Documentos de Académico
Documentos de Profesional
Documentos de Cultura
By Sunny Vaghela
Session Flow
Spyware Overview. Difference between Virus, Worms & Trojans. Virus Life Cycle. Modes of transmission Methods to Avoid detection Virus Analysis Virus Detection
Spyware Overview
Spyware is a piece of software that gets installed on computer without your consent. It collects your personal information without you being aware of it. Change how your computer or web browser is configured and bombard you with online advertisements. Spyware programs are notorious for being difficult to remove on your own and slows down your PC. A program gets installed in the background while you are doing something else on Internet. Spware has fairly widespread because your cable modem or DSL connection is always connected.
Modes of Transmission
IRC ICQ Email Attachments Physical Access Browser & email Software Bugs Advertisements NetBIOS Fake Programs Untrusted Sites & freeware Software
Virus Properties
Your computer can be infected even if files are just copied Can be Polymorphic. Can be memory or non-memory resident Can be a stealth virus Viruses can carry other viruses Can make the system never show outward signs Can stay on the computer even if the computer is formatted.
Virus Properties
Most of the viruses operate in two phases. 1. Infection Phase In this phase virus developers decide When to Infect program Which programs to infect
Some viruses infect the computer as soon as virus file installed in computer. Some viruses infect computer at specific date,time or perticular event. TSR viruses loaded into memory & later infect the PCs. 1. Attack Phase - In this phase Virus will Delete files. Replicate itself to another PCs. Corrupt targets only
Virus Indications
Following are some of the common indications of Virus when it infects system. Files have strange name than the normal. File extensions can also be changed. Program takes longer time to load than the normal. Computers hard drives constantly runs out of free space. Victim will not be able to open some programs. Programs getting corrupted without any reasons.
Virus Types
Following are some of the common indications of Virus when it infects system. Macro Virus Spreads & Infects database files. File Virus Infects Executables. Source Code Virus Affects & Damage source code. Network Virus Spreads via network elements & protocols. Boot Virus Infects boot sectors & records. Shell Virus Virus Code forms shell around target hosts genuine program & host it as sub routine. Terminate & stay resident virus remains permanently in the memory during the work session even after target host is executed & terminated.
Stealth Request
Some viruses try to trick anti-virus software by intercepting its requests to the operating system. The virus can then return an uninfected version of the file to the anti-virus software, so that it seems that the file is "clean".
Self Modifications
Some viruses try to trick anti-virus software by modifying themselves on each modifications As file signatures are modified, Antivirus softwares find it difficult to detect.
Virus Analysis
IDA Pro tool: It is dissembler & debugger tool Runs both on Linux & windows Can be used in Source Code Analysis, Vulnerability Research & Reverse Engineering.
Autoruns
Process Monitor
Process Explorer
Process Explorer