370 likes | 799 Views
Understanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them Classroom Activities Guide What is a computer virus? A computer virus is a malicious program that spreads from computer to computer. Viruses, Worms, Trojan Horses
E N D
Understanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them Classroom Activities Guide
What is a computer virus? • A computer virus is a malicious program that spreads from computer to computer.
Viruses, Worms, Trojan Horses • Have you heard other names for malicious computer programs? • Viruses, Worms, Trojan Horses • There are technical differences between each of these, but all of them attempt to run on your computer without your knowledge.
Malware • The most general name for a malicious computer program is malware. • You may have heard computer programs called software. • The word malware comes from MALicious softWARE.
How does malware invade your computer? • You have probably heard of some ways that malware can invade your computer. • What are they? • Through email attachments • By clicking on a web link when surfing the web • By downloading a program that claims to be a game or cool picture • Others?
Front Door Attacks • What do many of these attacks (through email, web browsing or downloads) have in common? • They all require the actions of a legitimate user. • They can be considered “front door” attacks because a user is tricked into opening the door for the attack through their action.
Understanding Front Door Attacks • The key to understanding front door attacks is that when you run a program it runs with *all* your rights and privileges. • If you can delete one file, any program you run can delete all your files. • If you can send one email, any program you run could send thousands of spam emails. • This includes any program you run even accidentally by opening an email attachment or clicking on web link.
Back Door Attacks • Not all attacks require action by a legitimate user. • “Back door” attacks target vulnerabilities in server software that is running on your computer. • Server software is software that listens for requests that arrive over the network and attempts to satisfy these requests. • A web server is an example of server software.
Are you running any servers? • Most home computer users think they are not running any server software. • However you would be surprised. • For example, most default installations of Windows run a number of network services by default.
How can you check? • At a Windows command prompt, type the command “netstat –an”. • It will display a list of server software that is listening for requests over the network.
Things to Notice In the List • The server listening on port 135 was attacked by the Blaster worm. • The server listening on port 435 was attacked by the Sasser and Korgo worms.
Server Software • Server software is designed to provide useful features. • For example, server software allows you to mount files from other computers or share printers between computers etc. • So how then can server software be used to attack a computer?
Legitimate vs. Illegitimate Requests • Basically server software receives a request over the network, examines the request and decides if it can satisfy the request • Legitimate requests do not cause an attack. • Most illegitimate requests do not cause attacks either because the server simply answers that it does not understand or cannot satisfy a request.
Carefully crafted, devious requests • To attack server software, authors of malware do not just send any old illegitimate request. • They send very carefully crafted illegitimate requests that exploit a weakness or flaw in the server software.
What is an example of such a weakness? (part 1) • When programmers write server software, they write it to listen for requests that come in over the network. • They might assume that no request will ever be longer than 1000 letters long. • This might be a perfectly valid assumption for all reasonable requests, but an attacker might send a request that is 100,000 letters long.
What is an example of such a weakness? (part 2) • If the server only left room for 1000 letters, then the rest of the letters may get copied over the legitimate program instructions. • Thus, the request sent by the attacker takes the place of the legitimate program instructions and the server starts to execute the attackers code instead.
Buffer Overflow Attacks • This type of attack is called a “buffer overflow attack” because it overflows the buffer of space left for a request with too many characters. • Such an attack could be prevented if the server always checked for requests that are too long. • Sometimes programmers neglect to do that and this is what produces the weakness or flaw that is exploited by the attacker. • If you are learning to program, you should know that you can prevent many viruses by following good programming practices.
Buffer Overflow Attacks Aren’t Easy • The attacker must • Know how long of a request to send • Send precisely the right data that can be interpreted as instructions by the server • Find a machine running a server with that weakness. • If the attacker sends the wrong data, the server might crash instead of running the attackers instructions.
Exploiting a weakness • If an attacker crafts an attack that works on their local machine then chances are that it will work on many other machines. • Attackers tend to target the most common computing platform – Windows – so that their attacks will impact the most machines.
What do viruses do? • Once an attacker manages to exploit a weakness, they can run any code they want on the victim’s machine. • Attack codes vary in what they try to do. • Have you ever suffered a computer attack? What happened to your machine? How hard was it to recover?
