COMPUTER VIRUSES AND WORMS.pdf

COMPUTER VIRUSES AND WORMS.pdf

• 1.
  COMPUTER VIRUSES ANDWORMS #1 VIRUS Computer viruses are small software programs that are designed to spread from one computer to another and to interfere with computer operation.  A computer virus might corrupt or delete data on your computer, use your email program to spread itself to other computers, or even erase everything on your hard disk.  Computer viruses are often spread by attachments in email messages or instant messaging messages. That is why it is essential that you never open email attachments unless you know who it's from and you are expecting it.  Viruses can be disguised as attachments of funny images, greeting cards, or audio and video files.  Computer viruses also spread through downloads on the Internet. They can be hidden in illicit software or other files or programs you might download. Typical things that some current Personal Computer (PC) viruses do:  Display a message  Erase files  Scramble data on a hard disk  Cause erratic screen behavior  Halt the PC  Many viruses do nothing obvious at all except spread! Types: 1. Executable Viruses  Traditional viruses  Pieces of code attached to a legitimate program  Run when the legitimate program gets executed  Loads itself into memory and looks around to see if it can find any other programs on the disk 2. Boot Sector Viruses  Traditional Virus  Infect the boot sector on floppy disks and hard disks  By putting its code in the boot sector, a virus can guarantee it gets executed  Load itself into memory immediately, and it is able to run whenever the computer is on
• 2.
  MELISSA VIRUS:  March1999  The Melissa virus was the fastest-spreading virus ever seen  Someone created the virus as a Word document uploaded to an Internet news group  People who downloaded the document and opened it would trigger the virus  The virus would then send the document in an e-mail message to the first 50 people in the person's address book  Took advantage of the programming language built into Microsoft Word called VBA (Visual Basic for Applications)  The Melissa virus is a macro virus that was spread through email attachments in 1999.  The Melissa virus may also be known as Melissa, Simpsons, Kwyjibo or Kwejeebo. PREVENTION:  Updates o Windows has a feature called Critical Updates o An entire branch of Microsoft dedicated to staying one step ahead of the hackers o When a possible security loophole is fixed, you need to download the patch right away  Anti-Viruses  More secure operating systems o e.g. UNIX  Here are some actions you can take: o Install an antivirus program. o Don't open email attachments unless you're expecting them. o Keep your computer updated. o Use a firewall. Windows Firewall (or any other firewall) can help alert you to suspicious activity if a virus or worm attempts to connect to your computer TROJAN VIRUS Trojans are malicious programs that perform actions that have not been authorized by the user. These actions can include:  Deleting data  Blocking data  Modifying data  Copying data  Disrupting the performance of computers or computer networks  Unlike computer viruses and worms, Trojans are not able to self-replicate  How Trojans can impact you: BACKDOOR: A backdoor Trojan gives malicious users remote control over the infected computer. They enable the author to do anything they wish on the infected computer – including sending, receiving, launching and deleting files, displaying data and rebooting
• 3.
  the computer. BackdoorTrojans are often used to unite a group of victim computers to form a botnet or zombie network that can be used for criminal purposes. EXPLOIT: Exploits are programs that contain data or code that takes advantage of a vulnerability within application software that’s running on your computer  A very important distinction from true viruses is that they do not replicate themselves, as viruses do. Trojans contain malicious code, that, when triggered, cause loss, or even theft, of data. In order for a Trojan horse to spread, you must, in effect, invite these programs onto your computers--for example, by opening an email attachment. #2 WORMS Worm - is a self-replicating program, similar to a computer virus. A virus attaches itself to, and becomes part of, another executable program; however, a worm is self-contained and does not need to be part of another program to propagate itself. WORMS – is a small piece of software that uses computer networks and security holes to replicate itself. A copy of the worm scans the network for another machine that has a specific security hole. It copies itself to the new machine using the security hole, and then starts replicating from there, as well. They are often designed to exploit the file transmission capabilities found on many computers. MORRIS WORM: The first worm to attract wide attention, the Morris worm, was written by Robert Tappan Morris, who at the time was a graduate student at Cornell University. It was released on November 2, 1988. The level of replication created system loads that not only brought it to the attention of system administrators, but also disrupted the target computers. It was guessed that the cost in "potential loss in productivity" caused by the worm and efforts to remove it ranged at each system from $200 to more than $53,000 Morris himself was convicted under the US Computer Crime and Abuse Act and received three years’ probation, community service and a fine in excess of $10,000. ROBERT TAPPAN MORRIS IS NOW A PROFESSOR AT MIT