Shri Madhwa Vadiraja Institute of Technology

and Management, Bantakal

MALICIOUS SOFTWARE: VIRUSES

PRESENTED BY
PRATHIKSHA : 4MW21EC046
B ANUSH RAO : 4MW22EC400
DHANUSH KUMAR G : 4MW21EC401
SINDHU CHANDRAPPA BARKI : 4MW21EC404
 Nature of the Viruses
• A c o m p u t e r v ir u s is a p ie c e o f s o ft w a r e t h a t c a n in fe c t o t h e r
p r o g r a m s b y m o d ify in g t h e m , t h e m o d ific a t io n in c lu d e s in je c t in g
t h e o r ig in a l p r o g r a m w it h a r o u t in e t o m a k e c o p ie s o f t h e v ir u s
p r o g r a m , w h ic h c a n t h e n g o o n t o in fe c t o t h e r p r o g r a m s .

• A v ir u s a t t a c h e s it s e lf t o a n o t h e r p r o g r a m a n d e x e c u t e s s e c r e t ly
w h e n t h e h o s t p r o g r a m is r u n . O n c e a v ir u s is e x e c u t in g , it c a n
p e r fo r m a n y fu n c t io n , s u c h a s e r a s in g file s a n d p r o g r a m s t h a t is
a llo w e d b y t h e p r iv ile g e s o f t h e c u r r e n t u s e r .

• A c o m p u t e r v ir u s is a p r o g r a m o r p ie c e o f c o d e t h a t , w h e n
e x e c u t e d , r e p lic a t e s b y in s e r t in g c o p ie s o f it s e lf in t o o t h e r
p r o g r a m s , file s , o r t h e s y s t e m it s e lf . O n c e a v ir u s s p r e a d s t o a
h o s t , it c a n t r ig g e r h a r m fu l a c t io n s .
2
Four phases of the Virus:

• Dormant phase: The virus is idle. The virus will eventually be activated by
some event, such as a date, the presence of another program or file, or the
capacity of the disk exceeding some limit.

• Propagation phase: The virus places a copy of itself into other programs or
into certain system areas on the disk. The copy may not be identical to the
propagating version; viruses often morph to evade detection. Each infected
program will now contain a clone of the virus, which will itself enter a
propagation phase.

3
• Triggering phase: T h e t r ig g e r in g p h a s e o f a c o m p u t e r v ir u s o c c u r s
w h e n it a c t iv a t e s it s m a lic io u s p a y lo a d a ft e r r e m a in in g d o r m a n t
o n a n in fe c t e d s y s t e m . T h e v ir u s w a it s fo r a s p e c ific c o n d it io n t o
b e m e t , s u c h a s a c e r t a in t im e , u s e r a c t io n , o r s y s t e m e v e n t .

• Execution phase: T h e e x e c u t io n p h a s e o f a c o m p u t e r v ir u s is
w h e n t h e v ir u s c a r r ie s o u t it s in t e n d e d m a lic io u s a c t io n s a ft e r
b e in g t r ig g e r e d . D u r in g t h is p h a s e , t h e v ir u s a c t iv a t e s it s p a y lo a d ,
w h ic h c o u ld in v o lv e a v a r ie t y o f h a r m fu l a c t iv it ie s , s u c h a s
c o r r u p t in g o r d e le t in g file s , s t e a lin g s e n s it iv e d a t a , s p r e a d in g t o
o th e r sy ste m s .

4
Compression Virus

5
 Program P1 is infected with the virus CV. When this program is invoked,
control passes to its virus.

1. For each uninfected file P2 that is found, the virus first compresses that file
to
produce P2, which is shorter than the original program by the size of the
virus.

2. A copy of the virus is prepended to the compressed program.

3. The compressed version of the original infected program, P1 is uncompressed.

4. The uncompressed original program is executed.

6
A c o m p u t e r v ir u s h a s t h r e e p a r t s :

• Infection mechanism (Spreading Part): T h is p a r t h e lp s t h e v ir u s

s p r e a d t o o t h e r file s o r c o m p u t e r s . It m ig h t a t t a c h it s e lf t o t h in g s
lik e e m a il a t t a c h m e n t s , file s , o r p r o g r a m s s o t h a t it c a n m o v e
fr o m o n e c o m p u t e r t o a n o t h e r .

• Action Part (Payload): T h is p a r t is w h a t t h e v ir u s d o e s o n c e it 's

in s id e y o u r c o m p u t e r . It c o u ld c a u s e h a r m , lik e d e le t in g file s ,
s lo w in g d o w n y o u r c o m p u t e r , o r e v e n ju s t s h o w in g u n w a n t e d
m essag es.
•
7
• Starting Part (Trigger): This part tells the virus when to start working.
The trigger could be a specific action (like opening a file), a certain date, or a
random time. Trigger is computer viruses is an event or condition that activates
the virus's harmful function, known as the payload.

