1 1. To discuss the history of computer virus outbreaks. 2. To examine the difference between computer worms and viruses. 3. To discover the various types of computer worms and viruses and how to protect a computer. 4. To assess the consequences associated with computer worms and viruses. 2 • Is a malicious computer program created by a user with objectives to harm or steal another’s property • Is also referred to as Malware • Is important for users to be aware of Computer Virus: a malicious computer program created by a user with objectives to harm or steal another’s property 3 • Is a piece of code attaching itself to a larger, more frequently used program – it then modifies the program – this is referred to as “piggybacking” • Is active and running only when the host program is active • Is designed to multiply and infect other programs the computer runs • Protect themselves by hiding in a host program Host Program: a large, frequently run program attached to the virus Piggybacking: the act of a computer virus attaching itself to another computer program 4 • Begins to carry out whatever malicious activity it is supposed to, once it has multiplied and infected other programs – the malicious activity is known as the payload • Can spread fast, slow or not spread at all – if the virus programmer made an error in designing the virus then it will not spread at all • Can remain dormant in a computer until a specified time • Can delete all data and files on a computer Payload: the malicious activity a computer virus or worm is designed to do 5 • Can affect different parts of the computer – such as: • the hard drive • a CD/DVD Drive • any type of storage device • Can spread through virtually any computer to server or computer to computer contact – Examples of spreading medians: • Internet • downloading attachments or music • CD or thumb drive 6 • Is an independent program – it does not attach itself to files or programs • Is classified by two types: – a network worm – a host worm Computer Worm: an independent program which multiplies itself by copying a segment of itself onto another computer 7 • Can contain malicious instructions to hinder a computer’s performance • Uses flaws or holes in the network to gain access to individual computers – this gives worms the ability to move extremely fast through a network infecting computers • it could possibly infect an entire network of computers within seconds 8 • Multiplies by copying a segment of itself onto another computer over a network – the segments of the worm, on various computers in a network, remain in contact with each other – if one segment of the worm fails or is removed, then the other remaining segments must find another computer, prepare it for the worm and then add the segment to the rest of the worm – this is how the worm moves through a network Network Worm: a computer worm which copies different segments of itself to computers linked together in a network 9 • Is completely contained on one running computer • Copies itself to another computer through a network • Deletes itself from the original computer, once it has moved to another computer • Does not fragment or segment itself – a network worm does run different segments of itself on different computers Host Worm: a computer worm which copies itself to another computer in a network and then deletes itself completely from the previous computer in which it was contained 10 • Include: – they both usually contain malicious instructions • designed to harm a computer and annoy a user – they cause an increasing amount of damage • the more computers the worms or viruses infect the more computers they have access to infect by networking 11 • Include: – protecting themselves by hiding in host programs or changing their appearance to evade detection – destroying evidence of their presence and wrongdoings – spreading through a network, the Internet, software, e-mails or memory devices (such as a rewritable CD) – causing system or network slowdowns 12 • Include: – a virus requires a host program • a worm is an independent program – a virus modifies other programs • a worm usually does not – a virus only executes when the host program is running • a worm is always active 13 • Include: – a virus uses host programs to replicate • a worm replicates itself over a network – a virus needs to be activated or downloaded (such as a virus sent through e-mail, it must be doubleclicked in order for it to be able to run) • a worm does not need to be activated – it will move or copy itself to a computer without the user’s knowledge 14 Virus • requires host program • modifies other programs • only active when host is active • uses host to replicate • requires user involvement to be activated or downloaded Worm • independent program • does not modify other programs • always active and running on the computer • self replicating over a network • copies itself to a computer without the users permission or knowledge 15 • Is a malicious program disguised in a seemingly innocent program • Is an analogy referencing the “Trojan Horse” used by the Greeks to obtain access to the city of Troy – The Greeks were losing in the battle to overtake the city of Troy, so their leader Odysseus, built a seemingly innocent giant wooden horse with a hollow belly, large enough for soldiers to hide in. He offered it to the Trojans as a sign of peace. The Trojans accepted the gift and celebrated their victory. Then at night while they were sleeping, the Greeks snuck out of the horse, which they were hiding in, and took the city of Troy. Trojan Horse: a malicious program disguised