440 likes | 626 Views
Computer Worms & Viruses. ERICA SANTIAGO ASHLEY GUY DAVID HOLLAND ASHLEY WHITE JESSICA PUETTNER. Viruses. By: Erica Santiago. What is a Virus?.
E N D
Computer Worms & Viruses ERICA SANTIAGO ASHLEY GUY DAVID HOLLAND ASHLEY WHITE JESSICA PUETTNER
Viruses By: Erica Santiago
What is a Virus? a virus is software that spreads from program to program, or from disk to disk, and uses each infected program or disk to make copies of itself. basically computer sabotage.
The History of the Virus • the term comes from biology. a computer virus reproduces by making, possibly modified, copies of itself in the computer’s memory, storage, or over a network. similar to the way a biological virus would work. • the very first virus to be created outside the single computer or lab was the program called "Elk Cloner.” it was written by Rich Skrenta in 1982. the virus attached itself to the Apple DOS 3.3 operating system and spread through floppy disk. the virus was originally a joke, created by a high school student and put onto a game. the 50th time someone played the game, the virus would be released. so instead of playing the game, the user saw a blank screen that read a poem about the virus named Elk Cloner.
How does aVirusSpread? first a programmer writes the virus most often being attached to a normal program; unknown to the user, the virus spreads to other software. then the virus is passed by disk or network to other users who use other computers. the virus then remains dormant as it is passed on. The Internet
The types of Viruses • the way viruses are usually categorized is by what they do. • the boot virus which infects the boot sector of disk storage • the program virus which infects the executable programs • the multipartite virus which is a combination of the boot and program virus • the stealth virus which is able avoid detection by a variety of means such as removing itself from the system registry, or masquerading as a system file • the parasitic virus which embeds itself into another file or program such that the original file is still viable • the polymorphic virus which changes its code structure to avoid detection and removal • the macro virus which exploits the macro language of a program like Microsoft Word or Excel.
Protect Yourselves • run a more secure operating system like UNIX, another computer operating system in which you never hear about viruses on these operating systems because the of the security features • if you are using an unsecured operating system, you can buy virus protection software like McAfee or Norton AntiVirus • to help avoid viruses, it’s very important that your computer is current with the latest update and antivirus tools, try to stay informed with recent threats about viruses and that you be careful when surfing the Internet, downloading files and opening attachments
Worms By: Ashley Guy
Worms 101 • worms have been around since 1988. • a computer worm is very similar to that of a normal computer virus. • unlike a virus though, the worm is a program that can copy itself across a network and it can run on itself. • a worm also has a unique feature in the sense it doesn’t have to have a host program in order to run. • a worm works by copying itself into nodes or network terminals which does not require any intervention from the user itself • worms began to take off in the late ‘90s and early 2000’s. • these modern worms ran themselves through the internet and many file sharing programs such as KaZaa, a music file-sharing program.
Types of Worms • the “email worm” • the email worm spreads itself through email • the worm can hide itself in messages as a link or an attachment that will redirect the user to an infected website. • many users become victims to this particular worm due to their vulnerability and willingness to read and open messages that they think could be interesting. • the Instant Messaging worm • this worm masks itself in the form of an “IM” with the contents of a link that will redirect the user to an infected website and then try to gain full access of the machine.
Protect Yourselves • even though it seems impossible to not catch a worm, it’s not. • one of the best things a computer owner can do is install and run anti-virus software, especially the kind that updates automatically. • anti-virus software will notify the user when a virus or worm is found and prevent it from running and/or copying itself. • other precautions: • choosing secure passwords and changing them regularly • not opening unfamiliar emails or attachments and most importantly not running or copying software from an unsecured website.
spreads from program to program, or from disk to disk uses each infected program or disk to make copies of itself computer sabotage destroys data or erases disks operating system specific uses computer hosts to reproduce themselves travel independently over computer networks software sabotage resides in memory rather on disk puts computers at a standstill Virusesvs.Worms
AntiVirus Software By: David Holland
What is AntiVirus Software? computer programs intended to identify and eliminate computer viruses.
