sushant seminar(main)
TRANSCRIPT
8/8/2019 Sushant Seminar(MAIN)
http://slidepdf.com/reader/full/sushant-seminarmain 1/47
Late. Laxmanraoji Information Technology
& Management College, Manik Nagar,
Nanded (MH)
2009-2010
VIRUS ATTACK ON
COMPUTER &
MOBILES
Pimple Sushant S.
8/8/2019 Sushant Seminar(MAIN)
http://slidepdf.com/reader/full/sushant-seminarmain 2/47
VIRUS ATTACK ON COMPUTER & MOBILES
1. INTRODUCTION
In the mid-eighties, so legend has it, theAmjad brothers of Pakistan ran a computer store.
Frustrated by computer piracy, they wrote the firstcomputer virus, a boot sector virus called Brain. Fromthose simple beginnings, an entire counter-cultureindustry of virus creation and distribution emerged,leaving us today with several tens of thousands of viruses. In just over a decade, most of us have beenfamiliar with the term computer virus.
A large portion of modern computing lifeis to secure the information that we are creating andprocessing. There are many aspects of informationsecurity, ranging from physical access to ensuring thatthe information has not been changed in any way.One of the most high-profile threats to informationintegrity is the computer virus. Surprisingly, PC viruseshave been around for two-thirds of the IBM PC’s
lifetime, appearing in 1986. With global computing onthe rise, computer viruses have had more visibility inthe past two years.
Despite our awareness of computer viruses, how manyof us can define what one is, or how it infectscomputers? This seminar aims to demystify the basicsof computer viruses, summarizing what they are, howthey attack and what we can do to protect ourselves
against them.
Do viruses and all the other nastiest in cyberspacematter? Do they really do much harm? Imagine thatno one has updated your anti-virus software for a fewmonths. When they do, you find that your accountsspreadsheets are infected with a new virus thatchanges figures at random. Naturally you keep
backups. But you might have been backing upinfected files for months. How do you know which
Page 2
8/8/2019 Sushant Seminar(MAIN)
http://slidepdf.com/reader/full/sushant-seminarmain 3/47
VIRUS ATTACK ON COMPUTER & MOBILES
figures to trust? Now imagine that a new email virushas been released. Your company is receiving somany emails that you decide to shut down your emailgateway altogether and miss an urgent order from abig customer. Imagine that a friend emails you somefiles he found on the Internet. You open them andtrigger a virus that mails confidential documents toeveryone in your address book including yourcompetitors. Finally, imagine that you accidentallysend another company, a report that carries a virus.Will they feel safe to do business with you again?
Today new viruses sweep the planet in hours and virusscares are major news.
A computer virus is a computer programthat can spread across computers and networks bymaking copies of itself, usually without the user’sknowledge. Viruses can have harmful side effects.
These can range from displaying irritating messages todeleting all the files on your computer.
A virus program has to be run before itcan infect your computer. Viruses have ways of makingsure that this happens. They can attach themselves toother programs or hide in code that is runautomatically when you open certain types of files. Thevirus can copy itself to other files or disks and makechanges on your computer. Virus side effects, often
called the payload, are the aspect of most interest tousers. Password-protecting the documents on aparticular day, mailing information about the user andmachine to an address somewhere are some of theharmful side effects of viruses. Various kinds of virusesinclude macro virus, parasitic or file virus, Boot virus,
E-mails are the biggest source of viruses.
Usually they come as attachments with emails. The
Internet caused the spreading of viruses around the
Page 3
8/8/2019 Sushant Seminar(MAIN)
http://slidepdf.com/reader/full/sushant-seminarmain 4/47
VIRUS ATTACK ON COMPUTER & MOBILES
globe. The threat level depends on the particular code
used in the WebPages and the security measures taken
by service providers and by you. One solution to prevent
the viruses is anti-virus software. Anti-virus software candetect viruses, prevent access to infected files and often
eliminate the infection.
Computer viruses are starting to affect
mobile phones too. The virus is rare and is unlikely to
cause much damage. Anti-virus experts expect that as
mobile phones become more sophisticated they will be
targeted by virus writers. Some firms are already
working on anti-virus software for mobile phones.
VBS/Timo-A, Love Bug,
Timofonica
CABIR,
aka ACE-? and UNAVAILABLE are some of the virusesthat affect the mobile phones
Page 4
8/8/2019 Sushant Seminar(MAIN)
http://slidepdf.com/reader/full/sushant-seminarmain 5/47
VIRUS ATTACK ON COMPUTER & MOBILES
2. BASIC CONCEPTS
2.1. What is a virus?
A computer virus is a computer programthat can spread across computers and networks by
making copies of itself, usually without the user’s
knowledge. Viruses can have harmful side-effects. These
can range from displaying irritating messages to deleting
all the files on your computer.
2.2. Evolution of virusIn the mid-1980s Basit and Amjad Alvi of
Lahore, Pakistan discovered that people were pirating
their software. They responded by writing the first
computer virus, a program that would put a copy of
itself and a copyright message on any floppy disk copies
their customers made. From these simple beginnings, an
entire virus counter-culture has emerged. Today new
viruses sweep the planet in hours and virus scares are
major news.
2.3. The Functional Elements of a Virus
Every viable computer virus must have at least two basic
parts, or subroutines, if it is even to be called a virus.Firstly, it must contain a search routine, which locates
new files or new areas on disk which are worthwhile
targets for infection. This routine will determine how well
the virus reproduces, e.g., whether it does so quickly or
slowly, whether it can infect multiple disks or a single
disk, and whether it can infect every portion of a disk or
just certain specific areas. As with all programs, there isa size versus functionality tradeoff here. The more
Page 5
8/8/2019 Sushant Seminar(MAIN)
http://slidepdf.com/reader/full/sushant-seminarmain 6/47
VIRUS ATTACK ON COMPUTER & MOBILES
sophisticated the search routine is, the more space it will
take up .So although an efficient search routine may
help a virus to spread faster, it will make the virus
bigger, and that is not always so good.
Secondly, every computer virus must
contain a routine to copy itself into the area which the
search routine locates. The copy routine will only be
sophisticated enough to do its job without getting
caught. The smaller it is, the better. How small it can be
will depend on how complex a virus it must copy. For
example, a virus which infects only COM files can get by
with a much smaller copy routine than a virus which
infects EXE files. This is because the EXE file structure is
much more complex, so the virus simply needs to do
more to attach itself to an EXE file.
