Presentation on the topic " Computer viruses: methods of distribution, prevention of infection "in informatics for schoolchildren. Contains 17 informative slides.
Basic text fragments from the presentation:
Computer virus Is a purposefully created program that automatically assigns itself to other software products, modifies or destroys them.
The first "epidemic" of a computer virus occurred in 1986, when a virus named Brain infected the floppy disks of personal computers. Currently, more than 50 thousand viruses are known that infect computers and spread by computer networks.
Russia became the world leader in the spread of computer viruses
Analysts at PC Tools claim that Russia has long been ahead of such "giants" in this area as China and the United States in terms of the scale of the spread of computer viruses, malware and spyware. According to analysts at PC Tools, an American manufacturer of protection against unwanted software, the share of the Russian Federation is 27.89% malware in the world, China - 26.52%, USA - 9.98%
The very name "virus" comes from its ability to self-replicate (multiply).
Virus development stages
- hidden stage - the effect of the virus does not manifest itself and remains unnoticed
- avalanche breeding, but its actions have not yet been activated
- active action - harmful actions laid down by its author are performed.
Currently, there is no unified classification of virus programs, but they can be distinguished by the following features:
- by habitat;
- by the method of contamination of the habitat;
- by the degree of impact;
- by the features of the algorithm.
Depending on the habitat, viruses can be divided
- Network viruses - spread over various computer networks;
- File viruses - are embedded in files with the extension COM and EXE;
- Boot viruses - are embedded in the boot sector of the disk (Boot sector) or in the sector containing the boot program for the system disk;
- File boot viruses - infect files and boot sectors of disks.
According to the method of infection, viruses are divided into
- Resident - during infection, they leave their resident part in the RAM, which then intercepts the operating system's access to the objects of infection and is embedded in them.
- Non-memory resident viruses - do not infect computer memory and are active for a limited time.
By the degree of exposure, viruses are divided:
- NOT DANGEROUS - do not interfere with the operation of the computer, but they reduce the amount of RAM and memory on disks; the actions of such viruses are manifested in any graphic or sound effects;
- DANGEROUS - lead to various disruptions in the work of the PC;
- VERY DANGEROUS - their action can lead to loss of programs, destruction of data!
Viruses have a wide variety of algorithm features:
- The simplest viruses - do not change the contents of files, can be easily detected and destroyed
- Worms - spread over computer networks, calculate the addresses of network computers and send copies of themselves to these addresses
- Invisible viruses - difficult to detect and neutralize, substitute uninfected areas of the disc instead of their body
- Mutant viruses - contain encryption / decryption algorithms, the most difficult to detect
- Trojans - masquerading as a useful program, destroying the boot sector and file system
Indirect signs of the presence of a virus on the computer
- the number of files increased dramatically, for no particular reason
- reducing the amount of RAM
- decrease in program performance
- increased access time to the hard drive
- the indicator lamp of the drive comes on when there is no access to it
- frequent freezing of the operating system
- increasing the size of program files
- disappearance of files and entire programs
Antivirus software
Antiviruses allow you to protect, detect and remove computer viruses.
Types of antivirus programs
- programs - detectors;
- doctor programs;
- programs - auditors;
- programs - filters;
- programs - immunizers
The most popular are currently considered - Kaspersky Anti-Virus and Doctor Web.
Computer virus protection rules
- Check your computer regularly for viruses with antivirus software
- Before reading information from floppy disks, check them for viruses
- Always protect your floppy disks from writing when working on other computers
- Back up your valuable information
- Do not leave a floppy disk in the drive
- Don't use programs whose behavior is incomprehensible
- Update your antivirus programs regularly
Computer viruses 1. What is a computer virus? 2. The history of computer viruses. 3.Classification of computer viruses. 4. The most common types of viruses. 5. Distribution channels. 6. Indirect signs of a computer virus infection. 7. Methods of detection and removal. Protection methods. Antiviruses and firewalls.
1.What is a computer virus? A computer virus is a type of computer program, a distinctive feature of which is the ability to reproduce (self-replication). In addition, it can damage or completely destroy data under the control of the user on whose behalf the infected program was launched.
The idea of \u200b\u200bcomputer viruses appeared much earlier than personal computers themselves. The starting point can be considered the works of the famous scientist John von Neumann on the study of self-reproducing mathematical automata, which became known in the 1940s. In 1951, he proposed a way to create such machines. 2. History of computer viruses.
In 1959, Scientific American magazine published an article by L.S. Penrose on Self-Reproducing Mechanical Structures. It described the simplest two-dimensional model of self-reproducing mechanical structures capable of activation, reproduction, mutation, and capture. Later, another scientist F.Zh. Stahl put this model into practice using machine code on the IBM 650.
