Viruses, Hacking, and AntiVirus

Viruses, Hacking, and AntiVirus

What is a Virus?

• A type of Malware– Malware is short for malicious software

• A virus – a computer program– Can replicate itself– Spread from one computer to another

First Viruses

• Creeper Virus detected on ARPANET• Would display “I'm the creeper, catch me if

you can!“

• “Elk Cloner” – attach to Apple DOS 3.3 OS and spread via floppy disk

Types of Viruses

• Viruses that infects popularly traded software• Macro Viruses: written in scripting languages

for Microsoft programs such as Word and Excel

• Viruses in Executables

How Your Computer Gets Infected

• Binary Executable files (DLL’s, EXE’s)• An external, physical device• General Purpose Script files• System Specific Autorun Script files• Documents that contain Macros• Exploitable bugs in a program• Links to malicious code in PDFs, HTML, other

documents

An Example

• A file could be named “picture.png.exe”• When opened, the program runs and infects

computer

• Spoofing an email address to make it sound legitimate so you’ll download and open an attachment

Malware

• Includes viruses, worms, trojan horses, spyware, adware

Purpose of Malware

• Used to steal personal, financial, or business information

• Destroy data• Hijacking computers for various purposes

Cookies

• Cookies are small files deposited on a system during a web site visit

• Can be useful:– Allows web servers to maintain state (position and

information) of a session with a user– Can keep track of your login information, shopping cart,

etc.• May be harmful– Allows web sites to track information unbeknownst to user– Source of data for Pop-ups

Worms

• Worms are similar to viruses in the way they are spread

• Doesn’t need user action to spread• Actively transmits itself over networks to

infect other computers

Trojan Horses

• A program that looks like a harmless program but contains malicious code

• Used to install other malware such as backdoors or spyware

Rootkits

• Rootkits: modify OS so malware is hidden

• “Each ghost-job would detect the fact that the other had been killed, and would start a new copy of the recently stopped program within a few milliseconds. The only way to kill both ghosts was to kill them simultaneously (very difficult) or to deliberately crash the system.”

Backdoors

• A way to bypass normal authentication procedures

• Example: a hard coded user and password that gives access to a system or computer

• Easter Eggs

• Many viruses and worms attempt to create backdoors for more viruses

Spyware

• Software that monitors and gathers information about your system or computing

• Can collect personal information, Internet surfing habits, user logins, bank or credit account information

• Can change computer settings• Keyloggers – collects information about what you type• Port Sniffers – intercept and log data sent over a

network

Port Scanners and Sniffers

• Port Sniffers – intercept and log data sent over a network

• Port Scanner – software that probes a server or computer network for open ports. Use portsto access network.

Bots and Botting

• Programs that take control of a computers normal operation, or operate in stealth mode on a computer

• Can be used to disrupt normal operations• Can turn a user’s computer into a source of malware

attacks on others(Email Spamming)

Adware

• Advertising-supported software: automatically renders unwanted advertisements

• Object is to generate revenue for its author

Non-Malware, Active Threats

• Phishing – Posing as a trustworthy entity to acquire information

• Fake websites• Email Spoofing

Non-Malware, Active Threats

• (Distributed) Denial of Service, AKA DDOS attack

• Flooding a web server with spurious traffic generated to overwhelm the server’s capabilities thus denying legitimate users or exposing system flaws

• Related to Botting

Scareware

• Holds your PC hostage

Hacking

USES ALL OF THE ABOVENot this:

http://www.youtube.com/watch?v=u8qgehH3kEQ

Additional Hacking

• Password Cracking• Software bugs: buffer-overrun, SQL Injections

• http://hackertyper.com/

• http://en.wikipedia.org/wiki/Stuxnet

Protecting Your Computer

Signs Your Computer May Be Hacked

• Your computer is running slow• Processes you don’t recognize are running• You are asked for personal information via

email, or by phone• You see data or programs disappear or change• A Pop-up says your machine is infected and

you need to scan it right now – and it is not the security software you installed

Anti-Spyware

• When a large number of pieces of spyware have infected a Windows computer, the only remedy may involve backing up user data, and fully reinstalling the OS.

1. Scans incoming network data for spyware2. Detects and removes spyware

Firewalls

• Similar to Anti-Spyware but controls all incoming and outgoing traffic and what should and shouldn’t be allowed in and out

Anti-Virus

Pros:• Prevents, detects and removes malwareCons:• False Positives, False Negatives• Slows down your computer

Be Smart!

• Don’t open emails that you don’t recognize• Don’t download attachments you don’t

recognize• Don’t run programs or install applications you

don’t know or trust

Personal Checklist Passwords are set, sufficiently complex, and not shared Legitimate Anti-Malware software running Home wireless network protected by WPA Firewall software running Browser settings appropriate Sensitive files are protected - password and encrypted

Smartphone protected – locate, lock, wipe Software is kept up to date I'm being cautious: - Which web sites I visit

- When I open emails - Where I leave my laptop, smartphone, USB drive - When asked for information via email, internet, phone - When I use public wireless networks - When I download applications

Some Anti-Virus Software

• http://anti-virus-software-review.toptenreviews.com/

• http://www.techsupportalert.com/best-free-anti-virus-software.htm

Some Anti-Virus Software

• Avast!: http://www.avast.com/en-us/index• Avira: http://www.avira.com/en/index• AVG: http://www.avg.com/us-en/homepage• Microsoft Security Essentials:

http://windows.microsoft.com/en-US/windows/security-essentials-download

• MalwareBytes: http://www.malwarebytes.org/