DOCSLIB.ORG

Computer Virus

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Computer Virus COMPUTER Class 7 kindly read the notes of the chapter given below and do the exercises in your computer copy. COMPUTER VIRUS What is a computer virus? A computer virus is a program or a piece of code that is specifically designed to spread from computer systems to another computer and to interfere with computer operation without the knowledge of the victim. Means of the Traversal of Virus • Viruses travel through flash drives, CD drives, pen drives, World first virus was Elk Cloner and Internet, etc. written by 15 year old Rich Skrenta . • Virus code gets replicate when copied by users. The first virus for • Even documents (like Word, Excel, Notepad) do carry Viruses the personl when these files get affected. computer was “Brain” created by Basit and Amjad • Emails is the most widespread method of sending virus to others. Foarroq Alvi. Types of Computer virus 1. Boot Sector virus boot sector virus alters the boot sector program stored in the hard disk or any other storage device such as floppy disks. It replaces the boot sector program with its own malicious code.It enters into your system through corrupt media files, infected storage devices, and insecure computer networks. You need to format your system to get rid of Boot sector virus. Example : Disk killer and stone virus 2. Program file virus Some file/program when executed load the virus in the memory.They embeds itself into executable files and perform predefined functions to infect the system .They infect program files like .EXE, .COM, .BIN , .DRV , .SYS. Example : Sunday and Cascade 3. Polymorphic virus It creates its thousands of copies itself and in each copy it changes the sequence and byte values to evade detection by antivirus software.It take many different forms on your computer.It is very difficult to detect and remove this virus. Example: Phoenix and Evil 4. Overwrite virus It is the simplest computer virus that overwrites the code of the host computer system's file with its own malicious code .It destroys the original program code by overwriting it with its defective code. The infected files must be deleted or replaced with a new copy as this virus cannot be removed or disinfected. Example : TRj.reboot and Trivial.88.D 5. Spacefiller virus The Spacefiller Virus is also known as Cavity Virus.It enters inside the file and occupies the empty spaces between the files. Example :CIH and Lehigh 6. Multipartite virus Multipartite virus spreads and infects in multiple ways. It infects both the boot sector and the executable files stored on the hard drive simultaneously. Example :Ghostball and Flip 7. Macro virus Micro virus infects MS Word or similar application and cause a sequence of actions to be performed automatically ,when the application started or something else triggered. Example : Nuclear and Melissa worm Symptoms of a Computer Virus There are many symptoms which show that a computer is infected with a virus, some of which are as follows: o Slow computer performance: The machine may work slowly, e.g., it will take more time to open or shut down the computer or while opening a file, document, computer application, etc. The operating system and internet speed may get slow. o Frequent pop-ups: A virus may cause unusual frequent pop-ups on your window. o Hard Drive issue: The hard drive may exhibit unusual high activity even when it is not in use. It may cause unwanted changes to your hard drive and may freeze or crash this device. o Frequent crashes: One may experience frequent sudden system crashes while playing games, watching videos, or doing some other work using the infected system. A blue screen appears when it crashes. o Unknown programs: Unwanted programs may open or start automatically when you start your computer. You can see these programs in your computer's list of active applications. Sometimes, the window shuts down unexpectedly without any reason. o Unusual activities: Your machine may perform differently, such as you may not be able to log into your accounts, to delete the corrupt files, and Blue Screen of Death (BSOD) may appear frequently, and more. Furthermore, the hardware, software, or OS may start malfunctioning leading to crashing the system abruptly. o Impaired security solutions: Sometimes, security measures taken by you, such as antivirus may not work smoothly due to virus attack on your computer. o Network issue: Sometimes, you experience high network activity even if you are not connected to the internet and vice versa. o Unnecessary advertisement: We often see advertisements while browsing, but if you see them even when you are not browsing, it may indicate a virus on your computer. o Display problems: You may experience different colors in your display if your computer is