Computer Virus: “A program that can infect other programs by modifying them to include a version of itself” -- Dr Fred Cohen Compare to an office clerk making two copies of a piece of paper. 30 seconds to copy 30 seconds to pass on In one hour= 1 x copies
Computer Virus Small piece of software that piggybacks on real programs Passes from computer to computer by producing copies of itself Have been around since 1986 When it is running in the memory it looks for programs to add itself to
Executable and boot sector viruses decline Infect boot sector Not as easy now as most program comes on a CD Programs larger Operating systems better
Who Creates Viruses? Students and school children who have recently studied an assembly language Young people who feel the need to feel superior Professional programmers: maybe inferiority complex or unstable Explorers-quick witted programmers who wish to “explore”
© 2004 By Defaulthttp:// Brain V ir u s rauinsViBi
The Brain Virus First PC virus Written in Pakistan Infected the boot sector of 360K floppy disks “Stealth” virus Try to get into RAM, stick to files and sectors, erases files and disks
Other viruses 1987 Lehigh virus: “Memory resident file infector” 1988 Jerusalem Virus: also memory resident and reinfected already infected files 1988: first anti-virus virus was written 1988 Cascade virus, first encrypted virus
And more viruses Polymorphism - encrypted viruses where the decryption routine code is variable Armoring - used to prevent anti-virus researchers from dissembling a virus Multipartite - infects both programs and boot sectors.
Viruses Moves around in an message Replicates itself automatically
Worms Worms Worms
Worms Program that has the ability to copy itself from machine to machine. Small piece of software that uses computer networks and security holes to replicate itself Copies to another computers that has the same specific security hole
2001 Code Red Worm Slowed down the internet The worm scanned for Windows NT or Windows 2000 that didn’t have security patch installed. Copied itself to that server and scanned again
Code Red Designed to: Replicate itself the first 20 days of each month Replace Web pages on infected servers with the page “Hacked by Chinese” Overwhelm the White House Server
How does Code Red Work Unpatched systems had a “buffer overflow” which allowed embedded code to run. It created a sequence of random IP addresses to find other servers. Inspect the time clock and wait for appointed time and send 100 connections to
Morris: Internet Worm Infected more than 6000 computer systems, including NASA research Used errors inn operating systems to propagate. Total losses were 96 million dollars
© 2004 By Defaulthttp://
Trojan Horses A computer program Claims to do one thing, but does damage when you run it (could erase your hard drive) They do not replicate automatically
1989 Trojan Horse: AIDS copies of diskettes shipped marked “AIDS Information Diskette v2” After 90 boot-ups it encrypted all the filenames on your HD, making them invisible and left one file: Send $189 to…
Virus Hoaxes 1988 Mike RoChenle uploaded a message to BBS systems describing a virus that spread on 2400 baud connection. Many users switched to 1200 baud. Other hoaxes: Goodtimes, Aol4Free
1990 DiskKiller Virus PC Today (GB version) shipped diskette with magazine that was infected with DiskKiller Over copies were sold Who is responsible here?
1992 Michelangelo Virus Anti-virus companies made a big deal of this virus, bringing it into the news One US anti-virus company announced on March6 data on over 5 million computers will be destroyed Reality: about computers infected
Other Key Dates 1992: First Windows Virus released 1994: Virus gets on master disk of CD when preparing a batch of CDs-can only destroy the CDs. 1994: “OneHalf” a popular Russian virus
Latest Viruses W32.Zafi.B.Iworm W32.Sasser.A.Worm
And so it continues 1995: Concept virus for Word 1996: Windows95 virus 1996: Excel/Word virus that was based on Macros (Basic programs) 1997: Office 97 Viruses 1997: Homer, first network worm virus using FTP
1998 “Red Team” virus infects Windows EXE-files and sends infected files through : I love you virus, when opened, sent to everyone in your address book.
Protect Yourself against Viruses Run secure OS like UNIX or use virus protection software Never run macros unless you know their source. Never run executable attachments Show extensions Backup
Why do we have viruses? Psychology that drive vandals The thrill of watching things blow-up Bragging rights Started when PCs were common, then had BBC, then floppy disk, then Internet.
© 2004 By Defaulthttp:// Attachments Virus Protection Scanning Backup Show Extensions Worms Latest Version Integrity Checking Interception Source? Downloads Trojan Horses
Scanning Scanning: looks for know viruses by characteristics similar to existing viruses or signature recognition Dangerous to depend on old SW False alarms Needs a clean boot
Integrity Checking Record information about your system to check against later Compares your system to the “base”information to detect changes
Interception Pop up warnings when a request is made to install itself as a resident program Useful for simple logic bombs and Trojan horses
Sources Slade, Robert. Earliest History of Viral Programs. What is a computer virus? The History of Computer Viruses-A Timeline. Computer Knowledge Virus Tutorial.