Understanding and Securing Against Computer Malware Threats

1. CHAPTER 14 Viruses, Trojan Horses and Worms

2. INTRODUCTION • Viruses, Trojan Horses and worm are malicious programs that can cause damage to information and computer. • Malicious programs (also called malware) is usually classified into three characteristics: type of propagation, mechanism it employs and mechanism it requires to run. • There are three popular types of malicious programs: virus, Trojan Horse and worm. • There is another kind of malicious program but not exactly malicious called hoaxes. • Hoaxes tend to mislead people like Trojan Horse.

3. TYPES OF MALWARE • Virus • A virus is a piece of computer program (or code) that attach itself to a host program or file. • It can spread from computer to computer, infecting as it travels. • It cant run independently and requires host program to activate it. • Virus can damage software, hardware and files (information). • Virus does not spread without human action. • An example of virus is I Love You.

4. TYPES OF MALWARE • Worm • A worm, like a virus, is designed to copy itself from one computer to another, but it can travel alone and independently without user action. • A great danger of worms is their ability to replicate in great volume. • A worm could send out copies of itself to everyone listed in your email address book causing heavy network traffic that would slow down the Internet. • An example of worm is Melissa.

5. TYPES OF MALWARE • Trojan Horse • A computer program that appears to be useful but that actually does damage. • It spreads when people are lured into opening a program because they think it comes from a legitimate source. • Recently, Trojan Horse came in the form of an e-mail that included attachments. • Trojan Horse can also be included in software that downloaded for free. • An example of Trojan Horse is Happy99.

6. ANATOMY OF VIRUS • Viruses are divided into two primary components: propagation and payload. • Propagation • Propagation, also known as delivery mechanism, is the method by which the virus spreads itself. • There are two types of propagation: parasitic and boot sector infector. • Parasitic • In this propagation, virus attach itself in the files and the affected files is being parasite on other files.

7. ANATOMY OF VIRUS • Classically, there were .com and .exe files (MS-DOS files) that could be parasite to other files. • In this method, an infected file has to be run, but, nowadays, an affected file not necessarily to be executable, for example, a macro virus. • Payload • Payload refers to what the virus does once executed. • Payload may be nothing, maybe something harmless or could be something destructive, for example, erasing hard drive.

8. HOW TO SECURE • There are several ways to secure against malicious software: • 1. Use Anti-Virus Software • A-V software are full of solutions to almost every existing virus problems. • Always update anti-virus software as frequently as possible. • 2. Use Heuristic Method • This method allows the scanner to search for code that looks like it could be malicious.

9. HOW TO SECURE • 3. Use Web Browser Security • Limited surfing only trusted and hope be safe yet left out of what the Web has offer. • Both Netscape and Internet Explorer include options to disable all the active content that could cause problems. • 4. Beware Stranger E-mail • Don’t open any e-mail attachment comes from stranger or unknown content of e-mail.

10. HOW TO SECURE • 5. Use Original Software • Always use original application software, for example, through online resources. • 6. Other Techniques • Other technique could be used for detecting virus include file and program integrity checking, for example, “Integrity protection Driver” provided by Windows NT operating system.