of the Dead Cow
similar to PC Anywhere, Carbon Copy software
allows remote access and control of other computers
install a reference in the registry
once infected, runs in the background
by default uses UDP port 54320
Trojan Horse
Features of Back Orifice
pings and query servers
reboot or lock up the system
list cached and screen saver password
display system information
logs keystrokes
edit registry
server control
receive and send files
display a message box
Worms
Spread over network connection
Worms replicate
First worm released on the Internet was
Worms
Bubbleboy
Discovery Date:11/8/1999
Origin:
Argentina (?)
Length:
4992
Type:
Worm/Macro
SubType: VbScript
Risk Assessment:
Low
Category: Stealth/Companion
Worms
Bubbleboy
requires WSL (windows scripting language),
Worms
How Bubbleboy works
Bubbleboy is embedded within an email
up directory
upon reboot Bubbleboy executes
Worms
How Bubbleboy works
changes the registered owner/organization
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr
entVersion\RegisteredOwner = Bubble Boy
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr
entVersion\RegisteredOrganization = Vandalay Industry
using the Outlook MAPI address book it sends
HKEY_LOCAL_MACHINE\Software\Outlook.bubbleboy =
OUTLOOK.Bubbleboy1.0 by Zulu
Macro
Specific to certain applications
Comprise a high percentage of the viruses
Usually made in WordBasic and Visual
Macro
Melissa
Discovery Date: 3/26/1999
Origin:
Newsgroup Posting
Length:
Type:
Macro/Worm
Subtype:
Macro
Companion
Macro
Melissa
requires WSL, Outlook or Outlook Express Word
Macro
How Melissa works
the virus is activated through a MS word document
document displays reference to pornographic
HKEY_LOCAL_MACHINE\Software\Microsoft\Office\Melissa =
by Kwyjibo
Macro
How Melissa works
infects the Normal.dot template file with its
own code
Lastly if the minutes of the hour match up to
the date the macro inserts a quote by Bart
Simpson into the current document
Protection/Prevention
Knowledge
Proper configurations
Run only necessary programs
Anti-virus software