Study of Computer Virus Worms Sampath Yerramalla 04/17/02
Survey Virus Appearance –National Press –Faster than in papers Melissa The Love Letter Anna Kournikova Vulnerabilities –Computer hardware based on single trusted user –Software loop-holes Research : Any machine with almost any OS can support virus
Difference Virus –A computer program that replicates by attaching itself to some other object –Usually small size programs ( 3-30k ) –Designed to evade detection Worm –First reported ed by John Shoh and Jon Hupp of XEROX PARC –Sends itself to other systems –Bigger in size than virus –More abilities –Not easy to write
Virus Spread Medium –Hard disk –Floppy disks –Tape –Optical media –Memory Internet – attachments –.exe.bat.vbs Incentive and trap –Money –Sex –Humor Research : One in every five hundred messages contain a virus.
Types Effect on OS, programming used and size. –Boot sector virus –Polymorphic virus –Time Bomb –Shell virus –Add-on virus –Trojan horse –Internet worms
Polymorphic virus Mutates Hard to detect All parts of the multipartite virus needs to be cleaned Different kinds of damages Amusing screen displays Unusual sound displays System reboots Reformatting the hard disk
Shell Virus Uninfected Program Infected Program
Add-on Virus Uninfected Program Infected Program
Trojan Horse A program that hides it true intention attachments Trick into installing malicious software –Droppers –Backdoors Hackers –Subseven –Back Orifice –Netbus
Internet Worms Use complex e-mal functions and network software Steals addresses from your address book New hosts through un-protected system drives W32/ska VBS/Netlog W32/Explorezip W32/Qaz W32/SaddamHussain,…… Virus Hackers
Hackers attack Microsoft
Virus programmers Common languages to create virus –Assembler –C–C –Visual Basic –Java Unfortunately, virus are created by people for all usual reasons –Dirty tricks –Make a living Fortunately, not all virus programmers aren’t in “ boy or girl genius league ”.
Viral Signatures Repeated infection – early detection Unique virus signatures Mixed blessing –Fake Viral signatures to protect against virus
Why should I care ? Reproduce –Stealing addresses from your Address Book –Write files to a Local directory / Network computer –Appears to be done by you Un-authorized Access –Passwords –Credit card numbers –Destroy the computer –Computer un-usable Allow other people (anywhere on internet), to get control of your computer
Have I Been a Victim ? Reproduction stage Alert box Too late Virus hoax are common than virus itself
Getting Rid of Virus Virus code is tagged at the end of a program Placed in the empty slots of a program Both types can be cleaned Unfortunately, virus world doesn’t end here Some virus replace the program code with their own code Can’t be cleaned, hence deleted
Getting Rid of Virus… Some can be removed Others may require part or all of the OS to be removed or re-installed Retrieval of files Damage cannot be undone
Prevention better than any cure Technical measures –Anti-virus software –Update Check mail-servers Reject all s of dangerous or unknown extensions Suspect even safe extensions Disabling functions Removing windows script hosting
Do’s and Don’ts A lways update your anti-virus software at least weekly B ack up your important files and ensure that they can be restored C hange the computer's boot sequence to always start the PC from its hard drive D on't share Drive C: without a password and without read-only restrictions E mpty floppy drives of diskettes before turning on computers, especially laptops F orget opening unexpected attachments, even if they're from friends G et trained on your computer's anti-virus software and use it
Do’s and Don’ts…. H ave multiple backups of important files I nstall security updates for your operating system and programs as soon as possible J ump at the chance to learn more about your computer. This will help you spot viruses K nowledge is contagious, infect the truth
References I’ll include them in the term paper ! Sampath Yerramalla