4. What is a Virus?
• A virus is basically an executable file is
designed such that of all it should be infect
documents, then it has to have the ability
to survive by replicating itself and then it
should also be avoid detection.
5. Basics about the virus……..
• Virus is program that self-replicate.
• Virus is not a data.
• You can only catch the virus by running a
program.
• Your computer can run all kinds of programs.
• Most viruses are difficult to detect.
• Computer viruses not inherently destructive.
• Viruses are designed to corrupt or delete
data on the hard disk.
6. Types of viruses
1. File or program virus.
2. Boot Sector Virus (MBR or Master Boot
Record).
3. Multipartite Virus.
4. Stealth Virus.
5. Polymorphic Virus.
6. Macro Virus.
7. Functional elements of virus.
virus
Anti detection routines
search copy
Fig 1.Functional diagram of a virus.
8. NOTES
• Every visible computer virus must have at
least 2 basic parts (subroutine).
1.A search routine
2.A copy routine
3.An anti-detection routine
9. Virus In Detail…..
1.File or program virus
some programs are in disguise ,when
they load the memory along with the
program and perform some steps and
infect the system. They infect the program
files like
.COM, .BIN, .DRV, .EXE AND .SYS.
10. sp
Stack area FFFFH
Uninitialized data
COM file image
ip 100 H
PSP
OH
cs=ds=es=ss
• Fig 2. Memory map just before executing a COM file.
11. BEFORE AFTER
mov dx,257H
Timed virus
Uninfected host COM
file
Infected host COM file
Jmp 154AH
100H mov dx , 257 H 100H
Fig 3.Replacing the first bytes in a COM file.
12. EXE File Header
Relocation pointer table
EXE Load module
Fig 4.The layout of an EXE File
13. 2. Boot sector virus
• Boot sector virus can be the simplest or
the most sophisticated of all computer
Viruses.
•Boot sector is the first code to gain
control after the ROM startup.
•It is very difficult to stop before it loads.
14. 3.Multipartite virus
•A hybrid verity virus.
•Only infects files and boot sector.
•More destructive.
•More difficult to remove.
•Once it infect to the boot sector it never
stops.
•Example: invader,Flip.
15. 4.Stealth virus
•They are stealth in nature.
•They have various methods to hide
themselves.
•They highly avoid detection.
•Sometimes they reduce the file size
sometimes increases.
•Though it try to avoid detection from
scanners.
•Example: whale virus.
16. 5.Polymorphic virus
•They are the most difficult virus to detect.
•They have the ability to mutate.
•Anti viruses which look for the specific virus
code are not able to detect such viruses.
17. 6.Macro virus
•A macro is an executable program
embedded in a word processing
document or other type of file.
•Once the macro is running it can copy to
other documents, deleting files etc.
•Example: Have a Nice Day, concept.
18. Anti-virus Engine
Anti-virus engine designed for detecting
Trojans, viruses, malware and other
malicious threats. It is the de facto
standard for mail gateway scanning. It
provides a high performance mutli-
threaded scanning daemon, command
line utilities for on demand file scanning,
and an intelligent tool for automatic
signature updates.
21. Basic virus defense
• Install antivirus softwares.
• Do not open e-mail attachments.
• Do not install new programs without first
notifying IT.
• Install a firewall on your workstation.
• Scan your system regularly.
• Do not visit unauthorized web sites.