computer viruses how do they formed? · the definition of computer viruses programs, which are able...

1

Computer viruses

© 2007 Abonyi-Tóth Zsolt, SZIE ÁOTK

How do they formed?

�Expert programmers

�Not so expert programmers modify the existing viruses

– or somebody downloads a virus generator from the internet

�Computers don’t write viruses on their own! Forget Darvin and evolution!

Why people write PC viruses?

� Looking for some attention…

� Joking

� To try: am I able to do it?

� Terrorist activities

� Punishment of illegal software usage

� Marketplace for virus-killers (!)

� Money (!!!) (spam)

� Collecting information

– passwords, names, addresses, shopping habit

The definition of computer viruses

�Programs, which are able to spread –they send their own copies to other computers (without telling it to the owner of the computers)

– Several phenomenon from annoying messages to deleted hard drives

Groups of viruses

Groups(not exhaustive)

Trojan VirusHardware virus(built-in)

False virus(bug)

User S. User

Backdoor Logical bomb

time bomb

Hoax Chain letter Spam

Tasks of viruses

�Spreading

�Destructing

2

Spreading

Spreading

Program virus

Bootvirus

Macrovirus

Attach-ment

Script User

Bootsectorvirus

Partitiontablevirus

MBRvirus

WebE-mail

Picture(jpg)

Openport

Security hole

Spreading

Spreading Spreading 2

Spreading 2 What to infect?

�Windows PCs (more frequently)

�Linux PCs, MAC OS computers will be more frequent, as the usage of them will be more frequent

�Smart phones (bluetooth)

�PDA – may be infected when synchronized with a PC.

�Fridge?

3

Dangerous things

� E-mail – attachment or script

� Internet– downloaded programs

– warez, porn sites!!!

– just being connected

– false sites (phising)

� Programs (incl. screen savers)

� Documents, tables

� Floppies, CDs – boot

� Pictures (?)

E-mail

�Attachment

�Just reading (script)

– M$ programs – download security updates frequently!!!

– Good old Netscape…

World Wide Web

� ActiveX – digital signature may protect, but it can be very dangerous

� VBS script – may be dangerous

�Warez sites

� Porno sites

� False servers (phising)

� Back door (e.g. Back Orifice)

� Cookie – remembers your habit

Destruction

� Asks to send a postcard to a Swedish girl

� Plays some music at 5 PM

� Modifies data in Excel

� Doesn’t allow to save the Word document

� Deletes or rewrites files

� Formats the hard disk

� Destroys hardware

� Overloads the network

� Fills the hard disk

� Sends thousands of advertisements in e-mail (using thousands of PCs in a remote controlled zombie network)

Recognizing the infection

�Unusual behavior

– It can be anything, avoid false alarm!

�Change in the length or other attributes of files

�Programs start or run slower

�Something tries to write to a write-protected device

Recognizing the infection

�Less memory, bad sectors on HDD

�Missing files

�Automatic reboot

�Unusual things on the screen

� (Previously) error-free programs don’t start or freeze

�Unusual network activity, rebounding e-mails, mail client starts automatically

4

Protection

� No sure protection!!!

� Information (e.g. www.antivirus.com)

� Use frequently updated virus-killer

� Use firewall

� Use ad-aware removal tool

� Create backup copies

� Use a virtual PC

� Shouldn’t answer suspicious mails (what is your password, account number, etc.)

� Shouldn’t unsubscribe from suspicious mailing lists.

Protection

� Save to RTF (TXT) and CSV format

� Shouldn’t use unknown program

� Forward the warnings to your system admin only

� Windows Scripting Host should be switched off(Extension vbs should be unknown)

� Check for the security updates

� Shouldn’t allow the PC to boot from floppy or CD

� Floppy, pen drive should be write protected if you insert to an unfamiliar PC

� Back up your data frequently

Programs which protect

�Virus scanner– On-demand

– On-access

– Check-sum, heuristic search, sandbox

�Firewall

�Adware and trojan remover

�Virtual PC

�Hardware: broadband router (firewall or simply NAT)

Reduce of injury

�Backup copies of important programs and data

– Far away, several copies

When the user infects

�Hoax

�Pyramid scheme, chain letter

Hoax

�Warning – new, very dangerous virus!

� You shouldn’t read the letter with subject...

� The warning is originated from an ISP (e.g. AOL), corporation (Microsoft, IBM) or government service (Pentagon, FCC)

� Technological terminology like expressions (e.g. n-order infinite loop)

� You should forward this letter...– Overload

– May become true (Good Times)

5

Hoax2

�Blood is needed for a child! Give blood!

�The child will get USD 1 from AOL for all forwarded e-mails

�Puppies will be killed! Adopt them!

�You will get a laptop or new mobile phone...

Chain letter

�Send it for 20 friends to be lucky, other ways you will lose everything...

�The Matchu Pitchu is a product of aliens, see the picture... Tell it everyone...

�What a beautiful flowers/girls/men/cars/hills/puppies/... are in this presentation

�The best jokes of the world...

Phising

� False letter from your bank – log in, type your name, password, account number...

� Banks, ISPs NEVER send such e-mails!

� The link is false, it points to a server, which copies the looking of the original

� Just type your data... Money transfer will be started from your account on the real server in a few minutes!

� The URL of the bank should be typed always! No link, no bookmark!!! (A problem with the DNS server may be still dangerous)

Phising2

�Similar, but they ask for your e-mail login name and password

�Do you want to allow others to send advertisements or pornographic pictures from your account?

�Firewalls and IE7 (other browsers?) try to protect

Social engineering

�Similar to phising!

�You have a phone call. A sexy voice tells, she is an administrator in your bank and needs your account number and password to check something...

�Do you trust people? You shouldn’t!!!