Computer Viruses

advertisement
By: Jason Boylan and Jeff George
COMPUTER VIRUSES
Table of Contents
 Definition
 History
 Vulnerability
 How it works
 Types of viruses
 Virus Removal
 Summary
Virus Definition
 Self replicating
computer program
 Potentially unknown to
user
 Potentially self
modifying
 Programmed to
damage computer in
someway or just be a
nuisance to user
What do viruses do?
 The bottom line: they
damage your
computer; possibly
crash your system.
 Examples: corrupting
programs, deleting
files, or reformatting
the hard disk.
History
 1970’s – ARPANET Creeper virus
 1980’s – Elk Cloner, Pakistani flu, Stoned,
Jerusalem, Morris worm
 1990’s – Chameleon, Michelangelo, CIH,
Melissa worm, ExploreZip
 2000 and beyond - ILOVEYOU, Sadmind,
Sircam, Nimda, Klez, Code Red, Blaster
Worm, Welchia, MyDoom, Sasser worm,
Santy, Sony rootkit
History I (1970)
 ARPANET Creeper
virus
 Simply displayed 'I'M
THE CREEPER : CATCH
ME IF YOU CAN.‘ when
it infected a system
History II (1980)
 Elk Cloner, first virus that was a
very large outbreak and outside
of computer system in which it
was created. It was made on the
Apple II and took advantage of
the boot sector of a floppy disk
and would copy itself to
memory, simply displayed a
message every 50th boot
 Pakistani Flu, also took
advantage of the boot sector
this virus was developed as an
anti-piracy measure because if it
spread to a disk then it would
simply rename the disk label to
©Brain
 Stoned, another nuisance virus
that slowed down the users
computer and would display the
message “Your PC is now
Stoned!” at startup
 Jerusalem, There are many spin
offs of this virus and all seem to
follow the pattern that on
certain days or times this virus
will execute and make itself
known, typically every Friday the
13th
History III (1980 - 1990)
 Morris worm, was originally
developed to try to find out
the size of the internet but
ended up slowing down
systems because a design
flaw caused the virus to copy
itself too much, it took
advantage of a few
commands to overflow the
buffer and write to memory it
shouldn’t have access to,
made by Robert Morris
 ExploreZip, E-mail virus,
would destroy Office
documents and C and C++
source files
History VI (2000 and beyond)
 ILOVEYOU, would spread
by e-mailing itself to
everyone on the infected
users e-mail contacts,
people would unknowingly
open the attached virus
thinking it was from a
trusted source the virus
would overwrite important
files and media files
 SadMind, exploited OS
weaknesses
 Sircam, Nimda, Klez, Code
Red, all e-mailers
 Blaster Worm, a worm to




perpetrate a DDoS attack
against
windowsupdate.com
MyDoom, fastest
spreading e-mail virus
Sasserworm, propagated
by windows port exploit
Santy, used google to find
new targets
Sony rootkit, a virus that
was put on sony CD’s to
prevent piracy
Vulnerability
 Diversity in software
lowers vulnerability
 Standardization is bad
because it means that
everyone using the same
software are all vulnerable
 Users of Microsoft Office
and Internet Explorer are
typically more vulnerable
because of their
widespread use
 Mac’s are less vulnerable
because of low market
share in PC’s
How do they do it?
 In order to replicate itself, the virus needs the
permission to execute code and write to
memory.
 They attach themselves to an executable file
of a legitimate program.
 When the user runs that program, the virus
code is executed.
 Sometimes only the virus code is executed.
Two types of Viruses
1. Non Resident Viruses


Finder module
Replication module
2. Resident Viruses
Non Resident Viruses
 It constantly looks for suitable files that can
be infected. Then infects it and the file is then
ready to execute damage.
 It consists of two distinct components to do
the task.
 The Finder Module is the component that
looks for potential prey (files to infect). Then
calls the Replication Module to infect that
particular file.
Resident Viruses
 Resident viruses do not have distinct
components like the finder module.
 Instead it loads the replication module into
memory and starts working in the background.
 Each time the operating system is called to
perform an action the replication module is
called.
 So then, every suitable program that is executed
on the computer is a possible prey to infection.
Methods to avoid detection
 Both types of viruses discussed previously
remain hidden. The below are possible tricks
for remaining hidden.
1.
The virus might pretend to be “Hot_Girls.jpeg” and get into your
computer. But really, it is “Hot_Girls.jpeg.exe.”
2.
Some viruses have the ability to keep the “last modified date”
unchanged after altering the content of the file.
3.
Stealth: Some viruses have the ability to intercept an anti-virus
software’s request to the operating system. So the anti-virus
requests a read permission to the virus instead of the os. Then the
virus returns an uninfected version of the file and remains
undetected.
The Computer is infected. What can
I do now?
 First of all, it is very important you don’t just ignore it
because at some point you will not be able to.
 Also, be prepared to lose some data.
 You can do one of two things?
1.
2.
Virus removal
Operating System Reinstallation
Virus Removal - 1
The simplest method:
in most windows
machines (Windows
me, xp or vista) there
is the System Restore
tool. This tool will
restore the registry
and critical system
files to a previous
checkpoint.
Virus Removal - 2
Software that can detect
and eliminate viruses.
However, these softwares,
usually only detect know
viruses and hence has its
limitations. So, its best to
get the newest anti-virus
software available.
Virus Removal - 3
Operating System Reinstallation
 This is the final means of deleting virus. This method will
also kill not some but all your data and gives you a fresh
start. However, this method is typically guaranteed to
remove the virus.
 It involves simply reformatting the OS partition and
installing the OS from its original media.
 The recovery disk might have come with the computer
when first bought or you might have to purchase one.
In Summary
 Viruses infect systems by:
1. Appending to a program
2. Copying themselves to other programs
3. Distributing themselves without the users
knowledge
 They can be very harmful to a system and cost
users a lot of money
 To stay protected keep up to date with anti-virus
software and if you suspect infection don’t
ignore it
Download