1 / 23

Computer Viruses

Computer Viruses. Jarvis Diggs MIS 1:00-1:50 jd_soldja@yahoo.com. Table of Contents. Definition History of viruses Virus Behavior Number of Viruses Virus Names How Viruses Infect What Viruses Infect Virus Carriers Company Solutions Prevention Methods Anti-Virus Software

javier
Download Presentation

Computer Viruses

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Computer Viruses Jarvis Diggs MIS 1:00-1:50 jd_soldja@yahoo.com

  2. Table of Contents • Definition • History of viruses • Virus Behavior • Number of Viruses • Virus Names • How Viruses Infect • What Viruses Infect • Virus Carriers • Company Solutions • Prevention Methods • Anti-Virus Software • Personal Interview • Bibliography

  3. Definition "A parasitic program written intentionally to enter a computer without the users permission or knowledge. The word parasite is used because a virus attaches to files or boot sectors and replicates itself, thus continuing to spread. Though some virus's do little but replicate others can cause serious damage or effect program and system performance. A virus should never be assumed harmless and left on a system." 1 -Symantec 1. www.symantec.com

  4. History of Viruses In the late 1980's, computer viruses were first widely recognized due to several factors. • the spread of personal computers • the use of computer bulletin boards • the floppy disk2 Over the years several prominent viruses have been recognized and recorded as follows: 2. www.howstuffworks.com

  5. History of Viruses3 • 1981 - The First Virus In The Wild - It was spread on Apple II floppy disks (which contained the operating system) and reputed to have spread from Texas A&M. • 1983 - The First Documented Experimental Virus - Fred Cohen's seminal paper Computer Viruses - Theory and Experiments from 1984 defines a computer virus and describes the experiments he and others performed to prove that the concept of a computer virus was viable. • 1986 - Brain, PC-Write Trojan, & Virdem - Two brothers from Pakistan analyzed the boot sector of a floppy disk and developed a method of infecting it with a virus dubbed "Brain“. Because it spread widely on the popular MS-DOS PC system this is typically called the first computer virus. That same year the first PC-based Trojan was released in the form of the popular shareware program PC-Write. Virdem was also found this year; it is often called the first file virus.

  6. History of Viruses • 1987 - File Infectors, Lehigh, & Christmas Worm: In November, the Lehigh virus was discovered at Lehigh University in the U.S. It was the first "memory resident file infector" • 1988 - MacMag, Scores, & Internet Worm: MacMag, a Hypercard stack virus on the Macintosh is generally considered the first Macintosh virus and the Scores virus was the source of the first major Macintosh outbreak. The Internet Worm (Robert Morris' creation) causes the first Internet crisis and shut down many computers. • 1989 - AIDS Trojan: This Trojan is famous for holding data hostage. • 1990 - VX BBS & Little Black Book (AT&T Attack): The first virus exchange (VX) BBS went online in Bulgaria. • 1991 – Tequila: Tequila was the first polymorphic virus; it came out of Switzerland and changed itself in an attempt to avoid detection.

  7. History of Viruses • 1992 - Michelangelo, DAME, & VCL: Michelangelo was the first media darling. The same year the Dark Avenger Mutation Engine (DAME) became the first toolkit that could be used to turn any virus into a polymorphic virus. Also that year the Virus Creation Laboratory (VCL) became the first actual virus creation kit. • 1995 - Year of the Hacker: Hackers attacked Griffith Air Force Base, the Korean Atomic Research Institute, NASA, Goddard Space Flight Center, and the Jet Propulsion Laboratory. GE, IBM, Pipeline and other companies were all hit by the "Internet Liberation Front" on Thanksgiving. • 1995 – Concept: The first macro virus to attack Word, Concept, is developed. • 1996 - Boza, Laroux, & Staog: Boza is the first virus designed specifically for Windows 95 files. Laroux is the first Excel macro virus. And, Staog is the first Linux virus. • 1998 - Strange Brew & Back Orifice: Strange Brew is the first Java virus. Back Orifice is the first Trojan designed to be a remote administration tool that allows others to take over a remote computer via the Internet.