The prototype of a computer virus In 1962, engineers from the American company Bell Telephone Laboratories - V.A. Vysotsky, G. D. McIlroy and Robert Morris - created the game "Darwin". The game assumed the presence in the memory of the computer of the so-called supervisor, who determined the rules and order of the struggle between rival programs created by the players. The programs had the functions of space exploration, reproduction and destruction. The point of the game was to remove all copies of the enemy's program and capture the battlefield. Robert Morris Douglas McIlroy (left) and Dennis Ritchie
Gregory Benford Some believe that the word virus in relation to the program was first used by Gregory Benford in the fantasy story "The Scarred Man", published in Venture magazine in May 1970. Others believe that the idea of \u200b\u200bcreating computer viruses was thrown up by science fiction writer TJ Ryne, who, in one of his books published in the USA in 1977, described an epidemic that in a short time affected more than 7,000 computers.
1959 - a virus was discovered on an IBM 650 computer, which "ate" part of the words. - The first "epidemic" of a computer virus. A virus called Brain infects floppy disks of personal computers. - Robert Morris wrote a virus in the USA that infected 2,000 computers. In mid-August 1995, a virus appeared in the United States and a number of Western European countries, which uses the opportunity to present information in the form of a conglomerate of data and programs. It infected documents prepared in MS Word - * .doc files. April 26, 1999 A virus called "Chernobyl" or WIN95.CIN became a new word in virology. This virus, in contrast to its counterparts, depending on the modification, could destroy the MBR of the hard disk, the data allocation table and the Flash memory that is not protected from rewriting. A wave of this virus epidemic swept across the world. Enormous material damage was done in Sweden. A large number of users in Russia also suffered. History in dates
Since the end of 1990, a new trend has emerged called the "exponential viral explosion". The number of new viruses detected per month has reached hundreds. At first, Bulgaria was the epicenter of the explosion, then it moved to Russia.
Currently, there is no unified classification of viral programs, but they can be distinguished according to the following criteria: by their habitat; by the method of contamination of the habitat; by the method of contamination of the habitat; by the features of the algorithm; by the features of the algorithm; by the degree of impact. by the degree of impact. 3. Classification of viruses
Depending on the environment, viruses can be divided: Network viruses - spread over various computer networks; File viruses are embedded in executable files with the EXE extension; Boot viruses are introduced into the boot sector of the disk (Boot sector) or into the sector containing the boot program for the system disk; File boot viruses - infect files and boot sectors of disks.
By the method of infection, viruses are divided into: 1. Resident - during infection, they leave their resident part in the RAM, which then intercepts the operating system's access to the objects of infection and is embedded in them. 2. Non-memory resident viruses - do not infect computer memory and are active for a limited time.
Viruses have a wide variety of features of the algorithm 1. The simplest viruses do not change the contents of files, they can be easily detected and destroyed. 2. Worms - spread over computer networks, calculate the addresses of network computers and send copies of themselves to these addresses. 3.Viruses - invisible (stealth viruses) - it is difficult to detect and neutralize, substitute uninfected areas of the disk instead of their body. 4. Mutant viruses - contain encryption / decryption algorithms, the most difficult to detect. 5. Trojans - disguise themselves as a useful program, destroy the boot sector and file system, steal passwords. 6. Macroviruses - infect files of documents, for example, text documents. After an infected document is loaded into a text editor, the macro virus is constantly present in the computer's RAM and can infect other documents.
According to the degree of impact, viruses are divided: 1. HARMFUL - joke programs; 2. UNSAFE - do not interfere with the operation of the computer, but reduce the amount of RAM and memory on disks; the actions of such viruses are manifested in any graphic or sound effects; 3. DANGEROUS - lead to various disruptions in the operation of the PC; 4. VERY DANGEROUS - their action can lead to loss of programs, destruction of data!
1. Resident viruses This type of viruses is constantly hidden in the RAM. From here it can control and intercept all operations performed by the system: damaging files and programs that are opened, closed, copied, renamed, etc. 4. The most common types of viruses Resident viruses can be classified as file viruses. When a virus becomes a memory resident, it remains there until the computer shuts down and restarts (waiting for certain triggers necessary to activate it, for example, a specified date and time). During this time, he simply "sits and waits", unless, of course, the antivirus detects and neutralizes him. Examples: Randex, CMJ, Meve, MrKlunky.