inside of another program seemingly beneficial or harmless 16 • Will generally gain access to administrative areas on a computer – once it has gained access to these areas, it will create a back door – this gives the creator of the Trojan horse unauthorized access to the user’s computer and the information it contains • Will sometimes monitor keystrokes and browsing activity – this information is sent to companies sending the user content and information they did not request • Can be discreet – meaning they do not leave any trace of their presence 17 • Began in 1949 when John Von Neumann wrote a paper called “Theory and Organization of Complicated Automata” – this paper assumed a computer program could self-replicate – this theory was later called “Core Wars” 18 • Became a reality in 1982 when the first virus called the “Elk Cloner” was created by Rich Skrenta – The virus created by Skrenta was created as a prank on his friends. He modified floppy disks containing games or software which were swapped within his group of friends. Instead of running the software or game the disk displayed taunting messages. 19 • Was created as what is now known as a boot sector virus – a copy of the virus is downloaded off of a disk when the computer is booted up – then when someone else inserts a disk into the computer, the virus is downloaded to the new disk • Began as an innocent prank – however this prank opened the door for numerous, harmful viruses to be created 20 • Progressed in the 80’s and 90’s, when hackers developed new ways to steal information and inhibit regular computer use • Took significant strides with the following viruses: – “The Brain” in 1986 created in Pakistan by brothers Basit Amjad and Farooq Alvi • this was a boot sector virus and technically the first stealth virus, which means if anyone attempted to view the infected sector, the virus would replace it with the clean, original version of the sector 21 • Stealth Virus: a virus in which if anyone attempts to view an infected sector, the virus will replace it with the clean, original version of the sector • Boot Sector Virus: a virus which copies itself onto a computer off of a disk when the computer is booted up; then when someone else inserts a disk into the computer, the virus is downloaded to the new disk 22 • Has been developed by hackers experimenting with other ideas of viruses and then building on them • Was greatly effected by the “Vienna Virus” – this virus was picked apart by Ralph Burger – he then wrote a book called Computer Viruses: A High Tech Disease 23 • Explained the process of creating a virus • Was widely publicized it • Made computer viruses popular, and hackers began widely creating and distributing viruses 24 • Begins with the idea of computer viruses • Made its first significant stride around 1980 when researchers at Xerox Palo Alto Research center developed the first worm for experimental research – this worm was developed to handle mail, administer diagnostics and execute other functions – was created without malicious intentions 25 • Was created by Robert Morris in 1988 • Was the first worm to be distributed over a network without other users being aware of its presence • Was designed for experimental purposes • Was released onto a network to remain present without negatively affecting the network 26 • Began clogging the network – by multiple versions of the worm being run on the same machine at once – this slowed the system by using all of its processing power, and inhibited new users from accessing the network – Robert Morris went on trial and was convicted and received a fine, probation and community service • Affected approximately 6,000 servers and caused between $10 million to $100 million dollars worth of damage 27 • 1949 – John Von Neumann wrote a paper theorizing a self-replicating computer program • 1980 – Researchers at Xerox Palo Alto Research developed the first experimental worm • 1982 – First virus, “Elk Cloner”, was created by Rich Skrenta • 1986 – “The Brain” was created by brothers Basit and Amjad and Farooq Alvi • 1988 – “The Vienna Virus” was picked apart by Ralph Burger who then wrote a book explaining how to create a virus • 1988 – “Morris Worm” was the first worm was released damaging computers 28 • 1993 – The “SatanBug” was created devastating many computers – the FBI investigated and discovered the creator was a child • 1996 – The “Concept Virus” was released and devastated the computer world – first virus widely affecting Word® documents • 1999 – The “Melissa Worm” was released – this macro devastated many commercial organizations because of their high usage of Word® and Excel® • 2001 – “Code Red” worm was discovered – provided control of the Web server to anyone who knew the security had been compromised 29 • Are at both the state and federal level – meaning a hacker can be prosecuted at the state level if the virus did not leave the state or at the federal level if it crossed state boundaries • if it is prosecuted at the federal level the U.S. Secret Service will generally investigate • Are usually considered a felony • Can be found on http://www.ncsl.org/programs/lis/cip/viruslaws.h tm – this is for individual state legislation 30 • Began in 1986 with the Computer Fraud and Abuse Act – this lays out the prosecution for using the computer for fraud – the punishment varies depending on: • the amount of damage caused by the worm • if the amount of damage caused was intentional – this would be difficult to find evidence • if the worm or virus was created for commercial advantage or personal financial gain – the punishment for such a crime is imprisonment for up to 20 years and/or a fine • the fine is decided by a judge 31 • Was amended in 1994 and 1996 – it was amended because of: • innovative worms and viruses • clarification issues – the fines and punishments remained the same 32 • Arose from distinguishing whether something was a worm, virus or Trojan horse – the legislation was amended so all of the above would fall under the following statement • "transmission of a program, information, code, or command" that "cause[s] damage to a computer, computer system, network, information, data or program." 