8
 Viruses Classification
A virus classification by target that includes :

• Boot Sector Infector: These viruses infect the computer's boot sector, which is
the part of the hard drive that loads the operating system. They activate when
the computer starts up and can be hard to remove.These viruses are hard to
detect because they load early in the boot process, often before antivirus
software can scan the system.

• File Infector: These viruses attach themselves to files (usually executable files)
and run when the infected file is opened. They can spread each time the file is
used, infecting more files and programs. File infector viruses can be more
destructive as they can alter or corrupt the files they infect.

9
• Macro Virus: T h e s e v ir u s e s t a r g e t s o ft w a r e t h a t u s e s m a c r o s , lik e
M ic r o s o ft W o r d o r E x c e l . T h e y a r e o ft e n s p r e a d t h r o u g h in fe c t e d
d o c u m e n t s a n d c a n a c t iv a t e w h e n t h e d o c u m e n t is o p e n e d .
M a c r o v ir u s e s a r e r e la t iv e ly e a s y t o s p r e a d b e c a u s e m a n y u s e r s
o p e n d o c u m e n t s w it h o u t r e a liz in g t h e r is k .

10
A virus classification by concealment strategy includes :

• Encrypted virus: A portion of the virus creates a random encryption key and
encrypts the remainder of the virus. The key is stored with the virus. When an
infected program is invoked, the virus uses the stored random key to decrypt the
virus. Encrypted viruses are often used in sophisticated attacks .

• Stealth virus : It is a type of malware that tries to hide itself from both the
user and antivirus software. It does this by altering system files or using
techniques that make it appear as if nothing is wrong. The virus operates in the
background, avoiding detection and allowing it to remain on the system for a
longer period.

11
• Polymorphic virus: It is a type of malware that changes its code every time it
infects a new system, making it harder to detect. It uses techniques like encryption
or code changes to look different each time it spreads, even though it still
performs the same harmful actions.

• Metamorphic virus: As with a polymorphic virus, a metamorphic virus mutates

with every infection. Metamorphic virus rewrites itself completely at each
iteration, increasing the difficulty of detection

12
 Virus Kits

A virus kit (or malware kit) refers to a collection of tools, scripts, and
software components used to create, modify, or distribute computer viruses and
other forms of malware. These kits allow attackers often with little technical
knowledge to develop and deploy malicious software. Virus kits typically include
pre-written code that can be customized and used for specific types of attacks ,
making it easier for cybercriminals to create and spread malware without having to
write their own code from scratch.

13
 Macro Viruses

• A macro virus is a type of computer virus that hides inside documents, like Word
or Excel files. It uses special code (called macros) that can run automatically when
you open the document.

• Once activated, the virus can damage your files, steal information, or spread to
other files and computers. It usually spreads through email attachments.

• A macro virus is platform independent. Many macro viruses infect Microsoft Word
documents or other Microsoft Office documents. Any hardware platform and
operating system that supports these applications can be infected .

14
• Macro viruses infect documents, not executable portions of code. Most of the
information introduced onto a computer system is in the form of a document
rather than a program.

• Macro viruses are easily spread. A very common method is by electronic mail.

• Because macro viruses infect user documents rather than system programs,
traditional file system access controls are of limited use in preventing their
spread.

15
 E-Mail Viruses
• T h e v ir u s u s e s t h e V is u a l B a s ic s c r ip t in g la n g u a g e s u p p o r t e d b y
t h e e -m a il p a c k a g e . T h is is a n e w g e n e r a t io n o f m a lw a r e t h a t
a r r iv e s v ia e -m a il a n d u s e s e -m a il s o ft w a r e fe a t u r e s t o r e p lic a t e
it s e lf a c r o s s t h e In t e r n e t .

• T h e v ir u s p r o p a g a t e s it s e lf a s s o o n a s it is a c t iv a t e d (e it h e r b y
o p e n in g a n e -m a il a t t a c h m e n t o r b y o p e n in g t h e e -m a il ) t o a ll o f
t h e e -m a il a d d r e s s e s k n o w n t o t h e in fe c t e d h o s t .

• A s a r e s u lt , w h e r e a s v ir u s e s u s e d t o t a k e m o n t h s o r y e a r s t o
p r o p a g a t e , t h e y n o w d o s o in h o u r s . T h is m a k e s it v e r y d iffic u lt
fo r a n t iv ir u s s o ft w a r e t o r e s p o n d b e fo r e m u c h d a m a g e is d o n e .

16
THANK YOU

17