Study of Computer Virus Study of Computer Virus WormsWorms

Sampath Yerramalla04/17/02

Survey Virus Appearance

– National Press– Faster than in papers

• Melissa• The Love Letter• Anna Kournikova

Vulnerabilities– Computer hardware based on single trusted user– Software loop-holes

Research : Any machine with almost any OS can support virus

Difference Virus

– A computer program that replicates by attaching itself to some other object

– Usually small size programs ( 3-30k )– Designed to evade detection

Worm– First reported ed by John Shoh and Jon Hupp of XEROX

PARC– Sends itself to other systems– Bigger in size than virus– More abilities– Not easy to write

Virus Spread Medium

– Hard disk– Floppy disks– Tape– Optical media– Memory

Internet– E-mail attachments– .exe .bat .vbs

Incentive and trap– Money – Sex – Humor

Research : One in every five hundred e-mail messages contain a virus.

Types

Effect on OS, programming used and size.– Boot sector virus– Polymorphic virus – Time Bomb– Shell virus– Add-on virus– Trojan horse– Internet worms

Polymorphic virus

Mutates Hard to detect All parts of the multipartite virus needs to

be cleaned Different kinds of damages

• Amusing screen displays• Unusual sound displays• System reboots• Reformatting the hard disk

Shell Virus

Uninfected Program

Infected Program

Add-on Virus

Uninfected Program

Infected Program

Trojan Horse

A program that hides it true intention e-mail attachments Trick into installing malicious software

– Droppers– Backdoors

Hackers– Subseven– Back Orifice– Netbus

Internet Worms Use complex e-mal functions and network

software Steals addresses from your address book New hosts through un-protected system drives W32/ska W32/Navidad@M VBS/Netlog W32/Explorezip W32/Qaz W32/SaddamHussain,…… Virus Hackers

Hackers attack Microsoft

Virus programmers Common languages to create virus

– Assembler– C– Visual Basic– Java

Unfortunately, virus are created by people for all usual reasons– Dirty tricks– Make a living

Fortunately, not all virus programmers aren’t in “ boy or girl genius league ”.

Viral Signatures

Repeated infection – early detection Unique virus signatures Mixed blessing

– Fake Viral signatures to protect against virus

Why should I care ? Reproduce

– Stealing addresses from your Address Book– Write files to a Local directory / Network computer– Appears to be done by you

Un-authorized Access– Passwords– Credit card numbers– Destroy the computer– Computer un-usable

Allow other people (anywhere on internet), to get control of your computer

Have I Been a Victim ?

Reproduction stage Alert box Too late Virus hoax are common than virus itself

Getting Rid of Virus

Virus code is tagged at the end of a program Placed in the empty slots of a program Both types can be cleaned Unfortunately, virus world doesn’t end here Some virus replace the program code with their

own code Can’t be cleaned, hence deleted

Getting Rid of Virus…

Some can be removed Others may require part or all of the OS to be

removed or re-installed Retrieval of files Damage cannot be undone

Prevention better than any cure

Technical measures– Anti-virus software

– Update

Check mail-servers Reject all e-mails of dangerous or unknown

extensions Suspect even safe extensions Disabling functions Removing windows script hosting

Do’s and Don’ts Always update your anti-virus software at least weekly

Back up your important files and ensure that they can be restored

Change the computer's boot sequence to always start the PC from its hard drive

Don't share Drive C: without a password and without read-only restrictions

Empty floppy drives of diskettes before turning on computers, especially laptops

Forget opening unexpected e-mail attachments, even if they're from friends

Get trained on your computer's anti-virus software and use it

Do’s and Don’ts….

Have multiple backups of important files

Install security updates for your operating system and programs as soon as possible

Jump at the chance to learn more about your computer. This will help you spot viruses

KKnowledge is contagious, infect the truthnowledge is contagious, infect the truth

References

I’ll include them in the term paper !

Sampath Yerramalla