Computer Virus

advertisement
1
1. To discuss the history of computer virus
outbreaks.
2. To examine the difference between
computer worms and viruses.
3. To discover the various types of computer
worms and viruses and how to protect a
computer.
4. To assess the consequences associated
with computer worms and viruses.
2
• Is a malicious computer program created by a user
with objectives to harm or steal another’s property
• Is also referred to as Malware
• Is important for users to be aware of
Computer Virus: a malicious computer program
created by a user with objectives to harm or steal
another’s property
3
• Is a piece of code attaching itself to a larger, more
frequently used program
– it then modifies the program
– this is referred to as “piggybacking”
• Is active and running only when the host program is
active
• Is designed to multiply and infect other programs the
computer runs
• Protect themselves by hiding in a host program
Host Program: a large, frequently run program
attached to the virus
Piggybacking: the act of a computer virus attaching
itself to another computer program
4
• Begins to carry out whatever malicious activity it
is supposed to, once it has multiplied and
infected other programs
– the malicious activity is known as the payload
• Can spread fast, slow or not spread at all
– if the virus programmer made an error in
designing the virus then it will not spread at all
• Can remain dormant in a computer until a
specified time
• Can delete all data and files on a computer
Payload: the malicious activity a computer virus or
worm is designed to do
5
• Can affect different parts of the computer
– such as:
• the hard drive
• a CD/DVD Drive
• any type of storage device
• Can spread through virtually any
computer to server or computer to
computer contact
– Examples of spreading medians:
• Internet
• downloading attachments or music
• CD or thumb drive
6
• Is an independent program
– it does not attach itself to files or programs
• Is classified by two types:
– a network worm
– a host worm
Computer Worm: an independent program
which multiplies itself by copying a segment of
itself onto another computer
7
• Can contain malicious instructions to
hinder a computer’s performance
• Uses flaws or holes in the network to
gain access to individual computers
– this gives worms the ability to move
extremely fast through a network infecting
computers
• it could possibly infect an entire network of
computers within seconds
8
• Multiplies by copying a segment of itself onto another
computer over a network
– the segments of the worm, on various computers
in a network, remain in contact with each other
– if one segment of the worm fails or is removed,
then the other remaining segments must find
another computer, prepare it for the worm and
then add the segment to the rest of the worm
– this is how the worm moves through a network
Network Worm: a computer worm which copies
different segments of itself to computers linked
together in a network
9
• Is completely contained on one running computer
• Copies itself to another computer through a
network
• Deletes itself from the original computer, once it
has moved to another computer
• Does not fragment or segment itself
– a network worm does run different segments of
itself on different computers
Host Worm: a computer worm which copies itself to
another computer in a network and then deletes itself
completely from the previous computer in which it was
contained
10
• Include:
– they both usually contain malicious instructions
• designed to harm a computer and annoy a user
– they cause an increasing amount of damage
• the more computers the worms or viruses infect
the more computers they have access to infect
by networking
11
• Include:
– protecting themselves by hiding in host programs
or changing their appearance to evade detection
– destroying evidence of their presence and
wrongdoings
– spreading through a network, the Internet,
software, e-mails or memory devices (such as a
rewritable CD)
– causing system or network slowdowns
12
• Include:
– a virus requires a host program
• a worm is an independent program
– a virus modifies other programs
• a worm usually does not
– a virus only executes when the host
program is running
• a worm is always active
13
• Include:
– a virus uses host programs to replicate
• a worm replicates itself over a network
– a virus needs to be activated or downloaded (such
as a virus sent through e-mail, it must be doubleclicked in order for it to be able to run)
• a worm does not need to be activated
– it will move or copy itself to a computer
without the user’s knowledge
14
Virus
• requires host program
• modifies other programs
• only active when host is
active
• uses host to replicate
• requires user
involvement to be
activated or downloaded
Worm
• independent program
• does not modify other
programs
• always active and running
on the computer
• self replicating over a
network
• copies itself to a
computer without the
users permission or
knowledge
15
• Is a malicious program disguised in a seemingly
innocent program
• Is an analogy referencing the “Trojan Horse” used
by the Greeks to obtain access to the city of Troy
– The Greeks were losing in the battle to overtake the
city of Troy, so their leader Odysseus, built a seemingly
innocent giant wooden horse with a hollow belly, large
enough for soldiers to hide in. He offered it to the
Trojans as a sign of peace. The Trojans accepted the
gift and celebrated their victory. Then at night while
they were sleeping, the Greeks snuck out of the horse,
which they were hiding in, and took the city of Troy.
Trojan Horse: a malicious program disguised inside of
another program seemingly beneficial or harmless
16
• Will generally gain access to administrative
areas on a computer
– once it has gained access to these areas, it will
create a back door
– this gives the creator of the Trojan horse
unauthorized access to the user’s computer and
the information it contains
• Will sometimes monitor keystrokes and
browsing activity
– this information is sent to companies sending the
user content and information they did not request
• Can be discreet
– meaning they do not leave any trace of their
presence
17
• Began in 1949 when John Von
Neumann wrote a paper called “Theory
and Organization of Complicated
Automata”
– this paper assumed a computer program
could self-replicate
– this theory was later called “Core Wars”
18
• Became a reality in 1982 when the first virus called
the “Elk Cloner” was created by Rich Skrenta
– The virus created by Skrenta was created as a
prank on his friends. He modified floppy disks
containing games or software which were
swapped within his group of friends. Instead of
running the software or game the disk displayed
taunting messages.
