MALWAR

TROJAN
VIRUS WORMS
HORSE
 Computer programs which invade a computer and try to
take over its functions, rather like biological viruses do
with human cells.
 Most of us with computer experience have had to deal
with such viruses from time to time.
 A virus should never be assumed harmless and left on a
system.
 It all started in 1999 when Melissa virus infected over
100,000 computers.
 The Love Letter virus caused damages of more than
$8 billion in 2000.
 The history of computer viruses dates back to 1986.
Computer viruses used to spread by disk. But as the
Internet became popular, viruses started spreading
 There are estimated 30,000 computer viruses in existence.
 Over 300 new ones are created each month.
 First virus was created to show loopholes in software.
 Computer runs slower then usual
 Computer no longer boots up
 Screen sometimes flicker
 PC speaker beeps periodically
 System crashes for no reason
 Files/directories sometimes disappear
 Denial of Service (DoS)
 Today almost 87% of all viruses are spread through the
internet (source: ZDNet)
 Transmission time to a new host is relatively low, on the
order of hours to days.
 Uninfected disk
0 1 2 . . . (sector No)
+-----+-----+-----+--- --+-----+-----+-----+-----+-----+---
|.....| | | | | | | | |
+-----+-----+-----+--- --+-----+-----+-----+-----+-----+---
|
+-- Boot sector or Master Boot Record
Infected disk (replaced boot/MBR)
0 1 2 ...
+-----+-----+-----+--- --+-----+-----+-----+-----+-----+---
|XXXXX| | | | |.....|XXXXX|XXXXX|XXXXX|
+-----+-----+-----+--- --+-----+-----+-----+-----+-----+---
| | | | ... |
+-- Virus top | +---+-----+-----+
| +-- The rest of virus
|
+-- Original Boot or Master Boot Record
Infected disk (modified address of active boot sector)
0 1 2 ...
+-----+-----+-----+--- --+-----+-----+-----+-----+---
|....X| | | | |XXXXX|XXXXX|XXXXX|
+-----+-----+-----+--- --+-----+-----+-----+-----+---
| ^ | | ... |
 This virus infect files containing application
program

 When a user runs an infected application like

game the virus code executes first and attaches
itself in the computer’s memory and then copies
itself within the file.

 “Fast infector” and “Slow infector”

 This viruses infect the files regarded as data.
 The virus code can be attached to data base of word
processing program.
 When user accesses document containing a viral
macro then this virus can then copy itself into that
application startup file.
 Any document that uses the same application can
then become infected.
 When this virus infect the program, it scrambles its
virus code in the program body. this makes the
detection more difficult.

 The first polymorphic virus was “chameleon”

 Then bootache,civilwar,crusher,fly,freddy, ginger

etc.. have come.
 This virus creates a new file and relies on a behavior
of DOS to execute it instead of program file.

 It creates .COM file with a name identical to

existing .EXE file.
 Multipartite viruses are both program and boot virus.
 Tunneling viruses finds the interrupt handlers in dos and
bios and call them directly.
 Retro virus is any virus that attacks antivirus programs.
 Cluster viruses change the directory so that when you try
to run a program you first run it.
 Network viruses make a use of net. Protocols and
capabilities of local and global access net.

 This virus is capable to transfer the code to a remote

server or workstation on its own through network.
 Sudden change in size of programs
 Change of data in program or file i.e. your file get
corrupted.
 Program take longer time to load.
 modification of boot sector which paralyze operation
of a computer system modification of FAT.
 Physical damage of the hard drive or other h/w.
 Bad sector begin to appear.
 A TROJAN HORSE is a computer program, a program
that claims to do one thing (it may claim to be a game)
 But instead does damage when you run it (it may erase
your hard disk)
 They require interaction with a hacker to fulfill their
purpose.
 The hacker need not be the individual responsible for
distributing the Trojan horse.
 It is possible for hackers to scan computers on a network
using a port scanner in the hope of finding one with a
Trojan horse installed. .
 A WORM is a small piece of software that uses computer
networks and security holes to replicate itself.
 A copy of the worm scans the network for
another machine that has a specific security
hole.
 It copies itself to the new machine and starts
replicating from there.
 End users may be tricked into running the worm
program when they receive it via a network example
by double clicking on an executable file attached to
email.
 In 2003 the Slammer Worm almost brought the
entire Internet down
Though there is nothing to tense if your system have
viruses. But ,you shouldn’t neglect the virus threat.
There are quite a few dangerous viruses roaming the
Internet. So keep your hard drive happy and don't let the
viruses ruin your day.
Here is what you can do:
1)Make sure your computer runs anti-virus
software. If not, buy and install it immediately
 Even if you have this software, it must be updated regularly, as
new viruses appear daily. Configure the programs to
automatically download updates, making it easy to stay
protected. Otherwise, periodically download the updates
manually.
 DO NOT OPEN an e-mail attachment unless you know who
sent it. Even then, it's not totally safe, as a sneaky virus that has
infected a friend's computer can access the e-mail address
book, send a message to everyone, and attach itself. To be
completely safe, scan the attachment with your anti-virus
software BEFORE you open it.
 If you receive a suspicious message, delete it immediately
from your Inbox. When you delete a message, however,
it's still on your system. Go into the Deleted Mail folder
and delete the message again to permanently remove it
from your computer.
 Regularly back up your files. Even though your system
gets infected, you won't lose valuable data.
GHOUSE BAIG 08D0237
KULDEEP JAIN 08D0241
NIDHIN JOSE 08D0246
SARITA 08D02
KAVYA.R 08D02
SANGEETA 08D02