1. Program ThreatsVirus & logic bomb Prepared and presented by : Medhat Dawoud 5/10/2010 1

2. Program threats Stack and Buffer overflow Trojan horse Worms Trap door Logic Bomb Virus 5/10/2010 2

3. Logic Bomb Program that initiates a security incident under certain circumstances. Known by the Mentor Programmers (or any other one want to be professional in IT world). 5/10/2010 3

5. How do viruses work ?

6. Very specific to CPU architecture, operating system, applications.

7. Usually borne via email or as a macro.5/10/2010 4

8. Virus Con. "payload" of a virus is the part of the software that actually does the damage; the rest of the virus is used to break the security. Virus dropper inserts virus onto the system. virus signature is a pattern (a series of bytes) that can be used to identify the virus . 5/10/2010 5

9. Virus Categories Many categories of viruses, literally many thousands of viruses so that you can find a virus in two or more categories: File Boot Macro Source code Polymorphic Encrypted Stealth Tunneling Multipartite Armored 5/10/2010 6

10. File Append itself to a file. Change the start of the program to its code. Known as parasitic viruses. usually with extensions .BIN, .COM, .EXE, .OVL, .DRV. 5/10/2010 7

11. Boot The boot sector carries the Mater Boot Record (MBR) which read and load the operating system. Boot-sector viruses infect computer systems by copying code either to the boot sector on a floppy disk or the partition table on a hard disk. Executed every time the system is booting. Known as memory viruses. 5/10/2010 8

12. 5/10/2010 9

13. Example for :Wreak havoc 5/10/2010 10

14. Macro Written in a high-level language. macros start automatically when a document is opened or closed (word – Excel). can be spread through e-mail attachments, discs, networks, modems, and the Internet. 5/10/2010 11

15. Viruses for free Antivirus with Millions $$ 5/10/2010 12

16. Source code Looks for a source code and modifies it to include the virus and to help spread the virus. 5/10/2010 13

17. 5/10/2010 14

18. Polymorphic Change virus’s signature each time. It’s designed to avoid detection by antivirus software. A polymorphic virus acts like a chameleon. 5/10/2010 15

19. Encrypted Encrypted virus to avoid detection. It has a decryption code along with the encrypted virus. 5/10/2010 16

20. Stealth It use some tactics to avoid detection such as altering its file size, concealing itself in memory, and Modifies parts of the system that can be used to detect it. in fact, the first computer virus, was a stealth virus 5/10/2010 17

21. Tunneling Install itself in the interrupt-handler chain or in device drivers attempting to bypass detection. Try to intercept the actions before the anti-virus software can detect the malicious code. 5/10/2010 18

22. Multipartite Infect multiple parts of the system. Including boot sector, memory, and files. So it’s difficult to be detected by the antivirus scanner. 5/10/2010 19

23. Armored The most dangerous type. The virus may use methods to make tracing, disassembling, and reverse engineering its code more difficult. Virus droppers and other full files which are part of a virus infestation are hidden. 5/10/2010 20

24. Any Questions ? 5/10/2010 21