Академический Документы
Профессиональный Документы
Культура Документы
ERICA SANTIAGO
ASHLEY GUY
DAVID HOLLAND
ASHLEY WHITE
JESSICA PUETTNER
Viruses
By: Erica Santiago
What is a Virus?
• the boot virus which infects the boot sector of disk storage
• the program virus which infects the executable programs
• the multipartite virus which is a combination of the boot and
program virus
• the stealth virus which is able avoid detection by a variety of
means such as removing itself from the system registry, or
masquerading as a system file
• the parasitic virus which embeds itself into another file or
program such that the original file is still viable
• the polymorphic virus which changes its code structure to avoid
detection and removal
• the macro virus which exploits the macro language of a program
like Microsoft Word or Excel.
Protect Yourselves
• run a more secure operating
system like UNIX, another
computer operating system in
which you never hear about
viruses on these operating
systems because the of the
security features
• if you are using an unsecured
operating system, you can buy
virus protection software like
McAfee or Norton AntiVirus
• to help avoid viruses, it’s very
important that your computer is
current with the latest update
and antivirus tools, try to stay
informed with recent threats
about viruses and that you be
careful when surfing the Internet,
downloading files and opening
attachments
Worms
By: Ashley Guy
Worms 101
• worms have been around since 1988.
• a computer worm is very similar to that of a normal
computer virus.
• unlike a virus though, the worm is a program that can
copy itself across a network and it can run on itself.
• a worm also has a unique feature in the sense it
doesn’t have to have a host program in order to run.
• a worm works by copying itself into nodes or network
terminals which does not require any intervention
from the user itself
• worms began to take off in the late ‘90s and early
2000’s.
• these modern worms ran themselves through the
internet and many file sharing programs such as
KaZaa, a music file-sharing program.
Types of Worms
• the “email worm”
• the email worm spreads itself through email
• the worm can hide itself in messages as a link or an
attachment that will redirect the user to an infected website.
• many users become victims to this particular worm due to
their vulnerability and willingness to read and open
messages that they think could be interesting.
• the Instant Messaging worm
• this worm masks itself in the form of an “IM” with the
contents of a link that will redirect the user to an infected
website and then try to gain full access of the machine.
Protect Yourselves
• even though it seems impossible to not catch a
worm, it’s not.
• one of the best things a computer owner can do is
install and run anti-virus software, especially the kind
that updates automatically.
• anti-virus software will notify the user when a virus or worm
is found and prevent it from running and/or copying itself.
• other precautions:
• choosing secure passwords and changing them regularly
• not opening unfamiliar emails or attachments and most
importantly not running or copying software from an
unsecured website.
Viruses vs. Worms
• spreads from program • uses computer hosts to
to program, or from disk reproduce themselves
to disk • travel independently
• uses each infected over computer networks
program or disk to make • software sabotage
copies of itself • resides in memory
• computer sabotage rather on disk
• destroys data or erases • puts computers at a
disks standstill
• operating system
specific
AntiVirus Software
By: David Holland
What is AntiVirus Software?
• heuristic analysis
• another form of generic scanning
• the sandbox method
Another Approach…
• heuristic analysis
• in the heuristic method the software, for example, “could try to
emulate the beginning of the code of each new executable that
the system invokes before transferring control to that executable.”
if the program attempts to use “self-modifying code” or appears to
be a virus, it’s assumed that the virus has infected the
executable.
• in this method there are a lot of false positives.
• sandbox method
• when an antivirus program will take suspicious code and run it in
a “virtual machine” to see the purpose of the code and exactly
how the code works. after the program has terminated, the
software analyzes the sandbox for any changes, which could
indicate a virus.
Heuristic Analysis
• software tries to emulate the beginning of the
code of each new executable that the system
invokes before transferring control to that
executable.
• if the program attempts to use self-modifying
code or appears to be a virus, it’s assumed
the virus has infected the executable.
• there are many false positives in this
approach.
Sandboxing
• in this approach an antivirus program
will take suspicious code and run it in a
“virtual machine” to see the purpose of
the code and exactly how the code
works.
• after the program is terminated the
software analyzes the sandbox for any
changes, which might indicate a virus.
Specific worms & virus attacks