Stan VanDruff svandru@crosslink.net

• Malicious Code
• Dropper
• Logic Bomb
• Time Bomb
• Trojan Horse
• Worm
• Virus

Any program that causes damage or otherwise compromises a computer system. Could be a virus, Trojan horse, dropper, bomb, etc.

A program which has a legitimate use, but contains viruses which are secretly planted in a system. Droppers may actually be commercial software hacked to drop viruses.
Definition from https://infosec.navy.mil/COMPUSEC/glossary.html

A program which executes on the occurrence, or lack of occurrence of a set of system conditions. Classic examples are programs which cease functioning if the programmer's name is removed from the company's payroll list.
Definition from https://infosec.navy.mil/COMPUSEC/glossary.html

A logic bomb activated after a certain amount of time, or on a certain date. The classic example is a program that ceases functioning on a given date, as a control for leasing it.
Such a program is often re-activated by an appropriate password.
Definition from https://infosec.navy.mil/COMPUSEC/glossary.html

A program that neither replicates or copies itself, but does damage or compromises the security of the computer. Typically it relies on someone emailing it to you, it does not email itself. It may arrive in the form of a joke program or software of some sort.
Definition from http://www.symantec.com/avcenter/refa.html

A program that makes copies of itself, for example from one disk drive to another, or by copying itself using email or some other transport mechanism. It may do damage and compromise the security of the computer. It may arrive in the form of a joke program or software of some sort.
Definition from http://www.symantec.com/avcenter/refa.html

A program or code that replicates, that is infects another program, boot sector, partition sector, or document that supports macros by inserting itself or attaching itself to that medium. Most viruses just replicate, a lot also do damage.
Definition from http://www.symantec.com/avcenter/refa.html

• Joke
• Myth
• Scam
• Hoax

A harmless program that causes various benign activities to display on your computer (e.g., an unexpected screen-saver, turning your
CDROM into a cup holder).
Definition from http://www.symantec.com/avcenter/refa.html

• An Often Lurid Story or Anecdote That Is Based on Hearsay and Widely Circulated As True
– Aids Needles
– 602P Email Tax
– Stolen Kidney
– Klingerman Postal Virus
• For More Info, Visit http://www.scambusters.org/Scambusters22.html
Definition from http://www.merriamwebster.com/

• A Fraudulent or Deceptive Act or Operation
– Pay Per Minute (809) Scam
– Free Credit Cards
– Pyramid Schemes
• For More Info, Visit http://scambusters.org/
Definition from http://www.merriamwebster.com/

Usually an email that gets mailed in chain letter fashion describing some devastating highly unlikely type of virus, you can usually spot a hoax because there's no file attachment, no [valid] reference to a third party who can validate the claim and the general 'tone' of the message.
Definition from http://www.symantec.com/avcenter/refa.html

• Good Times
• Deeyenda
• Bud Frogs
• Naughty Robot

• "VIRUS WARNING !!!!!!!
• If you receive an email titled “It Takes Guts to Say ‘Jesus’” DO NOT open it. It will erase everything on your hard drive. Forward this letter out to as many people as you can. This is a new, very malicious virus and not many people know about it. This information was announced yesterday morning from IBM; please share it with everyone that might access the internet.
• Once again, pass this along to EVERYONE in your address book so that this may be stopped.
• Also, do not open or even look at any mail that says “RETURNED OR
UNABLE TO DELIVER.” This virus will attach itself to your computer components and render them useless. Immediately delete any mail items that say this. AOL has said that this is a very dangerous virus and that there is NO remedy for it at this time. Please practice cautionary measures and forward this to all your online friends ASAP.

•
"VIRUS WARNING !!!!!!!
• If you receive an email titled “It Takes Guts to Say ‘Jesus’” DO NOT open it. It will erase everything on your hard drive. Forward this letter out to as many people as you can. This is a new, very malicious virus and not many
from IBM; please share it with everyone that might access the internet.
• Once again, pass this along to EVERYONE in your address book so that this may be stopped.
• Also, do not open or even look at any mail that says “RETURNED OR
UNABLE TO DELIVER.” This virus will attach itself to your computer components and render them useless. Immediately delete any mail items that say this. AOL has said that this is a very dangerous virus and that there is NO remedy for it at this time. Please practice cautionary measures and forward this to all your online friends ASAP.

•
"VIRUS WARNING !!!!!!!
• If you receive an email titled “It Takes Guts to Say ‘Jesus’” DO NOT open it. It will erase everything on your hard drive .
Forward this letter out to as many people as you can. This is a new, very malicious virus and not many people know about it. This information was announced yesterday morning from IBM;
• please share it with everyone that might access the internet.
be stopped.
• Also, do not open or even look at any mail that says “RETURNED OR UNABLE
TO DELIVER.” This virus will attach itself to your computer components and render them useless .
Immediately delete any mail items that say this. AOL has said that this is a very dangerous virus and there is NO remedy for it at this time. Please practice cautionary measures and forward this to all your online friends ASAP.

•
"VIRUS WARNING !!!!!!!
• If you receive an email titled “It Takes Guts to Say ‘Jesus’” DO NOT open it. It will erase everything on your hard drive .
Forward this letter out to as many people as you can. This is a new, very malicious virus and not many people know about it.
This information was announced yesterday morning from IBM ; please share it with everyone that might access the internet.
•
Once again, pass this along to EVERYONE in your address book so that this may be stopped.
•
TO DELIVER.” This virus will attach itself to your computer components and render them useless. Immediately delete any mail items that say this.
AOL has said that this is a very dangerous virus and there is NO remedy for it at this time.
Please practice cautionary measures and forward this to all your online friends
ASAP.

