Created by Sandip Kumar May-2015

WHAT IS MALWARE

Malware is short for malicious software, meaning software that can be used to compromise computer functions, steal data, bypass access controls, or otherwise cause harm to the host computer. Malware is a broad term that refers to a variety of malicious programs

Computer Virus

What is computer virus?

Computer virus refers to a program which damages computer systems and/or destroys or erases data files

Trojan Horse is a destructive program. It usually pretends as computer games or application software. If executed, computer system will be damaged.

A rootkit is a type of malicious software designed to remotely access or control a computer without being detected by users or security programs. Once a rootkit has been installed it is possible for the malicious party behind the rootkit to remotely execute files, access/steal information, modify system configurations, alter

Worm Virus

A worm is also a destructive program that fills a computer system with self-replicating information, clogging the system so that its operations are slowed down or stopped

Spyware is a type of malware that functions by spying on user activity without their knowledge. These spying capabilities can include activity monitoring, collecting keystrokes, data harvesting (account information, logins, financial data), and more.

Adware (short for advertising-supported software) is a type of malware that automatically delivers advertisements Common examples of adware include pop-up ads on websites and advertisements that are displayed by software

Worm VirusA worm is also a destructive program that fills a computer system with self-replicating information, clogging the system so that its operations are slowed down or stopped

Boot Sector Virus

A boot sector virus infects boot sector of computers. During system boot, boot sector virus is loaded into main memory and destroys data stored in hard disk

Macro Virus

A macro virus is associated with application software like word and excel. When opening the infected document, macro virus is loaded into main memory and destroys the data stored in hard disk.Macro viruses include:RelaxbablasMelissa.A097M/Y2K

Script Virus

Commonly found script viruses are written using the Visual Basic Scripting edition (VBS) and the JavaScript programming languages

Browser Hijacker

This virus can spread in many different ways including a voluntary download. If infects certain browser functions especially in form of re-directing the user automatically to certain sites. A good example is

Spam is the electronic sending of mass unsolicited messages. The most common medium for spam is email, but it is not uncommon for spammers to use instant messages, texting, blogs, web forums, search engines, and social media

Actions to prevent virus infectionInstall Anti-Virus Software. ...Keep Your Anti-Virus Software Up to Date. ...Run Regularly Scheduled Scans with Your Anti-Virus Software. ...Keep Your Operating System

Actions to prevent virus infectionThink Before You Click. ...Keep Your Personal Information Safe. ...Don't Use Open Wi-Fi.

Antivirus or anti-virus software (often abbreviated as AV), sometimes known as anti-malware software, is computer software used to prevent, detect and remove malicious software. Antivirus software was originally developed to detect and remove computer viruses,

signature scanning Generic signature scanningIntegrity checking Heuristic scanningBehavior monitoring Generic scanning Resident scanning.

Simple signature scanning

Generic signature scanning

a generic signature uses the pattern found in a family of viruses. This is a quicker method to detect all the viruses belonging to the same family. This method works, as most viruses are not originally programmed rather created by modifying the code of previously existing viruses. In such cases a lot of similarities are found between the main virus and its variants.

Heuristic scanning

Heuristic scanning is another method of virus detection that is neither signature based nor integrity based.. As the heuristic method does not use virus signatures it can detect new and unknown viruses that have not yet been analyzed by antivirus researchers.

Integrity checking

Integrity checking is another method of detecting viruses. The method detects the existence of viruses by comparing the hash values of a file with the hash value of its uninfected version. If no difference is found between the two hash values then the file is deemed to be uninfected.

Integrity checking

Behavior monitoring

The method of behavior monitoring tries to detect virus type activity, such as, attempts to reformat a disk, which is generally not the activity of a common program. In another case a program may try to move a file into one of the operating system folders. These actions are immediately flagged by this method of behavior monitoring.

Generic scanning The methods of virus scanning may be classified

as specific methods (to detect specific viruses or specific type of viruses) and generic methods (to detect a virus of whatever type). A signature scanning is a specific method, whereas, integrity checking, heuristic scanning, behavior monitoring etc. are all generic methods.

Resident scanning

A scanning can be either on-demand or on-access scanning. On demand scanning is generally offline scanning. The user has to click on a button to start a scanning operation or schedule the scanning operation later during non business hours. On the other hand, an on-access scanning is triggered at the time when a file is accessed or a program is executed. On-access scanning is done by a resident scanner automatically when a file is accessed for copying, editing or other such purposes..

Limitations of conventional scanning methods

Method requires the processIf the gap is more then there is more

possibility of creation and spreading of new viruses.

Overcoming limitations:

Use automated techniques to extract signatures

Use generic methods of virus detection, such as, heuristic scanning, CPU emulation and integrity checking.

Problem of updating signature database Updating the signature database is not a onetime

phenomenon Updating the signature database is very critical

Updating the signature database is very critical because only the viruses whose signatures have already been determined and stored in the signature database

What exactly is the problem of updating the signature database?

The signature database has to be updated by both the anti-virus company and the anti-virus user

Overcoming limitations:

An automatic update is a common technique adopted at the client machine to check and download the new updates from the anti-virus developers website.

Summary

The main functions of an anti-virus program are virus prevention and file protection, virus scanning and detection, removing virus from infected files and recovering damaged files and objects. An anti-virus program typically employs various strategies to detect and remove viruses. The popular methods of detecting virus are signature scanning, heuristic scanning and integrity checking. However each of these methods has its own strengths and weaknesses.