While the virus only needs to be able to
locate suitable hosts and attach itself to them, it isusually helpful to incorporate some additional features
into the virus to avoid detection, either by the computer
user, or by commercial virus detection software. Anti-
detection routines can either be a part of the search or
copy routines, or functionally separate from them. For
example, the search routine may be severely limited in
scope to avoid detection. A routine which checked everyfile on every disk drive, without limit, would take a long
time and cause enough unusual disk activity that an
alert user might become suspicious. Alternatively, an
Anti-detection routine might cause the virus to activate
under certain special conditions. For example, it might
activate only after a certain date has passed (so the
virus could lie dormant for a time).
Page 6
8/8/2019 Sushant Seminar(MAIN)
http://slidepdf.com/reader/full/sushant-seminarmain 7/47
VIRUS ATTACK ON COMPUTER & MOBILES
Figure 1. Functional diagram of a virus.
Alternatively, it might activate only if a key has not been
pressed for five minutes (suggesting that the user was
not there watching his computer). Search, copy, and
anti-detection routines are the only necessary
components of a computer virus, and they are the
components which we will concentrate on in this volume.
Of course, many computer viruses have other routines
added in on top of the basic three to stop normal
computer operation, to cause destruction, or to play
practical jokes. Such routines may give the virus
character, but they are not essential to its existence. In
fact, such routines are usually very detrimental to the
virus’ goal of survival and self-reproduction, because
Page 7
8/8/2019 Sushant Seminar(MAIN)
http://slidepdf.com/reader/full/sushant-seminarmain 8/47
VIRUS ATTACK ON COMPUTER & MOBILES
they make the fact of the virus’ existence known to
everybody. If there is just a little more disk activity than
expected, no one will probably notice, and the virus will
go on its merry way. On the other hand, if the screen toone’s favorite program comes up saying “Ha! Gotcha!”
and then the whole.
Computer locks up, with everything on it ruined, most
anyone can figure out that they’ve been the victim of a
destructive program. And if they’re smart, they’ll get
expert help to eradicate it right away. The result is that
the viruses on that particular system are killed off, either
by themselves or by the clean up crew.
2.4. Tools needed for writing Viruses
Viruses are written in assembly language. High level
languages like Basic, C, and Pascal have been designed
to generate stand-alone programs, but the assumptionsmade by these languages render them almost useless
when writing viruses. They are simply incapable of
performing the acrobatics required for a virus to jump
from one host program to another. That is not to say that
one could not design a high level language that would do
the job, but no one has done so yet. Thus, to create
viruses, we must use assembly language. It is just theonly way we can get exacting control over all the
computer system’s resources and use them the way we
want to, rather than the way somebody else thinks we
should.
How does a virus infect computers?
Page 8
8/8/2019 Sushant Seminar(MAIN)
http://slidepdf.com/reader/full/sushant-seminarmain 9/47
VIRUS ATTACK ON COMPUTER & MOBILES
A virus program has to be run before it
can infect your computer. Viruses have ways of making
sure that this happens. They can attach themselves to
other programs or hide in code that is runautomatically when you open certain types of files. You
might receive an infected file on a disk, in an email
attachment, or in a download from the internet. As soon
as you launch the file, the virus code runs. Then the virus
can copy itself to other files or disks and make changes
on your computer.
Who writes viruses?
Virus writers don’t gain in financial or
career terms; they rarely achieve real fame; and, unlike
hackers, they don’t usually target particular victims,
since viruses spread too indiscriminately. Virus writerstend to be male, under 25 and single. Viruses also give
their writers powers in cyberspace that they could never
hope to have in the real world.
2.5. Virus side effects (Payload)
Virus side-effects are often called the
payload. Viruses can disable our computer hardware,Can change the figures of accounts spreadsheets at
random, adversely affects our email contacts and
business domain, and can attack on web servers…
Messages -WM97/Jerk displays the message ‘I think(user’s name) is a big stupid jerk!’ Denying access -WM97/NightShade password-protectsthe current document on Friday 13th.
Page 9
8/8/2019 Sushant Seminar(MAIN)
http://slidepdf.com/reader/full/sushant-seminarmain 10/47
VIRUS ATTACK ON COMPUTER & MOBILES
Data theft- Troj/LoveLet-A emails information aboutthe user and machine to an address in the Philippines. Corrupting data -XM/Compatable makes changes tothe data in Excel spreadsheets. Deleting data -Michelangelo overwrites parts of thehard disk on March 6th. Disabling Hardware -CIH or Chernobyl (W95/CIH-10xx) Attempted to overwrite the BIOS on April 26th, makingthe machine unusable. Crashing servers-Melissa or Explore Zip, which spreadvia email, can generate so much mail that serverscrash.
There is a threat to confidentiality too.
Melissa can forward documents, which may contain
sensitive information, to anyone in your address book.
Viruses can seriously damage your credibility. If you
send infected documents to customers, they may refuse
to do business with you or demand compensation.
Sometimes you risk embarrassment as well as a
damaged business reputation. WM/Polypost, for
example, places copies of your documents in your name
on alt.sex Usenet newsgroups.
2.6. Where are the virus risks?
Page 10
8/8/2019 Sushant Seminar(MAIN)
http://slidepdf.com/reader/full/sushant-seminarmain 11/47
VIRUS ATTACK ON COMPUTER & MOBILES
Page 11
8/8/2019 Sushant Seminar(MAIN)
http://slidepdf.com/reader/full/sushant-seminarmain 12/47
VIRUS ATTACK ON COMPUTER & MOBILES
3. VIRUSES AND VIRUS LIKE PROGRAMMES
3.1. Trojan horses
Trojan horses are programs that do thingsthat are not described in their specifications The user
runs what they think is a legitimate program, allowing it
to carry out hidden, often harmful, functions. For
example, Troj/Zulu claims to be a program for fixing the
‘millennium bug’ but actually overwrites the hard disk.
Trojan horses are sometimes used as a means of
infecting a user with a computer virus.
3.2. Backdoor Trojans
A backdoor Trojan is a program that allows
someone to take control of another user’s PC via the
internet. Like other Trojans, a backdoor Trojan poses as
legitimate or desirable software. When it is run (usually
on a Windows 95/98 PC), it adds itself to the PC’s startup
routine. The Trojan can then monitor the PC until it
makes a connection to the internet. Once the PC is on-
line, the person who sent the Trojan can use software on
their computer to open and close programs on the
infected computer, modify files and even send items to
the printer. Subseven and Back Orifice are among the
best known backdoor Trojans.