affected by a virus. o Unwanted email to contacts: Many viruses take control of your of your email and start sending to people of your contact list. o Blocked by Antivirus Sites: An antivirus site may deny access to a computer that is infected by a virus. o Dialog Boxes: Many dialog boxes keep appearing suddenly on your screen. o Printer Issues: A printer attached to an infected computer may print documents without getting any command or in an inappropriate manner. What are the harm caused by Virus ? ü Slow down computer performance. ü It might corrupt System files. ü Virus may use all internet data without knowledge. ü Hardware attached to computer behave erratically. ü Sensitive information like bank details can be stolen from computer system. How to prevent Virus attack ? ü Never open a mail with attachments from unknown site or Bernd Fix user ID. was the ü Do not trust a pen drive from an unknown source.Always first person to scan it before using on computer . remove a ü Do not download software from untrusted site on the virus in internet. 1987. ü Use antivirus software and keep it updated. Windows ü Instantly leave website you have been routed to without defender is an your consent. inbuilt ü Do not let unknown people use your computer. virus protectio What is an Antivirus? Features of an antivirus software n system in Antivirus is a software that is used to detect and remove virus.It is Windows operating capable ofmonitoring your computer system,incoming data through system. the internet,external storage devices like pen drive,email to protect The term computer from virus attack. virus was coined by Features of an antivirus software American computer ü Interface-the interface must be easy to understand and scientist use. Fredrick B Cohen in ü Resources required-Antivirus software should not use lot of 1983. computer resources. ü Price-price of the software must be reasonable. Examples of antivirus for Windows system are: Norton security premium,McAfee Antivirus,Symantec Antivirus AVG internet security,Avira Antivirus,Avast Antivirus, Kaspersky free Antivirus,Panda Free antivirus There are certain terms used to describe malicious software that has infiltrated your computer through the Internet. Let’s take a look at how it happens- ü Malware The term « malware » or « malicious software » is used for any type of software that can affect your computer equipment’s performance and functionality, either locally or remotely. Computer viruses, Trojan horses and worms are all considered malware . ü Worm A computer worm infiltrates your computer when you download a file or an email. The worm then clones itself and attacks other devices on your network. The worm will infect your files, and will spread to the computers of people who you communicate with, in the same way that it infiltrated your computer. Worms uses lots of internet bandwidth. Example :I LOVE YOU and Michelangelo ü Virus A virus infects « host » files on your computer, and then it is transmitted to other users when you send out those files. This is how computer viruses spread. The virus’ effects may vary from decreased computer performance to a complete loss of the computer’s functionality. The difference is that a worm operates more or less independently of other files, whereas a virus depends on a host program to spread itself. ü Spyware Spyware spies on everything you do: paying your bills online, watching online videos, using Facebook, etc. It compiles this information and sends it to a database that then affects your web browsing. Depending on your preferences and your browsing history, the database will suggest « promotional offers » or other scams. Spyware can also download and install viruses on your computer or open « pop-up » when you are surfing the web. Example: keyloggers and website cookies. ü Trojan horse A Trojan horse or « Trojan », infiltrates your computer through a file that you download and open. Unlike viruses, most Trojans stay on your computer only. They cause damage, but they do not spread to other computers. A Trojan is a piece of malware that stays in one place rather than spreading.It hides a worm or virus inside it. Example : Trojun.Vundo ü Virus Sweeper A virus sweeper is a fake antivirus.It disguises itself as antivirus.When users click on ads ,this virus installs itself on the system. Example : Antivirus 2009,Vista Antivirus EXERCISES Q1.Answer in one word- a) Which software acts against a virus b) Formatting system helps to get rid of which virus. c) Which virus take different forms on your system. d) Which is the most widespread method of sending viruses to others. e) Michelangelo is an example of which malicious code. f) Which can hide a virus within it. g) Name a virus that enter inside the file. h) Which virus is difficult to remove. i) Give an example of Spyware.