2. Direct-acting viruses The main purpose of these viruses is to replicate and execute a task when they are activated. When the specified conditions are met, viruses take over and infect files in the directory or folder in which they are located and in the directories defined as AUTOEXEC.BAT file PATH. This batch file is always located in the root directory of the hard drive and performs certain operations when the computer boots up. Files infected with this type of virus can be disinfected and completely restored to their original state.
3. Overwriting viruses This type of virus is characterized by the fact that it erases information contained in infected files, making them partially or completely unusable for recovery. Infected files do not change their size until the virus starts to take up more space than the original file, because instead of hiding inside the file, the virus takes over its contents. The only way to get rid of a file infected with a rewriting virus is to delete the entire file, thus losing its contents. Examples: Way, Trj.Reboot, Trivial.88.D.
4. Boot virus. This type of virus infects the boot sector of a floppy or hard disk. This is an important part of the disk, where, along with the information, a program is stored that makes it possible to boot (start) the computer from this disk. These viruses do not infect files, but rather the disks that contain them. They first attack the boot sector of the disk, then as soon as you start the computer, the boot virus will infect the hard disk of the computer. The best way to prevent boot virus infections is to check floppy disks for write protection and never boot your computer with an unknown floppy in the drive. Some examples of boot virus: Polyboot.B, AntiEXE.
5. Macro virus Macro viruses infect files that are created by certain applications or programs that contain macros. These include Word documents (DOC extensions), Excel spreadsheets (XLS extensions), PowerPoint presentations (PPS extensions), Access databases (MDB extensions), Corel Draw, etc. A macro is a small program that a user can associate with a file created using certain applications. These mini-programs allow an automatic series of operations to be performed as one action, thus not forcing the user to perform them one after the other. When you open a document containing macros, the latter are automatically loaded and can be executed immediately or with the user's permission. Then the virus will begin to act, performing its task, often this happens, despite the built-in virus protection of macros. There is not just one type of macro viruses, but one for each utility: Microsoft Word, Microsoft Excel, Microsoft PowerPoint, Microsoft Access, Corel Draw, Lotus Ami Pro, etc. Examples of macro viruses: Relax, Melissa.A, Bablas, O97M / Y2K.
6. The OS directory virus finds files by looking at the route / path (forming the drive and directory) where each file is stored. Directory viruses change routes that point to the location of the file. When executing a program (file with the .EXE or .COM extension) that is infected with a virus, you, without knowing it, launch the virus program, while the original file or program has already been moved by this virus. With such an infection, it becomes impossible to determine the location of the original files.
7. Encrypted Viruses Encryption is a technique used by viruses to stay unnoticed by antivirus programs. The virus encodes itself or encrypts itself in such a way as to hide from scanners, before performing its task, it decrypts itself. As soon as the virus "released its weapon", it starts hiding again. Examples of encoded viruses: Elvira, Trile.
8. Polymorphic viruses Each time they infect the system, polymorphic viruses encrypt or encode themselves differently (using different algorithms and encryption keys). This makes it impossible for antiviruses to detect them using chain or signature searches (since they are different in each encoding), and also allows viruses to create a huge number of their own copies. Examples: Elkern, Marburg, Satan Bug, Tuareg.
9. Composite Virus These advanced viruses can produce multiple infections using multiple methods. Their goal is to attack all possible elements: files, programs, macros, disks, etc. They are considered to be quite dangerous due to their ability to combine different methods of infection. Examples: Ywinz.
10. Worms A worm is a program similar to a virus, it is capable of self-replication and can lead to negative consequences for your system, but most importantly, they can be detected and removed using antivirus software. However, a worm is not, strictly speaking, a virus, since it does not need to infect other files to replicate. Worms can exist without damaging files, but they multiply at a tremendous rate, overwhelming networks and causing them to collapse. Worms almost always spread via email, networks, or chat (such as IRC or ICQ). They can also spread inside the computer's memory. Examples of worms: PSWBugbear.B, Lovgate.F, Trile.C, Sobig.D, Mapson.
11. Trojans or Trojan Horses Another nasty type of viruses are Trojans or Trojan horses, which, unlike viruses, do not need to multiply by infecting other files, and they do not replicate themselves like worms. Troyan works like his mythological namesake, the famous wooden horse, in which the Greek soldiers hid in order to sneak into Troy unnoticed. They seem to be harmless programs that enter the computer through any channel. When the program is executed (they are given an attractive name or characteristics to run), other programs are installed on the computer, which may be malicious. Trojans may not manifest themselves at first, but when they start to act, they can simply destroy your system. They are capable of deleting files, destroying information on your hard drive and detecting vulnerabilities in your security system. This gives them full access to the system and allows an outside user to copy and forward confidential information. Examples of Trojans: IRC.Sx2, Trifor.
