Macro_Virus_Presentation_with_Diagram.ppt
ssuser6658b2
12 views
24 slides
Aug 31, 2025
Slide 1 of 24
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
About This Presentation
virus
Slide Content
Cryptography and Network Security
Definition
A macro virus is a type of virus composed of a
sequence of instructions written in a macro
language, which are interpreted by applications
like MS Word or Excel, rather than executed
directly by the operating system.
A macro virus is a type of virus composed of a
sequence of instructions written in a macro
language, which are interpreted by applications
like MS Word or Excel, rather than executed
directly by the operating system.
Working of a Macro Virus
1. Attaches itself to application templates (e.g.,
normal.dot).
2. Executes automatically when an infected file is
opened.
3. Spreads to other documents through
templates/macros.
4. May send infected files via email.
1. Attaches itself to application templates (e.g.,
normal.dot).
2. Executes automatically when an infected file is
opened.
3. Spreads to other documents through
templates/macros.
4. May send infected files via email.
Characteristics
• Written in high-level macro languages.
• Cross-platform: can spread on Windows, Mac,
Linux.
• Executes automatically when the application
loads.
• Targets data files instead of executables.
• Written in high-level macro languages.
• Cross-platform: can spread on Windows, Mac,
Linux.
• Executes automatically when the application
loads.
• Targets data files instead of executables.
Example: Melissa Virus
• Infected Word 97/98 documents.
• Triggered when an infected file was opened.
• Installed itself as the 'open' macro and copied to
Normal template.
• Invoked mail program and sent itself to address
book contacts.
• Infected Word 97/98 documents.
• Triggered when an infected file was opened.
• Installed itself as the 'open' macro and copied to
Normal template.
• Invoked mail program and sent itself to address
book contacts.
Symptoms of Infection
• Strange or corrupted content in documents.
• Disabled menus or commands in Word/Excel.
• Slow system/application performance.
• Automatic emailing or file duplication.
• Strange or corrupted content in documents.
• Disabled menus or commands in Word/Excel.
• Slow system/application performance.
• Automatic emailing or file duplication.
Countermeasures
1. Disable macros unless necessary.
2. Enable macro security warnings in MS Office.
3. Use updated antivirus software.
4. Do not open attachments from untrusted
sources.
5. Apply regular patches to Office applications.
1. Disable macros unless necessary.
2. Enable macro security warnings in MS Office.
3. Use updated antivirus software.
4. Do not open attachments from untrusted
sources.
5. Apply regular patches to Office applications.
Macro Virus Infection Cycle
Infected
Document
Template
Infection
(normal.dot)
Spreads via
Email
New Victim
Infected
Infected
Document
Template
Infection
(normal.dot)
Spreads via
New Victim
Infected
A worm is a self-replicating malicious program.
Unlike viruses, worms do not need a host file
to spread.
Spread across networks by exploiting
vulnerabilities or auto-sending copies.
Can cause network congestion and system
failures.
️→→️ →→️??????️ ??????️ ??????️
Unlike viruses, worms do not need a host file
to spread.
Spread across networks by exploiting
vulnerabilities or auto-sending copies.
Can cause network congestion and system
failures.
️→→️ →→️??????️ ??????️ ??????️
Morris Worm (1988)
First major Internet worm.
Target: Berkeley & Sun UNIX systems.
Spread by inserting instructions into running processes.
Within hours: thousands of systems unusable.
Required disconnection, rebooting, and patching to
recover.
Luckily: only self-replication (no data deletion).
First major Internet worm.
Target: Berkeley & Sun UNIX systems.
Spread by inserting instructions into running processes.
Within hours: thousands of systems unusable.
Required disconnection, rebooting, and patching to
recover.
Luckily: only self-replication (no data deletion).
Father Christmas Worm
Spread as an electronic Christmas card ??????.
Program displayed: Christmas tree with blinking
lights + “Merry Christmas”.
Then:
Checked recipient’s address book & past mails.
Sent itself to all addresses.
Overwhelmed IBM-based networks, forcing
shutdowns.
Written in high-level job control language (like
later macro worms).
Spread as an electronic Christmas card ??????.
Program displayed: Christmas tree with blinking
lights + “Merry Christmas”.