Load more

Recommended publications
  • Botnets, Cybercrime, and Cyberterrorism: Vulnerabilities and Policy Issues for Congress
    Order Code RL32114 Botnets, Cybercrime, and Cyberterrorism: Vulnerabilities and Policy Issues for Congress Updated January 29, 2008 Clay Wilson Specialist in Technology and National Security Foreign Affairs, Defense, and Trade Division Botnets, Cybercrime, and Cyberterrorism: Vulnerabilities and Policy Issues for Congress Summary Cybercrime is becoming more organized and established as a transnational business. High technology online skills are now available for rent to a variety of customers, possibly including nation states, or individuals and groups that could secretly represent terrorist groups. The increased use of automated attack tools by cybercriminals has overwhelmed some current methodologies used for tracking Internet cyberattacks, and vulnerabilities of the U.S. critical infrastructure, which are acknowledged openly in publications, could possibly attract cyberattacks to extort money, or damage the U.S. economy to affect national security. In April and May 2007, NATO and the United States sent computer security experts to Estonia to help that nation recover from cyberattacks directed against government computer systems, and to analyze the methods used and determine the source of the attacks.1 Some security experts suspect that political protestors may have rented the services of cybercriminals, possibly a large network of infected PCs, called a “botnet,” to help disrupt the computer systems of the Estonian government. DOD officials have also indicated that similar cyberattacks from individuals and countries targeting economic,
    [Show full text]
  • Symantec Report on Rogue Security Software July 08 – June 09
    REPORT: SYMANTEC ENTERPRISE SECURITY SYMANTEC REPORT: Symantec Report on Rogue Security Software July 08 – June 09 Published October 2009 Confidence in a connected world. White Paper: Symantec Enterprise Security Symantec Report on Rogue Security Software July 08 – June 09 Contents Introduction . 1 Overview of Rogue Security Software. 2 Risks . 4 Advertising methods . 7 Installation techniques . 9 Legal actions and noteworthy scam convictions . 14 Prevalence of Rogue Security Software . 17 Top reported rogue security software. 17 Additional noteworthy rogue security software samples . 25 Top rogue security software by region . 28 Top rogue security software installation methods . 29 Top rogue security software advertising methods . 30 Analysis of Rogue Security Software Distribution . 32 Analysis of Rogue Security Software Servers . 36 Appendix A: Protection and Mitigation. 45 Appendix B: Methodologies. 48 Credits . 50 Symantec Report on Rogue Security Software July 08 – June 09 Introduction The Symantec Report on Rogue Security Software is an in-depth analysis of rogue security software programs. This includes an overview of how these programs work and how they affect users, including their risk implications, various distribution methods, and innovative attack vectors. It includes a brief discussion of some of the more noteworthy scams, as well as an analysis of the prevalence of rogue security software globally. It also includes a discussion on a number of servers that Symantec observed hosting these misleading applications. Except where otherwise noted, the period of observation for this report was from July 1, 2008, to June 30, 2009. Symantec has established some of the most comprehensive sources of Internet threat data in the world through the Symantec™ Global Intelligence Network.
