VIRUSES and RELATED THREATS

1
VIRUSES and RELATED THREATS
2
Malicious Programs
Malicious Program
Independent
Need Host Programs
Worms
Bacteria
Viruses
Trojan Horses
Logic Bombs
Trapdoors
3
Virus

• Adalah program yang mampu menginfeksi program
  lain dengan cara memodifikasinya.

4
Sifat Alamai Virus

• Dormant Phase (idle phase)
• Propagation Phase (the virus places an identical
  copy of itself into other program or system area
  on disk)
• Triggering Phase (The Virus Activated to perform
  the function)
• Execution Phase (The function is perform)

5
Struktur Virus

• Algoritma virus
• Program V
• goto main
• 1234567
• subroutin infect-executable-file
• loop
• fileget-random-executable-file
• if(first-line-of-file1234567)
• then goto loop
• else prepend V to file
• subroutin do-damage
• whatever damage to be done
• subroutin trigger-pulled
• return true if some condition holds
• Main main-program
• infect-executable
• if trigger-pulled then do-damage
• goto next
• Next

6
Proses Infeksi
CV
P2
P1
P2
CV
CV
P1
P1
P2
7
Jenis-Jenis Virus

• Parasitic Virus (tradisional and still most
  common form)
• Memory-resident Virus (lodges in main memory)
• Boot Sector Virus (Infect a master boot record
  (MBR) and spreads when a system is booted)
• Stealth Virus (a Form a Virus explicite design to
  hide itself from detection by antivirus software)
• Polymorphics (A mutates with every infection,
  making detection by signature of the virus
  imposible

8
Macro Virus

• A Macro virus is platform independent
• Infect document, not executable portion of code
• Easy spread most by electronic mail

9
Antivirus Approach

• Solusi pertama untuk mencegah virus menempatkan
  dirinya pada sistem.
• Langkah-langkahnya
• Detection
• Identification
• Removal