Transcript Introduction - Millersville

EDW 647: The Internet
EDW647: Internet for Educators
Viruses
Dr. Roger Webster & Dr. Nazli Mollah
Dr. Roger Webster
Department of Computer Science
Millersville University
[email protected]
July 22, 2008
Adapted from Computer Concepts, New
Perspectives, Thompson Course Technology
EDW 647: The Internet
Virus: Powerful Stuff



1981: 1 known computer virus
2005-2006: > 70,000
invade all types of computers – including handheld
Virus
Reach
Time
Michelangelo
75,000 computers
7 months
Melissa
3.5 computers
10 hours
I-Love_you
72 million
3 hours
Dr. Roger Webster & Dr. Nazli Mollah
Adapted from Computer Concepts, New
Perspectives, Thompson Course Technology
EDW 647: The Internet
Malware

Malicious Code – program or a set of programs designed to surreptitiously enter a
computer and disrupt its normal operations

Malicious Code include




viruses
worms
Trojan horses
Unleashed by hackers and crackers
Dr. Roger Webster & Dr. Nazli Mollah
Adapted from Computer Concepts, New
Perspectives, Thompson Course Technology
EDW 647: The Internet
What is a computer virus?

A program that attaches itself to a file, reproduces itself, and spreads to other
files

A computer virus behaves in a way similar to a biological virus, which replicate and
spread by inserting itself into living cells.

A computer virus inserts itself into files (infected file) and then will replicate and
spread from one file to another

Viruses can replicate themselves only on the host computer (and does not spread by
jumping from one host to another)

Viruses spread because people distribute infected files by exchanging disks, sending
e-mail attachments, exchanging music on file sharing networks and downloading
software from the web

Key characteristic is their ability to “lurk” in a computer for days or months quietly
replicating themselves
Dr. Roger Webster & Dr. Nazli Mollah
Adapted from Computer Concepts, New
Perspectives, Thompson Course Technology
EDW 647: The Internet
virus

Many computer viruses infect files executed by your computer – files with extensions
such as .exe and .vbs

When your computer executes an infected program, it also executes the attached
virus instructions

These instructions then remain in RAM, waiting to infect the next program your
computer run r the next disk it accesses

In addition to replicating itself, a virus may deliver a payload, which could be as
harmless as displaying an annoying message or as devastating as corrupting the
data on your computer's hard disk

A trigger event, such as a specific date, can unleash some virus, e.g. the
Michelangelo virus triggers on March 6, the birthday of artist, Michelangelo

Your experience with viruses?
Dr. Roger Webster & Dr. Nazli Mollah
Adapted from Computer Concepts, New
Perspectives, Thompson Course Technology
EDW 647: The Internet
How is a Trojan horse different from a virus?

A Trojan horse is a computer program that appears to do one thing (install a
screen saver, for example) when in fact it does something entirely different,
and potentially malicious, such as erase files.

Although often referred to as such, Trojan horses are not viruses in the strict
sense because they cannot replicate automatically. For a Trojan horse to
spread, it must be invited onto a computer by the user opening an email
attachment or downloading and running a file from the Internet
Dr. Roger Webster & Dr. Nazli Mollah
Adapted from Computer Concepts, New
Perspectives, Thompson Course Technology
EDW 647: The Internet
Trojan Horse

Notorious for stealing passwords

Papador Trojan Horse
 watches your browser window for text strings such as “Sign In” and “Log
in”
 then displays a fake login screen (misleading heading like “security
measures”) that collects name, birthday, cc number, ATM code
 Don’t give our birth dates – https, lock

PictureNote Trojan – arrives as e-mail named picture.exe
 leads you to believe that you have received some type of graphical
software
 However if you open the file, it searches for AOL user information and
tries to steal your login and e-mail passwords
Dr. Roger Webster & Dr. Nazli Mollah
Adapted from Computer Concepts, New
Perspectives, Thompson Course Technology
EDW 647: The Internet
What’s a worm?

