2. Compuet virus
Less than a generator ago computer viruses were considered an
urban myth. They were found more often in movies than on actual
computer systems. Now, however, malicious software constitutes
a material threat to businesses, government, and home computer
users. Currently, there are three categories of malicious software
threats: viruses, worms, and Trojan horses. All of these threats are
built from the same basic instructions and computer logic that
make up application programs on one’s computer such as word
processor, games, or spreadsheets. Like traditional application
programs, malicious software is written by people and must be
intentionally designed and programmed to self-replicate or cause
damage.
3. While almost all Trojan horses attempt to cause harm to the
computer system, more than 70 percent of all computer viruses and
worms are designed only to self- replicate. Those horses that do
inflict intentional damage to computer systems are said to deliver a
“payload.” Common payloads include formatting a hard drive,
deleting files , or gathering and sending passwords to an attacker.
These threats typically have trigger criteria . They wait unit the
criteria are met before delivering the payload ( for example, waiting
until July 28 to reformat the hard drive ).
4. The typically malicious software auther is male between
fourteen and twenty five years of age ( only a few
female virus writers are known). These demogrephics
are expected to change as organized crime, terrorist
groups, and rogue organizations begin to target the
Internet. In addition, many governments around the
world are researching how to use malicious software for
both offensive and defensive information warfare.
5. Viruses
A virus is a computer program that is designed to replicate itself
from to file to file (or disk to ) on a single computer . Viruses
spread quickly to many files within a computer, but they do not
spread between computer unless people exchange infected files
over a network or share an infected floppy diskette.
By 1990, there were roughly 50 known computer viruses
Skyrocketed more than 48,000! Despite the many thousand
viruses strains that exist, very few viruses have found their way
Out of reasearch labs to end-user computer . Based on industry
statistics, of the more than 48,000 known computer viruses, only
200 to 300 are in general circulation at any one time .
6. Based on industry statistics, of the more than 48,000 known
computer viruses, only
200 to 300 are in general circulation at any one time .
Viruses are classified by the type of file or disk that the virus
infects
• Boot viruses attach themselves to floppy diskettes and hard
drives . When a user boots from an infected floppy diskette or
hard drive , the virus is activated and the computer becomes
infected . The virus spread to other floopy diskettes as they are
used on the system .
7. • Application viruses spread from one application to another on
the computer . Each time an infected application program is
run, the virus takes control and spreads to other applications.
• Macro viruses spread through documents, spreadsheets, and
other data files that contain computer macros. A macro is a
small, self-contained program that is embedded directly within
a document or spreadsheet file. Typically, macros are used to
automate simple computer tasks such as summing a set of
numbers in a spreadsheet. Modern macros are powerful enough
to copy themselves between documents or spreadsheets.
• script viruses infect other script files on the computer. Script
viruses, which are written in high-level script languages such
as perl or visual basic, gain control when a user runs an
infected script file.
8. script viruses infect other script files on the computer. Script
viruses, which are written in high-level script languages such
as Perl or visual basic, gain control when a user runs an
infected script file.
A typical computer virus works as follows: First, the user runs
infected program A. program A immediately executes its viral
logic. The virus locates a new program, B, that it thinks it can
infect. The virus checks to see if the program is already
infected. If the program is already infected. If program B is
already infected. If program B is already infected, the virus
goes back to locate another program to infect. if it is not
already infected, the virus appends a copy of its logic to the
end of program B and changes program B such that it, too,
will run the malicious logic the virus then runs program A so
the user does not suspect any malicious activities.
9. • Viruses can be written in numerous computer programming
languages including assembly languages , scripting languages (
such as Visual Basic or perl), C,C, Java , and macro
programing languages ( Such as Microsoft’s VBA).
if it is not already infected, the virus appends a copy of its logic to
the end of program B and changes program B such that it, too, will
run the malicious logic the virus then runs program A so the user
does not suspect any malicious activities.
10. Worms
A worm is a computer program that exploits a computer
network to copy itself from one computer to another . The
worm infects as many machines as possible on the network,
rather than spreading many copies of it self on a single
computer , as a computer virus does . Usually, a worm infects
( or causes its code to run on ) a target system only once; after
the intial infection, the worm do not rely on humans to copy
them from computer to computer , they can spread munch
more rapidly than computer viruses. The first computer worms
were written at Xerox palo alto research Center in 1982 to
understand how self replicating logic could be leveraged in a
corporation .
11. A bug , however, in the worm's logic caused computers on
the Xerox researchers had to build the world's first “
antivirus” solution to remove the infections. In 1987 the
“CHRISTMA EXEC” worm made millions of copies of
itself in the IBM and BITNET e-mail systems. In 1988 the “
Internet” worm spread itself to roughly 6.000 machines ( 10
percent of the internet at the time) More recently, worms such
as Melissa, Explore Zip, and Love letter have captured the
attention of the public and the media due to their vast ability
to spread over the internet . These worms, collectively,
produced millions of copies of themselves , and caused
millions – some say billions- of dollars of damage .
12. The typical computer worm works as follows. The user
unknowingly runs a worm work as follows: the user unknowingly
runs a worm program. The worm accesses a “directory” source,
such as an e-mail address list, to obtain a list of target computers.
A user on a target computers. A user on a target computer receives
a copy of the worm in e-mail, unknowingly runs the worm email
attachment, and starts the process over again. Some worms, like
the internet worms of 1989, automatically connect to target
computers and use a “back door” to install and run themselves on
the target without human invention. Like viruses, computer worms
can be written in assembly language, scripting languages, macro
languages, or in high level languages like C,C, or java
13.
14. The Trojan Horse
Trojan horses are software programs that are designed to
appear like normal computer programs, yet, when run, can
cause some type of harm to the host computer. Most often,
Trojan horses either steal information (such as passwords or
files) from the computer or damage the contents of the
computer (by deleting files). Because Trojan horses do not
attempt to replicate themselves like viruses or worms, they are
placed into their own class of computer threat. Like viruses
and worms, Trojan horses can be written in virtually any
computer language.
15. Virus and worm authors have invented a number of
techniques to avoid detection by antivirus software . Three
of the more interesting techniques are the polymorphic
virus , the retrovirus , and the stealth virus .
The term “polymorphic “ means many –formed .
Polymorphic viruses (or worms ) mutate themselves each
time they spread to a new file or disk . This behavior
eliminates any consistent digital fingerprint and makes
virus detection much more difficult . These digital
pathogens avoid detection in detection in the same way
that HIV (human immunodeficiency virus ) and other
viruses evade the human immune system .