Upload
madeleine-shepherd
View
216
Download
0
Tags:
Embed Size (px)
Citation preview
By: Angelica JurczakBy: Angelica JurczakAnna RogAnna Rog
David BrackettDavid Brackett
Computer Computer VirusesViruses
What is a Computer Virus?What is a Computer Virus?
A computer virus is a computer program that A computer virus is a computer program that can copy itself and infect a computer without the can copy itself and infect a computer without the permission or knowledge of the owner. permission or knowledge of the owner.
One of the first detected virus was the Creeper One of the first detected virus was the Creeper virus in the early 70’s virus in the early 70’s
Before computer networks became widespread, Before computer networks became widespread, most viruses spread on removable media, most viruses spread on removable media, particularly floppy disk.particularly floppy disk.
Basic Computer VirusesBasic Computer Viruses
Trojan HorsesTrojan Horses appears as interesting program file but when installed appears as interesting program file but when installed
it allows intruders to access and read your filesit allows intruders to access and read your files WormsWorms
virus that copies and multiplies itself byvirus that copies and multiplies itself by using using computer networks and securitycomputer networks and security flaws flaws
E-mail VirusesE-mail Viruses use e-mail messages to spread which allow it to use e-mail messages to spread which allow it to
automatically forward itself to thousands of peopleautomatically forward itself to thousands of people
Types of VirusesTypes of Viruses
Boot Sector VirusBoot Sector Virus Infects the boot or MBR of diskettes and hard drives through the Infects the boot or MBR of diskettes and hard drives through the
sharing of infected disks and pirated software applicationssharing of infected disks and pirated software applications Once your hard drive is infected all diskettes that you use in your Once your hard drive is infected all diskettes that you use in your
computer will be infectedcomputer will be infected
Program VirusProgram Virus Becomes active when the program file (usually with Becomes active when the program file (usually with
extensions .BIN, .COM, .EXE, .OVL, .DRV) carrying the virus is extensions .BIN, .COM, .EXE, .OVL, .DRV) carrying the virus is openedopened
It then makes copies of itself and will infect other programs on It then makes copies of itself and will infect other programs on the computerthe computer
Multipartite VirusMultipartite Virus Hybrid of a Boot Sector and Program virusesHybrid of a Boot Sector and Program viruses It infects program files and when the infected program is active it It infects program files and when the infected program is active it
will affect the boot recordwill affect the boot record
Types of VirusesTypes of Viruses
Stealth VirusStealth Virus Disguises itself to prevent from being detected by antivirus Disguises itself to prevent from being detected by antivirus
softwaresoftware It alters its file size or conceals itself in memoryIt alters its file size or conceals itself in memory
Polymorphic VirusPolymorphic Virus Act like a chameleon, changing its virus signature (binary Act like a chameleon, changing its virus signature (binary
pattern) every time it multiples and infects a new filepattern) every time it multiples and infects a new file
Macro VirusMacro Virus Programmed as a macro embedded in a document, usually Programmed as a macro embedded in a document, usually
found in Microsoft Word and Excelfound in Microsoft Word and Excel Once it gets in to your computer, every document you produce Once it gets in to your computer, every document you produce
will become infectedwill become infected Relatively new type of virus and may slip by your antivirus Relatively new type of virus and may slip by your antivirus
software if you don't have the most recent version installedsoftware if you don't have the most recent version installed
Signs Your Computer is InfectedSigns Your Computer is Infected
Functions slower than Functions slower than normalnormal
Responds slowly and Responds slowly and freezes oftenfreezes often
Restarts itself oftenRestarts itself often See uncommon error See uncommon error
messages, distorted messages, distorted menus, and dialog boxesmenus, and dialog boxes
Notice applications fail to Notice applications fail to work correctlywork correctly
Fail to print correctlyFail to print correctly
First half of the 70'Late 60,s, early 70,s- "Rabbits" cloned First half of the 70'Late 60,s, early 70,s- "Rabbits" cloned themselves occupied system resources, slowing down the productivity. themselves occupied system resources, slowing down the productivity.
-"The Creeper" capable of entering a network by itself and transferring a -"The Creeper" capable of entering a network by itself and transferring a copy of itself to the system.copy of itself to the system.
Early 80,s-Increasing number of programs written by individuals not by Early 80,s-Increasing number of programs written by individuals not by software companies. Programs caused miner viruses called "Trojan horses".software companies. Programs caused miner viruses called "Trojan horses".
