2 a 2 5 < Malware -Objectives— t { after reading this chapter, you will learn virus adits 17°5 Virus and its 1 M4 About Malware horses Yorms and Trojan File Extension viruses ay spam ' packup anditsmeed developed for the purpose files that are d trojan horses, in programming for us, worms, an puter vir Malware is malicious software of doing harm. Thus, malware includes com Viruses, worms, trojan and blended threats or hybrid viruses may be described simply by listing the kind that show up: = Large scale e-mailing = Deletes files = Modifies = Degrades performance = Causes system instability . . Releases confidential info Compromises security settings Virus is a program that reproduces itself. It may attach to other programs and may create copies of itself, It may also damage or corrupt data, change data, or degrade the performance of your system by utilizing resource such as memory of disk space Some people love to create problems for others. l ; Perhaps it is someone who has an axe grind with big j= ees et EC business. May be it is someone who thinks the world is = Soy die camped a getting too dependent on the Internet for worldwide to the computer, always fist | communications. Of course, creating computer viruses scan it with antivirus. may also just be a way to get attention, even if one has to remain anonymous in order to avoid going to jail. The sheer thrill of knowing that your creation disrupted systems all cover the world may feed an ego without any good motive or intent. @0e “=eee Sl Bf computer Virus Bf [i ' Da oot Record (MBR) virus Pcie sector Viruses ctor viruses infect the boot re eee oe so on hard disk, floppy disks, and theoretically also mvs and | cere re does not necessarily boot the victim’s computer Mnfect it Even non-bootable media can spread a boot sector virus. Once the infected fampurer does successfully boot, the boot sector virus stays in memory and infects foppies and other media when they are written to by the infected computer. Boot sector pees have become less common as floppy disks have become rarer. aster Boot Record (MBR) Viruses aster Boot Record (MBR) viruses are very similar to boot sector viruses, except that they pect the MBR (Master Boot Records) instead of boot sector. file Infector Viruses fie infector viruses infect files that contains executable code, such as -EXE and .COM files. some file infectors are memory resident. This means that the virus will stay in memory nnd continue to infect other programs. Other file infector viruses only infect other files when they are executed. Macro Viruses Macro viruses infect certain types of data files. Most macro viruses infect Microsoft Office files, such as Word Documents, Excel Spreadsheets, PowerPoint Presentations, and Access Databases. Macro viruses typically use the Visual Basic macro language which is built into Microsoft Office Applications. Some macro viruses also share the characteristics of a computer worm, in the way in which they spread themselves across networks. Viruses {ter virus that displays characteristics of more than one of these categories is ‘a multipartite computer virus ie. they share the characteristics of more than one te computer virus might infect both the boot record. For example, a multipart files.Match the followtn 1. Boor sector viruses Ri mean of te in 2 Master boot record viruses we pent th boot re" a . 3. File infector viruses Aine a jon hae 4. Macro viruses dks DvDs da Infect files cont aining eX fe viruses 5, Multipartit be ‘A computer virus comes 2 ¢ ter. Some OF used by virus to infect a co! ‘Extension bat Windows command batch I: file. com Specially compile pos indi | ry executable File 7 Windows standard bina! runtime exe is J ourefile. mnu “Associated with mem files for various applications > and environments. LD ‘usually part of operating ©) system de. or DOS overlay fle, WNT tion file, _ _ of Windows program files, including various Windows Windows program informa ‘Associated with all kinds L databases. _ __ __ | | ser Windows screensaver file i Windows data file, also sociated with ; Sysgraph, “gysstat, and SP 5 | applications. ee Visual Basic script file. visual Basic script file i lications (included in all MS Office components) Spt cbs Visual Basic for App {|_| file. [ws Windows script file. 2 Oe wsc Windows script component file. aan a wef Windows script file (re = | iplaces.js, ——— fl {| | | Windows). js, .vbs, and .w in newer versions of _— 2 5 &destruction however ous and en to cause {like the software you use, except they are writte .s, For the general PC uset jous programs are viruse: ed as malicic not all mali ‘ities are irrelevant. All of these programs can be labele Their methods and ways of entering PCs ace different Bab HAG goal is use destruction and mischief. ting and infecting specific files already etwork | iets tea aia ges, or whatever f file deletions rity elements lar methods. worn BE geek t infect and replicate without target fant on computer. They may show up via e-mail, Ls ware, OF other forms of transport and then create more e-mails, messa; & propagate the same way. They often don't do much damage by way o any worm attempt to disable firewalls, antivirus software, and other sect! f start up registry Keys, terminating active processes and other simi Welchia, Beagle. n Horses Ei se or a Trojan, is a program of file that a user allows OF invites onto his or her ‘eving that the program or file is normal software, ‘and complaint. In reality, the contains malware that seeks to take over the system OF provide a way for vach it an assume control. In many cases, Trojan install a software called a capture and store all keyboard activities and mouse but in fact, such a Trojan can easily capture account account information. Peexample, rei! Jiojan