•
"VIRUS WARNING !!!!!!!
• If you receive an email titled “It Takes Guts to Say ‘Jesus’” DO NOT open it. It will erase everything on your hard drive .
Forward this letter out to as many people as you can .
This is a new, very malicious virus and not many people know about it. This information was announced yesterday morning from
IBM; please share it with everyone that might access the internet.
•
Once again, pass this along to EVERYONE in your address book so that this may be stopped.
• Also, do not open or even look at any mail that says “RETURNED OR UNABLE
TO DELIVER.” This virus will attach itself to your computer components and render them useless. Immediately delete any mail items that say this. AOL has said that this is a very dangerous virus and there is NO remedy for it at this time. Please

• Think First
• Most email virus warnings are hoaxes
• Suspect it unless it originates from your computer security group or your ISP
• Check these sites before passing it on: http://www.stiller.com/hoaxes.htm
http://vil.nai.com/VIL/hoaxes.asp
http://www.sophos.com/virusinfo/hoaxes/ http://www.vmyths.com/ http://www.virusbtn.com/Hoax/hoaxlist.html

• Boot Sector
– Targets bootable hard drives and floppies
• File Infectors
– Target executable files (e.g., .exe, .sys, com)
• Macro Virus
– Target Microsoft Word or Excel documents
• Email Worms
– Use Your Email Software to Spread Like Wildfire

• May be hidden in HTML web documents:
– ActiveX
– Java (not Java Script)
– VB Script
• Make sure your browser does not automatically execute any Microsoft Office files
• Set browser security settings to high

• Email Attachments
• Shareware
• Internet Downloads
• Friends
• Commercial Software

1) Curiosity
2) Ignorance
3) Global connectivity
4) Friends share everything
5) Complex software gives programmers more options to create and spread viruses

• Email from strangers makes us feel important
• We want something for nothing
• We’re a little gullible too:
– From the email that contains the X97M.Papa.A Excel
Macro Virus:
Urgent info inside. Disregard macro warning.

Yes (Symantec April ’01)
– “Norton AntiVirus protects you from
49,250 viruses ”
– Reported 62 new discoveries in April
No (Wildlist March ’01)
– 225 distinct viruses verified by at least two participants
– 652 verified by one participant
Sources: http://www.symantec.com/avcenter/ http://www.wildlist.org/WildList/200104.htm

• WildList Organization
– 63 Professional reporters
– Only monthly, but going real-time
– Real threats, not academic curiosities
– Attempting to standardize virus names
– As of april 30, there were 662 viruses reported by at least 1 participant. 222 were reported by at least
2 participants.

• VBS.VBSWG2.X
5/08/2001
• W32.Badtrans
• W32.Magistr
4/11/2001
3/13/2001
• W32.HLLW
• W95.Hybris
10/09/2000
9/25/2000
Source: http://www.symantec.com/avcenter/ (May 4, 2001)

• Infects Explorer.exe.
• Obtains the name of the computer.
• Retrieves the current user's email name and address.
• Chooses a random number of words from a
*.doc or *.txt file to construct the subject and body of an email.
• Sends email to names from your address book.

• If the computer has been infected for one month and meets other criteria, the virus
– Erases CMOS and Flash BIOS
(Windows 9x/Me only)
– Overwrites every 25th file with [unpleasant] text as many times as it will fit
– Deletes every other file
– Displays [an unpleasant] message
– Overwrites a sector of the first hard disk

• Upgrade your current anti-virus software and get the latest virus definitions
• Download a trial version of anti-virus software
• Run Norton Virus Check online
• Whichever option you choose, do it ASAP

• Effective
– Virus Bulletin 100% List
• Easy to use
– Understandable interface and settings
– Simple or automatic upgrades/updates
• Updated often

• Scan weekly
• Use auto-protect feature for email and Internet downloads
• Scan email attachments again (just in case)

• Update Anti-virus weekly (yes, weekly)
• Also keep these programs up to date:
– Email client (especially Outlook)
– MS Office (especially MS Word)
– Windows 95/98/NT/2000/MacOS/Linux
– Internet Browser

• Commercial Software, Shareware, Friends, and
Internet Downloads—beware of
– Bonus software or free gifts
– Unknown or questionable sources
• Scan everything !

• Email—it is now possible to spread a virus in an email without attachments. If your email program can read
HTML email, check your settings.
• Also beware of
– Email from unknown senders
– Unexpected attachments
– Promises that are too good to be true
– Senders who tell you to ignore virus warnings
– Subject lines or file names that are risqué or otherwise enticing
– Attachments with macros no matter the source

• Microsoft Word, Excel, and Powerpoint have built-in macro virus protection:
On the Tools menu, click Macro, and then click
Security. Make sure low security is not selected.
• Write-protect the global template Normal.Dot
• Visit http://office.microsoft.com/ and search on “Virus”

• MS Word
– Only Word documents or templates can carry viruses; TXT files and RTF files cannot. However, one can simply rename a *.doc file with the *.rtf extension to fool some (all?) anti-virus programs.
Set your anti-virus scanner to check all file types— at least add *.rtf and *.txt.

• Practice safe computing (trust no one)
• Use anti-virus software
• Keep your software up to date

Stan VanDruff svandru@crosslink.net