Computer viruses by joy chakraborty

1,774 views
1,679 views

Published on

Published in: Education, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,774
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
59
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Computer viruses by joy chakraborty

  1. 1. Topic 9: Information Security and PrivacyWe may have seen the TV commercial; a bored-looking office worker sits in his cubicle and checking hise-mail. He perks up when he sees a message with an exciting subject line, then unthinkingly opens themessage. Instantly, a menacing-looking character appears on his computer screen, “eats” the programicons on his desktop, and announces that he just unleashed a virus. Within seconds, the same chaoserupts in the surrounding cubicles, and it becomes clear that the worker has made a horrible mistake.Because of their ability to cause damage and disruption, viruses have been big news in recent years,especially with the outbreak of e-mail viruses beginning in the late 1990s. These viruses have accountedfor billions of dollars in downtime and lost data in the past few years. Experts predict that virus attackswill only increase in the future since many computer users are unaware of the dangers posed by virusesand make no effort to protect their computers and data from viruses. As a result, the viruses havecontinued to become dominant over the years.Computer Virus: An IntroductionA virus is a parasitic program that infects another legitimate program, which is sometimes called thehost. To infect the host program, the virus modifies the host to store a copy of the virus. In short, a virusis a program that can ‘infect’ other programs by modifying them so that the infected program thenbegins to act as a virus, infecting still other programs. Many viruses are programmed to do harm oncethey infect the victim’s system. A virus can be designed to do various kinds of damage. But the ability todo damage is not what defines a virus.To qualify as a virus, a program must be able to replicate (make copies of) itself. This can mean copyingitself to different places on the same computer or looking for ways to reach other computers, such as byinfecting disks or traveling across networks. Viruses can be programmed to replicate and travel in manyways. Moreover, viruses are created by human-beings who have a certain amount of technical expertise,basically the computer programmers or developers. These virus-writers are destructive in the sense thatthey use their creativity and technical skills unproductively to create mayhem among other computerusers.How one can pick up a virus?There can be 4 different ways through which one can pick up a virus, such as:- 1. Receiving an infected file attached to an e-mail message, or a virus hidden within the message itself. E-mail has become the single most common method for spreading viruses, especially now that so many people use the Internet to exchange messages and files. Viruses can even be spread through online chat rooms and instant messenger programs. 1
  2. 2. 2. Downloading an infected file to your computer across a network, an online service, or the Internet. Unless one has antivirus software that inspects each incoming file for viruses, one probably will not know if one has downloaded an infected file. 3. Receiving an infected disk (a diskette, a CD created by someone with a CD-R drive, a high- capacity floppy disk and so on) from another user. In this case, the virus could be stored in the boot sector of the disk or in an executable file (a program) on the disk. 4. Copying to our disk a document file that is infected with a macro virus. An infected document might be copied from another disk or received as an attachment to an e-mail message.How computer viruses work?Firstly, the computer virus is being created and most of the time they are found hidden in the code oflegitimate software programs. These viruses also known as file infector viruses, gets activated when thehost program is launched and the virus code gets executed. As a result, the virus gets loaded into thecomputer’s memory. The virus then starts searching for other programs in the system which it caninfect. If a new program is found, it adds its code to the new program and as a consequence of whichthe new program also gets infected. The virus starts its function by replicating itself to other uninfectedprograms in the system unless the whole system becomes inoperative. It also performs certain othermalicious operations, some of which have been discussed in the next section. 2