1) Flash drives (flash drives) 4. Channels for the spread of computer viruses A large number of viruses spread through removable drives, including digital cameras, digital video cameras, digital players (MP3 players), cell phones. The use of this channel is mainly due to the possibility of creating a special autorun.inf file on the drive, in which you can specify the program launched by Windows Explorer when opening such a drive. Flash drives are the main source of infection for computers that are not connected to the Internet. 2) Email Now one of the main channels for the spread of viruses. Usually viruses in e-mails are disguised as harmless attachments: pictures, documents, music, links to websites.
3) Instant messaging systems (Internet pagers) It is also common to send links to supposedly photos, music or programs that are actually viruses via ICQ and other instant messaging programs. 4) Web pages Infection through Internet pages is possible due to the presence of various "active" content on the pages of the World Wide Web: scripts, ActiveX components, Java applets 5) Internet and local area networks (worms) Worms are a type of viruses that penetrate the victim computer without user intervention. Worms use so-called "holes" (vulnerabilities) in operating system software to infiltrate a computer.
5. Indirect signs of a computer virus infection. frequent freezes and malfunctions of the computer; slow computer performance when starting programs; inability to load the operating system; disappearance of files and directories or distortion of their contents; frequent access to the hard disk (the light on the system unit flashes frequently); Microsoft Internet Explorer freezes or behaves unexpectedly (for example, an application window cannot be closed). Some of the characteristic signs of a virus infection via mail: friends or acquaintances tell you about messages from you that you did not send; your inbox contains a large number of messages without a return address or header.
6. Methods of detection and removal. Protection methods. Antiviruses and firewalls. The best thing, of course, is to keep viruses out of your computer. But if the trouble has already occurred, you need to take prompt measures to detect and remove viral infection... And here all is fair. The most in a simple way virus detection is a routine scan of the system with a variety of anti-virus scanners. With regular updates, anti-virus programs are able to show a fairly high result and detect up to 90% of known viruses, which is quite a satisfactory result for most users.
1. Firewalls analyze the data flow (traffic) in the network. Blocks the penetration of malicious programs from the external network. 2. Antivirus programs monitor the manifestation of malicious programs directly on the user's computer. At the present stage of development of anti-virus protection, many manufacturers of this software are trying to ensure that their software product includes both the functions of a firewall and antivirus. This allows the user to maximally protect his computer from both unauthorized entry and malware.
The most popular firewalls 1. Built-in Windows (both XP and Vista) firewall 2.Kaspersky Internet Security 3.Norton Internet Security 4.Agnitum Outpost FireWall 5.McAfee Personal Firewall (ConSeal Private Desktop) 6.Look "n" Stop 7. Sygate Personal Firewall (Sybergen "s Secure Desktop) 8.Network Ice Black ICE Defender 9.Zone Alarm, etc. What is a firewall Firewall rating Free firewalls review
In early 1989, an American student Robert Morris, a graduate student in the Department of Computer Science at Cornell University, wrote a small program - a virus, with the help of which the infected and removed from order about 6000 personal computers in particular at the US Department of Defense. The author of the virus was sentenced to 3 months in prison and fined $ 270,000.
- The first programs similar to viruses were created in 1972 (game "Darwin") and in 1976 (system program "Worm").
- IN 1984 year, the game ANIMAL ("Animal") was distributed, which had almost all the signs of a computer virus.
- The program asked the player to think of some kind of animal and for a certain time tried to guess the plan with the help of clarifying questions.
- If the program did not have time to guess the intended animal, then it asked the player to tell what question to ask in order to guess.
- The program remembered this question and then copied itself to another user's directory. The game was popular, and soon all of the company's computers had this game.
- The situation was not threatening, but numerous copies of the game took up disk space.
- Deleting copies of the program did not give the desired effect, as soon the duplications were repeated.
- Are specially created small programs that can infect other programs by including a copy of themselves.
Consequences of the action of computer viruses
- creation of sound and video effects;
- issuing erroneous messages;
- failure of the system to perform some function;
- destruction of individual files or the entire file system;
- initiation of errors or failures in the program or OS.