    [Show full text]
  • A Taxonomy of Computer Worms ∗
    A Taxonomy of Computer Worms ∗ † ‡ § ¶ Nicholas Vern Stuart Robert Weaver Paxson Staniford Cunningham UC Berkeley ICSI Silicon Defense MIT Lincoln Laboratory ABSTRACT 1. INTRODUCTION To understand the threat posed by computer worms, it is A computer worm is a program that self-propagates across necessary to understand the classes of worms, the attackers a network exploiting security or policy flaws in widely-used who may employ them, and the potential payloads. This pa- services. They are not a new phenomenon, having first per describes a preliminary taxonomy based on worm target gained widespread notice in 1988 [16]. discovery and selection strategies, worm carrier mechanisms, We distinguish between worms and viruses in that the worm activation, possible payloads, and plausible attackers latter infect otherwise non-mobile files and therefore require who would employ a worm. some sort of user action to abet their propagation. As such, viruses tend to propagate more slowly. They also have more Categories and Subject Descriptors mature defenses due to the presence of a large anti-virus industry that actively seeks to identify and control their D.4.6 [Operating Systems]: Security and Protection—In- spread. vasive Software We note, however, that the line between worms and viruses is not all that sharp. In particular, the contagion worms General Terms discussed in Staniford et al [47] might be considered viruses Security by the definition we use here, though not of the traditional form, in that they do not need the user to activate them, but Keywords instead they hide their spread in otherwise unconnected user activity. Thus, for ease of exposition, and for scoping our computer worms, mobile malicious code, taxonomy, attack- analysis, we will loosen our definition somewhat and term ers, motivation malicious code such as contagion, for which user action is not central to activation, as a type of worm.
    [Show full text]
  • Metahunt: Towards Taming Malware Mutation Via Studying the Evolution of Metamorphic Virus
    MetaHunt: Towards Taming Malware Mutation via Studying the Evolution of Metamorphic Virus Li Wang Dongpeng Xu Jiang Ming [email protected] [email protected] [email protected] The Pennsylvania State University University of New Hampshire University of Texas at Arlington University Park, PA 16802, USA Durham, NH 03824, USA Arlington, TX 76019, USA Yu Fu Dinghao Wu [email protected] [email protected] The Pennsylvania State University The Pennsylvania State University University Park, PA 16802, USA University Park, PA 16802, USA ABSTRACT KEYWORDS As the underground industry of malware prospers, malware de- Malware detection, metamorphic virus, binary diffing, binary code velopers consistently attempt to camouflage malicious code and semantics analysis undermine malware detection with various obfuscation schemes. ACM Reference Format: Among them, metamorphism is known to have the potential to Li Wang, Dongpeng Xu, Jiang Ming, Yu Fu, and Dinghao Wu. 2019. Meta- defeat the popular signature-based malware detection. A meta- Hunt: Towards Taming Malware Mutation via Studying the Evolution of morphic malware sample mutates its code during propagations so Metamorphic Virus. In 3rd Software Protection Workshop (SPRO’19), Novem- that each instance of the same family exhibits little resemblance to ber 15, 2019, London, United Kingdom. ACM, New York, NY, USA, 12 pages. another variant. Especially with the development of compiler and https://doi.org/10.1145/3338503.3357720 binary rewriting techniques, metamorphic malware will become much easier to develop and outbreak eventually. To fully under- stand the metamorphic engine, the core part of the metamorphic 1 INTRODUCTION malware, we attempt to systematically study the evolution of me- The malicious software (malware) underground market has evolved tamorphic malware over time.
    [Show full text]
  • Rootkit- Rootkits.For.Dummies 2007.Pdf
    01_917106 ffirs.qxp 12/21/06 12:04 AM Page i Rootkits FOR DUMmIES‰ 01_917106 ffirs.qxp 12/21/06 12:04 AM Page ii 01_917106 ffirs.qxp 12/21/06 12:04 AM Page iii Rootkits FOR DUMmIES‰ by Larry Stevenson and Nancy Altholz 01_917106 ffirs.qxp 12/21/06 12:04 AM Page iv Rootkits For Dummies® Published by Wiley Publishing, Inc. 111 River Street Hoboken, NJ 07030-5774 www.wiley.com Copyright © 2007 by Wiley Publishing, Inc., Indianapolis, Indiana Published by Wiley Publishing, Inc., Indianapolis, Indiana Published simultaneously in Canada No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permit- ted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600. Requests to the Publisher for permission should be addressed to the Legal Department, Wiley Publishing, Inc., 10475 Crosspoint Blvd., Indianapolis, IN 46256, (317) 572-3447, fax (317) 572-4355, or online at http://www.wiley.com/go/permissions. Trademarks: Wiley, the Wiley Publishing logo, For Dummies, the Dummies Man logo, A Reference for the Rest of Us!, The Dummies Way, Dummies Daily, The Fun and Easy Way, Dummies.com, and related trade dress are trademarks or registered trademarks of John Wiley & Sons, Inc. and/or its affiliates in the United States and other countries, and may not be used without written permission.
