140 likes | 221 Views
EDW647: Internet for Educators. Dr. Roger Webster Department of Computer Science Millersville University Roger.Webster@Millersville.edu. Viruses. July 22, 2008. Virus: Powerful Stuff. 1981: 1 known computer virus 2005-2006: > 70,000 invade all types of computers – including handheld.
E N D
EDW647: Internet for Educators Dr. Roger Webster Department of Computer Science Millersville University Roger.Webster@Millersville.edu Viruses July 22, 2008 Dr. Roger Webster & Dr. Nazli Mollah
Virus: Powerful Stuff • 1981: 1 known computer virus • 2005-2006: > 70,000 • invade all types of computers – including handheld Dr. Roger Webster & Dr. Nazli Mollah
Malware • Malicious Code – program or a set of programs designed to surreptitiously enter a computer and disrupt its normal operations • Malicious Code include • viruses • worms • Trojan horses • Unleashed by hackers and crackers Dr. Roger Webster & Dr. Nazli Mollah
What is a computer virus? • A program that attaches itself to a file, reproduces itself, and spreads to other files • A computer virus behaves in a way similar to a biological virus, which replicate and spread by inserting itself into living cells. • A computer virus inserts itself into files (infected file) and then will replicate and spread from one file to another • Viruses can replicate themselves only on the host computer (and does not spread by jumping from one host to another) • Viruses spread because people distribute infected files by exchanging disks, sending e-mail attachments, exchanging music on file sharing networks and downloading software from the web • Key characteristic is their ability to “lurk” in a computer for days or months quietly replicating themselves Dr. Roger Webster & Dr. Nazli Mollah
virus • Many computer viruses infect files executed by your computer – files with extensions such as .exe and .vbs • When your computer executes an infected program, it also executes the attached virus instructions • These instructions then remain in RAM, waiting to infect the next program your computer run r the next disk it accesses • In addition to replicating itself, a virus may deliver a payload, which could be as harmless as displaying an annoying message or as devastating as corrupting the data on your computer's hard disk • A trigger event, such as a specific date, can unleash some virus, e.g. the Michelangelo virus triggers on March 6, the birthday of artist, Michelangelo • Your experience with viruses? Dr. Roger Webster & Dr. Nazli Mollah
How is a Trojan horse different from a virus? • A Trojan horse is a computer program that appears to do one thing (install a screen saver, for example) when in fact it does something entirely different, and potentially malicious, such as erase files. • Although often referred to as such, Trojan horses are not viruses in the strict sense because they cannot replicate automatically. For a Trojan horse to spread, it must be invited onto a computer by the user opening an email attachment or downloading and running a file from the Internet Dr. Roger Webster & Dr. Nazli Mollah
Trojan Horse • Notorious for stealing passwords • Papador Trojan Horse • watches your browser window for text strings such as “Sign In” and “Log in” • then displays a fake login screen (misleading heading like “security measures”) that collects name, birthday, cc number, ATM code • Don’t give our birth dates – https, lock • PictureNote Trojan – arrives as e-mail named picture.exe • leads you to believe that you have received some type of graphical software • However if you open the file, it searches for AOL user information and tries to steal your login and e-mail passwords Dr. Roger Webster & Dr. Nazli Mollah
What’s a worm? • Proliferation of networks, the Internet, e-mail programs etc. – threat arises from worms • Virus: designed to spread from file to file • Worm is designed to spread from computer to computer • Mass mailing worms spread by sending themselves to every address in the address book of an infected computer (seems to be coming from a known sender) • Mass mailing worms often include an attachment that contains the worm • opening the attachment then unleashes the worm • Some mass mailing worms contains a weblink that installs a worm, Trojan horse, or virus • Wallon worm contains a link to a Web site (looks like it is coming from yahoo). Clicking the link downloads several files, including the worm, which then replicate itself by sending itself to addresses in your address book. Some e-mail come from enticingly legitimate sources – MS, your place of employment Dr. Roger Webster & Dr. Nazli Mollah
What are the symptoms of a malicious code attack? • Delete and modify files • many viruses are designed to delete files from a hard disk – may cause system instability • Access confidential information • Trojan horses are notorious for using backdoors to steal passwords and CC numbers • Worms can also scan files and Web Sites for e-mail addresses • Performance degradation • Malicious code may require system resources to send mail and scan files. While a virus is active, your computer might seem to perform slower than normal • Disable antivirus and firewall software • some viruses – called retro viruses – are designed to attack antivirus software by deleting the files that contain virus descriptions or by corrupting the main executable virus-scanning program (anti-virus viruses) Dr. Roger Webster & Dr. Nazli Mollah
Antivirus Software: How can I avoid viruses and worms? • Prevention is best • Keeping viruses, Trojan Horses and worms you o your computer is preferable to trying to eliminate these pesky programs after they have taken up residence • Certain viruses are particularly tenacious just the process of booting up your computer an trigger their replication sequence or send hem into hiding • 3 top Steps to preventing your computer from becoming infected: • Use antivirus software on every computing devise you own • Keep software patches and operating system service packs up to date • Do not open suspicious e-mail attachments • Antivirus software is a set of utility programs that looks for and eradicates viruses, Trojan horses, and worms: • McAfee, VirusScan, Norton AntiVirus, F-Secure Anti Virus • Which do you use? Why? How often? Dr. Roger Webster & Dr. Nazli Mollah
How does antivirus software work? • Antivirus software uses several techniques to find viruses • Let’s think about it • Some viruses attach themselves to an exiting program – the presence of such a virus often increases the length of the original program • The earliest antivirus software simply examined the programs on a computer and recorded their length – a change in the length of a program from one computing session to the next indicated the possible presence of a virus • To counter the early antivirus software, hackers became more cunning – they created viruses that insert themselves into the unused portions of a program file without changing its length • Antivirus software developers fought back • They designed software that examines the bytes in an uninfected application program and calculates a checksum. A checksum is a number calculated by combining the binary values of all bytes in a file. Each time you run an application program, antivirus software calculates the checksum and compares it with the previous checksum. If any byte in the application program, has changed, the checksum will be different and the antivirus software assumes a virus is present. Dr. Roger Webster & Dr. Nazli Mollah
How often should I get an update? • New viruses and variations of old viruses are unleashed just about everyday • Check Web site of antivirus software publisher for periodic updates • Some software periodically reminds you to check for updates Dr. Roger Webster & Dr. Nazli Mollah
Virus Hoaxes: What’s a virus hoax? • Some viruses don’t really exists • A virus hoax arrives as an e-mail message containing dire warnings about a supposedly new virus that is on the loose • Recommends a strategy • Recommends forwarding the email • Says no one has a fix for it yet • Many cases it is a fake • Don’t panic • You can ignore a virus hoax • You can validate the hoax by going to a reliable Web site that lists hoaxes and viruses Dr. Roger Webster & Dr. Nazli Mollah
What’s a virus hoax? Dr. Roger Webster & Dr. Nazli Mollah