Kellogg Institute Developmental Education 101 Hunter R. Boylan, Ph.D. Presenter.
By: Jason Boylan and Jeff George. Table of Contents Definition History Vulnerability How it...
-
Upload
anne-farmer -
Category
Documents
-
view
216 -
download
0
Transcript of By: Jason Boylan and Jeff George. Table of Contents Definition History Vulnerability How it...
COMPUTER VIRUSESBy: Jason Boylan and Jeff George
Table of Contents
Definition History Vulnerability How it works Types of viruses Virus Removal Summary
Virus Definition
Self replicating computer program
Potentially unknown to user
Potentially self modifying
Programmed to damage computer in someway or just be a nuisance to user
What do viruses do?
The bottom line: they damage your computer; possibly crash your system.
Examples: corrupting programs, deleting files, or reformatting the hard disk.
History
1970’s – ARPANET Creeper virus 1980’s – Elk Cloner, Pakistani flu,
Stoned, Jerusalem, Morris worm 1990’s – Chameleon, Michelangelo,
CIH, Melissa worm, ExploreZip 2000 and beyond - ILOVEYOU,
Sadmind, Sircam, Nimda, Klez, Code Red, Blaster Worm, Welchia, MyDoom, Sasser worm, Santy, Sony rootkit
History I (1970)
ARPANET Creeper virus
Simply displayed 'I'M THE CREEPER : CATCH ME IF YOU CAN.‘ when it infected a system
History II (1980)
Elk Cloner, first virus that was a very large outbreak and outside of computer system in which it was created. It was made on the Apple II and took advantage of the boot sector of a floppy disk and would copy itself to memory, simply displayed a message every 50th boot
Pakistani Flu, also took advantage of the boot sector this virus was developed as an anti-piracy measure because if it spread to a disk then it would simply rename the disk label to ©Brain
Stoned, another nuisance virus that slowed down the users computer and would display the message “Your PC is now Stoned!” at startup
Jerusalem, There are many spin offs of this virus and all seem to follow the pattern that on certain days or times this virus will execute and make itself known, typically every Friday the 13th
History III (1980 - 1990)
Morris worm, was originally developed to try to find out the size of the internet but ended up slowing down systems because a design flaw caused the virus to copy itself too much, it took advantage of a few commands to overflow the buffer and write to memory it shouldn’t have access to, made by Robert Morris
ExploreZip, E-mail virus, would destroy Office documents and C and C++ source files
History VI (2000 and beyond) ILOVEYOU, would spread
by e-mailing itself to everyone on the infected users e-mail contacts, people would unknowingly open the attached virus thinking it was from a trusted source the virus would overwrite important files and media files
SadMind, exploited OS weaknesses
Sircam, Nimda, Klez, Code Red, all e-mailers
Blaster Worm, a worm to perpetrate a DDoS attack against windowsupdate.com
MyDoom, fastest spreading e-mail virus
Sasserworm, propagated by windows port exploit
Santy, used google to find new targets
Sony rootkit, a virus that was put on sony CD’s to prevent piracy
Vulnerability
Diversity in software lowers vulnerability
Standardization is bad because it means that everyone using the same software are all vulnerable
Users of Microsoft Office and Internet Explorer are typically more vulnerable because of their widespread use
Mac’s are less vulnerable because of low market share in PC’s
How do they do it?
In order to replicate itself, the virus needs the permission to execute code and write to memory.
They attach themselves to an executable file of a legitimate program.
When the user runs that program, the virus code is executed.
Sometimes only the virus code is executed.
Two types of Viruses
1. Non Resident Viruses Finder module Replication module
2. Resident Viruses
Non Resident Viruses
It constantly looks for suitable files that can be infected. Then infects it and the file is then ready to execute damage.
It consists of two distinct components to do the task.
The Finder Module is the component that looks for potential prey (files to infect). Then calls the Replication Module to infect that particular file.
Resident Viruses
Resident viruses do not have distinct components like the finder module.
Instead it loads the replication module into memory and starts working in the background.
Each time the operating system is called to perform an action the replication module is called.
So then, every suitable program that is executed on the computer is a possible prey to infection.
Methods to avoid detection Both types of viruses discussed
previously remain hidden. The below are possible tricks for remaining hidden.
1. The virus might pretend to be “Hot_Girls.jpeg” and get into your computer. But really, it is “Hot_Girls.jpeg.exe.”
2. Some viruses have the ability to keep the “last modified date” unchanged after altering the content of the file.
3. Stealth: Some viruses have the ability to intercept an anti-virus software’s request to the operating system. So the anti-virus requests a read permission to the virus instead of the os. Then the virus returns an uninfected version of the file and remains undetected.
The Computer is infected. What can I do now?
First of all, it is very important you don’t just ignore it because at some point you will not be able to.
Also, be prepared to lose some data.
You can do one of two things?
1. Virus removal
2. Operating System Reinstallation
Virus Removal - 1
The simplest method:
in most windows machines (Windows me, xp or vista) there is the System Restore tool. This tool will restore the registry and critical system files to a previous checkpoint.
Virus Removal - 2
Software that can detect and eliminate viruses. However, these softwares, usually only detect know viruses and hence has its limitations. So, its best to get the newest anti-virus software available.
Virus Removal - 3
Operating System Reinstallation
This is the final means of deleting virus. This method will also kill not some but all your data and gives you a fresh start. However, this method is typically guaranteed to remove the virus.
It involves simply reformatting the OS partition and installing the OS from its original media.
The recovery disk might have come with the computer when first bought or you might have to purchase one.
In Summary
Viruses infect systems by: 1. Appending to a program2. Copying themselves to other programs3. Distributing themselves without the
users knowledge They can be very harmful to a system
and cost users a lot of money To stay protected keep up to date with
anti-virus software and if you suspect infection don’t ignore it