Proliferation of networks, the Internet, e-mail programs etc. – threat arises from worms


Virus: designed to spread from file to file
Worm is designed to spread from computer to computer

Mass mailing worms spread by sending themselves to every address in the address
book of an infected computer (seems to be coming from a known sender)

Mass mailing worms often include an attachment that contains the worm


opening the attachment then unleashes the worm
Some mass mailing worms contains a weblink that installs a worm, Trojan horse, or
virus

Wallon worm contains a link to a Web site (looks like it is coming from yahoo). Clicking the link
downloads several files, including the worm, which then replicate itself by sending itself to
addresses in your address book.
Some e-mail come from enticingly legitimate sources – MS, your place of employment
Dr. Roger Webster & Dr. Nazli Mollah
Adapted from Computer Concepts, New
Perspectives, Thompson Course Technology
EDW 647: The Internet
What are the symptoms of a malicious code attack?

Delete and modify files


Access confidential information



Trojan horses are notorious for using backdoors to steal passwords and CC numbers
Worms can also scan files and Web Sites for e-mail addresses
Performance degradation


many viruses are designed to delete files from a hard disk – may cause system instability
Malicious code may require system resources to send mail and scan files. While a virus is
active, your computer might seem to perform slower than normal
Disable antivirus and firewall software

some viruses – called retro viruses – are designed to attack antivirus software by deleting the
files that contain virus descriptions or by corrupting the main executable virus-scanning
program (anti-virus viruses)
Dr. Roger Webster & Dr. Nazli Mollah
Adapted from Computer Concepts, New
Perspectives, Thompson Course Technology
EDW 647: The Internet
Antivirus Software: How can I avoid viruses and worms?

Prevention is best

Keeping viruses, Trojan Horses and worms you o your computer is preferable to
trying to eliminate these pesky programs after they have taken up residence

Certain viruses are particularly tenacious just the process of booting up your
computer an trigger their replication sequence or send hem into hiding

3 top Steps to preventing your computer from becoming infected:
1. Use antivirus software on every computing devise you own
2. Keep software patches and operating system service packs up to date
3. Do not open suspicious e-mail attachments

Antivirus software is a set of utility programs that looks for and eradicates viruses,
Trojan horses, and worms:


McAfee, VirusScan, Norton AntiVirus, F-Secure Anti Virus
Which do you use? Why? How often?
Dr. Roger Webster & Dr. Nazli Mollah
Adapted from Computer Concepts, New
Perspectives, Thompson Course Technology
EDW 647: The Internet
How does antivirus software work?

Antivirus software uses several techniques to find viruses


Let’s think about it
Some viruses attach themselves to an exiting program – the presence of such a virus often
increases the length of the original program
The earliest antivirus software simply examined the programs on a computer and recorded their
length – a change in the length of a program from one computing session to the next indicated the
possible presence of a virus




To counter the early antivirus software, hackers became more cunning – they created viruses that
insert themselves into the unused portions of a program file without changing its length
Antivirus software developers fought back
They designed software that examines the bytes in an uninfected application program and
calculates a checksum. A checksum is a number calculated by combining the binary values of all
bytes in a file. Each time you run an application program, antivirus software calculates the
checksum and compares it with the previous checksum. If any byte in the application program,
has changed, the checksum will be different and the antivirus software assumes a virus is present.
Dr. Roger Webster & Dr. Nazli Mollah
Adapted from Computer Concepts, New
Perspectives, Thompson Course Technology
EDW 647: The Internet
How often should I get an update?



New viruses and variations of old viruses are unleashed just about everyday
Check Web site of antivirus software publisher for periodic updates
Some software periodically reminds you to check for updates
Dr. Roger Webster & Dr. Nazli Mollah
Adapted from Computer Concepts, New
Perspectives, Thompson Course Technology
EDW 647: The Internet
Virus Hoaxes: What’s a virus hoax?

Some viruses don’t really exists

A virus hoax arrives as an e-mail message containing dire warnings about a
supposedly new virus that is on the loose
 Recommends a strategy
 Recommends forwarding the email
 Says no one has a fix for it yet
Many cases it is a fake
Don’t panic
You can ignore a virus hoax
You can validate the hoax by going to a reliable Web site that lists hoaxes and viruses




Dr. Roger Webster & Dr. Nazli Mollah
Adapted from Computer Concepts, New
Perspectives, Thompson Course Technology
EDW 647: The Internet
What’s a virus hoax?
Dr. Roger Webster & Dr. Nazli Mollah
Adapted from Computer Concepts, New
Perspectives, Thompson Course Technology