  3. 3. What can a virus do: Few Commercial & Financial ImplicationsThe majority of computer viruses are relatively harmless; their purpose is to annoy their victims ratherthan to cause specific damage. Such viruses are described as benign. Other viruses are indeed malicious,and they can do great damage to a computer system if permitted to run.Viruses can be programmed to do many kinds of harm, including the following: 1. Copy themselves to other programs or areas of a disk. 2. Replicate as rapidly and frequently as possible, filling up the infected system’s disks and memory, rendering the system useless. 3. Display information on the screen. 4. Modify, corrupt, or destroy selected files. 5. Erase the contents of entire disks. 6. Lie dormant for a specified time or until a given condition is met, and then becomes active. 7. Open a “back door” to the infected system that allows someone else to access and even take control of the system through a network or Internet connection. This type of virus may actually be a type of program called a Trojan Horse, and can be used to turn an infected system into a “zombie”, which the virus’s author can use to attack other systems. For example, by using viruses to create a large number of zombie systems, the author can use the zombies to send thousands of requests to a specific web server, effectively shutting it down. Such an attack is sometimes called a “denial of service (DOS) attack” or a “distributed denial of service (DDOS) attack”, because it prevents the server from providing services to users.Virus programmers can be extremely creative, and many create viruses to perform a specific type oftask, sometimes with a specific victim in mind. Regardless, one need to protect one’s system against allkinds of viruses, because nearly any one can strike at any time, given the right circumstances.Viruses may seem like major problems for individual computer users. For corporations, however, virusescan be devastating in terms of lost data and productivity. U.S. companies lose billions of dollar everyyear to damage caused by viruses. Most of the expenses come from the time and effort required tolocate and remove viruses, restore systems, rebuild lost or corrupted data, and ensure against futureattacks. But companies also lose valuable work time – millions of person-hours each year – as workerssit idle, unable to use their computers. 3
  4. 4. Categories of VirusesSome specific categories of viruses include the following:- 1. Bimodal, Bipartite, or Multipartite viruses – this type of virus can infect both files and the boot sector of a disk. 2. Bombs – The two most prevalent types of bombs are time-bombs and logic bombs. A time- bomb hides on the victim’s disk and waits until a specific date (or date and time) before running. A logic bomb may be activated by a date, a change to a file, or a particular action taken by a user or a program. Many experts do not classify bombs as viruses because they can cause damage or disruption to a system. 3. Cluster viruses – This type of virus makes changes to a disk’s file system. If any program is run from the infected disk, the program causes the virus to run as well. 4. Boot sector viruses – Regarded as one of the most hostile types of virus, a boot sector virus infects the boot sector of a hard disk or floppy disk. This area of the disk stores essential files the computer accesses during start-up. The virus moves the boot sector’s data to a different part of the disk. When the computer is started, the virus copies itself into memory where it can hide and infect other disks. The virus allows the actual boot sector data to be read as though a normal start-up were occurring. 5. E-mail viruses – E-mail viruses can be transmitted via email messages sent across private networks or the Internet. Some e-mail viruses are transmitted as an infected attachment – a document file or program that is attached to the message. This type of virus is run when the victim opens the file that is attached to the message. Other types of e-mail viruses reside within the body of the message itself. Once launched, many e-mail viruses attempt to spread by sending messages to everyone in the victim’s address book; each of those messages contains a copy of the virus. 6. File infecting viruses – This type of virus infects program files on a disk (such as .exe or .com files). When an infected program is launched, the virus’s code is also executed. 7. Joke programs – Joke programs are not viruses and do not inflict any damage. Their purpose is to frighten their victims into thinking that a virus has infected and damaged their system. For example, a joke program may display a message warning the user not to touch any keys or the computer’s hard disk will be formatted. 8. Macro viruses - A Macro virus is designed to infect a specific type of document file, such as Microsoft word or Excel files. These documents can include macros, which are small programs that execute commands. A macro virus, disguised as a macro, is embedded in a document file and can do various levels of damage to data, from corrupting documents to deleting data. 4
  5. 5. 9. Polymorphic, Self-Garbling, self-encrypting, or self-changing viruses – This type of virus can change itself each time it is copied, making it difficult to isolate. 10. Stealth viruses – These viruses take up residence in the computer’s memory, making them hard to detect. They also can conceal changes they make to other files, hiding the damage from the user and the operating system. 11. Trojan Horses – A Trojan Horse is a malicious program that appears to be friendly. For Example, some Trojan Horses appear to be games. Because Trojan Horses do not make duplicates of themselves on the victim’s disk (or copy themselves to other disks), they are not technically viruses. But, because they can do harm, many experts consider them to be a type of virus. Trojan Horses are often used by hackers to create a “backdoor” to an infected system. 