19
• Was created as what is now known as a boot sector
virus
– a copy of the virus is downloaded off of a disk
when the computer is booted up
– then when someone else inserts a disk into the
computer, the virus is downloaded to the new disk
• Began as an innocent prank
– however this prank opened the door for numerous,
harmful viruses to be created
20
• Progressed in the 80’s and 90’s, when
hackers developed new ways to steal
information and inhibit regular computer
use
• Took significant strides with the following
viruses:
– “The Brain” in 1986 created in Pakistan by
brothers Basit Amjad and Farooq Alvi
• this was a boot sector virus and technically the
first stealth virus, which means if anyone
attempted to view the infected sector, the virus
would replace it with the clean, original version
of the sector
21
• Stealth Virus: a virus in which if anyone attempts to
view an infected sector, the virus will replace it with
the clean, original version of the sector
• Boot Sector Virus: a virus which copies itself onto a
computer off of a disk when the computer is booted
up; then when someone else inserts a disk into the
computer, the virus is downloaded to the new disk
22
• Has been developed by hackers
experimenting with other ideas of
viruses and then building on them
• Was greatly effected by the “Vienna
Virus”
– this virus was picked apart by
Ralph Burger
– he then wrote a book called
Computer Viruses: A High Tech
Disease
23
• Explained the process of creating a
virus
• Was widely publicized it
• Made computer viruses popular, and
hackers began widely creating and
distributing viruses
24
• Begins with the idea of computer viruses
• Made its first significant stride around 1980
when researchers at Xerox Palo Alto
Research center developed the first worm
for experimental research
– this worm was developed to handle mail,
administer diagnostics and execute other
functions
– was created without malicious intentions
25
• Was created by Robert Morris in 1988
• Was the first worm to be distributed over a
network without other users being aware of
its presence
• Was designed for experimental purposes
• Was released onto a network to remain
present without negatively affecting the
network
26
• Began clogging the network
– by multiple versions of the worm being run on the
same machine at once
– this slowed the system by using all of its
processing power, and inhibited new users from
accessing the network
– Robert Morris went on trial and was convicted and
received a fine, probation and community service
• Affected approximately 6,000 servers and
caused between $10 million to $100 million
dollars worth of damage
27
• 1949 – John Von Neumann wrote a paper
theorizing a self-replicating computer
program
• 1980 – Researchers at Xerox Palo Alto Research
developed the first experimental worm
• 1982 – First virus, “Elk Cloner”, was created by
Rich Skrenta
• 1986 – “The Brain” was created by brothers Basit
and Amjad and Farooq Alvi
• 1988 – “The Vienna Virus” was picked apart by
Ralph Burger who then wrote a book
explaining how to create a virus
• 1988 – “Morris Worm” was the first worm was
released damaging computers
28
• 1993 – The “SatanBug” was created
devastating many computers
– the FBI investigated and discovered the creator was
a child
• 1996 – The “Concept Virus” was released and
devastated the computer world
– first virus widely affecting Word® documents
• 1999 – The “Melissa Worm” was released
– this macro devastated many commercial
organizations because of their high usage of Word®
and Excel®
• 2001 – “Code Red” worm was discovered
– provided control of the Web server to anyone who
knew the security had been compromised
29
• Are at both the state and federal level
– meaning a hacker can be prosecuted at the state
level if the virus did not leave the state or at the
federal level if it crossed state boundaries
• if it is prosecuted at the federal level the U.S.
Secret Service will generally investigate
• Are usually considered a felony
• Can be found on
http://www.ncsl.org/programs/lis/cip/viruslaws.h
tm
– this is for individual state legislation
30
• Began in 1986 with the Computer Fraud
and Abuse Act
– this lays out the prosecution for using the
computer for fraud
– the punishment varies depending on:
• the amount of damage caused by the worm
• if the amount of damage caused was intentional
– this would be difficult to find evidence
• if the worm or virus was created for commercial
advantage or personal financial gain
– the punishment for such a crime is
imprisonment for up to 20 years and/or a fine
• the fine is decided by a judge
31
• Was amended in 1994 and 1996
– it was amended because of:
• innovative worms and viruses
• clarification issues
– the fines and punishments remained the
same
32
• Arose from distinguishing whether
something was a worm, virus or Trojan
horse
– the legislation was amended so all of the
above would fall under the following
statement
• "transmission of a program, information, code,
or command" that "cause[s] damage to a
computer, computer system, network,
information, data or program." 18 U.S.C. Sec.
1030(a)(5)(A).