Hor gstem, beli program or file mmoutsider to re ke logger that permits them to .d dangerous, Ieystrol .dit card numbers, or bank dicks. This may not soun names and passwords, cre fits twork like the Internet. If you download a software rep ke program is installed, the anet The most common way is through bedded in the files. When the orgame, the malware could be em! Jit install itself simultaneously. Never open e-mails received Another common method is through e-mail. The worm night attach itself to an e-mail, Usually the message will from unknown persons as lave an enticing header. The user will click it and she they can infect your system Program will start to ru. with virus or spyware. There are now some malware running . The script will actival viruses show that these are malware mig from Web based scripts. All the user has to do is te itself and self install in the PC. The facts about among the most dangerous types around. j i PPM i a ‘will result in irritating popup’s when you browse the Web. Others will—— ee make the nost lethal ones will erase all y teons move across the deskto| Others will attac I make the OS impc Fy k the system memory and BIOS. This W! On networks, it moves from one computer to another. When 2 Neil s oF i send an e-mail with the malware attached to it. When it is Ps ned, the progran that computer. On the Internet, this kind of infection a" facts about computer wor result in millions of use affected. Numerous websites will also shut down. The will show that it has happened several times already BPrevention 1, Install antivirus software. After installation, run its update feature, ou need this as often as possible. By keeping it updated, it will Pe able to detect th immediately. 2. Always backup your files. Ifthe network has been infected, clean i first before t up. 3. Even though e-mail services have virus scanners mun) an anbvirus scan on ap attachment you get. 4. By learning the facts about computer worm viruses, you'll keep your documents saje Always try to keep your knowledge up to date, and your data will be safe. Spyware is anything that resides on a computer, usually uninvited, that can report on the activities and preferences of the computer's users, or disclose information about data stored on a computer. It basically spies on what the computer is used for and possible for what it contains, to report on its findings to outsiders when an opportunity presents ise The key points about spyware are as follows: = Information is gathered without obtaining the user's consent. = It may be relayed to third parties without the user’s knowledge. = It may sometimes change the behavior or book of a PC without either the user's knowledge or consent. Although subtle signs exist that spyware has invaded your 4 system, the most common and discernible symptoms are as follows: = Something new or unexpected shows up. = Anincrease in ads, pop-ups, or advertising. = Performance slows down noticeable./ | unsolicited e-mail whieh is 5 ent in Mag: ‘IVE quantities Qi ” to cfes sell products ang Unsuspecting Internet at Servicw, ye Sets cate) ees such, “ dangerous category of spar, 4 SS Mortgage refinar af bers, credit car Fates ee eae ‘nt it card numbers ‘ Convince the 7 S, OF logi ecipient to sh i a » share their bank per or servic '§ such as eB, Bec eBay and p, and Bs Y and PayPal Passwords to their Online banking ¢ ig sometimes referred to gen mercial. S ® mwmercial. SOME Spam is r ils attempting to share thei as Unsolicite - 'd Commerc simply crimin mercial E-Mail (UCE). Not all spam al, wh pal |, while other Polit or regan oe -Pammers send unrequested WS, fn the sender's point of view, it’s a for ‘ In gt. To the receiver, it usually — S on of bulk mail, often to a list obtained from a 4 ‘i i Ee ike ju pool e-mail to eee list in the Teas e-mail, Spammers typically send a will respond to their off ms, expecting that i eaters re fer. Spam has a 1B é only a tiny number of spa em anted and causes Internet oe 2 problem for all Internet users: stion, resoUrcesy and usually ticks off alot of people, consumes e-mail server fany forms of spam originate fror ; ered attachments so they can eee eae aey programs that send e-mail with ‘e-mail servers with built-i and keep saa 5 Many z {-in attachment screening capabilities automaticall} send “warning messages” to senders identified in incoming messages when ini es js detected or suspected. But when incoming e-mail uses neve ieee ae janocent their parties, the original spam is doubled when a bogus infection report is sent to somebody who's probably not infected! i [stopping Spam a 1am is almost impossible to stop completely, evel through spam filters and legislation. but it can be reduced to a less aggravating Spam Filters Aspam filter is a software application which is installed either on a mail server or a mail lent. Email administrators typically install spam filtering software on mail servers. By far the batt spam filtering software for mail servers is Spam Assassin. Spam Assassin is a free product of the Apache Project. Anti-Spam Legislation Many states and countries Iegslation designed to enable the pr have enacted ‘osecution ay operate acro: Sf Goan » spammers may & ' Of spammers. This is a very difficult task because mt ; F | comprehensive 3 boundaries and operate anonymously. Spam Laws is a comb fan spam legislation which has been enacted worldwide: rm An antivirus is software to protect your com) computer or might have already done so. There in the market but the most trusted and acceptable are You will get an explanation about the working of Norton ENorton Antivirus fi When you install antivirus and accept the preset options, Paina The free antivirus give liry ted your 5 rt e ii , your y computer