  8. History of Viruses • 1999 - Melissa, Corner, Tristate, & Bubbleboy :Melissa is the first combination Word macro virus and worm to use the Outlook and Outlook Express address book to send itself to others via E-mail. Corner is the first virus to infect MS Project files. Tristate is the first multi-program macro virus; it infects Word, Excel, and PowerPoint files. Bubbleboy is the first worm that would activate when a user simply opened and E-mail message in Microsoft Outlook. • 2000 - DDoS, Love Letter, Timofonica, Liberty (Palm), Streams, & Pirus: The first major distributed denial of service attacks shut down major sites such as Yahoo!, Amazon.com, and others. In May the Love Letter worm became the fastest-spreading worm (to that time); shutting down E-mail systems around the world. The Visual Basic Script worm Timofonica tries to send messages to Internet-enabled phones in the Spanish telephone network. Called Liberty and developed by Aaron Ardiri the co-developer of the Palm Game Boy emulator Liberty, the Trojan was developed as an uninstall program and was distributed to a few people to help foil those who would steal the actual software. Streams became the first proof of concept NTFS Alternate Data Stream (ADS) virus in early September. Pirus is another proof of concept for malware written in the PHP scripting language. • 2001 - Gnuman, Winux Windows/Linux Virus, LogoLogic-A Worm, AplS/Simpsons Worm, PeachyPDF-A, Nimda: This group is mainly composed of worms that were written for the first time.

  9. History of Viruses • 2002 - LFM-926, Donut, Sharp-A, SQLSpider, Benjamin, Perrun, Scalper: LFM-926 showed up as the first virus to infect Shockwave Flash (.SWF) files. Donut showed up as the first worm directed at .NET services. In March, the first native .NET worm written in C#, Sharp-A was announced. • 2003 - Slammer, Sobig, Lovgate, Fizzer, Blaster/Welchia/Mimail: These viruses were responsible for attacking servers, mail programs, and peer-to-peer networks. • 2004 - Trojan.Xombe, Randex, Bizex, Witty, MP3Concept, Sasser, Mac OS X, W64.Rugrat.3344, Symb/Cabir-A, JS/Scob-A, WCE/Duts-A, W32/Amus-A, WinCE/Brador-A, JPEG Weakness, SH/Renepo-A: These worms caused major problems on operating systems such as Windows and Macintosh. 3. www.cknow.com/vtutor/vtsystemsector.htm

  10. Virus Behavior4 • Infection Phase • Virus writers have to balance how and when their viruses infect against the possibility of being detected. Therefore, the spread of an infection may not be immediate. • Attack Phase • Viruses need time to infect. Not all viruses attack, but all use system resources and often have bugs. 4. www.cknow.com/vtutor/vtsystemsector.htm

  11. Number of Viruses • By number, there are over 50,000 known computer viruses. • Only a small percentage of this total number account for those viruses found in the wild, however. Most exist only in collections. • There are more MS-DOS/Windows viruses than all other types of viruses combined.

  12. Virus Names5 • A virus' name is generally assigned by the first researcher to encounter the beast. • Multiple researchers may encounter a new virus in parallel which often results in multiple names. • Different names can cause confusion for the public but not anti-virus software which looks at the virus, not its "name." • There are different sites that attempt to correlate the various virus names for you. • Virus naming is a function of the anti-virus companies. This results in different names for new viruses. 5. www.howstuffworks.com

  13. How Viruses Infect6 • Polymorphic Virus - changes code whenever it passes to another machine; in theory these viruses should be more difficult for antivirus scanners to detect, but in practice they're usually not that well written. • Stealth Virus - hides its presence by making an infected file not appear infected, but doesn't usually stand up to antivirus software. • Fast and Slow Infectors - Viruses that infect in a particular way to try to avoid specific anti-virus software. • Sparse Infectors - Viruses that don't infect very often. • Armored Viruses - Viruses that are programmed to make disassembly difficult. • Multipartite Virus - infects both files and the boot sector--a double whammy that can reinfect your system dozens of times before it's caught.