The Best Defense • this years best defense against computer viruses, spyware, hackers and spam is an antivirus program called BitDefender. • has a user-friendly interface that scans all existing files on your computer, all incoming and outgoing emails, and even IM transfers. • features include privacy protection and web scanning for internet use. a years subscription is about $24.99.
NAV • the most widely used software is the Norton AntiVirus. (NAV) • since its release in 1990, over 100 million people around the world have used it. • it’s a free program but in order to receive live updates, a valid subscription is needed. • a yearly subscription is only $29.99.
McAfee • McAfee VirusScan is another popular antivirus program. • it’s designed for home and home-office use. • it’s used specifically on a Microsoft Windows platform. • the 2007 edition includes a number of features including on access file sharing, inbound and outbound firewall protection, and daily definition updates.
Sophos • Sophos AntiVirus is an antivirus and anti-spyware program that is primarily aimed at corporate environments or businesses. • includes a number of security tools and advice. • also includes 24/7 support including upgrade alerts.
Kasperski • for the average home user and advanced users the Kasperski antivirus software has an easy to use interface. • the program uses 3 tabs for protection, settings and support. • it updates itself on an hourly basis and is one of the fastest antivirus programs available. • however, quality comes at a price and year subscription is $49.99.
Antivirus software: How it works By: Ashley White
“Antivirus software is the equivalent to penicillin of the computer world.” • like penicillin, antivirus applications act as a guard over your system, scanning incoming files and applications, “quarantining” or cleaning up unwanted viruses looking to cause harm to your system • antivirus software is considered to be an aid that detects, fixes and even prevents viruses and worms from spreading to your computer as well as connecting computers.
Why is software an issue? • some antivirus software can considerably reduce performance • there should not be more than one antivirus software installed on a single computer at any given time • it’s sometimes necessary to temporarily disable virus protection when installing major updates • some argue that antivirus software often delivers more “pain than value to end users
Two main types • there are different types of antivirus software for different computers • some are designed for personal computers • some are for servers and others for enterprises • there are mainly two types of antivirus software: specific and generic
Specific Scanning • specific scanning or signature detection • the application scans files to look for known viruses matching definitions in a “virus dictionary” • when the antivirus looks at a file it refers to a dictionary of known viruses and matches a piece of code (specific patterns of bytes) from the new file to the dictionary.
Specific scanning cont.. • after recognizing the malicious software the antivirus software can take one of the following actions: • (1): attempt to repair the file by removing the virus itself from the file • (2): quarantine the file • (3): or delete the file completely
Specific Scanning cont… • however, specific scanning is not always reliable because virus authors are creating new ways of disguising their viruses so the antivirus software does not match the virus’ signature to the virus dictionary.
Generic Scanning • generic scanning is also referred to as the suspicious behavior approach. • generic Scanning is used when new viruses appear. • in this method the software does not look for a specific signature but instead monitors the behavior of all applications.
Generic Scanning cont… • if anything questionable is found by the software the application is quarantined and a warning is broadcasted to the user about what the program may be trying to do. • if the software is found to be a virus the user can send it to a virus vendor.
Generic Scanning cont… • there, researchers examine it, determine its signature, name and catalogue it and release antivirus software to stop its spread. • if the virus never reappears the vendors categorize the virus as dormant.
Two other approaches • heuristic analysis • another form of generic scanning • the sandbox method
Another Approach… • heuristic analysis • in the heuristic method the software, for example, “could try to emulate the beginning of the code of each new executable that the system invokes before transferring control to that executable.” if the program attempts to use “self-modifying code” or appears to be a virus, it’s assumed that the virus has infected the executable. • in this method there are a lot of false positives. • sandbox method • when an antivirus program will take suspicious code and run it in a “virtual machine” to see the purpose of the code and exactly how the code works. after the program has terminated, the software analyzes the sandbox for any changes, which could indicate a virus.