is safe. As part of the installation, y security but paid antivirus give computer is scanned for viruses. full security from all threats may Ey Wo int puter from viruses that may Ir | ; are number of antivirus package Norton Antivirus and McAffe 5, Antivirus 2006 Norton Antivirus automatically checks boot records for viruses at system startup, checks programs for viruses at the time you use them, scans all local hard drives for viruses once per week. It also scans files you download from the Internet and checks floppy disks for boot viruses when you Use them. LTT aad Data backup is said to be the best prevention for data loss. What exactly a Backup is? [¢ is a process of having duplicate copy of the original one. Itis an activity of copying files or databases so that the data will be preserved in case of any accidentally or intentionally deletion of the data, [Need for Backup Ei There are various reasons for data loss like viruses, application problems, human errors, operating system failure, and many more. Backup plays a vital role for the businesses or the organizations, who spend lot of time on the computer for their personal or business dealings. According to opinions, taking no appropriate steps to preserve the data is the greatest mistake. Some people still follow the old paradigm of “it will never happen to me”. Now this should be changed as data loss can be faced at anytime and by anyone. No matter what happens to your computer, you should have backup files because some data can, laced but the most important files that cannot be retrieved may cause you ® Due to this, backing up the files, documents, ete,, is very necessaryae el - y of backing, up the d spends on how grP «backing UP your data, the capacity of so your data place the backup medium to the quanti gent OF ory important. It's a good idea to have something oa ¥ your information on one physical thing a | the capacity of the b rif? of or days, if a person holds the huge data it would be difficult for him to backup »earlie ie gpote asta 2° the only media available was floppy disks which consisted just oveT 2 pe nM of data. But now the technology has fully changed, a person can save his data aby z g ween to the capacity of his data, he can choose the appropriate medias like: ‘Tape * asd Disk 5 ical Dise like CD, DVD, ete mal Hard Drive 5 Exe q packup service, etc. Remote ing up is an important task for any individual or organization. However, as data mes increasing important in business, the loss of data is often sharply felt in terms of Bete; effort: Whatever method you choose, but backing ap youm files are very important ase itis the one of the safest methods to protect against the worst. pvp Backup pvp backup is a practical alternative for home users and small businesses. DVD technologies include DVD-RW, EVE+RW, DVD-R, DVD+R, DVD-RAM, as well as dual inyer DVD technologies. Single-layer DVDs can hold up to 4.7 GB of data and dual-layer DYDs can hold up to 8.5 GB. DVD technology is a suitable option for storing backup data | medium amounts of backup data. Hard Drives Copying and retrieving data from hard drives is very easy. The primary disadvantages are est and the worry that a malware attack which affects the primary hard drives could also affect the backup hard drives. Online Storage is one of the latest method of storing your storage solutions enable people to upload their od server located in a secure environment. img nyAnother advantage of storing, files Online ith Internet acces location as long, as they have a computer W = Revision The purpose of doin harry, Malware is malicious software in programming oF files that are develope and may create copies of itself Vist program wich eraues tl yaftach fo OtMTPTTUNU ANSI ig Nae also damage or corrupt data, change data, or degrade the performance as memory or disk space virus, Master Boot Rey © A Computer virus ha be categorised into following four designations Boot sector virus, Master Boot Recorg (MBR) virus, File infector virus, Macro virus. Boot sector viruses infect the boot record on hard disks, flopP' © Master Boot record (MBR} viruses are very similar to boot sector is Boot Records) instead ofthe boot sector. > Macro viruses infect Microsoft Office files, suchas Word! Documert: and Access Databases ‘& Multipartite viruses share the characteristics of more than one virus {YPE ‘& Worms seek to infect and replicated without targeting and infecting specific le a ea ae & Trojan horse is a program of fle that a user allows or invites ont his or her system, believing that the program of file is normal software, and complaint. Spyware is anything that resides on a computer, usually uninvite of the computer's user, or disclose information about data stored on a computer. © Spam is unsolicited e-mail which is sent in massive quantities to unsuspecting Internet e-mail users. Ananthirus s software to protect your computer from viruses that may try to Ife oalgaai cern Mit ve already done so. ‘and theoretically also on CD's and Dy’, dss, 3s, except that they infect the MBR (May excel spreadsheets, PowerPoint Presentation, «; than can reporton the activates and preferences 1. Answer the following questions: a. What is malware? What does it do? What do you mean by virus? How it can harm a computer? Name different types of viruses. Name some file extensions that can harm your computer. Give one difference between Worms and Trojan, What is the need of antivirus? What precaution we should take to prevent our computer from malware? What is the purpose for having a backup of importantfles? |. What do you understand by antivirus? Explain Norton Antivirus, 2. Multiple choice questions (MCQs): a. Thisis associated with all kinds of Windows program fle. i. ser ii, pif ii, pre