Computer Viruses - PowerPoint PPT Presentation

1 / 23
About This Presentation
Title:

Computer Viruses

Description:

2000 - DDoS, Love Letter, Timofonica, Liberty (Palm), Streams, & Pirus: The ... In May the Love Letter worm became the fastest-spreading worm (to that time) ... – PowerPoint PPT presentation

Number of Views:87
Avg rating:3.0/5.0
Slides: 24
Provided by: hrickj
Category:

less

Transcript and Presenter's Notes

Title: Computer Viruses


1
Computer Viruses
  • Jarvis Diggs
  • MIS 100-150
  • jd_soldja_at_yahoo.com

2
Table of Contents
  • Definition
  • History of viruses
  • Virus Behavior
  • Number of Viruses
  • Virus Names
  • How Viruses Infect
  • What Viruses Infect
  • Virus Carriers
  • Company Solutions
  • Prevention Methods
  • Anti-Virus Software
  • Personal Interview
  • Bibliography

3
Definition
  • "A parasitic program written intentionally to
    enter a computer without the users permission or
    knowledge. The word parasite is used because a
    virus attaches to files or boot sectors and
    replicates itself, thus continuing to spread.
    Though some virus's do little but replicate
    others can cause serious damage or effect program
    and system performance. A virus should never be
    assumed harmless and left on a system." 1
    -Symantec

1. www.symantec.com
4
History of Viruses
  • In the late 1980's, computer viruses were first
    widely recognized due to several factors.
  • the spread of personal computers
  • the use of computer bulletin boards
  • the floppy disk2
  • Over the years several prominent viruses have
    been recognized and recorded as follows

2. www.howstuffworks.com
5
History of Viruses3
  • 1981 - The First Virus In The Wild - It was
    spread on Apple II floppy disks (which contained
    the operating system) and reputed to have spread
    from Texas AM.
  • 1983 - The First Documented Experimental Virus -
    Fred Cohen's seminal paper Computer Viruses -
    Theory and Experiments from 1984 defines a
    computer virus and describes the experiments he
    and others performed to prove that the concept of
    a computer virus was viable.
  • 1986 - Brain, PC-Write Trojan, Virdem - Two
    brothers from Pakistan analyzed the boot sector
    of a floppy disk and developed a method of
    infecting it with a virus dubbed "Brain. Because
    it spread widely on the popular MS-DOS PC system
    this is typically called the first computer
    virus. That same year the first PC-based Trojan
    was released in the form of the popular shareware
    program PC-Write. Virdem was also found this
    year it is often called the first file virus.

6
History of Viruses
  • 1987 - File Infectors, Lehigh, Christmas Worm
    In November, the Lehigh virus was discovered at
    Lehigh University in the U.S. It was the first
    "memory resident file infector"
  • 1988 - MacMag, Scores, Internet Worm MacMag,
    a Hypercard stack virus on the Macintosh is
    generally considered the first Macintosh virus
    and the Scores virus was the source of the first
    major Macintosh outbreak. The Internet Worm
    (Robert Morris' creation) causes the first
    Internet crisis and shut down many computers.
  • 1989 - AIDS Trojan This Trojan is famous for
    holding data hostage.
  • 1990 - VX BBS Little Black Book (ATT Attack)
    The first virus exchange (VX) BBS went online in
    Bulgaria.
  • 1991 Tequila Tequila was the first
    polymorphic virus it came out of Switzerland and
    changed itself in an attempt to avoid detection.

7
History of Viruses
  • 1992 - Michelangelo, DAME, VCL Michelangelo
    was the first media darling. The same year the
    Dark Avenger Mutation Engine (DAME) became the
    first toolkit that could be used to turn any
    virus into a polymorphic virus. Also that year
    the Virus Creation Laboratory (VCL) became the
    first actual virus creation kit.
  • 1995 - Year of the Hacker Hackers attacked
    Griffith Air Force Base, the Korean Atomic
    Research Institute, NASA, Goddard Space Flight
    Center, and the Jet Propulsion Laboratory. GE,
    IBM, Pipeline and other companies were all hit by
    the "Internet Liberation Front" on Thanksgiving.
  • 1995 Concept The first macro virus to attack
    Word, Concept, is developed.
  • 1996 - Boza, Laroux, Staog Boza is the first
    virus designed specifically for Windows 95 files.
    Laroux is the first Excel macro virus. And, Staog
    is the first Linux virus.
  • 1998 - Strange Brew Back Orifice Strange Brew
    is the first Java virus. Back Orifice is the
    first Trojan designed to be a remote
    administration tool that allows others to take
    over a remote computer via the Internet.