3.3. Worms
Worms are similar to viruses but do not
need a carrier (like a macro or a boot sector).They are
subtype of viruses. Worms simply create exact copies of
them and use communications between computers tospread. Many viruses, such as Kakworm
Page 12
8/8/2019 Sushant Seminar(MAIN)
http://slidepdf.com/reader/full/sushant-seminarmain 13/47
VIRUS ATTACK ON COMPUTER & MOBILES
(VBS/Kakworm) or Love Bug (VBS/LoveLet-A), behave
like worms and use email to forward themselves to other
users.
3.4. Boot sector viruses
Boot sector viruses were the first type of
virus to appear. They spread by modifying the boot
sector, which contains the program that enables your
computer to start up. When you switch on, the hardware
looks for the boot sector program – which is usually on
the hard disk, but can be on floppy or CD – and runs it. This program then loads the rest of the operating system
into memory. A boot sector virus replaces the original
boot sector with its own, modified version (and usually
hides the original somewhere else on the hard disk).
When you next start up, the infected boot sector is used
and the virus becomes active. You can only become
infected if you boot up your computer from an infecteddisk, e.g. a floppy disk that has an infected boot sector.
Many boot sector viruses are now quite old. Those
written for DOS machines do not usually spread on
Windows 95, 98, Me, NT or 2000 computers, though
they can sometimes stop them from starting up
properly.
Boot viruses infect System Boot Sectors
(SBS) and Master Boot Sectors (MBS). The MBS is located
on all physical hard drives. It contains, among other
data, information about the partition table (information
about how a physical disk is divided into logical disks),
and a short program that can interpret the partition
information to find out where the SBS is located. TheMBS is operating system independent. The SBS contains,
Page 13
8/8/2019 Sushant Seminar(MAIN)
http://slidepdf.com/reader/full/sushant-seminarmain 14/47
VIRUS ATTACK ON COMPUTER & MOBILES
among other data, a program whose purpose is to find
and run an operating system. Because floppy diskettes
are exchanged more frequently than program files boot
viruses are able to propagate more effectively than fileviruses.
Form -A virus that is still widespread ten years after it
first appeared. The original version triggers on the 18th
of each month and produces a click when keys are
pressed on the keyboard.
Parity Boot - A virus that may randomly display themessage ‘PARITY CHECK’ and freeze the operating
system. The message resembles a genuine error
message displayed when the computer’s memory is
faulty.
3.5. Parasitic virus (File virus)
Parasitic viruses, also known as fileviruses, attach themselves to programs (or
‘executables’) and Acts as a part of the program .When
you start a program infected with a file virus, the virus is
launched first. To hide itself, the virus then runs the
original program. The operating system on your
computer sees the virus as part of the program you were
trying to run and gives it the same rights. These rightsallow the virus to copy itself, install itself in memory or
release its payload. These viruses Infects over networks.
The internet has made it easier than ever to distribute
programs, giving these viruses new opportunities to
spread.
Jerusalem- On Friday 13th deletes every program runon the computer.
Page 14
8/8/2019 Sushant Seminar(MAIN)
http://slidepdf.com/reader/full/sushant-seminarmain 15/47
VIRUS ATTACK ON COMPUTER & MOBILES
CIH (Chernobyl) - On the 26th of certain months, thisvirus will overwrite part of the BIOS chip, making thecomputer unusable. The virus also overwrites the harddisk. Remote Explorer - WNT/RemExp (Remote Explorer)infects Windows NT executables. It was the first virusthat could run as a service, i.e. run on NT systemseven when no-one is logged in.
Parasitic viruses infects executables
by companion, link, overwrite, insert, prep end, append
techniques
a) Companion virus
A companion virus does not modify its
host directly. Instead it maneuvers the operating system
to execute itself instead of the host file. Sometimes this
is done by renaming the host file into some other name,
and then grant the virus file the name of the original
program. Or the virus infects an .EXE file by creating a.COM file with the same name in the same directory.
DOS will always execute a .COM file first if only the
program name is given, so if you type “EDIT” on a DOS
prompt, and there is an EDIT.COM and EDIT.EXE in the
same directory, the EDIT.COM is executed.
b) Linking VirusA link virus makes changes in the low-
level workings of the file system, so that program names
do no longer point to the original program, but to a copy
of the virus. It makes it possible to have only one
instance of the virus, which all program names point to.
c) Overwriting viruses
Page 15
8/8/2019 Sushant Seminar(MAIN)
http://slidepdf.com/reader/full/sushant-seminarmain 16/47
VIRUS ATTACK ON COMPUTER & MOBILES
An overwriting virus places itself at thebeginning of the program, directly over the original
program code, so the program is now damaged. When
you try to run this program, nothing happens except for
the virus infecting another file. Such viruses are easily
apprehended and destroyed by users and user support
staff, so they actually spread very poorly in the wild.
You have almost no chance of ever getting anoverwriting virus in your machine.
d) Inserting viruses
An inserting virus copies itself into the
host program. Programs sometimes contain areas that
are not used, and viruses can find and insert
themselves into such areas. The virus can also be
designed to move a large chunk of the host filesomewhere else and simply occupy the vacant space.
e) Prep-ending viruses
Page 16
8/8/2019 Sushant Seminar(MAIN)
http://slidepdf.com/reader/full/sushant-seminarmain 17/47
VIRUS ATTACK ON COMPUTER & MOBILES
The pure prepending virus may simply
place all of its code at the top of your original program.
When you run a program infected by a prep ending file
virus, the virus code runs first, and then your Original
program runs.
f) Appending viruses
An appending virus places a “jump” at the
beginning of the program file, moves the original
beginning of the file to the end of the file, and places
itself between what was originally the end of the file and
what was originally at the beginning of the file. When
you try to run this program, the “jump” calls the virus,
and the virus runs. The virus then moves the original
beginning of the file back to its normal position and then
lets your program run.
3.6. Macro viruses
Macro viruses take advantage of macros,
commands that are embedded in files and run
Page 17
8/8/2019 Sushant Seminar(MAIN)
http://slidepdf.com/reader/full/sushant-seminarmain 18/47
VIRUS ATTACK ON COMPUTER & MOBILES
automatically. Many applications, such as word
processing or spreadsheet programs, use macros. A
macro virus is a macro program that can copy itself and
spread from one file to another. If an infected file isopened, i.e. a file that contains a macro virus, the virus
copies itself into the application’s startup files. The
computer is now infected. When another file is opened
using the same application, the virus infects that file. If
the computer is on a network, the infection can spread
rapidly: when an infected file is send to someone else,
they can become infected too. A malicious macro canalso make changes to your documents or settings.
Macro viruses infect files used in most offices and some
can infect several file types, such as Word or Excel files.
They can also spread to any platform on which their
‘host’ application runs. Above all, they spread easily
because documents are exchanged frequently via email
and websites.