12. Worms – A worm is a program whose purpose is to duplicate itself. An effective worm will fill entire disks with copies of itself and will take up as much space as possible in the host system’s memory. Many worms are designed to spread to other computers. Worms are commonly spread over the Internet via e-mail message attachments.Life-cycle of a computer virus Source: http://media.wiley.com/product_data/excerpt/77/07821412/0782141277-2.pdfThe above figure illustrates the life-cycle of a computer virus starting from creation phase and ending ateradication phase. The creation phase is the stage when the virus is being created and is launched intothe system. Once the virus becomes active, it starts replicating itself into other programs with theobjective of destroying the entire system. The Discovery stage is the phase where the virus getsdetected and identified. The last two phases namely the Assimilation and the Eradication phase where 5
  6. 6. the use of updated versions of anti-virus softwares helps us to get rid off the virus. The last three phasesinvolves the maximum amount of effort, time and cost starting from the detection of the virus, updationand usage of costly anti-virus softwares to completely eliminate the virus out of the system. Most of theviruses have a shorter life-cycle with a sudden destructive motive, but disappear quickly the momentprotective methods are employed to eradicate it.Prevention against Viruses 1. Start by being aware that viruses can come from many sources – even sources you trust. For eg., an email virus may arrive in our inbox disguised as a message from a friend or colleague because it has already infected that person’s computer. A home-made CD or floppy disk can be infected too. In fact, even programs purchased in shrink-wrapped packages from reputable stores have been known to harbor viruses on many occasions. The best precaution is to treat all e-mail messages and disks as potential carriers of infection. 2. Checking for viruses requires anti-virus software, which scans your computer’s memory and disks for known viruses and eradicates them. After it is installed in the system and activated, a good antivirus program checks for infected files automatically every time you insert any kind of disk or download a file via a network or Internet connection. Most antivirus utilities can also scan e-mail messages and attached files as you receive or send them. Some popular antivirus programs includes: Kaspersky, McAfee, Norton, Virex, PC-cillin, Avast, etc. 3. Since new viruses are released almost daily, no anti-virus program can offer absolute protection against them all. Many antivirus software vendors allow users to download updated virus definitions or virus patterns (databases of information about viruses and code that can eradicate them) to their programs over the Internet. The newest generation anti-virus programs can find, download, and install updated virus definitions by themselves, automatically, whenever our computer is connected to the Internet. It is advisable to update one’s antivirus software manually or automatically in at least once a week, to make sure one is protected against the latest viruses. 6
  7. 7. 4. Usage of Firewalls: Source: “How Firewalls work”, http://www.howstuffworks.com/firewall.htm A Firewall is a protective barrier that safeguards the system from any unexpected damage. It is basically helpful for those who frequently visits the web or uses the Internet quite regularly. If a firewall is installed, it would help your system to remain protected from any destructive forces although a person uses the computer for any length of time.Data Security IssuesComputer security has received renewed attention in recent years by reports of striking computerviruses and dramatic computer crimes that involve large sums of money. Widespread publicity regardingpotential exposures is increasing public awareness of the need for effective security in computing. Still,most experts agree that many such crimes go undetected. The FBI uniform crime statistics do notseparate computer crime from other sorts of crime. Furthermore, most of the incidents that aredetected will not be publicized because of shame, or because of fear of damage to the organization’s orits management’s reputation, or because of an agreement not to prosecute if the criminal “goes away”.U.S. companies lose billions of dollars every year to damage caused by viruses. Therefore, dollarestimates of computer crime losses are only vague estimates and range from $300 million to $500billion per year. Most of the expenses come from the time and effort required to locate and removeviruses, restore systems, rebuild lost or corrupted data, and ensure against future attacks. Butcompanies also lose valuable work time – millions of person-hours each year – as workers sit idle,unable to use their computers.Protection against computer crime is made especially difficult by the multiplicity of targets and points ofpenetration. In the case of a bank, the obvious target of a bank robbery is, of course, cash. However,because the list of names and addresses of the bank’s certificate of deposit-holders is valuable to acompeting bank, it should also be considered a potential target for a bank robbery. Computer securitysafeguards must address all possible points of penetration, because strengthening the safeguards at onepoint could just make another point of penetration more appealing to intruders. 7
