1 / 23

Computer Network Forensics Lecture - Virus

© Joe Cleetus Concurrent Engineering Research Center, Lane Dept of Computer Science and Engineering, WVU. Computer Network Forensics Lecture - Virus. Viruses, Trojan Horses, and Worms: What’s the technical definition of a virus?.

kris
Download Presentation

Computer Network Forensics Lecture - Virus

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. © Joe Cleetus Concurrent Engineering Research Center, Lane Dept of Computer Science and Engineering, WVU Computer Network ForensicsLecture - Virus

  2. Viruses, Trojan Horses, and Worms: What’s the technical definition of a virus? • A computer virus is a program that attaches itself to a file, reproduces itself, and spreads to other files • A virus can perform a trigger event: • corrupt and/or destroy data • display an irritating message • Key characteristic is their ability to “lurk” in a computer for days or months quietly replicating themselves

  3. What’s the technical definition of a virus? • File virus - a virus that attaches itself to an application program • Chernobyl - designed to lurk in computer until April 26 • A boot sector virus infects the system files that your computer uses every time you turn it on • A macro virus infects a set of instructions called a “macro”. • Macro - a miniature program that usually contains legitimate instructions to automate document and worksheet production

  4. How is a Trojan horse different from a virus? • A modern day Trojan horse is a computer program that appears to perform one function while actually doing something else • Not a virus, but may carry a virus • Does not replicate itself • Another type of Trojan horse looks like a log-in screen • PictureNote.Trojan – arrives as e-mail named picture.exe and then tries to steal login and e-mail passwords

  5. What’s a worm? • A software worm is a program designed to enter a computer system through security holes • usually through a network • does not need to be attached to a document to reproduce • “Love Bug” – arrives as e-mail attachment and overwrites most music, graphic, document, spreadsheet and web files on your disks • Denial of Service attacks

  6. How are viruses spread?

  7. How are viruses spread? • Viruses are spread through e-mails as well • Macro viruses are usually found in MS Word and MS Excel files (.doc and .xls) • To keep safe, you can disable macros on files you do not trust

  8. What are the symptoms of a virus? • Your computer displays a vulgar, embarrassing or annoying message • Your computer develops unusual visual or sound effects • You have difficulty saving files: files mysteriously disappear • Your computer reboots suddenly • Your computer works very slowly • Your executable files unaccountably increase in size • Your computer starts sending out lots of e-mail messages on its own

  9. Antivirus Software: What’s antivirus software? • Antivirus software is a set of utility programs that looks for and eradicates a wide spectrum of problems such as viruses, Trojan horses, and worms

  10. How does antivirus software work? • Hackers have created viruses that can insert themselves into unused portions of a program. • To counterattack the work of hackers, antivirus software designers created software with a checksum - a number calculated by combining binary values of all bytes in a file • compares checksum each time you run a program

  11. How does antivirus software work? • Antivirus software also checks for a virus signature – a unique series of bytes used to identify a known virus • Write-protecting a floppy disk will not prevent virus infection because you need to remove write protection each time you save a file to disk Page 189

  12. When should I use antivirus software? • “All the time” • Most antivirus software allows you to specify what to check and when to check it • Norton Antivirus • McAfee Antivirus

  13. How often should I get an update? • New viruses and variations of old viruses are unleashed just about everyday • Check website of antivirus software publisher for periodic updates • Some software updates itself automatically

  14. How reliable is antivirus software? • Antivirus software is pretty reliable, but viruses try to get around detection • Multi-partite viruses • Polymorphic viruses • Stealth viruses • Retro viruses • Antivirus software is not 100% reliable, but protection is worth the risk

  15. How do I recognize a hoax? • Bogus virus e-mail message usually contain a long list of people in the To: and CC: boxes and have been forwarded to a lot of people • List some “authority” • Most recommend reformatting • Fake viruses are often characterized as doing bizarre deeds • You can validate the hoax by going to a reliable website that lists hoaxes and viruses

  16. Virus Hoaxes: What’s a virus hoax? Chapter 4 • Some viruses don’t really exists • A virus hoax arrives as an e-mail message containing dire warnings about a supposedly new virus that is on the loose • Recommends a strategy • Recommends forwarding the email • Says no one has a fix for it yet • Most cases it is a fake

  17. How do I recognize a hoax?

  18. How can I protect myself? • PRACTICE SAFE SURF! • Step One: Purchase a good antivirus program like Norton AntiVirus or McAfee Viruscan.

  19. How can I protect myself? • Step Two: Update your virus definitions once a week! • If you don’t, YOU AREN’T PROTECTED!

  20. How can I protect myself? • Step Three: Never double-click (or launch) ANY file, especially an email attachment, regardless of who the file is from, until you first scan that file with your antivirus program. • How did Melissa, Bubbleboy, and WormExploreZip come to infect so many computers? Simple! People ignored this step.

  21. How can I protect myself? • Step Four: Turn on macro virus protection in Microsoft Word, especially if you don’t know what macros are. • To find out how, go to NetSquirrel.com and look in the Urban Legend Combat Kit.

  22. Questions • What is the: • I Love You Virus? • Sircam? • Code Red II? • How can you protect yourself from it? • What virus is current?

  23. More References • http://www.symantec.com/avcenter/

More Related