WM/Wazzu - Infects Word documents. It movesbetween one and three words and inserts the word‘wazzu’ at random. OF97/Crown-B - Can infect Word, Excel and PowerPointfiles. When it infects a Word document, it turns off macro protection in the other Office 97 applications,
so that it can infect them.
Embedding and Linking
The open systems in many of Microsoft’s
applications utilize OLE in order to combine different
data types. You can embed an object such as a bitmap
or an executable within a Word document. Embedding
Page 18
8/8/2019 Sushant Seminar(MAIN)
http://slidepdf.com/reader/full/sushant-seminarmain 19/47
VIRUS ATTACK ON COMPUTER & MOBILES
an object means that any edits to the object will not be
reflected in any other copies of the object. You can also
link an object such as an Excel spreadsheet to a Word
document. Linking an object means that you may editthe object in either its source application or from within
the application to which it is linked, and all copies of the
object will be updated.
3.7. Virus hoaxes
Hoaxes are reports of non-existent
viruses. A hoax is a chain letter, typically sent over e-mail, which carries false warnings about viruses or
Trojans. Typically, they are emails which do some or all
of the following:
Warn you that there is an undetectable,
highly destructive new virus, Ask you to avoid reading
emails with a particular subject line, e.g. join the Crew orBudweiser Frogs, Claim that the warning was issued by a
major software company, internet provider or
government agency, e.g. IBM, Microsoft, AOL or the FCC,
Claim that a new virus can do something improbable. For
instance, A moment of silence says that ‘no program
needs to be exchanged for a new computer to be
infected’ and Urge you to forward the warning to otherusers.
It forms a chain letter via email and their
by Overloads mail servers. Antivirus software can’t
detect virus hoaxes as they are only email messages.
Why are hoaxes a problem?
Page 19
8/8/2019 Sushant Seminar(MAIN)
http://slidepdf.com/reader/full/sushant-seminarmain 20/47
VIRUS ATTACK ON COMPUTER & MOBILES
Hoaxes can be as disruptive and costly as
genuine virus. If users do forward a hoax warning to all
their friends and colleagues, there can be a deluge of
email. This can overload mail servers and make themcrash. The effect is the same as that of the real Love Bug
virus, but the hoaxer hasn’t even had to write any
computer code. This cripples communications more
effectively than many real viruses, preventing access to
email that may be really important. False warnings also
distract from efforts to deal with real virus threats.
Hoaxes can be remarkably persistent too. Since hoaxesaren’t viruses, your anti-virus software can’t detect or
disable them.
What can be done about hoaxes?
Hoaxes, like viruses or chain mail, depend
on being able to spread themselves. If you can
persuade users to break the chain, you limit the harmdone.
Have a company policy on virus warnings: Thesolution may be a company policy on virus warnings.ALL virus warnings should be sent to name of responsible person only. It is their job to notifyeverybody of virus warnings. A virus warning which
comes from any other source should be ignored. Aslong as users follow the policy, there will be no flood of emails and the company expert will decide whetherthere is any real risk. Keep informed about hoaxes: Keep informed abouthoaxes by visiting the hoaxes pages on our website:
Page 20
8/8/2019 Sushant Seminar(MAIN)
http://slidepdf.com/reader/full/sushant-seminarmain 21/47
VIRUS ATTACK ON COMPUTER & MOBILES
4. VIRUSES THAT TRAVELLED FURTHEST
Love Bug
VBS/Love Let-A Best known & pretends to be a LL First seen : May 2000 Origin : Philippines
Trigger : On initial infection Effect :E-mail with subject LL, distribute via MS-outlook, Steal user info, overwrites cert files
Kakworm
VBS/Kakworm
By viewing infected mails First seen : June 1998 Origin : written by Chen Ing Hau of Taiwan Trigger : On initial infection or 1st of any month Effect :Arrives embedded in mail, infects whenopen, affects MS-outlook i.e. virus code is automaticallyincluded with all outgoing mails, on 1st of any month –displays “Kagou-Anti_Kro$oft says not today”& shuts
down
Melissa
WM97/Melissa-Word 97 macro virus Uses psychological subtlety First seen : March 1999 Origin : A 31 yr old US programmer, David .L.Smith Trigger : On initial infection
Page 21
8/8/2019 Sushant Seminar(MAIN)
http://slidepdf.com/reader/full/sushant-seminarmain 22/47
VIRUS ATTACK ON COMPUTER & MOBILES
Effect :Sends message to first fifty in all addressbooks ,Attaches infected document
CIH (Chernobyl) W95/CIH-10xx-parasitic virus, runs on Win-95 First virus to damage hardware First seen : June 1998 Origin :Written by Chen Ing Hau of Taiwan Trigger :April-26th,June 26th or 26th of any month Effect :Overwrites HD, overwrites BIOS, needs BIOSchip replacement
Page 22
8/8/2019 Sushant Seminar(MAIN)
http://slidepdf.com/reader/full/sushant-seminarmain 23/47
VIRUS ATTACK ON COMPUTER & MOBILES
5. PREVENTING VIRUSES
The simple measures to avoid being infected or to
deal with viruses if you are infected are ……
Make users aware of the risks: Tell everyone inthe organization that they are at risk if they swapfloppy disks, download files from websites or openemail attachments.
Install anti-virus software and update it regularly:
Anti-virus programs can detect and often disinfectviruses. If the software offers on-access viruschecking, use it. On-access checking protects users bydenying access to any file that is infected
Keep backups of all your data: Make sure youhave backups of all data and software, including
operating systems. If you are affected by a virus, youcan replace your files and programs with clean copies.
Page 23
8/8/2019 Sushant Seminar(MAIN)
http://slidepdf.com/reader/full/sushant-seminarmain 24/47
VIRUS ATTACK ON COMPUTER & MOBILES
6. SOURCES OF VIRUSES
6.1. E-mail
Email is now the biggest source of viruses.As long as viruses were transferred by floppy disk, they
spread slowly. Companies could ban disks or insist on
having them virus checked. Email has changed all that.
Conventional viruses can spread faster and new kinds of
virus exploit the workings of email programs. Viruses
such as Kakworm and Bubble boy can infect users when
they read email. They look like any other message butcontain a hidden script that runs as soon as you open
the email, or even look at it in the review pane (as long
as you are using Outlook with the right version of
Internet Explorer). This script can change system
settings and send the virus to other users via email.
The greatest security risk at present isn’temail itself but email attachments. Any program,
document or spreadsheet that you receive by email
could carry a virus; launching such an attachment can
infect your computer.
Viruses that spread automatically by email
The most successful viruses today arethose that spread themselves automatically by email.