1986'Brain virus' - by Amjad and Basit Farooq Alvi. 1986'Brain virus' - by Amjad and Basit Farooq Alvi.
- spread through floppy disks, spread through floppy disks,
- infected boot records and not computer hard drivesinfected boot records and not computer hard drives Lahore, Pakistani Brain, Brain-A and UIUC virus Lahore, Pakistani Brain, Brain-A and UIUC virus
-took over free space on the floppy disk and hid from detection -took over free space on the floppy disk and hid from detection ”disguised itself by ”disguised itself by displaying the uninfected boot sector on the disk.”displaying the uninfected boot sector on the disk.”
1987-Lehigh virus1987-Lehigh virus
- the first memory resident file infector that attacked executable files and - the first memory resident file infector that attacked executable files and took control when a file was openedtook control when a file was opened
The Jerusalem Virus The Jerusalem Virus -had bugs that re-infected programs that were already infected-had bugs that re-infected programs that were already infected
1988: Robert Morris made a worm that invaded ARPANET computers1988: Robert Morris made a worm that invaded ARPANET computers
- disabled 6,000 computers on the network by overflowing their memory banks disabled 6,000 computers on the network by overflowing their memory banks with copies of itselfwith copies of itself
1991:1991: Norton Anti-Virus software Norton Anti-Virus software1999:1999: "Melissa" virus "Melissa" virus
-infected thousands of computers very fast by sending copies of itself to 50 -infected thousands of computers very fast by sending copies of itself to 50 names in the address book on Outlook e-mailnames in the address book on Outlook e-mail
- Led to an estimated $80 million in damage and record sales of anti-virus Led to an estimated $80 million in damage and record sales of anti-virus products. products.
2000:2000: "I Love You" virus "I Love You" virus
-was sent by email and infected 10 % of computers in only one day-was sent by email and infected 10 % of computers in only one day
-created by a young Filipino computer student who did not get punished -created by a young Filipino computer student who did not get punished because then the Philippines had no laws against hacking which led to the because then the Philippines had no laws against hacking which led to the European Union's global Cybercrime Treaty.European Union's global Cybercrime Treaty.
2001:2001: "Nimda" virus (days after 9/11) "Nimda" virus (days after 9/11)
-had 5 ways of infecting systems-had 5 ways of infecting systems
20042004MyDoom spreads through emails and file-sharing software faster MyDoom spreads through emails and file-sharing software faster
than any previous virus or worm. than any previous virus or worm. Allows hackers to access the hard drive of the infected computer.Allows hackers to access the hard drive of the infected computer.
An estimated one million computers running Windows are An estimated one million computers running Windows are affected by the fast-spreading Sasser computer worm.affected by the fast-spreading Sasser computer worm.
The worm does not cause irreparable harm to computers or data, The worm does not cause irreparable harm to computers or data, but it does slow computers and cause some to quit or reboot without but it does slow computers and cause some to quit or reboot without explanation.explanation.
20062006Discovery of the first-ever malware trojan horse for Mac OS XDiscovery of the first-ever malware trojan horse for Mac OS X
20082008Torpig is a Trojan horse which affects Windows, turning off anti-Torpig is a Trojan horse which affects Windows, turning off anti-
virus applications.virus applications. It allows others to access the computer, modifies data, steals It allows others to access the computer, modifies data, steals
confidential information and installs malware on the victim's confidential information and installs malware on the victim's computer.computer.
20092009Conficker infects anywhere from 9 to 15 million Microsoft server Conficker infects anywhere from 9 to 15 million Microsoft server
systems.systems. French air force, Royal Navy warships and submarines, French air force, Royal Navy warships and submarines,
Sheffield Hospital network, UK Ministry of Defence, German Sheffield Hospital network, UK Ministry of Defence, German Bundeswehr and Norwegian Police were all affected. Bundeswehr and Norwegian Police were all affected.
