420 likes | 637 Views
Keeping Your Computer Free of Viruses. Stan VanDruff svandru@crosslink.net. Malicious Code Dropper Logic Bomb Time Bomb. Trojan Horse Worm Virus. These Terms mean “Virus” to the General Public. What is Malicious Code?.
E N D
Keeping Your Computer Free of Viruses Stan VanDruff svandru@crosslink.net
Malicious Code Dropper Logic Bomb Time Bomb Trojan Horse Worm Virus These Terms mean “Virus” to the General Public
What is Malicious Code? Any program that causes damage or otherwise compromises a computer system. Could be a virus, Trojan horse, dropper, bomb, etc.
What is a Dropper? A program which has a legitimate use, but contains viruses which are secretly planted in a system. Droppers may actually be commercial software hacked to drop viruses. Definition from https://infosec.navy.mil/COMPUSEC/glossary.html
What is a Logic Bomb? A program which executes on the occurrence, or lack of occurrence of a set of system conditions. Classic examples are programs which cease functioning if the programmer's name is removed from the company's payroll list. Definition from https://infosec.navy.mil/COMPUSEC/glossary.html
What is a Time Bomb? A logic bomb activated after a certain amount of time, or on a certain date. The classic example is a program that ceases functioning on a given date, as a control for leasing it. Such a program is often re-activated by an appropriate password. Definition from https://infosec.navy.mil/COMPUSEC/glossary.html
What is a Trojan Horse? A program that neither replicates or copies itself, but does damage or compromises the security of the computer. Typically it relies on someone emailing it to you, it does not email itself. It may arrive in the form of a joke program or software of some sort. Definition from http://www.symantec.com/avcenter/refa.html
What is a Worm? A program that makes copies of itself, for example from one disk drive to another, or by copying itself using email or some other transport mechanism. It may do damage and compromise the security of the computer. It may arrive in the form of a joke program or software of some sort. Definition from http://www.symantec.com/avcenter/refa.html
What is a Virus? A program or code that replicates, that is infects another program, boot sector, partition sector, or document that supports macros by inserting itself or attaching itself to that medium. Most viruses just replicate, a lot also do damage. Definition from http://www.symantec.com/avcenter/refa.html
Joke Myth Scam Hoax These Aren’t Viruses, but They Still Spell Trouble
What is a Joke? A harmless program that causes various benign activities to display on your computer (e.g., an unexpected screen-saver, turning your CDROM into a cup holder). Definition from http://www.symantec.com/avcenter/refa.html
What is a Myth? • An Often Lurid Story or Anecdote That Is Based on Hearsay and Widely Circulated As True • Aids Needles • 602P Email Tax • Stolen Kidney • Klingerman Postal Virus • For More Info, Visit http://www.scambusters.org/Scambusters22.html Definition from http://www.merriamwebster.com/
What is a Scam? • A Fraudulent or Deceptive Act or Operation • Pay Per Minute (809) Scam • Free Credit Cards • Pyramid Schemes • For More Info, Visit http://scambusters.org/ Definition from http://www.merriamwebster.com/
What is a Hoax? Usually an email that gets mailed in chain letter fashion describing some devastating highly unlikely type of virus, you can usually spot a hoax because there's no file attachment, no [valid] reference to a third party who can validate the claim and the general 'tone' of the message. Definition from http://www.symantec.com/avcenter/refa.html
Example Hoaxes • Good Times • Deeyenda • Bud Frogs • Naughty Robot
Spotting a Hoax • "VIRUS WARNING !!!!!!! • If you receive an email titled “It Takes Guts to Say ‘Jesus’” DO NOT open it. It will erase everything on your hard drive. Forward this letter out to as many people as you can. This is a new, very malicious virus and not many people know about it. This information was announced yesterday morning from IBM; please share it with everyone that might access the internet. • Once again, pass this along to EVERYONE in your address book so that this may be stopped. • Also, do not open or even look at any mail that says “RETURNED OR UNABLE TO DELIVER.” This virus will attach itself to your computer components and render them useless. Immediately delete any mail items that say this. AOL has said that this is a very dangerous virus and that there is NO remedy for it at this time. Please practice cautionary measures and forward this to all your online friends ASAP.