Typically, these viruses depend on the user clicking on
an attached document. This runs a script that uses the
email program to forward infected documents to other
email users. Melissa, for example, sends a message to
the first fifty addresses in all address books that
Page 24
8/8/2019 Sushant Seminar(MAIN)
http://slidepdf.com/reader/full/sushant-seminarmain 25/47
VIRUS ATTACK ON COMPUTER & MOBILES
Microsoft Outlook can access. Other viruses send
themselves to every address in the address book.
6.1.1. Email hoaxes
Email is a popular medium for hoaxes.
These are bogus virus reports that urge you to forward
the message to everyone you know. An email hoax can
spread across networks like a virus and can cause a mail
Overload. The difference is that the hoax doesn’t needvirus code; it simply depends on users’ credulity
6.1.2. What is spam?
Spam is unsolicited email, often
advertising get-rich quick schemes, home working jobs,
loans or pornographic websites. Spam often comes with
fake return information, which makes it more difficult todeal with the perpetrators. Such mail should simply be
deleted.
Email interception and forgery
Email interception involves other users
reading your email while it is in transit. You can protect
yourself with email encryption. Email forgery means
sending mail with a forged sender’s address or
tampering with contents. by using digital signatures.
6.1.3. How to stop email virus
Have a strict policy about email attachments:Changing your (and other users’) behavior is thesimplest way to combat email threats. Don’t open any
Page 25
8/8/2019 Sushant Seminar(MAIN)
http://slidepdf.com/reader/full/sushant-seminarmain 26/47
VIRUS ATTACK ON COMPUTER & MOBILES
attachments, even if they come from your best friend.If you don’t know something is virus-free, treat it as if it’s infected. You should have a company policy thatALL attachments are authorized and checked withanti-virus software before being launched. Use anti-virus software: Use on-access anti-virussoftware on the desktop and at the email gateway.Both arrangements can protect against viruses sentvia email. Block unwanted file types at the gateway: Virusesoften use file types such as VBS, SHS, EXE, SCR, CHMand BAT to spread. It is unlikely that our organizationwill ever need to receive files of these types fromoutside, so block them at the email gateway. Block files with double extensions at the gateway:Some viruses disguise the fact that they are programsby using a ‘double extension’, such as .TXT.VBS, aftertheir filename. Block such files at the email gateway.
6.2. The internet
The internet has made more information
available to more people more quickly than ever before.
The downside is that the internet has also made it easier
for harmful computer code to reach office and home
computers.
Click and infect?
The internet has increased the risk of
infection. Ten years ago, most viruses spread via floppy
disks. Spreading in this way was slow and depended on
users making a conscious effort to run new programs. If
the virus had side-effects that were too obvious, it was
Page 26
8/8/2019 Sushant Seminar(MAIN)
http://slidepdf.com/reader/full/sushant-seminarmain 27/47
VIRUS ATTACK ON COMPUTER & MOBILES
unlikely to affect many users. But internet caused the
widespread of viruses.
Can I be infected just by visiting websites?
Visiting a website is less hazardous than
opening unknown programs or documents. There are
risks, though. The threat depends on the types of code
used in the site and the security measures taken by
service providers and by the user. The main types of
codes are…..
6.2.1. Different types of codes used in the
websites
HTML
Web pages are written in HTML (Hypertext
Markup Language). This language lets web authors
format their text and create links to graphics and to
other pages. HTML code itself can’t carry a virus.
However, web pages can contain code that launches
applications or opens documents automatically. This
introduces the risk of launching an infected item.
ActiveX
ActiveX is a Microsoft technology for web
developers used only on computers running
Windows.ActiveX applets, used to create visual effects
on web pages, have full access to resources on your
computer, which makes them a potential threat.
However, digital signatures, which prove that an applet
Page 27
8/8/2019 Sushant Seminar(MAIN)
http://slidepdf.com/reader/full/sushant-seminarmain 28/47
VIRUS ATTACK ON COMPUTER & MOBILES
is authentic and hasn’t been tampered with, do provide
limited security.
Java
People sometimes worry unduly about
Java viruses on the internet. They do so because they
confuse Java applets, which are used to create effects on
web pages, with Java applications and Java scripts.
Applets are generally safe. They are run by the browser
in a secure environment known as a ‘sandbox’. Even if a
security flaw lets an applet escape, a malicious appletcannot spread easily. Applets usually flow from a server
to users’ computers, not from one user to another (you
tell your friends to visit a site, rather than sending them
a copy of an applet). In addition, applets are not saved
on the hard disk, except in the web cache. If you do
encounter a harmful applet, it is most likely to be a
Trojan, i.e. a malicious program pretending to belegitimate software. Java applications are simply
programs written in the Java language. Like any other
program, they can carry viruses. You should treat them
with the same caution as you would use with other
programs. Java script is script embedded in HTML code in
web pages. Like any other script, it can carry out
operations automatically, which carries risks. You candisable active scripts
JScript:
The Microsoft version of Java Script. It is
about as flexible and expandable (and unsafe) as Visual
Basic Script. JScript is found in *.JS files or on web pages.
VBS script
Page 28
8/8/2019 Sushant Seminar(MAIN)
http://slidepdf.com/reader/full/sushant-seminarmain 29/47
VIRUS ATTACK ON COMPUTER & MOBILES
VBS (Visual Basic Script) can run as soon
as a page is viewed, depending on the browser used.
You don’t have to do anything to launch it. This script is
used by email worms such as Kakworm and Bubbleboy,but can just as well be run from web pages.
IRC scripts
Internet Relay Chat is a chat system for
the Internet Chat systems can be scripted to perform
certain tasks automatically, like sending a greeting to
someone who just joined the chat room. However, thescripts also support sending of files, and many worms
and viruses spread over IRC. Known IRC programs that
have been exploited are the popular mIRC, pIRCH and
VIRC clients.
Are cookies a risk?
Cookies do not pose a direct threat to yourcomputer or the data on it. However, they do threaten
your confidentiality: a cookie enables a website to
remember your details and keep track of your visits to
the site. If you prefer to remain anonymous, you should
use the security settings on your browser to disable
cookies.
