Computer viruses
© 2007 Abonyi-Tóth Zsolt, SZIE ÁOTK
How do they formed?
 Expert programmers
 Not so expert programmers modify the
existing viruses
– or somebody downloads a virus generator
from the internet
 Computers don’t write viruses on their
own! Forget Darvin and evolution!
Why people write PC viruses?
 Looking for some attention…
 Joking
 To try: am I able to do it?
 Terrorist activities
 Punishment of illegal software usage
 Marketplace for virus-killers (!)
 Money (!!!) (spam)
 Collecting information
– passwords, names, addresses, shopping habit
The definition of computer
viruses
 Programs, which are able to spread –
they send their own copies to other
computers (without telling it to the
owner of the computers)
– Several phenomenon from annoying
messages to deleted hard drives
Groups of viruses
Groups
(not exhaustive)
Trojan
Virus
Backdoor
Logical bomb
time bomb
Hardware
virus
(built-in)
False virus
(bug)
User
S. User
Hoax
Chain letter
Spam
Tasks of viruses
 Spreading
 Destructing
Spreading
Spreading
Program
virus
Boot
virus
Macro
virus
Boot
sector
virus
Partition
table
virus
MBR
virus
Attachment
Script
E-mail
User
Web
Picture
(jpg)
Open
port
Security
hole
Spreading
Spreading
Spreading 2
Spreading 2
What to infect?
 Windows PCs (more frequently)
 Linux PCs, MAC OS computers will be
more frequent, as the usage of them will
be more frequent
 Smart phones (bluetooth)
 PDA – may be infected when
synchronized with a PC.
 Fridge?
Dangerous things
 E-mail – attachment or script
 Internet
– downloaded programs
– warez, porn sites!!!
– just being connected
– false sites (phising)
 Programs (incl. screen savers)
 Documents, tables
 Floppies, CDs – boot
 Pictures (?)
E-mail
 Attachment
 Just reading (script)
– M$ programs – download security updates
frequently!!!
– Good old Netscape…
World Wide Web
 ActiveX – digital signature may protect, but it
can be very dangerous
 VBS script – may be dangerous
 Warez sites
 Porno sites
 False servers (phising)
 Back door (e.g. Back Orifice)
 Cookie – remembers your habit
Destruction










Asks to send a postcard to a Swedish girl
Plays some music at 5 PM
Modifies data in Excel
Doesn’t allow to save the Word document
Deletes or rewrites files
Formats the hard disk
Destroys hardware
Overloads the network
Fills the hard disk
Sends thousands of advertisements in e-mail (using
thousands of PCs in a remote controlled zombie
network)
Recognizing the infection
 Unusual behavior
– It can be anything, avoid false alarm!
 Change in the length or other attributes
of files
 Programs start or run slower
 Something tries to write to a writeprotected device
Recognizing the infection
 Less memory, bad sectors on HDD
 Missing files
 Automatic reboot
 Unusual things on the screen
 (Previously) error-free programs don’t
start or freeze
 Unusual network activity, rebounding emails, mail client starts automatically
Protection
 No sure protection!!!







Information (e.g. www.antivirus.com)
Use frequently updated virus-killer
Use firewall
Use ad-aware removal tool
Create backup copies
Use a virtual PC
Shouldn’t answer suspicious mails (what is your
password, account number, etc.)
 Shouldn’t unsubscribe from suspicious mailing lists.
Protection








Save to RTF (TXT) and CSV format
Shouldn’t use unknown program
Forward the warnings to your system admin only
Windows Scripting Host should be switched off
(Extension vbs should be unknown)
Check for the security updates
Shouldn’t allow the PC to boot from floppy or CD
Floppy, pen drive should be write protected if you
insert to an unfamiliar PC
Back up your data frequently
Programs which protect
 Virus scanner
– On-demand
– On-access
– Check-sum, heuristic search, sandbox
 Firewall
 Adware and trojan remover
 Virtual PC
 Hardware: broadband router
(firewall or simply NAT)
Reduce of injury
 Backup copies of important programs
and data
– Far away, several copies
When the user infects
 Hoax
 Pyramid scheme, chain letter
Hoax
 Warning – new, very dangerous virus!
 You shouldn’t read the letter with subject...
 The warning is originated from an ISP (e.g.
AOL), corporation (Microsoft, IBM) or
government service (Pentagon, FCC)
 Technological terminology like expressions
(e.g. n-order infinite loop)
 You should forward this letter...
– Overload
– May become true (Good Times)
Hoax2
 Blood is needed for a child! Give blood!
 The child will get USD 1 from AOL for all
forwarded e-mails
 Puppies will be killed! Adopt them!
 You will get a laptop or new mobile
phone...
Chain letter
 Send it for 20 friends to be lucky, other
ways you will lose everything...
 The Matchu Pitchu is a product of
aliens, see the picture... Tell it
everyone...
 What a beautiful flowers/girls/men/cars/
hills/puppies/... are in this presentation
 The best jokes of the world...
Phising
 False letter from your bank – log in, type your
name, password, account number...
 Banks, ISPs NEVER send such e-mails!
 The link is false, it points to a server, which
copies the looking of the original
 Just type your data... Money transfer will be
started from your account on the real server
in a few minutes!
 The URL of the bank should be typed always!
No link, no bookmark!!! (A problem with the
DNS server may be still dangerous)
Phising2
 Similar, but they ask for your e-mail
login name and password
 Do you want to allow others to send
advertisements or pornographic pictures
from your account?
 Firewalls and IE7 (other browsers?) try
to protect
Social engineering
 Similar to phising!
 You have a phone call. A sexy voice
tells, she is an administrator in your
bank and needs your account number
and password to check something...
 Do you trust people? You shouldn’t!!!