Ethical Hacking and
Countermeasures
Version 6
Mod le IX
Mod
u
le IX
Viruses and Worms
News
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Source: http://www.foxnews.com
Scenario
Ricky, a software professional with a
reputed organization received a mail
reputed organization
,
received a mail
which seemed to have come from some
charitable organization. The mail was
havin
g
a .
pp
t attachment with name
gpp
“demo of our charity work”. Just
before leaving for his home he
downloaded and played the attached
presentation. The presentation
Top ten virus of 2005
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Top ten virus of 2005
• Virus incident response
Module Flow
Virus
Characteristics and
T f i
S
y
m
p
toms of Virus attack
T
ypes
o
f
v
i
rus
yp
Access methods of virus Indications of Virus Attack Virus Hoaxes
Life cycle of virus Virus Infection
Writing a sample Virus code
Virus Detection and Defenses
Anti
-
co
d
es
Operates without the knowledge or desire of the computer user
Operates without the knowledge or desire of the computer user
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Virus History
Year of
Discover
y
Virus Name
y
1981 Apple II Virus- First Virus in the wild
1983
First Documented Virus
d
1986 Brain, PC-Write Trojan, & Vir
d
em
1989
AIDS Trojan
1995
Ct
1995
C
oncep
ona
l
v
i
rus
b
y
t
es
• It uses stealth algorithms to redirect disk data
Working of Virus
Trigger events and direct attack are the common modes which cause a virus to “go off” on a
target system
Most viruses operate in two phases:
If ti Ph
• Virus developers decide when to infect the host system’s programs
• Some infect each time they are run and executed completely
• Ex: Direct Viruses
I
n
f
ec
ti
on
Ph
ase:
• Some virus codes infect only when users trigger them which include a
day, time, or a particular event
• Ex: TSR viruses which get loaded into memory and infect at later
stages
Start of
Program
Start of
Program
End of ProgramEnd of
Program
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Virus Jump
Working of Virus: Attack Phase
Slowdown of PC due to Fragmented Files
Page: 3
Page: 2
Page: 1
Page: 3
Page: 2
Page: 1
Unfragmented File Before Attack
File: A File: B
Page:
3
Page:
2
Page:
1
Page:
File: A
P
age:
2
File: B
P
age:
3
File: A
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Source: www.microsoft.com
Why People Create Computer
Viruses
Viruses
V
irus writers can have various reasons for creatin
g
and
g
spreading malware
•
Research projects
Viruses have been written as:
•
Research projects
•Pranks
•Vandalism
• To attack the products of specific companies
Symptoms of Virus-Like Attack
If the system acts in an unprecedented manner, you can suspect a virus attack
• Example: Processes take more resources and are time consuming
However, not all glitches can be attributed to virus attacks
•Examples include:
Cti hd bl
•
C
er
t
a
i
n
h
ar
d
ware
pro
bl
ems
• If computer beeps with no display
• If one out of two anti-virus programs report virus on the system
• If the label of the hard drive change
•
You
r
co
m
pute
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
•Microso
f
t Internet Exp
l
orer "
f
reezes"
• Your friends mention that they have received messages from you but you never sent such messages
Virus Hoaxes
Hoaxes are false alarms claimin
g
re
p
orts about a non-existin
g
gp
g
v
irus
Warnin
g
messa
g
es
p
ro
p
Virus Hoaxes (cont’d)
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Chain Letters
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Worms
Worms are distinguished from viruses by the fact that a virus requires some
f f th h i t ti t i f t t h d t
f
orm
o
f th
e
h
uman
i
n
t
erven
ti
on
t
o
i
n
f
and worms
A worm is a special type of virus that can
replicate itself and use memory, but cannot
h i lf h
attac
h i
tse
lf
to
ot
h
er
programs
A
worm spreads through the infected network
automatically but a virus does not
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Indications of Virus Attack
I di ti f i tt k
• Programs take longer to load than normal
Computer's hard drive constantly runs out of free space
I
n
di
ca
ti
•
Syste
m
gets
w
o
rn-
out ove
r
a pe
ri
od o
f
t
im
e
Syste gets o
out ove a pe od o t e
Equipment Incompatibilities:
• These occur due to improperly installed devices
Typos:
• Data gets corrupted due to deletion or replacement of wrong files
Accidental or Malicious Damage:
Accidental or Malicious Damage:
• Data gets deleted or changed accidentally or intentionally by other person
Problems with Magnets:
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
• Magnetic fields due to floppy disk, monitor, and telephone can damage stored data
l
acemen
t
o
f d
a
t
a
i
n
a
program
Software Attacks:
• Intentionally launched malicious programs enable the attacker to use the computer in
an unauthorized manner
• General Categories:
•
Viruses and worms
•
Viruses and worms
•Logic bombs
•Trojans
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Virus Damage
Virus damage can be grouped broadly under:
• The technicalities involved in the modeling and use of virus causes damage due to:
• Loads itself into memory and checks for
executables on the disk
• Appends the malicious code to a legitimate
b k t t th
program
un
b
e
k
nowns
t t
o
th
e
user
• Since the user is unaware of the replacement,
he/she launches the infected program
•
As a result of the infected program being executes,
As a result of the infected program being executes,
other programs get infected as well
• The above cycle continues until the user realizes
the anomaly within the system
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Stages of Virus Life
us creat
i
ng
awareness among user groups
T f Vi
T
ypes
o
f Vi
ruses
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Copyright: Tài liệu đại học ©