6.2.2. Attacks on web servers
End-users aren’t the only ones at risk on
the internet. Some hackers target the web servers which
make websites available. A common form of attack
involves sending so many requests to a web server that
it slows down or crashes. When this happens, genuine
users can no longer gain access to the websites hosted
Page 29
8/8/2019 Sushant Seminar(MAIN)
http://slidepdf.com/reader/full/sushant-seminarmain 30/47
VIRUS ATTACK ON COMPUTER & MOBILES
by the server. CGI (Common Gateway Interface) scripts
are another weak point. These scripts run on web
servers to handle search engines, accept input from
forms, and so forth. Hackers can exploit poorly-implemented CGI scripts to take control of a server
6.2.3. Safety on the net
If you want to use the internet safely, you
should do the following:
Have a separate network for internet machines:Maintain separate networks for those computers thatare connected to the internet and those that are not.Doing so reduces the risk that users will downloadinfected files and spread viruses on your mainnetwork. Use firewalls and/or routers: A firewall admits onlyauthorized traffic to your organization. A router
controls the flow of packets of information from theinternet. Configure your internet browser for security: Disable
Java or ActiveX applets, cookies, etc., or ask to bewarned that such code is running. For example, inMicrosoft Internet Explorer, select
Tools/Internet Options|Security| Custom Level and
select the security settings you want
Page 30
8/8/2019 Sushant Seminar(MAIN)
http://slidepdf.com/reader/full/sushant-seminarmain 31/47
VIRUS ATTACK ON COMPUTER & MOBILES
7. VIRUSES ON DIFFERENT OPERATING SYSTEMS
MS-DOS
Since the macro viruses that we have
seen to date infect data files generated from and read by
Windows applications, macro viruses are not a problem
on MS-DOS-only machines. Traditional file viruses and
boot viruses prosper in MS-DOS machines because MS-
DOS has no inherent security features. Viruses,
therefore, have free rein to infect memory, and program
files
EXE and COM files are directly executable by theCentral Processing Unit. To execute a COM file, DOSmust do some preparatory work before giving thatprogram control. Most importantly, DOS controls andallocates memory usage in the computer. So first itchecks to see if there is enough room in memory to
load the program. If it can, DOS then allocates thememory required for the program. DOS simply recordshow much space it is making available for such andsuch a program, so it won’t try to load another programon top of it later.
Next, DOS builds a block of memory 256 bytes longknown as the Program Segment Prefix , or PSP.
Once the PSP is built, DOS takes the COM filestored on disk and loads it into memory just above thePSP, starting at offset 100H. Once this is done, DOS isalmost ready to pass control to the program. Before itdoes, though, it must set up the registers in the CPU tocertain predetermined values. First, the segmentregisters must be set properly, or a COM programcannot run.
Page 31
8/8/2019 Sushant Seminar(MAIN)
http://slidepdf.com/reader/full/sushant-seminarmain 32/47
VIRUS ATTACK ON COMPUTER & MOBILES
COM files are designed to operate with a verysimple, but limited segment structure. Namely theyhave one segment, cs=ds=es=ss. All data is stored inthe same segment as the program code itself, and thestack shares this segment.
Figure 2. Memory map just before executing a COM file.
In order for a virus to reside in a COM file, it mustget control passed to its code at some point during theexecution of the program. The easiest point to takecontrol is right at the very beginning, when DOS jumpsto the start of the program.
At this time, the virus is completely free to use anyspace above the image of the COM file which wasloaded into memory by DOS. Since the program itself has not yet executed, it cannot have set up dataanywhere in memory, or moved the stack, so this is a
very safe time for the virus to operate. To gain controlat startup time, a virus infecting a COM file must
Page 32
8/8/2019 Sushant Seminar(MAIN)
http://slidepdf.com/reader/full/sushant-seminarmain 33/47
VIRUS ATTACK ON COMPUTER & MOBILES
replace the first few bytes in the COM file with a jumpto the virus code, which can be appended at the end of the COM file.
Then, when the COM file is executed, it jumps tothe virus, which goes about looking for more files toinfect, and infecting them. When the virus is ready, itcan return control to the host program. The problem indoing this is that the virus already replaced the first fewbytes of the host program with its own code. Thus it
must restore those bytes, and then jump back to offset100 Hex, where the original program begins.
Step by Step it might Work like This
1.An infected COM file is loaded into memory andexecuted. The viral code gets control first.2.The virus in memory searches the disk to find asuitable COM file to infect.3. If a suitable file is found, the virus appends its owncode to the end of the file.4.Next, it reads the first few bytes of the file intomemory, and writes them back out to the file in aspecial data area within the virus’ code. The newvirus will need these bytes when it executes.5.Next the virus in memory writes a jump instructionto the beginning of the file it is infecting, which willpass control to the new virus when its host programis executed.6.Then the virus in memory takes the bytes whichwere originally the first bytes in its host, and putsthem back (at offset 100H).7. Finally, the viral code jumps to offset 100 Hex andallows its host program to execute. Ok. So let’sdevelop a real virus with these specifications. We will
Page 33
8/8/2019 Sushant Seminar(MAIN)
http://slidepdf.com/reader/full/sushant-seminarmain 34/47
VIRUS ATTACK ON COMPUTER & MOBILES
need both a search mechanism and a copymechanism.
Figure 3. Replacing the first bytes in a
COM file.Windows
Macro viruses have been written to target
Windows applications, and therefore the presence of
Windows is required. Combining the wide acceptance of
Windows with the fact that macro viruses infect data
files rather than program files (see “Macro virus” onpage 19) has led to six macro viruses being amongst the
ten most common viruses overall. The actual booting
process on a Windows machine is no different than on a
DOS-only machine. Therefore, boot viruses have not
been hindered by Windows, and they continue to
propagate by infecting hard drives, going memory
resident, and then infecting floppy
Windows 95/98/ME
Windows and DOS, Windows 95/98 is
marketed as having built-in security features.
Unfortunately, such features are not robust enough to
safeguard Windows 95/98 against viruses. In fact, thefirst virus written especially to target Windows 95 (the
Page 34
8/8/2019 Sushant Seminar(MAIN)
http://slidepdf.com/reader/full/sushant-seminarmain 35/47
VIRUS ATTACK ON COMPUTER & MOBILES
Boza virus) emerged late in 1995. Furthermore, Windows
95’s workgroup networking environment has no file-level
protection and therefore can potentially lead to
increases in virus spreading. After the rather primitiveBoza virus, the Windows 95/98 and Windows NT/2000
viruses have increased in numbers and complexity. Like
in the DOS environment, the first viruses were
amateurish. Some of the viruses under Windows 95/98
and Windows NT/2000 spread by active use of the
network protocol. DOS file viruses can easily spread on a
Windows 95/98 machine because DOS program files’only limitation under Windows 95/98 is that they cannot
write directly to the hard drive. Since the Windows 95/98
boot process is the same as a DOS only or Windows
machine (up to a certain point), boot viruses are able to
infect hard drives of Windows 95/98 machines. When
Windows 95/98 loads, however, boot viruses are often
disabled and not allowed to propagate.