18 U.S.C. Sec. 1030(a)(5)(A). 33 • Against computer worms and viruses comes from anti-virus software and good judgment from the computer user – use good judgment when opening suspicious emails or downloading attachments • if it really does not look important, then do not open it • viruses in e-mails can find a user’s e-mail list then send itself in an attachment to all of the contacts on the list 34 • May be completed by scanning all disks and files used on another computer before opening files – this is an easy feature contained in anti-virus software • Requires users to scan attachments and downloads from the Internet by an anti-virus software before opening them 35 • Calls for users in a computer lab to clean up or “reboot” a computer before using – this can be done with a simple action called Disk Cleanup • it can be found by going to Start>All Programs>Accessories>System Tools> Disk Cleanup • this removes all potentially harmful temporary Internet files – also be sure to log out when using a public computer 36 • Requires users to back up all important information periodically – in case a virus or worm does destroy all files contained on a computer • Involves users to advise caution when accepting copied software – sometimes software will be considered public domain, where the manufacturer will give it to users at little or no cost – be sure the copied software is from a trusted source 37 • Is the most common form of computer protection against viruses and worms • Was first introduced in 1990 • Needs to be high-quality – there is free anti-virus software on the Internet which will not protect a user’s computer as well as a program paid for • Needs to updated regularly – most software will update itself regularly when connected to the Internet, be sure to install all updates possible 38 • Recommended for Windows® includes: – McAfee VirusScan – Norton AntiVirus ® ® • Recommended for Mac® includes: – McAfee Virex – Intego VirusBarrier – Norton AntiVirus ® ® ® 39 1. List one similarity and one difference of Worms and Viruses. 2. There are two types of computer worms a network worm and a a. b. c. d. server worm host worm Trojan horse Morris worm 40 3. A Trojan horse will generally attempt to gain access of which type of area on a computer? a. administrative b. memory or storage c. network links d. hard drive 4. Imprisonment time for a computer virus can range from 0 to a. b. c. d. 10 years 15 years 20 years 25 years 41 5. The first virus created in 1982 was the ______________ virus: a. Trojan horse b. Morris c. burger d. elk Cloner 6. A virus in which if anyone attempted to view an infected sector, the virus would replace it with the clean, original version of the sector is known as a(n) a. boot sector virus b. stealth virus c. elk Cloner virus d. Morris virus 42 7. A Trojan horse will possibly: a. b. c. d. e. monitor keystrokes monitor browsing activity clog a network both a and b none of the above 8. Computer files generally back themselves up automatically, so there is no need to frequently back up important files. a. true b. false 43 • Computer Fraud and Abuse Act. (2003, January). Retrieved October 9, 2008, from Laws and Texas Tech University System Policies Affecting Computer Use: http://www.depts.ttu.edu/itts/documentation/laws/lpctexts/c fa86.html • Economics. (2008). Retrieved October 9, 2008, from About.Com: http://kb.iu.edu/data/aehm.html • Hacker Marks 25th Anniversary of First Computer Virus. (2007, September 6). Retrieved October 9, 2008, from FOXNews.Com: http://www.foxnews.com/story/0,2933,295813,00.html • Kutner, T. (2007). Tips from Tonna for your PC. Retrieved October 9, 2008, from Computer Lynx: http://www.computer-lynx.com/a-virus-or-worm.htm • Lehtinen, Rick, and G. T. Gangemi. Computer Security Basics, 2nd Edition. O'Reilly, 2006. 44 • • • • • Computer Viruses: Making the Time Fit the Crime. (1997). Retrieved October 9, 2008, from Ford Marrin Esposito Witmeyer & Gleser, L.L.P: http://www.fmew.com/archive/virus/ Fosnock, C. (2005). Computer Worms: Past, Present, and Future. Retrieved October 9, 2008, from East Carolina University: http://www.infosecwriters.com/text_resources/pdf/Computer_Worms_P ast_Present_and_Future.pdf Protecting your computer from viruses. (2007). Retrieved October 9, 2008, from University of Washington: http://www.washington.edu/computing/virus.html#HOW The History of Computer Viruses. (2008). Retrieved October 9, 2008, from Virus Scan Software: http://inventors.about.com/gi/dynamic/offsite.htm?zi=1/XJ/Ya&sdn=inve ntors&cdn=money&tm=10&gps=166_142_1436_695&f=10&tt=14&bt=1 &bts=0&zu=http%3A//www.virus-scan-software.com/virus-scanhelp/answers/the-history-of-computer-viruses.shtml Worms. (2007). Retrieved October 9, 2008, from Cybercrime: http://cybercrime.planetindia.net/worms.htm 45 Production Coordinator: Jessica House Production Manager: Dusty Moore Project Coordinator: Maggie Bigham Executive Producers: Gordon Davis, Ph.D., Graphic Designer: Jeff Lansdell Ann Adams © MMIX CEV Multimedia, Ltd. 46