-
8/11/2019 Worms and Virus_handouts
1/4
WORMS AND VIRUS
Malware or malicious code (malcode) is short for malicious
software. It is code or software
that is specifically designed to damage, disrupt, steal, or in
general inflict some other bad or
illegitimate action on data, hosts, or networks.
* Ex.
The vast majority, however, are installed by some action from a
user, such as clicking an e-
mail attachment or downloading a file from the Internet.
o Malware cannot damage the physical hardware of systems and
network equipment, but it can
damage the data and software residing on the equipment. Malware
should also not be
confused with defective software, which is intended for
legitimate purposes but has errors or
bugs.
Classes of Malicious Software
* 2 most common:
These types of programs are able to self-replicate and can
spread copies of themselves, which
might even be modified copies.
Virus---a virus depends on a host program to spread itself
Worm---a worm operates more or less independently of other
files
WORMS :
A program that makes copies of itself; Computer worms are
similar to viruses in that they
replicate functional copies of themselves and can cause the same
type of damage.
In contrast to viruses, which require the spreading of an
infected host file, worms are
standalone software and do not require a host program or human
help to propagate.
* for example:
* from one disk drive to another, or by copying itself using
email or another transport
mechanism. The worm may do damage and compromise the security of
the computer. It may
arrive in the form of a joke program or software of some
sort.
ex of computer WORMS :
Stuxnet virus -a computer worm discovered in June 2010. Stuxnet
was created by the United
States and Israel, targeting Irans Uranium Enrichment Program.
Stuxnet was created as part
of a top-secret cyber war program codenamed Olympic Games.
DUQU computer worm
-
8/11/2019 Worms and Virus_handouts
2/4
* -was discovered in September 2011 and is believed to be linked
to the Stuxnet virus. Duqu and
Stuxnet operate very similarly and were both created by
governments to target nuclear
production in Iran. Rather than being used to disrupt the
production of nuclear weapons,
Duqu was used for stealing information.
ex of computer WORMS :
Flame virus -was discovered in 2012 and is regarded as one of
the most sophisticated
computer worms ever found. Flames code shares many similarities
with the Stuxnet code,
and Flame, like Stuxnet, was designed as part of a
government-sponsored cyber program.
While the Stuxnet computer worm was designed to sabotage nuclear
weapon production,
Flame is believed to have been created purely for cyber spying.
Flame has infected thousands
of computers since its deployment, mostly in Iran and other
Middle Eastern countries.
ex of WORMS :
SLAMMER
* -The Sapphire Worm was the fastest computer worm in history.
As it began spreading
throughout the Internet, it doubled in size every 8.5 seconds.
It infected more than 90 percent
of vulnerable hosts within 10 minutes.
BLASTER WORM
* -was a virus program that mainly targeted Microsoft platforms
in 2003. The worm attacked
computers by exploiting a security flaw with Microsoft remote
procedure call (RPC) process
using Transmission Control Protocol (TCP) port number 135. The
virus propagated itself
automatically to other machines by transmitting itself through
email and other methods.--Blaster Worm is also called MSBlast or
Lovesan.
contd
KLEZ
* -is an Internet worm that launches automatically when a user
previews or reads an e-mail
message containing Klez on a system that has not been patched
for a vulnerability in
Microsoft Internet Explorer mail clients. It is not necessary
for a user to explicitly open an
attachment in order for Klez to execute.
VIRUSES:
A program or code that replicates; that is, infects another
program, boot sector, partition
sector, or document that supports macros, by inserting itself or
attaching itself to that
medium. Most viruses only replicate, though, many do a large
amount of damage as well.
-
8/11/2019 Worms and Virus_handouts
3/4
A computer virus is a type of malware that propagates by
inserting a copy of itself into and
becoming part of another program. It spreads from one computer
to another, leaving
infections as it travels. Viruses can range in severity from
causing mildly annoying effects to
damaging data or software and causing denial-of-service (DoS)
conditions. Almost all viruses
are attached to an executable file, which means the virus may
exist on a system but will not
be active or able to spread until a user runs or opens the
malicious host file or program.
Contd...
When the host code is executed, the viral code is executed as
well. Normally, the host
program keeps functioning after it is infected by the virus.
However, some viruses overwrite
other programs with copies of themselves, which destroys the
host program altogether.
Viruses spread when the software or document they are attached
to is transferred from one
computer to another using the network, a disk, file sharing, or
infected e-mail attachments.
ex of virus :
ILOVEYOU-The Love Bug flooded internet users with ILOVEYOU
messages in May 2000,
forwarding itself to everybody in the user's address book. It
was designed to steal internet
access passwords for its Filipino creator.
The Melissa virus-The Melissa virus, written by David L Smith in
homage to a Florida stripper,
was the first successful email-aware virus and inserted a quote
from The Simpsons in to Word
documents. Smith was later sentenced to jail for causing over
$80 million worth of damage.
Concept Virus-The Concept virus, accidentally shipped on a
CD-ROM supplied by Microsoft in
1995, was the first virus to infect Microsoft Word documents.
Within days it became the most
widespread virus the world had ever seen, taking advantage of
the fact that computer users
shared documents via email.
TROJAN HORSE:
A program that neither replicates nor copies itself, but causes
damage or compromises the
security of the computer.
A Trojan is another type of malware named after the wooden horse
the Greeks used to
infiltrate Troy. It is a harmful piece of software that looks
legitimate.
Contd...
Users are typically tricked into loading and executing it on
their systems. After it is activated,
it can achieve any number of attacks on the host, from
irritating the user (popping up
windows or changing desktops) to damaging the host (deleting
files, stealing data, or
activating and spreading other malware, such as viruses).
Trojans are also known to create
back doors to give malicious users access to the system.
-
8/11/2019 Worms and Virus_handouts
4/4
Unlike viruses and worms, Trojans do not reproduce by infecting
other files nor do they self-
replicate. Trojans must spread through user interaction such as
opening an e-mail attachment
or downloading and running a file from the Internet.
BOTS:
"Bot" is derived from the word "robot" and is an automated
process that interacts with other
network services. Bots often automate tasks and provide
information or services that would
otherwise be conducted by a human being. A typical use of bots
is to gather information (such
as web crawlers), or interact automatically with instant
messaging (IM), Internet Relay
Chat (IRC), or other web interfaces. They may also be used to
interact dynamically with
websites.
contd...
Bots can be used for either good or malicious intent. A
malicious bot is self-propagating
malware designed to infect a host and connect back to a central
server or servers that act as acommand and control (C&C) center
for an entire network of compromised devices, or
"botnet." With a botnet, attackers can launch broad-based,
"remote-control," flood-type
attacks against their target(s). In addition to the worm-like
ability to self-propagate, bots can
include the ability to log keystrokes, gather passwords, capture
and analyze packets, gather
financial information, launchDoSattacks, relay spam, and open
back doors on the infected
host.
How do virus spread?
A client brings in a diskette with a program that is
malfunctioning (because of a viral infection)
.
The consultant runs the program to discover the cause of the
bug-the virus spreads into the
memory of the consultant's computer.
The consultant copies the program to another disk for later
investigation-the virus infects the
copy utility on the hard disk.
The consultant moves on to other work preparing a letter-the
virus infects the screen editor
on the hard disk.
http://en.wikipedia.org/wiki/Denial-of-service_attackhttp://en.wikipedia.org/wiki/Denial-of-service_attackhttp://en.wikipedia.org/wiki/Denial-of-service_attackhttp://en.wikipedia.org/wiki/Denial-of-service_attack