40Windows NT/2000/XP
Windows NT supports DOS applications,
Windows applications, and native Windows NT
applications. Like Windows 95/98, Windows NT is
backwards compatible, and to some extent with DOS
and Windows. Despite the fact that NT’s security
features are more robust than Windows 95/98’s, file
viruses can still infect and propagate within Windows NT.
As with Windows 95/98, Windows NT supports
applications that contain macro programming
languages, making NT as vulnerable to macro viruses as
old Windows machines. Because Windows NT machines
boot the same way that DOS machines do (up to the
Page 35
8/8/2019 Sushant Seminar(MAIN)
http://slidepdf.com/reader/full/sushant-seminarmain 36/47
VIRUS ATTACK ON COMPUTER & MOBILES
point at which NT takes over), boot viruses are able to
infect NT hard drives. However, when these boot viruses
attempt to go memory resident, they will be stopped by
NT and therefore be unable to infect floppies.
Page 36
8/8/2019 Sushant Seminar(MAIN)
http://slidepdf.com/reader/full/sushant-seminarmain 37/47
VIRUS ATTACK ON COMPUTER & MOBILES
8. ANTIVIRUS SOFTWARE
Anti-virus software can detect viruses, preventaccess to infected files and often eliminate the
infection. The ideal solution to the threat of viruses isprevention. Do not allow a virus is get into the systemin first place. This goal is in general difficult to achieve,although prevention can reduce the no: of successfulviral attacks. The next best approach is to be able to dothe following.
• Detection: Once the infection has occurred,determine that it has occurred and locate the virus.
• Identification: Once detection has beenachieved, identify the specific virus has infected aprogram.
• Removal: Once the specific virus has beenidentified, remove all traces of the virus from theinfected program and restore it to its original state.
Advances in viruses and antivirus technologygo hand in hand. As the virus arms race hasevolved, both viruses and antivirus software havegrown more complex and sophisticated. There arethree main kinds of anti-virus programs [McAfee].Essentially these are scanners, monitors andintegrity checkers.
a. ScannersVirus scanners can detect, and often
disinfect, the viruses known at the time the scanner is
released. Scanners are easily the most popular form of
anti-virus software but they have to be updated
regularly to recognize new viruses. There are on-
Page 37
8/8/2019 Sushant Seminar(MAIN)
http://slidepdf.com/reader/full/sushant-seminarmain 38/47
VIRUS ATTACK ON COMPUTER & MOBILES
demand and on-access scanners. Many anti-virus
packages offer both. On-demand scanners let you start
or schedule a scan of specific files or drives. On-access
scanners stay active on your machine whenever you areusing it. They check files as you try to open or run
them.
b. Check summers
Checksummers are programs that can tell
when files have been changed. If a virus infects a
program or document, changing it in the process, thechecksummer should report the change. The good thing
about checksummers is that they do not need to know
anything about a virus in order to detect its presence.
For that reason, checksummers do not need regular
updating. The bad thing about checksummers is that
they cannot tell the difference between a virus and a
legitimate change, so false alarms are likely.Checksummers have particular problems with
documents, which can change frequently. In addition,
checksummers can only alert you after infection has
taken place, they cannot identify the virus, and they
cannot provide disinfection.
c. HeuristicsHeuristic software tries to detect viruses –
both known and unknown – by using general rules about
what viruses look like. Unlike conventional scanners, this
software doesn’t rely on frequent updates about all
known viruses. However, if a new kind of virus emerges,
the software will not recognize it and will need to be
Page 38
8/8/2019 Sushant Seminar(MAIN)
http://slidepdf.com/reader/full/sushant-seminarmain 39/47
VIRUS ATTACK ON COMPUTER & MOBILES
updated or replaced. Heuristics can be prone to false
alarms.
Page 39
8/8/2019 Sushant Seminar(MAIN)
http://slidepdf.com/reader/full/sushant-seminarmain 40/47
VIRUS ATTACK ON COMPUTER & MOBILES
9. MOBILE PHONES AND PALMTOPS
At the time of writing, there is no virus
that infects mobile phones, despite media stories and
hoaxes. There have been viruses that send messages to
phones. For example, VBS/Timo-A, a worm that spreads
itself by email, also uses the modem to send text (SMS)
messages to selected mobile numbers. The notorious
Love Bug virus is also capable of forwarding text to fax
machines and mobiles. However, these viruses can’t
infect or harm the mobile phone. You can already access
internet-like sites and services on the new generation
mobiles and the technology is developing fast. But as it
becomes easier to transfer data – even on the move –
the risk is that new security threats will emerge too.
9.1. WAP phones and viruses
WAP provides internet-type informationand services for mobile phones and organizers. It is
based on the same model as web communications, i.e. a
central server delivers code that is run by a browser on
your phone. So, at the moment, the possibilities for
viruses are very limited. A virus could infect the server
itself, but the chances for it to spread or to have an
effect on users would be minimal. First, there isnowhere on a WAP system that a virus can copy itself or
survive. Unlike a PC, a WAP phone does not store
applications. The phone downloads the code it needs
and keeps no copy, except temporarily in the browser
cache. Second, a virus cannot yet spread from one user
to another because there is no communication between
client phones.
Page 40
8/8/2019 Sushant Seminar(MAIN)
http://slidepdf.com/reader/full/sushant-seminarmain 41/47
VIRUS ATTACK ON COMPUTER & MOBILES
9.2. Bluetooth-Bugs
Bluetooth is a standard for low-power
radio data communication over very short distances.Computers, mobiles, fax machines and even domestic
appliances, like video recorders, can use Bluetooth to
discover what services are provided by other nearby
mobile devices and establish transparent links with
them. Software that utilizes Bluetooth is currently
emerging The worry is that an unauthorized user, or
malicious code, could exploit Bluetooth to interfere withthese services
.
9.3. Palmtop computers, PDAs-can they be
infected by computer viruses?
Palmtop computers or personal digital
assistants (PDAs) are likely to provide new opportunitiesor viruses in the very near future. Palmtops or PDAs run
specially written or scaled-down operating systems –
such as EPOC, PalmOS and PocketPC (formerly Windows
CE). Such systems will eventually be able to use versions
of popular desktop applications, making them vulnerable
to malicious code in the same way as desktop machines.
In early 2001, there were already viruses that affect thePalm system. Palmtops are also regularly connected to
home or office PCs to synchronise the data on the two
machines (e.g. address book information or calendars).
Such data synchronisation could allow viruses to spread
easily. No-one yet knows which will be more successful
in the future: mobile computers or smart mobile phones.