Spotting a Hoax • "VIRUS WARNING !!!!!!! • If you receive an email titled “It Takes Guts to Say ‘Jesus’” DO NOT open it. It will erase everything on your hard drive. Forward this letter out to as many people as you can. This is a new, very malicious virus and not many people know about it. This information was announced yesterday morning from IBM; please share it with everyone that might access the internet. • Once again, pass this along to EVERYONE in your address book so that this may be stopped. • Also, do not open or even look at any mail that says “RETURNED OR UNABLE TO DELIVER.” This virus will attach itself to your computer components and render them useless. Immediately delete any mail items that say this. AOL has said that this is a very dangerous virus and that there is NO remedy for it at this time. Please practice cautionary measures and forward this to all your online friends ASAP. First clue this is a hoax !!!!!!!
Spotting a Hoax • "VIRUS WARNING !!!!!!! • If you receive an email titled “It Takes Guts to Say ‘Jesus’” DO NOT open it. Itwill erase everything on your hard drive.Forward this letter out to as many people as you can. This is a new, very malicious virus and not many people know about it. This information was announced yesterday morning from IBM; please share it with everyone that might access the internet. • Once again, pass this along to EVERYONE in your address book so that this may be stopped. • Also, do not open or even look at any mail that says “RETURNED OR UNABLE TO DELIVER.” This virus willattach itself to your computercomponents and render them useless.Immediately delete any mail items that say this. AOL has said that this isa very dangerous virus and there is NO remedy for itat this time.Please practice cautionary measures and forward this to all your online friends ASAP. Dire predictions
Spotting a Hoax • "VIRUS WARNING !!!!!!! • If you receive an email titled “It Takes Guts to Say ‘Jesus’” DO NOT open it. It will erase everything on your hard drive. Forward this letter out to as many people as you can. This is a new, very malicious virus and not many people know about it. This information wasannounced yesterday morningfrom IBM; please share it with everyone that might access the internet. • Once again, pass this along to EVERYONE in your address book so that this may be stopped. • Also, do not open or even look at any mail that says “RETURNED OR UNABLE TO DELIVER.” This virus will attach itself to your computer components and render them useless. Immediately delete any mail items that say this.AOL has saidthat this is a very dangerous virus and there is NO remedy for it at this time.Please practice cautionary measures and forward this to all your online friends ASAP. Name dropping
Spotting a Hoax • "VIRUS WARNING !!!!!!! • If you receive an email titled “It Takes Guts to Say ‘Jesus’” DO NOT open it. It will erase everything on your hard drive.Forward this letter out toas many people as you can.This is a new, very malicious virus and not many people know about it. This information was announced yesterday morningfrom IBM; pleaseshare it with everyonethat might access the internet. • Once again,pass this along to EVERYONE in your address booksothat this may be stopped. • Also, do not open or even look at any mail that says “RETURNED OR UNABLE TO DELIVER.” This virus will attach itself to your computer components and render them useless. Immediately delete any mail items that say this. AOL has said that this is a very dangerous virus and there is NO remedy for it at this time. Please practice cautionary measures and forward this to all your online friends ASAP. Plead with you to spread it
If You Get a Virus Warning (Even from a Friend) • Think First • Most email virus warnings are hoaxes • Suspect it unless it originates from your computer security group or your ISP • Check these sites before passing it on: http://www.stiller.com/hoaxes.htm http://vil.nai.com/VIL/hoaxes.asp http://www.sophos.com/virusinfo/hoaxes/ http://www.vmyths.com/ http://www.virusbtn.com/Hoax/hoaxlist.html
Virus Types • Boot Sector • Targets bootable hard drives and floppies • File Infectors • Target executable files (e.g., .exe, .sys, com) • Macro Virus • Target Microsoft Word or Excel documents • Email Worms • Use Your Email Software to Spread Like Wildfire
Dangerous Web Files • May be hidden in HTML web documents: • ActiveX • Java (not Java Script) • VB Script • Make sure your browser does not automatically execute any Microsoft Office files • Set browser security settings to high
Vehicles to Spread Viruses • Email Attachments • Shareware • Internet Downloads • Friends • Commercial Software
Why Viruses are so Prevalent 1) Curiosity 2) Ignorance 3) Global connectivity 4) Friends share everything 5) Complex software gives programmers more options to create and spread viruses
Curiosity • Email from strangers makes us feel important • We want something for nothing • We’re a little gullible too: • From the email that contains the X97M.Papa.A Excel Macro Virus:Urgent info inside. Disregard macro warning.
