Computer Viruses and Worms

BY: HARENDRA

Overview

• Introduction• Definitions• Virus through the Internet• Virus Languages• Background• Worms• Trojan Horses

Overview Cont…

• Melissa virus• I LOVE YOU VIRUS• CODE RED (WORM)• SYMPTOMS OF AN INFECTION• Protection measures• Conclusion

Introduction

• Computer virus have become today’s headline news• With the increasing use of the Internet, it has

become easier for virus to spread • Virus show us loopholes in software• Most virus are targeted at the MS Windows OS

Virus

Virus : A true virus is capable of self replication on a machine. It may spread between files or disks, but the defining character is that it can recreate itself on it’s own with out traveling to a new host

Virus through the Internet

• Today almost 87% of all viruses are spread through the internet

• Transmission time to a new host is relatively low, on the order of hours to days

• “Latent virus”

Virus Languages

ANSI COBOL C/C++PascalVBAUnix Shell ScriptsJavaScriptBasically any language that works on the system that is the target

Which was the First Computer

Virus

1. The Creeper Virus occurred in 1971 on ARPANET was written by Bob Thomas at the BBN Technologies lab.

2. Elk Cloner was the first personal computer virus to appear in 1982 written by Richard Skrenta.

3. Brain The first IBM PC virus created in 1986 by the Farooq Alvi Brothers in Lahore, Pakistan

Background

• There are estimated 30,000 computer viruses in existence

• Over 300 new ones are created each month

• First virus was created to show loopholes in software

E-mail Viruses

• Moves around in e-mail messages• Usually replicate itself by automatically

mailing itself to dozens of people in the victim’s email address book.

• Example “MELISSA VIRUS”• Example “I LOVE YOU VIRUS”

WORMS

• Small piece of software that uses computer networks and security holes to replicate itself.

• Copy itself to the new machine using the security hole and start replicating.

• First worm released on the Internet was called Morris worm, it was released on Nov 2, 1988.

• Example “CODE RED”

Trojan Horses

• A simple computer program• It claim to be a game• Erase your hard disk• No way to replicate itself.• Leaks information• Usually does not reproduce

Hoaxes . . . Too Good to be True

You receive an e-mail telling you that: • There is a problem with your PayPal account. Your

personal information is needed to correct it. • The government has discovered a problem with your

tax records. Your personal information is needed to correct it.

• You just won a lottery that you didn't even know that you had entered. Send a handling fee to receive your winnings.

Melissa Virus (March 1999)

Melissa virus spread in Microsoft Word documents sent via e-mail.

How it works ?• Created the virus as word document• Uploaded to an internet newsgroup• Anyone who download the document and opened it

would trigger the virus.• Send friendly email messages to first 50 people in

person’s address book.

Melissa Virus

• Melissa Virus was the fastest spreading virus ever seen.

• Forced a number of large companies to shut down their e-mail systems.

I Love You Virus (May,2000)

• Contained a piece of code as an attachment.• Double Click on the attachment triggered the

code.• Sent copies of itself to everyone in the victim’s

address book• Started corrupting files on the victim’s

machine.

Code Red (Worm)

• Code Red made huge headlines in 2001• It slowed down internet traffic when it began

to replicate itself.• Each copy of the worm scanned the internet

for Windows NT or Windows 2000 that don’t have security patch installed.

• Each time it found an unsecured server, the worm copied itself to that server.

Code Red Worm

Designed to do three things Replicate itself for the first 20 days of each

month. Replace web pages on infected servers with a

page that declares “Hacked by Chinese” Launch a concreted attack on the White

House Web server

Symptoms of Infection

• Programs take longer to load than normal.• Computer’s hard drive constantly runs out of

free space.• The floppy disk drive or hard drive runs when

you are not using it.• New files keep appearing on the system and

you don’t know where it come frm.

Symptoms of Infection Cont..

• Strange sounds or beeping noises come from the computer.

• Strange graphics are displayed on your computer monitor.

• Unable to access the hard drive when booting from the floppy drive.

• Program sizes keep changing.

Protection/Prevention

• Knowledge• Proper configurations• Run only necessary programs• Anti-virus software

Conclusion

• Have seen how viruses show us a loophole in popular software

• Most viruses show that they can cause great damage due to loopholes in programming

• Always backup your data.• Keep up-to-date on new Anti virus software.• Simply avoid programs from unknown

sources.