8
History of Viruses
  • 1999 - Melissa, Corner, Tristate, Bubbleboy
    Melissa is the first combination Word macro virus
    and worm to use the Outlook and Outlook Express
    address book to send itself to others via E-mail.
    Corner is the first virus to infect MS Project
    files. Tristate is the first multi-program macro
    virus it infects Word, Excel, and PowerPoint
    files. Bubbleboy is the first worm that would
    activate when a user simply opened and E-mail
    message in Microsoft Outlook.
  • 2000 - DDoS, Love Letter, Timofonica, Liberty
    (Palm), Streams, Pirus The first major
    distributed denial of service attacks shut down
    major sites such as Yahoo!, Amazon.com, and
    others. In May the Love Letter worm became the
    fastest-spreading worm (to that time) shutting
    down E-mail systems around the world. The Visual
    Basic Script worm Timofonica tries to send
    messages to Internet-enabled phones in the
    Spanish telephone network. Called Liberty and
    developed by Aaron Ardiri the co-developer of the
    Palm Game Boy emulator Liberty, the Trojan was
    developed as an uninstall program and was
    distributed to a few people to help foil those
    who would steal the actual software. Streams
    became the first proof of concept NTFS Alternate
    Data Stream (ADS) virus in early September.
    Pirus is another proof of concept for malware
    written in the PHP scripting language.
  • 2001 - Gnuman, Winux Windows/Linux Virus,
    LogoLogic-A Worm, AplS/Simpsons Worm,
    PeachyPDF-A, Nimda This group is mainly
    composed of worms that were written for the first
    time.

9
History of Viruses
  • 2002 - LFM-926, Donut, Sharp-A, SQLSpider,
    Benjamin, Perrun, Scalper LFM-926 showed up as
    the first virus to infect Shockwave Flash (.SWF)
    files. Donut showed up as the first worm directed
    at .NET services. In March, the first native .NET
    worm written in C, Sharp-A was announced.
  • 2003 - Slammer, Sobig, Lovgate, Fizzer,
    Blaster/Welchia/Mimail These viruses were
    responsible for attacking servers, mail programs,
    and peer-to-peer networks.
  • 2004 - Trojan.Xombe, Randex, Bizex, Witty,
    MP3Concept, Sasser, Mac OS X, W64.Rugrat.3344,
    Symb/Cabir-A, JS/Scob-A, WCE/Duts-A, W32/Amus-A,
    WinCE/Brador-A, JPEG Weakness, SH/Renepo-A
    These worms caused major problems on operating
    systems such as Windows and Macintosh.

3. www.cknow.com/vtutor/vtsystemsector.htm
10
Virus Behavior4
  • Infection Phase
  • Virus writers have to balance how and when their
    viruses infect against the possibility of being
    detected. Therefore, the spread of an infection
    may not be immediate.
  • Attack Phase
  • Viruses need time to infect. Not all viruses
    attack, but all use system resources and often
    have bugs.

4. www.cknow.com/vtutor/vtsystemsector.htm
11
Number of Viruses
  • By number, there are over 50,000 known computer
    viruses.
  • Only a small percentage of this total number
    account for those viruses found in the wild,
    however. Most exist only in collections.
  • There are more MS-DOS/Windows viruses than all
    other types of viruses combined.

12
Virus Names5
  • A virus' name is generally assigned by the first
    researcher to encounter the beast.
  • Multiple researchers may encounter a new virus in
    parallel which often results in multiple names.
  • Different names can cause confusion for the
    public but not anti-virus software which looks at
    the virus, not its "name."
  • There are different sites that attempt to
    correlate the various virus names for you.
  • Virus naming is a function of the anti-virus
    companies. This results in different names for
    new viruses.

5. www.howstuffworks.com
13
How Viruses Infect6
  • Polymorphic Virus - changes code whenever it
    passes to another machine in theory these
    viruses should be more difficult for antivirus
    scanners to detect, but in practice they're
    usually not that well written.
  • Stealth Virus - hides its presence by making an
    infected file not appear infected, but doesn't
    usually stand up to antivirus software.
  • Fast and Slow Infectors - Viruses that infect in
    a particular way to try to avoid specific
    anti-virus software.
  • Sparse Infectors - Viruses that don't infect very
    often.
  • Armored Viruses - Viruses that are programmed to
    make disassembly difficult.
  • Multipartite Virus - infects both files and the
    boot sector--a double whammy that can reinfect
    your system dozens of times before it's caught.