  14. How Viruses Infect • Cavity (Spacefiller) Viruses - Viruses that attempt to maintain a constant file size when infecting. • Tunneling Viruses - Viruses that try to "tunnel" under anti-virus software while infecting. • Camouflage Viruses - Viruses that attempted to appear as a benign program to scanners. • NTFS ADS Viruses - Viruses that ride on the alternate data streams in the NT File System. • Virus Droppers - Programs that place viruses onto your system but themselves may not be viruses (a special form of Trojan). 6. www.cknow.com/vtutor/vtsystemsector.htm

  15. What Viruses Infect7 • System Sector Viruses - These infect control information on the disk itself. • File Virus - infects applications. These executables then spread the virus by infecting associated documents and other applications whenever they're opened or run. • Macro Virus - Written using a simplified macro programming language, these viruses affect Microsoft Office applications, such as Word and Excel, and account for about 75 percent of viruses found in the wild. A document infected with a macro virus generally modifies a pre-existing, commonly used command (such as Save) to trigger its payload upon execution of that command. • Companion Viruses - A special type that adds files that run first to your disk. 7. www.cknow.com/vtutor/vtsystemsector.htm

  16. What Viruses Infect • Cluster Viruses - A special type that infects through the disk directory. • Batch File Viruses - These use text batch files to infect. • Source Code Viruses - These add code to actual program source code. • Visual Basic Worms - These worms use the Visual Basic language to control the computer and perform tasks.

  17. Virus Carriers8 • Worms - A worm is a small piece of software that uses computer networks and security holes to replicate itself. A copy of the worm scans the network for another machine that has a specific security hole. It copies itself to the new machine using the security hole, and then starts replicating from there, as well. • Trojan horses - A Trojan horse is simply a computer program. The program claims to do one thing (it may claim to be a game) but instead does damage when you run it (it may erase your hard disk). Trojan horses have no way to replicate automatically. 8. www.webopedia.com/TERM/v/virus.html

  18. Company Solutions Company’s look for anti-virus solutions which prevent malicious attacks from manipulating customer data, compromising e-commerce servers, or gaining access to sensitive development plans. A commonly used protection program, Entercept, does this and more. Entercept: • Prevents and stops known and unknown Internet attacks before damage occurs to servers, databases, and applications. • Reduces security-related costs. • Proactive: Requires minimal monitoring, minimal false-positives. • Protects critical assets. • Protects the customer portals

  19. Prevention Methods • Running a secure operating system such as UNIX keeps viruses away from your hard disk through it’s security features • Purchasing anti-virus software for an unsecured operating system • Avoid opening programs from unfamiliar programs • If you run Microsoft applications, make sure you enable the Macro Virus Protection for each application. • E-mail attachments containing executables should never be double-clicked. • One should have a clean back-up of his hard drive.

  20. Anti-Virus Software Anti-Virus programs are comprised of scanning software. This software will look for a unique string of bytes that identifies the virus and remove it from your system. If the virus is a new issue, the software will use heuristics to identify the virus-like activity on your system. The software will quarantine the questionable program and then notify the user of the programs intentions.

  21. Personal Interview 1.  How has your company/organization dealt with viruses that are obtained through a) the internet; b) e-mail; and c) software? 2.  How has your company/organization solved these problems? 3.  What solutions have you put in place for future prevention? 4.  How costly are the prevention methods? 5.  How detrimental would the abscence of these prevention methods be to the company/organization? 6.  At what rate do viruses occur in your company/organization? (It can be an estimate) Interviewee: kbolds@lsuhsc.edu Answers to these questions were used as supplementary information in report.

  22. Bibliography • 1. www.howstuffworks.com/virus.htm  • 2. www.cert.org/other_sources/viruses.html • 3. www.cknow.com/vtutor/vthistory.htm  • 4. www.actlab.utexas.edu/~aviva/compsec/virus/whatis.html • 5. www.mcafee.com • 6. www.symantec.com/avcenter/ • 7. www.exn.ca/nerds/20000504-55.cfm • 8. www.cknow.com/vtutor/vtsystemsector.htm • 9. kbolds@lsuhsc.edu

  23. THE END

More Related