Page 41
8/8/2019 Sushant Seminar(MAIN)
http://slidepdf.com/reader/full/sushant-seminarmain 42/47
VIRUS ATTACK ON COMPUTER & MOBILES
Whichever it is, the security risks will increase as mobile
computers become better at communicating.
There is a virus called Palm/Phage, which
is able to infect Palm OS, but it is not in the wild and
poses little threat. Palm/Liberty-A-Trojan, which infects
Palm OS. It deletes Palm OS applications, but possesses
only less risk
9.4. Some mobile phone viruses… VBS/Timo-A, Love Bug-Uses modem to send SMS tomobile phones CABIR-Install file with .SIS extension, affectssymbion OS, corrupts s/m files Aka ACE-? and UNAVAILABLE- This virus will erase allIMEI and IMSI information from both the phone and
the SIM card, which will make the phone unable toconnect with the telephone network. The user willhave to buy a new phone. This information has beenconfirmed by both Motorola and Nokia. There are over3 million mobile phones being infected by this virus inUSA now.
Timfonica- The"Timofonica" virus was designed tosend prank messages to cell phones on the Telefonica
cellular network, which operates in Spain. The virusworked like this: victims would receive it as an e-mailattachment on their home or work computers. Whenusers opened the infected attachments, the virus, plusa message critical of Telefonica, would be sent toevery e-mail address in their address books. The viruswould also trigger the each victim's computer to senda text message to a randomly-selected cell phone on
Telefonica's network. Timofonica did not harm cell
Page 42
8/8/2019 Sushant Seminar(MAIN)
http://slidepdf.com/reader/full/sushant-seminarmain 43/47
VIRUS ATTACK ON COMPUTER & MOBILES
phones any more than a wrong number call damagesany phone.
9.5. Mobile phone virus-precautions Scanning at a gateway or during data transfer: In thenear future, the best way to protect mobile devicesmay be to check data when you transfer it to or fromthem.For mobile phones, for example, the WAPgateway might bea good place to install virus protection. All
communications pass through this gateway inunencrypted form, so there would be an ideal
opportunity for virus scanning. For palmtop
computers, you could use virus protection when the
palmtop is synchronizing data with a conventional PC.
Virus scanning on the mobile device: As mobiledevices become more interconnected, it will become
difficult to police data transfer at a central point. Thesolution will be to put anti-virus software on eachdevice – once they have sufficient processing powerand memory.
Enable Bluetooth only when it is needed: DisableBluetooth, if it is not in use. This will prevent themobile being affected by virus and will also make thebattery last longer as Bluetooth consumes lot of
power. But if you have to keep it ON, then at leastkeep it in invisible mode
Don’t install unexpected applications: If yourBluetooth is ON and you are receiving a file, be Alert.Accept only what you expect. Accept only the files youare expecting.
Never download cell phone applications from filesharing networks: It is strongly recommended to scan
all the cell applications-even the one downloaded from
Page 43
8/8/2019 Sushant Seminar(MAIN)
http://slidepdf.com/reader/full/sushant-seminarmain 44/47
VIRUS ATTACK ON COMPUTER & MOBILES
official web site- with antivirus software on yourcomputer. Some of them do detect cell phone viruses.
Page 44
8/8/2019 Sushant Seminar(MAIN)
http://slidepdf.com/reader/full/sushant-seminarmain 45/47
VIRUS ATTACK ON COMPUTER & MOBILES
10. STEPS TO SAFER COMPUTING
a. Don’t use documents in .doc and .xls format: Saveyour Word documents in RTF (Rich Text Format) and
your Excel spreadsheets as CSV (Comma SeparatedValues) files. These formats don’t support macros, sothey cannot spread macro viruses, which are by farthe commonest virus threat. Tell other people tosupply you with RTF and CSV files. Some macroviruses intercept File/SaveAs RTF and save the filewith an RTF extension but DOC format. To beabsolutely safe, use text-only files. Don’t launch
unsolicited programs or documents If you don’t knowthat something is virus-free, assume it isn’t
b. Forward warnings to one authorized person: onlyHoaxes are as big a problem as viruses themselves.
Tell users not to forward virus warnings to theirfriends, colleagues or everyone in their address book.Have a company policy that all warnings go to onenamed person or department only.
c. Block files with double extensions at the gateway:Some viruses disguise the fact that they are programsby using a ‘double extension’, such as .TXT.VBS, aftertheir filename. At first glance a file like LOVE-LETTER-FORYOU. TXT.VBS or ANNAKOURNIKOVA.JPG.VBS mayseem tobe a harmless text file or a graphic. Any filewith double extensions should be blocked at the emailgateway.
d. Block unwanted file types at the email gateway:Many viruses now use VBS (Visual Basic Script) andWindows scrap object (SHS) file types to spread. It isunlikely that your organization needs to receive thesefile types from outside, so block them at the emailgateway.
Page 45
8/8/2019 Sushant Seminar(MAIN)
http://slidepdf.com/reader/full/sushant-seminarmain 46/47
VIRUS ATTACK ON COMPUTER & MOBILES
e. Change your computer’s boot up sequence: Mostcomputers try to boot from floppy disk (the A: drive)first. Your IT staff should change the CMOS settings sothat the computer boots from the hard disk by default.
Then, even if an infected floppy is left in the computer,it cannot be infected by a boot sector virus. If youneed to boot from floppy at any time, you can havethe settings changed back.
f.Write-protect floppies before giving to other users :Awrite-protected floppy cannot be infected.
g. Subscribe to an email alert service: An alert servicecan warn you about new viruses and offer virusidentities that will enable your anti-virus software todetect them. Sophos has a free alert service.
h. Make regular backups of all programs and data: If you are infected with a virus, you will be able torestore any lost programs and data.
Page 46
8/8/2019 Sushant Seminar(MAIN)
http://slidepdf.com/reader/full/sushant-seminarmain 47/47
VIRUS ATTACK ON COMPUTER & MOBILES
11. REFERENCES
1. The Little Black
book of Computer Viruses (electronic edition) ByMark A. Ludwig
2. An UndetectableComputer Virus by David Chess and Steve White,presented at the Virus Bulletin Conference,September 2000 [PDF version]
3. Fred Cohen,Computer Viruses - Theory and Experiments,Computer Security: A Global Challenge, ElsevierScience Publishers B. V. (North-Holland), 1984,pp. 143-158.
4. Fred Cohen,Models of Practical Defenses against Computer
Viruses, Computers Security , 8 (1989), 2, pp.149-160.
5. Nachenberg, C.“Computer Virus-Antivirus Coevolution.” Communications of the ACM