    [Show full text]
  • What Is an Operating System III 2.1 Compnents II an Operating System
    Page 1 of 6 What is an Operating System III 2.1 Compnents II An operating system (OS) is software that manages computer hardware and software resources and provides common services for computer programs. The operating system is an essential component of the system software in a computer system. Application programs usually require an operating system to function. Memory management Among other things, a multiprogramming operating system kernel must be responsible for managing all system memory which is currently in use by programs. This ensures that a program does not interfere with memory already in use by another program. Since programs time share, each program must have independent access to memory. Cooperative memory management, used by many early operating systems, assumes that all programs make voluntary use of the kernel's memory manager, and do not exceed their allocated memory. This system of memory management is almost never seen any more, since programs often contain bugs which can cause them to exceed their allocated memory. If a program fails, it may cause memory used by one or more other programs to be affected or overwritten. Malicious programs or viruses may purposefully alter another program's memory, or may affect the operation of the operating system itself. With cooperative memory management, it takes only one misbehaved program to crash the system. Memory protection enables the kernel to limit a process' access to the computer's memory. Various methods of memory protection exist, including memory segmentation and paging. All methods require some level of hardware support (such as the 80286 MMU), which doesn't exist in all computers.
    [Show full text]
  • Measuring and Improving Memory's Resistance to Operating System
    University of Michigan CSE-TR-273-95 Measuring and Improving Memory’s Resistance to Operating System Crashes Wee Teck Ng, Gurushankar Rajamani, Christopher M. Aycock, Peter M. Chen Computer Science and Engineering Division Department of Electrical Engineering and Computer Science University of Michigan {weeteck,gurur,caycock,pmchen}@eecs.umich.edu Abstract: Memory is commonly viewed as an unreliable place to store permanent data because it is per- ceived to be vulnerable to system crashes.1 Yet despite all the negative implications of memory’s unreli- ability, no data exists that quantifies how vulnerable memory actually is to system crashes. The goals of this paper are to quantify the vulnerability of memory to operating system crashes and to propose a method for protecting memory from these crashes. We use software fault injection to induce a wide variety of operating system crashes in DEC Alpha work- stations running Digital Unix, ranging from bit errors in the kernel stack to deleting branch instructions to C-level allocation management errors. We show that memory is remarkably resistant to operating system crashes. Out of the 996 crashes we observed, only 17 corrupted file cache data. Excluding direct corruption from copy overruns, only 2 out of 820 corrupted file cache data. This data contradicts the common assump- tion that operating system crashes often corrupt files in memory. For users who need even greater protec- tion against operating system crashes, we propose a simple, low-overhead software scheme that controls access to file cache buffers using virtual memory protection and code patching. 1 Introduction A modern storage hierarchy combines random-access memory, magnetic disk, and possibly optical disk or magnetic tape to try to keep pace with rapid advances in processor performance.