Total Number of Viruses by year Total Number of Viruses by year January 1985 1 January 1985 1 January 1985 1 January 1985 1 January 1987 3 January 1987 3 January 1989 6 January 1989 6 January 1990 142 January 1990 142 January 1991 357 January 1991 357 January 1992 1,161 January 1992 1,161 January 1993 2,482 January 1993 2,482 January 1994 3,687 January 1994 3,687 January 1995 5,626 January 1995 5,626 January 1996 7,764 January 1996 7,764 January 1997 11,037 January 1997 11,037 January 1998 16,726 January 1998 16,726 January 1999 40,850 January 1999 40,850 January 2000 44,000 January 2000 44,000 January 2001 48,000 January 2001 48,000 January 2002 55,000 January 2002 55,000 January 2003 62,000January 2003 62,000
MelissaMelissa
Another virus that fired up the media was Melissa, a Word macro Another virus that fired up the media was Melissa, a Word macro virus.virus.
When people received the host Word document via email and When people received the host Word document via email and opened it, the virus sent a copy of itself to the first 50 people in the opened it, the virus sent a copy of itself to the first 50 people in the victim's address book. victim's address book.
Named after a topless dancer in Florida, the Melissa virus crashed Named after a topless dancer in Florida, the Melissa virus crashed the email servers of corporations and governments in different the email servers of corporations and governments in different spots around the world.spots around the world.
The Computer Emergency Response Team, set up after Robert The Computer Emergency Response Team, set up after Robert Morris mucked up the Internet with his worm in 1988, estimated Morris mucked up the Internet with his worm in 1988, estimated that the virus hit 100,000 computers in its first weekend. that the virus hit 100,000 computers in its first weekend.
David L. Smith posted the infected file to an alt.sex usenet group David L. Smith posted the infected file to an alt.sex usenet group using a stolen AOL account. Initially he entered a plea of using a stolen AOL account. Initially he entered a plea of innocence, but after being confronted with a maximum sentence of innocence, but after being confronted with a maximum sentence of 40 years in prison, he eventually pled guilty and received a much-40 years in prison, he eventually pled guilty and received a much-reduced sentence.reduced sentence.
Love You, Love BugLove You, Love Bug By almost any measure, the so-called Love Bug was the most By almost any measure, the so-called Love Bug was the most
damaging and costly virus ever. I don't know who comes up damaging and costly virus ever. I don't know who comes up with these whack figures, but according to Reuters the bug with these whack figures, but according to Reuters the bug cost the world $15 billion in lost productivity. cost the world $15 billion in lost productivity.
The Love Bug spread far faster than Melissa. Unlike Melissa, The Love Bug spread far faster than Melissa. Unlike Melissa, it would mail itself to everyone in your Outlook address book it would mail itself to everyone in your Outlook address book -- most of whom would probably be delighted to read about -- most of whom would probably be delighted to read about how you love them -- not just the first fifty. Moreover, it would how you love them -- not just the first fifty. Moreover, it would gobble up certain media files stored on your hard drive. gobble up certain media files stored on your hard drive.
Did you know?Did you know? One German newspaper One German newspaper
tragically lost 2,000 tragically lost 2,000 pictures from its archive.pictures from its archive.
The perpetrator turned out The perpetrator turned out to be a 23-year-old Filipino to be a 23-year-old Filipino computer science student computer science student who more or less who more or less plagiarized all of his code.plagiarized all of his code.
The lack of laws in the The lack of laws in the Philippines covering Philippines covering computer crimes, he pretty computer crimes, he pretty much got away with his much got away with his crime. crime.
PreventionPrevention
Upload and use antivirus Upload and use antivirus softwaresoftware
Be aware of the e-mails Be aware of the e-mails and attachments you and attachments you openopen
Check for updates on Check for updates on antivirus software antivirus software regularlyregularly
Make sure antivirus Make sure antivirus software is installed software is installed correctlycorrectly
SourcesSourceshttp://www.tech-faq.com/history-of-computer-viruses.shtml
http://spamlaws.com/history.html
http://en.wikipedia.org/wiki/Computer_virus#History
http://www.infoplease.com/ipa/A0872842.html
ReferencesReferences
http://www.spamlaws.com/protect.htmlhttp://www.spamlaws.com/protect.htmlhttp://www.spamlaws.com/virus-types.htmlhttp://www.spamlaws.com/virus-types.htmlhttp://www.spamlaws.com/virus-comtypes.html http://www.spamlaws.com/virus-comtypes.html http://www.spamlaws.com/federal/index.shtml http://www.spamlaws.com/federal/index.shtml http://www.spamlaws.com/virus-types.htmlhttp://www.spamlaws.com/virus-types.htmlWikipediaWikipediawww.suggestafix.comwww.suggestafix.comwww.microsoft.com www.microsoft.com