Heuristic Analysis • software tries to emulate the beginning of the code of each new executable that the system invokes before transferring control to that executable. • if the program attempts to use self-modifying code or appears to be a virus, it’s assumed the virus has infected the executable. • there are many false positives in this approach.
Sandboxing • in this approach an antivirus program will take suspicious code and run it in a “virtual machine” to see the purpose of the code and exactly how the code works. • after the program is terminated the software analyzes the sandbox for any changes, which might indicate a virus.
Specific worms & virus attacks By: Jessica Puettner
The Macro Virus • one of the most common viruses is a macro virus, which is usually contracted through emails. • macro viruses attach themselves to a document usually created in one of the applications in Microsoft Office. • when one of these infected documents is sent through an email. • it infects the computer by getting into an email account and reproducing itself by sending it to all the people in that person’s email address list.
The Melissa Virus • one of the biggest virus incidents was the Melissa virus in 1999. • this was a macro virus that was built into a Microsoft Word document and in it was a list of different pornography websites. • what the user did not know was the fact that when he or she opened the document the virus went straight to Microsoft Outlook and sent the same email to the first 50 addresses in their address book. • it was not a destructive virus and there was not really any damage done to any computers. the man who created the virus got fined $5,000 and got sentenced to 20 months in prison.
The Aftermath • after the Melissa virus, the door for many was opened to new viruses. • one of them was Chernobyl. Unlike Melissa, this one was destructive and infected over 600,000 computers all over the world. • Chernobyl infected 300,000 computers in South Korea and it cost about $250 million in damages. • in the Philippines, a virus now known as the Love Bug infected their computer systems and cost them billions of dollars in damages
The Boot Virus • boot viruses are viruses that infect either the floppy disk boot records or the master boot records in hard disks. • most of the time what happens is the virus overwrites the boot record program and this is a problem because the boot record program is what loads the operating system. • boot viruses often load into the memory of the computer while the disk is in use because the virus is there instead of the operating systems program. • some examples of these types of viruses would be Disk Killer or Stone virus.
The Program Virus • program viruses are viruses that attack the executable program files. • the files it infects are .bin, .com, .exe, .ovl, .drv, or .sys. • these kinds of viruses are loaded onto the computer when the file is being downloaded. • once the infected program is loaded then the virus starts making copies of itself. • examples of these would be Sunday or Cascade.
The Stealth Virus • stealth viruses are very tricky viruses. • they usually are very hard to detect because they take up exactly the amount of space as the program should so it is very hard to discover the virus because it is so well hidden. • an example of this kind of virus would be the Whale virus.
The Polymorphic Virus • polymorphic viruses are also very hard to detect. • this virus can actually use an encrypted code so it looks like a different virus every time. • different examples of this type of virus would be Stimulate or Phoenix.
Worms Attack • the first major worm was in 1988 when a student at Cornell made an experiment that accidentally got onto the Internet. • this worm caused 6,000 computers all over the United States to freeze. all the infected computers had to be shut off and the worm had to be terminated. • there was no really money damage but there was a lot of lost time at different research institutions. • one of the most damaging worms in history is named Code Red in 2001. • more than 359,000 computers all over the world were infected with this worm in less than 14 hours. • the estimate cost of damages due to the worm was about $2.6 billion.
Types of Worms • a few different types of worms are emailing worms, instant messaging worms, internet worms and file-sharing networks worms. • emailing worms are those in the attachments that are sometimes sent with emails. • instant messaging worms usually infect a computer when an infected link is sent to a person and they open it. these also get into computers and automatically send to most if not all of the people on your buddy list. • internet worms usually scan different computers and try to get into their systems. a lot of times they will try and be downloaded onto the computer by sending a request to be downloaded. • file-sharing networks worms usually copy itself in a shared file under a name that is not suspicious and will start to infect the computer as well as those in the same network.
Conclusion • Computer viruses and worms can so easily be placed into your work station so you must be careful when going on the internet, opening emails from unknown users, make sure you have some kind of anti-virus software and always get updates so that you aren’t helping to spread viruses and worms to other people as well as harming yourself and your pocket.