  8. 8. Computer security BreachesComputer security breaches can be classified into 4 categories: Interruption, Interception, Modificationand Fabrication. In an Interruption, an asset (hardware, software, or data) of the Computer BasedInformation System (CBIS) becomes unavailable, unusable or lost. An Interception occurs when anunauthorized party has gained access to an asset. Modification represents the security breach when anunauthorized party not only accesses but tampers with an asset. Finally, Fabrication refers tointroduction of counterfeit objects into a CBIS.Interruption and interception represent the prominent forms of security breaches that involve hardwareresources documented in computer crime cases. The list of human attacks on computing hardwareranges from accidental spilling of drinks to intentional shorting of circuit boards using paper clips tothieves carrying off equipment. Although the central computing facility has long been protected byphysical security systems, the proliferation of personal computers has resulted in renewedvulnerabilities in this area.Computer crime cases that involve software security breaches fall into the interruption, interception,and modification categories. Software can be destroyed maliciously and it can be stolen (i.e. copied).Unauthorized copying of software, especially personal computer software, has not been stoppedsatisfactorily. Nevertheless, unauthorized modification of a working program remains the mostimportant security breach involving software.Because of its nature, data is more vulnerable than both hardware and software to security breaches.Malicious destruction of data (interruption), wiretapping to obtain data in a network (interception),modification of data being transmitted electronically, and creating fictitious records (fabrication)represent the types of data security breaches encountered in computer crime cases.The Privacy Act of 1974The Privacy Act of 1974 (Dec.31, 1974) established a code of Fair Information practices wherein thefederal agencies maintains and records the personally identifiable information about individuals withoutdisclosing the personal information to others. The Privacy Act requires that if an individual’s rights areviolated, the Federal agencies would be subject to damages. “The Privacy Act mandates that eachUnited States Government agency have in place an administrative and physical security system toprevent the unauthorized release of personal records.” (Source: Wikipedia)Conditions of disclosure:-The Privacy Act states in part:“No agency shall disclose any record which is contained in a system of records by any means ofcommunication to any person, or to another agency, except pursuant to a written request by, or withthe prior written consent of, the individual to whom the record pertains.” (Source: Wikipedia) 8
  9. 9. There are specific exceptions for the record allowing the use of personal records: 1. For statistical purposes by the Census Bureau and the Bureau of Labor Statistics 2. For routine uses within a U.S. government agency 3. For archival purposes "as a record which has sufficient historical or other value to warrant its continued preservation by the United States Government" 4. For law enforcement purposes 5. For congressional investigations 6. Other administrative purposesFuture IssuesIn conclusion, we may say that computer viruses are malicious computer programs that are designed byhuman beings to destroy the computers. There are different types of viruses that spread from onecomputer to the other and create problems to the computer users. So the users must get hold of a goodanti-virus program to stop the destructive properties of the viruses. Moreover, the anti-virus softwareshould be constantly updated to include new virus programs that could negate the effects of modernviruses. In addition, one must be extremely cautious while opening any file from any unknown sourcesor while downloading files from the Internet. Unless the computer users are more aware and cautiousabout the viruses, it won’t be possible for all of us to prevent the growing menace of the computerviruses.References:- 1. “Appendix C – Computer Viruses”, Introduction to Computers by Peter Norton, sixth edition, McGraw Hill companies. 2. “Social and Ethical Issues in Information Systems”, (Chapter-19), Principles of Information Systems – A Managerial Approach, by Ralph M. Stair, Boyd and Fraser Publishing company. 3. Computer Security Institute (CSI), http://www.gocsi.com 4. IBM Anti-virus Research, http://www.research.ibm.com/antivirus 5. “How Firewalls work”, http://www.howstuffworks.com/firewall.htm 6. http://en.wikipedia.org/wiki/Privacy_Act_of_1974 7. “Understanding Computer viruses”, Chapter-1, http://media.wiley.com/product_data/excerpt/77/07821412/0782141277-2.pdfPrepared by: Joy Chakraborty, Ph.D scholar, 2011, Roll No: 11BM91S01, VGSOM, IIT-KharagpurPresentation available at:http://www.slideshare.net/JoyChakraborty/information-security-and-privacy-10359652 9

×