    [Show full text]
  • Tangled Web : Tales of Digital Crime from the Shadows of Cyberspace
    TANGLED WEB Tales of Digital Crime from the Shadows of Cyberspace RICHARD POWER A Division of Macmillan USA 201 West 103rd Street, Indianapolis, Indiana 46290 Tangled Web: Tales of Digital Crime Associate Publisher from the Shadows of Cyberspace Tracy Dunkelberger Copyright 2000 by Que Corporation Acquisitions Editor All rights reserved. No part of this book shall be reproduced, stored in a Kathryn Purdum retrieval system, or transmitted by any means, electronic, mechanical, pho- Development Editor tocopying, recording, or otherwise, without written permission from the Hugh Vandivier publisher. No patent liability is assumed with respect to the use of the infor- mation contained herein. Although every precaution has been taken in the Managing Editor preparation of this book, the publisher and author assume no responsibility Thomas Hayes for errors or omissions. Nor is any liability assumed for damages resulting from the use of the information contained herein. Project Editor International Standard Book Number: 0-7897-2443-x Tonya Simpson Library of Congress Catalog Card Number: 00-106209 Copy Editor Printed in the United States of America Michael Dietsch First Printing: September 2000 Indexer 02 01 00 4 3 2 Erika Millen Trademarks Proofreader Benjamin Berg All terms mentioned in this book that are known to be trademarks or ser- vice marks have been appropriately capitalized. Que Corporation cannot Team Coordinator attest to the accuracy of this information. Use of a term in this book should Vicki Harding not be regarded as affecting the validity of any trademark or service mark. Design Manager Warning and Disclaimer Sandra Schroeder Every effort has been made to make this book as complete and as accurate Cover Designer as possible, but no warranty or fitness is implied.
    [Show full text]
  • 9 Steps to Protect Against Ransomware
    9 Steps to ProtectUsers/Devices Against Ransomware Home Security Dashboard Security Dashboard IT Support Analyst Task Overview Devices Vulnerability Scan With Vulnerabilities In Last 30 Days Security Manager Critical Security Dashboard 40 Devices 95 Not Scanned Self Service Important/High 85 Estimated Not Scanned 90 Devices 31 Scanned So ware Catalog Moderate/Medium 15% Launchpad 90 Devices Asset Manager NA 140 Devices So ware Asset Hardware Asset Inventory Scan Most detected Critical/High Vulnerables In Last 30 Days In Last 30 Days Sign Out MS15-080_MSU 70 Devices 169 Not Scanned 42 Scanned MS15-084_MSU White Paper 70 Devices 20% MS15-049_INTL 50 Devices MS15-049_INTL 50 Devices Contents Introduction . 1 Prevention . .. 2 1. Patch the critical operating systems and applications .................................2 2. Ensure that antivirus software is up-to-date and that regular scans are scheduled .......3 3. Manage the use of privileged accounts ..............................................4 4. Implement access control that focuses on the data ...................................4 5. Define, implement, and enforce software rules .......................................6 6. Disable macros from Microsoft Office files ...........................................6 Other considerations . 6 7. Implement applications whitelisting ................................................7 8. Restrict users to virtualized or containerized environments ............................7 9. Back up critical files frequently .....................................................7 Ransomware incidents are on the rise . Fight back! . 8 References . 8 This document contains the confidential information and/or proprietary property of Ivanti Software, Inc. and its affiliates (referred to collectively as “Ivanti”), and may not be disclosed or copied without prior written consent of Ivanti. Ivanti retains the right to make changes to this document or related product specifications and descriptions, at any time, without notice.
    [Show full text]
  • Trojans and Malware on the Internet an Update
    Attitude Adjustment: Trojans and Malware on the Internet An Update Sarah Gordon and David Chess IBM Thomas J. Watson Research Center Yorktown Heights, NY Abstract This paper continues our examination of Trojan horses on the Internet; their prevalence, technical structure and impact. It explores the type and scope of threats encountered on the Internet - throughout history until today. It examines user attitudes and considers ways in which those attitudes can actively affect your organization’s vulnerability to Trojanizations of various types. It discusses the status of hostile active content on the Internet, including threats from Java and ActiveX, and re-examines the impact of these types of threats to Internet users in the real world. Observations related to the role of the antivirus industry in solving the problem are considered. Throughout the paper, technical and policy based strategies for minimizing the risk of damage from various types of Trojan horses on the Internet are presented This paper represents an update and summary of our research from Where There's Smoke There's Mirrors: The Truth About Trojan Horses on the Internet, presented at the Eighth International Virus Bulletin Conference in Munich Germany, October 1998, and Attitude Adjustment: Trojans and Malware on the Internet, presented at the European Institute for Computer Antivirus Research in Aalborg, Denmark, March 1999. Significant portions of those works are included here in original form. Descriptors: fidonet, internet, password stealing trojan, trojanized system, trojanized application, user behavior, java, activex, security policy, trojan horse, computer virus Attitude Adjustment: Trojans and Malware on the Internet Trojans On the Internet… Ever since the city of Troy was sacked by way of the apparently innocuous but ultimately deadly Trojan horse, the term has been used to talk about something that appears to be beneficial, but which hides an attack within.