33
• Against computer worms and viruses comes from
anti-virus software and good judgment from the
computer user
– use good judgment when opening suspicious emails or downloading attachments
• if it really does not look important, then do not
open it
• viruses in e-mails can find a user’s e-mail list
then send itself in an attachment to all of the
contacts on the list
34
• May be completed by scanning all disks and files
used on another computer before opening files
– this is an easy feature contained in anti-virus
software
• Requires users to scan attachments and downloads
from the Internet by an anti-virus software before
opening them
35
• Calls for users in a computer lab to clean
up or “reboot” a computer before using
– this can be done with a simple action called
Disk Cleanup
• it can be found by going to Start>All
Programs>Accessories>System Tools> Disk
Cleanup
• this removes all potentially harmful temporary
Internet files
– also be sure to log out when using a public
computer
36
• Requires users to back up all important
information periodically
– in case a virus or worm does destroy all files
contained on a computer
• Involves users to advise caution when
accepting copied software
– sometimes software will be considered public
domain, where the manufacturer will give it to
users at little or no cost
– be sure the copied software is from a trusted
source
37
• Is the most common form of computer
protection against viruses and worms
• Was first introduced in 1990
• Needs to be high-quality
– there is free anti-virus software on the Internet
which will not protect a user’s computer as well as
a program paid for
• Needs to updated regularly
– most software will update itself regularly when
connected to the Internet, be sure to install all
updates possible
38
• Recommended for Windows® includes:
– McAfee VirusScan
– Norton AntiVirus
®
®
• Recommended for Mac® includes:
– McAfee Virex
– Intego VirusBarrier
– Norton AntiVirus
®
®
®
39
1. List one similarity and one difference of
Worms and Viruses.
2. There are two types of computer
worms a network worm and a
a.
b.
c.
d.
server worm
host worm
Trojan horse
Morris worm
40
3. A Trojan horse will generally attempt to gain
access of which type of area on a computer?
a. administrative
b. memory or storage
c. network links
d. hard drive
4. Imprisonment time for a computer virus can
range from 0 to
a.
b.
c.
d.
10 years
15 years
20 years
25 years
41
5. The first virus created in 1982 was the ______________
virus:
a. Trojan horse
b. Morris
c. burger
d. elk Cloner
6. A virus in which if anyone attempted to view an infected
sector, the virus would replace it with the clean, original
version of the sector is known as a(n)
a. boot sector virus
b. stealth virus
c. elk Cloner virus
d. Morris virus
42
7. A Trojan horse will possibly:
a.
b.
c.
d.
e.
monitor keystrokes
monitor browsing activity
clog a network
both a and b
none of the above
8. Computer files generally back themselves up
automatically, so there is no need to frequently
back up important files.
a. true
b. false
43
• Computer Fraud and Abuse Act. (2003, January).
Retrieved October 9, 2008, from Laws and Texas Tech
University System Policies Affecting Computer Use:
http://www.depts.ttu.edu/itts/documentation/laws/lpctexts/c
fa86.html
• Economics. (2008). Retrieved October 9, 2008, from
About.Com: http://kb.iu.edu/data/aehm.html
• Hacker Marks 25th Anniversary of First Computer Virus.
(2007, September 6). Retrieved October 9, 2008, from
FOXNews.Com:
http://www.foxnews.com/story/0,2933,295813,00.html
• Kutner, T. (2007). Tips from Tonna for your PC. Retrieved
October 9, 2008, from Computer Lynx:
http://www.computer-lynx.com/a-virus-or-worm.htm
• Lehtinen, Rick, and G. T. Gangemi. Computer Security
Basics, 2nd Edition. O'Reilly, 2006.
44
•
•
•
•
•
Computer Viruses: Making the Time Fit the Crime. (1997). Retrieved
October 9, 2008, from Ford Marrin Esposito Witmeyer & Gleser, L.L.P:
http://www.fmew.com/archive/virus/
Fosnock, C. (2005). Computer Worms: Past, Present, and Future.
Retrieved October 9, 2008, from East Carolina University:
http://www.infosecwriters.com/text_resources/pdf/Computer_Worms_P
ast_Present_and_Future.pdf
Protecting your computer from viruses. (2007). Retrieved October 9,
2008, from University of Washington:
http://www.washington.edu/computing/virus.html#HOW
The History of Computer Viruses. (2008). Retrieved October 9, 2008,
from Virus Scan Software:
http://inventors.about.com/gi/dynamic/offsite.htm?zi=1/XJ/Ya&sdn=inve
ntors&cdn=money&tm=10&gps=166_142_1436_695&f=10&tt=14&bt=1
&bts=0&zu=http%3A//www.virus-scan-software.com/virus-scanhelp/answers/the-history-of-computer-viruses.shtml
Worms. (2007). Retrieved October 9, 2008, from Cybercrime:
http://cybercrime.planetindia.net/worms.htm
45
Production Coordinator:
Jessica House
Production Manager:
Dusty Moore
Project Coordinator:
Maggie Bigham
Executive Producers:
Gordon Davis, Ph.D.,
Graphic Designer:
Jeff Lansdell
Ann Adams
© MMIX
CEV Multimedia, Ltd.
46
Download