Then:
Checked recipient’s address book & past mails.
Sent itself to all addresses.
Overwhelmed IBM-based networks, forcing
shutdowns.
Written in high-level job control language (like
later macro worms).
Malicious Logic - Cryptography & Network
Security
Security
Introduction
Rabbits (Wabbits) and Bacteria are forms of
malicious logic that consume system resources.
- Rabbits: Programs that replicate rapidly,
causing system overload.
- Bacteria: Programs designed to exhaust
resources (CPU, memory, disk).
Rabbits (Wabbits) and Bacteria are forms of
malicious logic that consume system resources.
- Rabbits: Programs that replicate rapidly,
causing system overload.
- Bacteria: Programs designed to exhaust
resources (CPU, memory, disk).
Rabbits (Wabbits)
• Self-replicating programs.
• Create multiple copies of themselves.
• Main goal is to overwhelm CPU, memory, or
disk.
• Do not modify or destroy files directly.
• Example: Early mainframe wabbits creating
endless copies.
Rabbit Replication System Overload
→
• Self-replicating programs.
• Create multiple copies of themselves.
• Main goal is to overwhelm CPU, memory, or
disk.
• Do not modify or destroy files directly.
• Example: Early mainframe wabbits creating
endless copies.
Rabbit Replication System Overload
→
Bacteria
• Similar to rabbits but focus on consuming all
resources.
• May open multiple processes or consume disk
space.
• Typically designed to crash the system.
• Can slow or stop normal operations completely.
Bacteria Resource Exhaustion System Crash
→ →
• Similar to rabbits but focus on consuming all
resources.
• May open multiple processes or consume disk
space.
• Typically designed to crash the system.
• Can slow or stop normal operations completely.
Bacteria Resource Exhaustion System Crash
→ →
Comparison: Rabbits vs Bacteria
Rabbits (Wabbits):
- Focus on replication.
- Cause overload through sheer number of
copies.
Bacteria:
- Focus on resource exhaustion.
- Use processes, memory, or disk to crash
systems.
Rabbits (Wabbits):
- Focus on replication.
- Cause overload through sheer number of
copies.
Bacteria:
- Focus on resource exhaustion.
- Use processes, memory, or disk to crash
systems.
Cryptography & Network Security – Atul Kahate
Definition
• Some systems allow data to be interpreted as
instructions.
• Malicious logic exploits this to insert 'data' that
is actually code.
• Enables execution of unauthorized actions.
• Some systems allow data to be interpreted as
instructions.
• Malicious logic exploits this to insert 'data' that
is actually code.
• Enables execution of unauthorized actions.
Techniques
• Code Injection – malicious input treated as
executable (e.g., SQL injection).
• Buffer Overflow – excess data overwrites
memory, forcing execution.
• Macros or Scripts – documents containing
hidden instructions.
• Embedded Code – formats like HTML,
JavaScript, PDF allow instructions.
• Code Injection – malicious input treated as
executable (e.g., SQL injection).
• Buffer Overflow – excess data overwrites
memory, forcing execution.
• Macros or Scripts – documents containing
hidden instructions.
• Embedded Code – formats like HTML,
JavaScript, PDF allow instructions.
Security Implications
• Blurs distinction between data and instructions.
• Allows execution of unauthorized or malicious
actions.
• May lead to system compromise or remote code
execution.
• Blurs distinction between data and instructions.
• Allows execution of unauthorized or malicious
actions.
• May lead to system compromise or remote code
execution.
Countermeasures
• Input validation and sanitization.
• Separate code and data (prepared SQL
statements).
• Sandboxing untrusted programs.
• Use memory-safe programming languages.
• Input validation and sanitization.
• Separate code and data (prepared SQL
statements).
• Sandboxing untrusted programs.
• Use memory-safe programming languages.
Input Data Misinterpreted as Instructions Execution of Malicious Action
→ →
→ →
Tags
Categories
TechnologyDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 12
- Slides 24
- Age 97 days
Related Slideshows
11
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx
JeroenErne2
52 views
10
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx
JeroenErne2
49 views
13
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx
JeroenErne2
39 views
11
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx
JeroenErne2
39 views
21
Know for Certain
DaveSinNM
24 views
17
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx
novasedanayoga46
27 views