Sources of computer virus infection
External memory
computer network
Sign
Virus type
By environment
proliferation (habitat)
virus
Characteristic
file
They are embedded in executable files (.exe, .com) and start multiplying each time the file is loaded.
boot
They are embedded in the boot sector of the disk, get into RAM and get control when the operating system boots.
network
They use computer networks for their distribution.
macro viruses
They are embedded in document files of office applications.
file-boot
Inserted in both files and boot sectors
Classification of computer viruses
Sign
By degree
(influence) aggressiveness of actions
Characteristic
safe
Does not affect the operation of the PC in any way, only reduces free disk space or manifests itself through audio and video effects
dangerous
Can lead to significant malfunctions of the PC and OS.
very dangerous
way
contamination
They lead to the destruction of information, to damage to the system sections of the disk, to the destruction of the information system.
resi-
dental
They infect computer memory, reside in RAM and work all the time until the PC is turned off.
non-resident
Classification of computer viruses
Sign
Virus type
By features
the work of the virus
Characteristic
Modify the contents of files and sectors of the disk, are easily identified and destroyed
Worm viruses
Spread over computer networks
Invisible (stealth viruses)
Intercept OS messages to affected objects and substitute uninfected areas instead
Trojans
Destroy the boot sector and file system, masquerading as useful programs, are not able to self-propagate
Examples of known viruses
- 1988: Jerusalem virus
Identified in the network of one of the Israeli universities. The virus manifested itself as follows: black squares appeared on the monitor screen, the computer slowed down (that is, the virus caused only irritation of users), but if a program infected with this virus was loaded into the computer's RAM on Friday, the 13th, then the virus destroyed every active this moment the program.
Examples of known viruses
- 1998: the Taiwan virus
Antivirus software
- Antivirus software –
Antivirus software
Name
Detector programs
Characteristic
Examples of
Manifest and neutralize known viruses
Aidstest
Capable of fighting new viruses
Auditor programs
Dr Web
Controls all computer components that are most vulnerable to viruses.
Doctor programs
Programs-
watchmen
Treat infected programs or disks, restoring the program to the state it was in before the virus infection
Antiviral Toolkit Pro
They are located in the PC memory and automatically check the used disks and files for viruses.
Programs-
monitors
Kaspersky Internet Security
They check the current processes in real time, perform a preliminary check when trying to view or launch
NOD 32 Antivirus
Antivirus software
There are different types of programs, but whatever program you use, there is no antivirus in the world that would guarantee absolute safety (just as there is no universal cure for all diseases).
Slide 1
Completed: student of group 23 Zhelonkina A. S Checked by: Turusinova I. P. Yoshkar-Ola, 2015Slide 2
Contents Computer virus Origin Signs of infection Classification of computer viruses Antivirus programs Selection criteria Conclusion
Slide 3
A computer virus is a specially created small program capable of self-replication, clogging up the computer and performing other unwanted actions
Slide 4
The first epidemic was caused by the Brain virus (also known as the Pakistan virus), which was developed by brothers Amjat and Bazit Alvi in \u200b\u200b1986 and was discovered in the summer of 1987. The virus infected more than 18 thousand computers in the United States alone ... The program was supposed to punish local pirates who steal software from their firm. The program included the brothers' names, addresses and phone numbers. The Brain went beyond Pakistan's borders and infected hundreds of computers around the world. Origin of the virus
Slide 5
Signs of infection General slowdown of the computer and a decrease in the size of free RAM; some programs stop working or various errors appear in programs; extraneous characters and messages are displayed on the screen, various sounds and video effects appear; the size of some executable files and their creation time change; some files and disks are damaged; the computer stops booting from the hard drive.
Slide 6
Slide 7
Slide 8
Slide 9
By way of infection By way of infection, viruses can be resident and non-resident. When a memory resident virus infects a computer, it leaves its resident part in the RAM, which then intercepts the operating system's access to the objects of infection and injects itself into them. Nonresident viruses do not infect computer memory and are active for a limited time.
Slide 10
By the degree of impact Non-hazardous - do not interfere with the operation of the computer, but reduce the amount of memory. Dangerous - can lead to various malfunctions in the computer. Very dangerous - they destroy data, erase information in the system areas of the disk.
Slide 11
Slide 12
File viruses Inserted into programs and activated when they are launched. Once an infected program is launched, viruses reside in RAM and can infect other files until the PC is turned off or the operating system is rebooted.
Slide 13
Macroviruses Infect document files. After an infected document is loaded into the corresponding application, the macro virus is constantly present in the RAM and can infect other documents. The infection threat stops only after the application is closed.
Slide 14
Network viruses They transmit their program code over computer networks and run it on a PC connected to this network. Infection with a network virus can occur while working with e-mail or while "traveling" on the World Wide Web.
Slide 15
Slide 16
Selection criteria Reliability and ease of use; Virus detection quality; The existence of versions for all popular platforms; Work speed; Availability of additional functions and capabilities.