Professional Documents
Culture Documents
Computer Virus and Antivirus
Computer Virus and Antivirus
Agenda
Computer Virus Concept
Analyze three common computer viruses
Antivirus Technologies
Conclusion
Capable of self-replicate
1988 Jerusalem was detected. Activated every Friday the 13th, the
virus affects both .EXE and .COM files and deletes any programs run on
that day.
2000 - The Love Bug, also known as the ILOVEYOU virus, sent itself
out via Outlook, much like Melissa.
Boot sector viruses infect the boot sectors on floppy disks and hard disks, and can
also infect the master boot record on a user's hard drive.
Multi-partite Virus
Multi-partite viruses have characteristics of both boot sector viruses and file infector
viruses.
They infect macro utilities that accompany such applications as Microsoft Word, Excel
and outlook.
Non-Resident:
Does not stay in memory after the host program is closed, thus can only infect
while the program is open. Not as common.
Stealth:
The ability to hide from detection and repair in two ways.
- Virus redirects disk reads to avoid detection.
- Disk directory data is altered to hide the additional bytes of the virus .
Encrypting:
Technique of hiding by transformation. Virus code converts itself into cryptic
symbols. However, in order to launch (execute) and spread the virus
must decrypt and can then be detected.
Polymorphic:
Ability to change code segments to look different from one infection to
another. This type of virus is a challenge for ant-virus detection methods.
The Basic Rule: A virus is inactive until the infected program is run or
boot record is read. As the virus is activated, it loads into the computers
memory where it can spread itself.
Boot Infectors: If the boot code on the drive is infected, the virus will
be loaded into memory on every startup. From memory, the boot virus
can travel to every disk that is read and the infection spreads.
10
Origin: Taiwan
History: The CIH virus was first located in Taiwan in early June
1998. After that, it has been confirmed to be in the wild
worldwide. It has been among the ten most common viruses for
several months.
11
Once a macro virus gets onto your machine, it can embed itself in all
future documents you create with the application.
The first macro virus was discovered in the summer of 1995. Since
that time, other macro viruses have appeared.
12
When you share the file with another user, the attached macro or
script goes with the file. Most macro viruses are designed to run, or
attack, when you first open the file. If the file is opened into its related
application, the macro virus is executed and infect other documents.
13
14
Antivirus Technologies
Best Practices
15
Antivirus technology
How to detect virus?
Some Symptoms
Program takes longer to load.
The program size keeps changing.
The drive light keeps flashing when you are not doing
anything.
User created files have strange names.
The computer doesn't remember CMOS settings.
16
Antivirus technology
How to detect virus?
17
Antivirus Technology
How to clean virus?
In case you do not have the latest backup of your files, you
may try to remove the virus using anti-virus software.
18
Antivirus Technology
How to clean virus?
The steps to reinstall the whole system
1.
2.
3.
4.
5.
19
Antivirus Technology
Best Practices
Regular Backup
Backup your programs and data regularly. Recover from backup is the most
secure way to restore the files after a virus attack.
Install Anti-virus Software
Install an anti-virus software to protect your machine and make sure that an
up-to-date virus definition file has been applied.
Schedule a daily scan to check for viruses. The schedule scan could be done
in non-peak hours, such as during the lunch-break or after office hour.
Check Downloaded Files And Email Attachments
Do not execute any downloads and attachment unless you are sure what it
will do
20
Conclusion
Be careful when use new software and files
Be alert for virus activities
Be calm when virus attacks
21
Thank You
22