What does malware do? • Some attackers just want to see if they can make an attack succeed. • The malware they write may simply displaying something to the user or announce its presence in another way. • Other attackers want to do damage to others without trying to benefit directly. • The malware they write might delete files or otherwise corrupt the system.
What does malware do? (continued) • Still others try to write malware that steals information from the victim. • The malware they write might search for credit card numbers or other personal information and send it back to the attacker. • Spyware might watch for victim’s passwords or otherwise spy on their online activity.
What does malware do? (continued) • Still others write malware that uses the victim’s computer for their own purposes. • Use it to store files (often illegal) and make them available to others – shifting liability away from the attackers. • Use it to attack other computers – making it harder to trace the attack to its real source.
Self-replicating • Regardless of its other goals, a large percentage of malware tries to spread itself automatically. • Malware programs may try to spread by • Sending out email with infected attachments. • Send out carefully-requests back door attack packets.
Consequences of Attacks • If you have ever been attacked by a computer virus, you know the damage it can cause • Your computer can begin to run very slowly and constantly pop-up annoying messages that make it difficult to do anything productive. • Having the virus removed by a technician can be expensive and time-consuming. • The virus itself may destroy irreplaceable files like family pictures or videos. Even if the virus itself does not cause data loss, often the process of removing the virus can require reinstalling the operating system and all the programs. • Your credit card or other private information can be stolen.
World-wide damage estimates • Computer viruses cause a huge amount of damage worldwide. • Damages from just one virus (The I Love You Virus) are estimated at $10 billion dollars. It is also estimated that 45 million people worldwide were affected. • Costs come from restoring damaged systems, replacing lost information, steps taken to prevent attacks and steps taken to prepare to recover from attacks.
Case • Jason, a 16 year old honor student, wrote a computer virus that causes 4 billion dollars of damage and impacted countless home and business computers. The authorities traced the virus to him. Jason says that he is very sorry and didn’t mean for it to get so out of hand. He said he was just fooling around to see if he could do it.
Discussion • How would you feel if you were a friend of Jason’s? • How would you feel if you had lost your entire MP3 collection or a book report you had worked on for 3 weeks? • What type of punishment would recommend in this case?
Blackhat vs. Whitehat • Blackhat computer hackers look for flaws in software to exploit them or break into computer for malicious purposes. • Whitehat computer hackers look for flaws in software to fix them or attempt to break into computers to audit their security.
What do whitehat hackers do? • Analyze server software for flaws that could be exploited and recommend fixes. • Analyze new viruses or malware to characterize what they are doing and to build patches. • Audit the overall security of computer systems.
Defenses • Even if you are not whitehat hacker there is a lot you can do to defend your computer against attack • Defending against front door attacks means being careful about what programs you run and what attachments and links you open • Defending against back door attacks means knowing what services are running on your machine and keeping them patched
Defending against front door attacks • 1) Be careful opening email attachments even from friends. • 2) Be careful clicking on web links found on less reputable web sites. • 3) Beware of free downloads that seem too good to be true. • 4) Use a good virus scanner and keep your virus signatures up-to-date. • 5) Consider using less popular email readers and web browser software.( Attackers target the most popular software.) There are excellent and free open source options.
Defending against back door attacks • 1) Use netstat to see what services are running. • 2) Periodically check to see if any new services have been started. • 3) Keep your server software patched and up-to-date. • 4) Consider shutting down any services you do not need.
Prepare to recover from an attack • No matter how careful you are it is still wise to prepare to recover from an attack if one does occur. • 1) Back up your personal data such as digital pictures, letter and papers you’ve written, your address book, etc. • 2) Keep track of the software you’ve installed on your computer including where you got it and any activation keys you paid for.
Review Questions • What is a front door attack? What are some examples? • What is a back door attack? What are some examples? • Give some examples of what malware tries to accomplish. • Describe ways that whitehat hackers try to make systems more secure. • Describe things you can do to secure your computer against attack.
Conclusion • Knowing the different kinds of attacks and the goals of attackers can help you understand how better to defend yourself.