14
How Viruses Infect
  • Cavity (Spacefiller) Viruses - Viruses that
    attempt to maintain a constant file size when
    infecting.
  • Tunneling Viruses - Viruses that try to "tunnel"
    under anti-virus software while infecting.
  • Camouflage Viruses - Viruses that attempted to
    appear as a benign program to scanners.
  • NTFS ADS Viruses - Viruses that ride on the
    alternate data streams in the NT File System.
  • Virus Droppers - Programs that place viruses onto
    your system but themselves may not be viruses (a
    special form of Trojan).

6. www.cknow.com/vtutor/vtsystemsector.htm
15
What Viruses Infect7
  • System Sector Viruses - These infect control
    information on the disk itself.
  • File Virus - infects applications. These
    executables then spread the virus by infecting
    associated documents and other applications
    whenever they're opened or run.
  • Macro Virus - Written using a simplified macro
    programming language, these viruses affect
    Microsoft Office applications, such as Word and
    Excel, and account for about 75 percent of
    viruses found in the wild. A document infected
    with a macro virus generally modifies a
    pre-existing, commonly used command (such as
    Save) to trigger its payload upon execution of
    that command.
  • Companion Viruses - A special type that adds
    files that run first to your disk.

7. www.cknow.com/vtutor/vtsystemsector.htm
16
What Viruses Infect
  • Cluster Viruses - A special type that infects
    through the disk directory.
  • Batch File Viruses - These use text batch files
    to infect.
  • Source Code Viruses - These add code to actual
    program source code.
  • Visual Basic Worms - These worms use the Visual
    Basic language to control the computer and
    perform tasks.

17
Virus Carriers8
  • Worms - A worm is a small piece of software that
    uses computer networks and security holes to
    replicate itself. A copy of the worm scans the
    network for another machine that has a specific
    security hole. It copies itself to the new
    machine using the security hole, and then starts
    replicating from there, as well.
  • Trojan horses - A Trojan horse is simply a
    computer program. The program claims to do one
    thing (it may claim to be a game) but instead
    does damage when you run it (it may erase your
    hard disk). Trojan horses have no way to
    replicate automatically.

8. www.webopedia.com/TERM/v/virus.html
18
Company Solutions
  • Companys look for anti-virus solutions which
    prevent malicious attacks from manipulating
    customer data, compromising e-commerce servers,
    or gaining access to sensitive development plans.
    A commonly used protection program, Entercept,
    does this and more.
  • Entercept
  • Prevents and stops known and unknown Internet
    attacks before damage occurs to servers,
    databases, and applications.
  • Reduces security-related costs.
  • Proactive Requires minimal monitoring, minimal
    false-positives.
  • Protects critical assets.
  • Protects the customer portals

19
Prevention Methods
  • Running a secure operating system such as UNIX
    keeps viruses away from your hard disk through
    its security features
  • Purchasing anti-virus software for an unsecured
    operating system
  • Avoid opening programs from unfamiliar programs
  • If you run Microsoft applications, make sure you
    enable the Macro Virus Protection for each
    application.
  • E-mail attachments containing executables should
    never be double-clicked.
  • One should have a clean back-up of his hard
    drive.

20
Anti-Virus Software
  • Anti-Virus programs are comprised of scanning
    software. This software will look for a unique
    string of bytes that identifies the virus and
    remove it from your system. If the virus is a
    new issue, the software will use heuristics to
    identify the virus-like activity on your system.
    The software will quarantine the questionable
    program and then notify the user of the programs
    intentions.

21
Personal Interview
  • 1.  How has your company/organization dealt with
    viruses that are obtained through a) the
    internet b) e-mail and c) software?
  • 2.  How has your company/organization solved
    these problems?
  • 3.  What solutions have you put in place for
    future prevention?
  • 4.  How costly are the prevention methods?
  • 5.  How detrimental would the abscence of these
    prevention methods be to the company/organization?
  • 6.  At what rate do viruses occur in your
    company/organization? (It can be an estimate)
  • Interviewee kbolds_at_lsuhsc.edu
  • Answers to these questions were used as
    supplementary information in report.

22
Bibliography
  • 1. www.howstuffworks.com/virus.htm 
  • 2. www.cert.org/other_sources/viruses.html
  • 3. www.cknow.com/vtutor/vthistory.htm  
  • 4. www.actlab.utexas.edu/aviva/compsec/virus/wha
    tis.html
  • 5. www.mcafee.com
  • 6. www.symantec.com/avcenter/
  • 7. www.exn.ca/nerds/20000504-55.cfm
  • 8. www.cknow.com/vtutor/vtsystemsector.htm
  • 9. kbolds_at_lsuhsc.edu

23
THE END
Write a Comment
User Comments (0)
About PowerShow.com