Network Defense and

Countermeasures
Sir. Ahmad Kamalrulzaman Othman
FSKM, UiTM Johor

Chapter 9: Defending Against Virus Attacks

Objectives

Explain how virus attacks work

Explain how viruses spread
Distinguish between different types of virus
attacks
Employ virus scanners to detect viruses
Formulate an appropriate strategy to defend
against virus attacks

2006 by Pearson Education, Inc.

Chapter 9 Defending Against Virus Attacks

Introduction
Defending against virus attacks is more than
having anti-virus software in place.
Organizations need to understand the nature of
viruses in relation to other types of attacks so
that they can reduce the overall effects and
impact that viruses will have on their
organization.

2006 by Pearson Education, Inc.

Chapter 9 Defending Against Virus Attacks

Understanding Virus Attacks

Some questions that should be answered to

help understand Virus attacks:

What is a Virus?
What is a Worm?
How does a Virus or worm spread?

2006 by Pearson Education, Inc.

Chapter 9 Defending Against Virus Attacks

How does a Virus Spread?

Common ways Viruses and Worms spread:

1.
2.
3.

4.

Attaching itself to an external e-mail system

Finding connected computers and copying itself
More recently, using its own e-mail engine
Instant messaging (newest form)

2006 by Pearson Education, Inc.

Chapter 9 Defending Against Virus Attacks

How does a Virus Spread? cont.

Recent examples of worm attacks:

Zafi
Mabutu
Bropia
Santy

2006 by Pearson Education, Inc.

Chapter 9 Defending Against Virus Attacks

The Virus Hoax

Jdbgmgr hoax
Tax return hoax
W32.Torch hoax

2006 by Pearson Education, Inc.

Chapter 9 Defending Against Virus Attacks

Virus Scanners

Software that tries to prevent viruses from

infecting machines.
Work in two ways, generally:

Contains a list of known virus files in a .dat file

and compares files on your computer to that file
Monitor the computer for certain types of virus
behavior

Can be on-demand or ongoing scanning

2006 by Pearson Education, Inc.

Chapter 9 Defending Against Virus Attacks

Virus Scanning Techniques

E-mail and attachment scanning

Download scanning
File scanning
Heuristic scanning
Active code scanning
Instant messaging scanning

2006 by Pearson Education, Inc.

Chapter 9 Defending Against Virus Attacks

Commercial Antivirus Software

Factors to consider when choosing antivirus

software:

Budget (Price)
Vulnerability (how often is e-mail used or files
downloaded?)
Skill (users need to understand how to use it)
Technical (specifications of the software and how
it functions)

2006 by Pearson Education, Inc.

Chapter 9 Defending Against Virus Attacks

10

Commercial Antivirus Software cont.

McAfee VirusScan

Very affordable
Different versions for different levels of
vulnerability
Easy to use
Technically sound virus scanner

2006 by Pearson Education, Inc.

Chapter 9 Defending Against Virus Attacks

11

McAfee Virus Map

2006 by Pearson Education, Inc.

Chapter 9 Defending Against Virus Attacks

12

Commercial Antivirus Software cont.

Norton AntiVirus

Very affordable
Different versions for different levels of
vulnerability
As easy to use as McAfee
Technically sound virus scanner

2006 by Pearson Education, Inc.

Chapter 9 Defending Against Virus Attacks

13

Commercial Antivirus Software cont.

Avast!

Antivirus

Free
Commercial version for enterprise settings
GUI interface for ease of use
Does not have a virus map (Like McAfee)
Does not pick up hacking tools (Like Norton)
www.avast.com

2006 by Pearson Education, Inc.

Chapter 9 Defending Against Virus Attacks

14

Commercial Antivirus Software cont.

PC-cillin
(www.trendmicro.com)

GUI interface
Includes wireless
scanning

2006 by Pearson Education, Inc.

Chapter 9 Defending Against Virus Attacks

15

Commercial Antivirus Software cont.

Panda (www.pandasoftware.com)

Available in both commercial and free versions

Personal firewall can be bundled with it
Offered in multiple languages

Other Virus Scanners

2006 by Pearson Education, Inc.

Chapter 9 Defending Against Virus Attacks

16

Antivirus Policies and Procedures

Brief summary of possible policies:

Always use a virus scanner

If you are not sure about an attachment, do not
open it
Consider exchanging a code word with friends
Do not believe security alerts you are sent
Be skeptical of any e-mail you are sent
Do not download files from the Internet

2006 by Pearson Education, Inc.

Chapter 9 Defending Against Virus Attacks

17

Additional Methods for Defending

Your System

Set all browsers to block active code

Set all user accounts so that they cannot
install software or change browser security
Segregate subnetworks

2006 by Pearson Education, Inc.

Chapter 9 Defending Against Virus Attacks

18

What to Do If Your System Is

Infected by a Virus

Need to focus on 3 things:

Stopping the spread of the virus

Removing the virus
Finding out how the infection started

2006 by Pearson Education, Inc.

Chapter 9 Defending Against Virus Attacks

19

Stopping the Spread of the Virus

Priority number one
Follow the steps below:

1.
2.

3.

4.

If infection is on a WAN, disconnect the WAN

If on a subnet, disconnect that subnet
Disconnect vital servers that might be connected
to an infected machine
Disconnect any backup devices that might be
connected to an infected machine

2006 by Pearson Education, Inc.

Chapter 9 Defending Against Virus Attacks

20

Removing the Virus

Virus propagation must be stopped first

Run antivirus software
Find removal instructions on the Internet
Some viruses cannot be removed

2006 by Pearson Education, Inc.

Chapter 9 Defending Against Virus Attacks

21

Finding Out How the Infection Started

Talk to users of infected machines

Read any online documentation on that virus
Check activity logs from the machine

2006 by Pearson Education, Inc.

Chapter 9 Defending Against Virus Attacks

22

Summary

Virus attacks and hoaxes are arguably the

greatest threat to computer networks
Sophistication of viruses and worms is
increasing
It is necessary to understand how viruses
work in order to prevent infection
One also needs to know how viruses spread

2006 by Pearson Education, Inc.

Chapter 9 Defending Against Virus Attacks

23

Summary cont.

There are a number of ways to reduce

exposure to viruses

Virus scanners

Understand how they work

Be familiar enough to choose the right one for your
organization
Come in both commercial and free versions

Establish written policies and procedures

2006 by Pearson Education, Inc.

Chapter 9 Defending Against Virus Attacks

24

Summary cont.

There are a number of ways to reduce

exposure to viruses (continued)

Block installation of software by users

Secure the browser
Separate subnetworks

Security should have a multi-layer approach

2006 by Pearson Education, Inc.

Chapter 9 Defending Against Virus Attacks

25