Viruses, Hacking, and AntiVirus
What is a Virus?
• A type of Malware
– Malware is short for malicious software
• A virus – a computer program
– Can replicate itself
– Spread from one computer to another
First Viruses
• Creeper Virus detected on ARPANET
• Would display “I'm the creeper, catch me if you can!“
• “Elk Cloner” – attach to Apple DOS 3.3 OS and spread via floppy disk
Types of Viruses
• Viruses that infects popularly traded software
• Macro Viruses: written in scripting languages for Microsoft programs such as Word and Excel
• Viruses in Executables
How Your Computer Gets Infected
• Binary Executable files (DLL’s, EXE’s)
• An external, physical device
• General Purpose Script files
• System Specific Autorun Script files
• Documents that contain Macros
• Exploitable bugs in a program
• Links to malicious code in PDFs, HTML, other documents
An Example
• A file could be named “picture.png.exe”
• When opened, the program runs and infects computer
• Spoofing an email address to make it sound legitimate so you’ll download and open an attachment
Malware
• Includes viruses, worms, Trojan horses, spyware, adware
Purpose of Malware
• Used to steal personal, financial, or business information
• Destroy data
• Hijacking computers for various purposes
Cookies
• Cookies are small files deposited on a system during a web site visit
• Can be useful: – Allows web servers to maintain state (position and
information) of a session with a user – Can keep track of your login information, shopping
cart, etc.
• May be harmful – Allows web sites to track information unbeknownst to
user – Source of data for Pop-ups
Worms
• Worms are similar to viruses in the way they are spread
• Doesn’t need user action to spread
• Actively transmits itself over networks to infect other computers
Trojan Horses
• A program that looks like a harmless program but contains malicious code
• Used to install other malware such as backdoors or spyware
Rootkits
• Rootkits: modify OS so malware is hidden
• “Each ghost-job would detect the fact that the other had been killed, and would start a new copy of the recently stopped program within a few milliseconds. The only way to kill both ghosts was to kill them simultaneously (very difficult) or to deliberately crash the system.”
Backdoors
• A way to bypass normal authentication procedures
• Example: a hard coded user and password that gives access to a system or computer
• Easter Eggs
• Many viruses and worms attempt to create backdoors for more viruses
Spyware
• Software that monitors and gathers information about your system or computing
• Can collect personal information, Internet surfing habits, user logins, bank or credit account information
• Can change computer settings
• Keyloggers – collects information about what you type
• Port Sniffers – intercept and log data sent over a network
Port Scanners and Sniffers
• Port Sniffers – intercept and log data sent over a network
• Port Scanner – software that probes a server or computer network for open ports. Use ports to access network.
Bots and Botting
• Programs that take control of a computers normal operation, or operate in stealth mode on a computer
• Can be used to disrupt normal operations
• Can turn a user’s computer into a source of malware attacks on others (Email Spamming)
Adware
• Advertising-supported software: automatically renders unwanted advertisements
• Object is to generate revenue for its author
Non-Malware, Active Threats
• Phishing – Posing as a trustworthy entity to acquire information
• Fake websites
• Email Spoofing
Non-Malware, Active Threats
• (Distributed) Denial of Service, AKA DDOS attack
• Flooding a web server with spurious traffic generated to overwhelm the server’s capabilities thus denying legitimate users or exposing system flaws
• Related to Botting
Scareware
• Holds your PC hostage
Hacking
USES ALL OF THE ABOVE
Additional Hacking
• Password Cracking
• Software bugs: buffer-overrun, SQL Injections
• http://hackertyper.com/
• http://en.wikipedia.org/wiki/Stuxnet
Protecting Your Computer
Signs Your Computer May Be Hacked
• Your computer is running slow
• Processes you don’t recognize are running
• You are asked for personal information via email, or by phone
• You see data or programs disappear or change
• A Pop-up says your machine is infected and you need to scan it right now – and it is not the security software you installed
Anti-Spyware
• When a large number of pieces of spyware have infected a Windows computer, the only remedy may involve backing up user data, and fully reinstalling the OS.
1. Scans incoming network data for spyware
2. Detects and removes spyware
Firewalls
• Similar to Anti-Spyware but controls all incoming and outgoing traffic and what should and shouldn’t be allowed in and out
Anti-Virus
Pros:
• Prevents, detects and removes malware
Cons:
• False Positives, False Negatives
• Slows down your computer
Be Smart!
• Don’t open emails that you don’t recognize
• Don’t download attachments you don’t recognize
• Don’t run programs or install applications you don’t know or trust
Personal Checklist
Passwords are set, sufficiently complex, and not shared
Legitimate Anti-Malware software running
Home wireless network protected by WPA
Firewall software running
Browser settings appropriate
Sensitive files are protected - password and encrypted
Smartphone protected – locate, lock, wipe
Software is kept up to date
I'm being cautious:
- Which web sites I visit
- When I open emails
- Where I leave my laptop, smartphone, USB drive
- When asked for information via email, internet, phone
- When I use public wireless networks
- When I download applications
Some Anti-Virus Software
• http://anti-virus-software-review.toptenreviews.com/
• http://www.techsupportalert.com/best-free-anti-virus-software.htm
Some Anti-Virus Software
• Avast!: http://www.avast.com/en-us/index
• Avira: http://www.avira.com/en/index
• AVG: http://www.avg.com/us-en/homepage
• Microsoft Security Essentials: http://windows.microsoft.com/en-US/windows/security-essentials-download
• MalwareBytes: http://www.malwarebytes.org/