Yes (Symantec April ’01) “Norton AntiVirus protects you from 49,250 viruses ” Reported 62 new discoveries in April No (Wildlist March ’01) 225 distinct viruses verified by at least two participants 652 verified by one participant Are There Really 50,000 Viruses? Sources: http://www.symantec.com/avcenter/ http://www.wildlist.org/WildList/200104.htm
Viruses in the Wild • WildList Organization • 63 Professional reporters • Only monthly, but going real-time • Real threats, not academic curiosities • Attempting to standardize virus names • As of april 30, there were 662 viruses reported by at least 1 participant. 222 were reported by at least 2 participants.
Top 5 Active Viruses • VBS.VBSWG2.X 5/08/2001 • W32.Badtrans 4/11/2001 • W32.Magistr 3/13/2001 • W32.HLLW 10/09/2000 • W95.Hybris 9/25/2000 Source: http://www.symantec.com/avcenter/ (May 4, 2001)
W95.Hybris.gen • Infects Explorer.exe. • Obtains the name of the computer. • Retrieves the current user's email name and address. • Chooses a random number of words from a *.doc or *.txt file to construct the subject and body of an email. • Sends email to names from your address book.
W95.Hybris.gen • If the computer has been infected for one month and meets other criteria, the virus • Erases CMOS and Flash BIOS (Windows 9x/Me only) • Overwrites every 25th file with [unpleasant] text as many times as it will fit • Deletes every other file • Displays [an unpleasant] message • Overwrites a sector of the first hard disk
Protect Yourself NOW! • Upgrade your current anti-virus software and get the latest virus definitions • Download a trial version of anti-virus software • Run Norton Virus Check online • Whichever option you choose, do it ASAP
Choosing an Anti-Virus Product • Effective • Virus Bulletin 100% List • Easy to use • Understandable interface and settings • Simple or automatic upgrades/updates • Updated often
Use It! • Scan weekly • Use auto-protect feature for email and Internet downloads • Scan email attachments again (just in case)
Keep It Up to Date! • Update Anti-virus weekly (yes, weekly) • Also keep these programs up to date: • Email client (especially Outlook) • MS Office (especially MS Word) • Windows 95/98/NT/2000/MacOS/Linux • Internet Browser
Practice Safe Computing • Commercial Software, Shareware, Friends, and Internet Downloads—beware of • Bonus software or free gifts • Unknown or questionable sources • Scan everything !
Practice Safe Computing • Email—it is now possible to spread a virus in an email without attachments. If your email program can read HTML email, check your settings. • Also beware of • Email from unknown senders • Unexpected attachments • Promises that are too good to be true • Senders who tell you to ignore virus warnings • Subject lines or file names that are risqué or otherwise enticing • Attachments with macros no matter the source
Protection from Macro Viruses • Microsoft Word, Excel, and Powerpoint have built-in macro virus protection: On the Tools menu, click Macro, and then click Security. Make sure lowsecurity is not selected. • Write-protect the global template Normal.Dot • Visithttp://office.microsoft.com/and search on “Virus”
Protection from Macro Viruses • MS Word • Only Word documents or templates can carry viruses; TXT files and RTF files cannot. However, one can simply rename a *.doc file with the *.rtf extension to fool some (all?) anti-virus programs. Set your anti-virus scanner to check all file types—at least add *.rtf and *.txt.
Please—Be Careful Out There • Practice safe computing (trust no one) • Use anti-virus software • Keep your software up to date
Whew! We Made It Stan VanDruff svandru@crosslink.net