Definition of Virus A virus is a small piece of software that piggybacks on real programs in order to get executed Once it’s running, it spreads by inserting copies of itself into oth
Trang 1Computer Viruses and Worms
Dragan Lojpur Zhu Fang
Trang 2Definition of Virus
A virus is a small piece of software that
piggybacks on real programs in order to get executed
Once it’s running, it spreads by inserting
copies of itself into other executable code or documents
Trang 3Computer Virus Timeline
Two programmers named Basit and Amjad replace the executable code in the boot sector of a floppy disk with their own code designed to infect each 360kb floppy accessed on any drive Infected floppies had “© Brain” for a volume label.
Trang 4 Worm - is a self-replicating program,
similar to a computer virus A virus attaches itself to, and becomes part of, another
executable program; however, a worm is
self-contained and does not need to be part
of another program to propagate itself
Trang 5History of Worms
The first worm to attract wide attention, the Morris worm, was written by Robert Tappan Morris, who at the time was a graduate student at Cornell University.
Morris himself was convicted under the US
Computer Crime and Abuse Act and received three years probation, community service and a fine in
excess of $10,000
Trang 6 Worms – is a small piece of software that uses computer networks and security holes to replicate itself A copy of the worm scans the network for another machine that has a specific security hole
It copies itself to the new machine using the
security hole, and then starts replicating from
there, as well.
transmission capabilities found on many
computers.
Trang 7machines — are now the major delivery
method of spam
send e-mail spam; between 50% to 80% of all spam worldwide is now sent by zombie computers
Trang 8Money flow
Pay per click
Trang 9Typical things that some current Personal Computer (PC) viruses do
Trang 10Typical things that some current Personal Computer (PC) viruses do
Erase files
Scramble data on a hard disk
Cause erratic screen behavior
Halt the PC
Many viruses do nothing obvious at all
except spread!
Trang 11Distributed Denial of Service
causes a loss of service to users, typically the loss of network connectivity and
services by consuming the bandwidth of the victim network or overloading the
computational resources of the victim
system
Trang 12How it works?
system essentially forces it to shut down, thereby denying service to the system to legitimate users
Trang 13DDoS
Trang 14first identified around 8am Computer
security companies report that Mydoom is responsible for approximately one in ten e-mail messages at this time Slows overall
internet performance by approximately ten percent and average web page load times by approximately fifty percent
Trang 15 27 January: SCO Group offers a US $250,000
reward for information leading to the arrest of the worm's creator.
1 February: An estimated one million computers around the world infected with Mydoom begin the virus's massive distributed denial of service attack
—the largest such attack to date
2 February: The SCO Group moves its site to
www.thescogroup.com
Trang 16 loads itself into memory and looks around
to see if it can find any other programs on the disk
Trang 17Boot Sector Viruses
Traditional Virus
infect the boot sector on floppy disks and hard disks
By putting its code in the boot sector, a
virus can guarantee it gets executed
load itself into memory immediately, and it
is able to run whenever the computer is on
Trang 18Decline of traditional viruses
Trang 19E-mail Viruses
Replicates itself by automatically mailing itself to dozens of people in the victim’s e-mail address book
Trang 20Melissa virus
ever seen
uploaded to an Internet newsgroup
it would trigger the virus
e-mail message to the first 50 people in the person's address book
Trang 21Melissa virus
language built into Microsoft Word called VBA (Visual Basic for Applications)