    [Show full text]
  • The Norman Book on Computer Viruses Ii Z the Norman Book on Computer Viruses
    The Norman Book on Computer Viruses ii z The Norman Book on Computer Viruses Norman ASA is not liable for any other form of loss or damage arising from use of the documentation or from errors or deficiencies therein, including but not limited to loss of earnings. In particular, and without the limitations imposed by the licensing agreement with regard to any special use or purpose, Norman ASA will in no event be liable for loss of profits or other commercial damage including but not limited to incidental or consequential damages. The information in this document as well as the functionality of the software is subject to change without notice. No part of this documentation may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording or information storage and retrieval systems, for any purpose other than the purchaser's personal use, without the explicit written permission of Norman ASA. Contributors to The Norman Book on Viruses: Snorre Fagerland, Sylvia Moon, Kenneth Walls, Carl Bretteville Edited by Camilla Jaquet and Yngve Ness The Norman logo is a registered trademark of Norman ASA. Names of products mentioned in this documentation are either trademarks or registered trademarks of their respective owners. They are mentioned for identification purposes only. Norman documentation is Copyright © 1990-2002 Norman ASA. All rights reserved. October 2001 Copyright © 1990-2002 Norman z iii Norman Offices Norman Data Defense Systems Pty Ltd 6 Sarton Road, Clayton, Victoria, 3168 Australia. Tel: +61 3 9562 7655 Fax: +61 3 9562 9663 E-mail: [email protected] Web: http://www.norman.com.au Norman Data Defense Systems A/S Dronningensgade 23, DK-5000 Odense C, Denmark Tel.
    [Show full text]
  • Breaking Antivirus Software Joxean Koret, COSEINC 44CON, 2014
    Breaking Antivirus Software Joxean Koret, COSEINC 44CON, 2014 Breaking antivirus software Introduction Attacking antivirus engines Finding vulnerabilities Exploiting antivirus engines Antivirus vulnerabilities Conclusions Recommendations Antivirus Engines Common features of AV engines: Written in C/C++. Signatures based engine + heuristics. On-access scanners. Command line/GUI on-demand scanners. Support for compressed file archives. Support for packers. Support for miscellaneous file formats. Advanced common features: Packet filters and firewalls. Drivers to protect the product, anti-rootkits, etc... Anti-exploiting toolkits. Antivirus products or engines An antivirus engine is just the core, the kernel, of an antivirus product. Some antivirus engines are used by multiple products. For example, BitDefender is the most widely used antivirus kernel. It's used by so many products like QiHoo360, G-Data, eScan, F-Secure, etc... Most “big” antivirus companies have their own engine but not all. And some companies, like F-Secure, integrate 3rd party engines in their products. In general, during this talk I will refer to AV engines, to the kernels, except when specified the word “product”. Attack surface Fact: installing an application in your computer makes you a bit more vulnerable. You just increased your attack surface. If the application is local: your local attack surface increased. If the application is remote: your remote attack surface increased. If your application runs with the highest privileges, installs kernel drivers, a packet filter and tries to handle anything your computer may do... Your attack surface dramatically increased. Myths and reality Antivirus propaganda: “We make your computer safer with no performance penalty!” “We protect against unknown zero day attacks!”.
    [Show full text]