Your SlideShare is downloading. ×
Malware
Malware
Malware
Malware
Malware
Malware
Malware
Malware
Malware
Malware
Malware
Malware
Malware
Malware
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Malware

778

Published on

Malware in Computer Systems: Problems and Solutions

Malware in Computer Systems: Problems and Solutions

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
778
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
40
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. CELE Project 2012Mariwan Hama Saeed211034210 weeksComputer ScienceMSc. Advanced Computing SciencePermission given to use this projectWord count: 3095 Malware in Computer Systems: Problems and Solutions 8 June 2012
  • 2. AbstractMalware is a harmful programme, which has incredibly developed over the last decade. Itinfects computer systems, deletes data files and steals valuable information from thecomputer. This paper will focus on providing the most effective solutions to malware thatmight mitigate the problems. It investigated four types of malware as well as it providedthe best three countermeasures. It suggests to computer users a number of practices,such as training the staff about the security software. Students who study computerscience may get some benefits from this project.
  • 3. ContentsAbstractIntroduction ....................................................................................................... 11. Malware ......................................................................................................... 2 1.1 Virus ..................................................................................................... 2 1.2 Worm .................................................................................................... 2 1.3 Trojan ................................................................................................... 3 1.4 Spyware ................................................................................................ 42. Countermeasures of Malware ............................................................................. 5 2.1 Firewall ................................................................................................. 5 2.2 Security Software ................................................................................... 6 2.3 Training ................................................................................................ 7Conclusion ......................................................................................................... 9List of references ................................................................................................ 10
  • 4. IntroductionMalware, which is a contraction of malicious software, is designed to destroy computersystems and programmes. It has changed significantly and rapidly in the last decade andthe security software has greatly developed in the recent years. Today, there are manyforms of malware such as virus, worm, Trojan and spyware. Consequently, there are anumber of computer systems around the world which have been damaged as a result ofmalware. Recently, the latest threat the Flame has been discovered. This threat is a formof the malware that has been found in Iran and has been reported by both Aleks (2012)and Symantec Security Response (2012) as the most complicated threat in the recentyear is located in the Middle-East. Aleks, who is a Kaspersky Lab expert, shows thatKaspersky antivirus provided the solution for that threat as well as Symantec Corporation.The purpose of this paper is to evaluate the problems of malware and provide the bestsolutions of malware on computers. Firstly, the kinds of malware which include virus,worm, Trojan and spyware will be examined. Secondly, the best effective solutions will bepresented which include firewall, security software, and training. This project identifiesthe computer systems which are damaged as a result of harmful programmes.Furthermore, it will show how the problems of malware can be mitigated via hardwaresuch as firewall or via software such as antivirus. However, this project has not providedthe completed solutions of threats because this is only a short project on harmfulsoftware and indicates the countermeasures in a very few papers. 1
  • 5. 1. MalwareAccording to Moir (2003) defines that malware is related to any harmful programmes which aredesigned to damage computer systems and programmes such as virus, worm, Trojan and spyware.1.1 VirusVirus is one of the types of Malware which is a piece of code that attaches to a programme or a file.When the infected programme is run by a user, the virus executes secretly without the user’s noticing(Vacca 2009:56-57). Stallings (200:602) indicates that many viruses need four stages toinfect and destroy computer systems. Firstly, dormant phase which is a stage known as an idlestep because the virus is idle and it is activated by date or by another programme. Secondly, the virustries to copy itself to another programme in the propagation phase. Thirdly, triggering phase in thisstep the virus is ready to perform its function that is caused by several of system tasks such ascounting number of times. Damaging programmes, erasing files and then shutting down or restartingof the computer are done by the virus in the execution phase. These steps are changed from onecomputer to another computer and from one operating system to another one. It also depends on thetypes of vulnerable points in the system.There are many types of viruses one of them is a macro virus. This is one of the most common ofviruses that infect application programmes such as Microsoft Word, Excel and Access. When theseprogrammes are opened, the virus executes itself and performs different actions such as deleting filesand replicates itself to another programme. File infector is another type of virus that attaches toexecutable codes (com and exe) and infect them when the files are installed. After that the virus willexecute (Cole et al. 2005:558).Virus has three main actions. Firstly, the virus generates itself between computers on a network. Thisis a significant point, which distinguishes a virus from other kinds of malware. Secondly, it installs itselfon a computer without users noticing. Furthermore, it damages software by changing, deleting thesoftware and randomly executes files then locks many sources such as mouse and keyboard (Salomon2010:43).1.2 WormSalomon (2010:99) defines the worm as “a programme that executes independently ofother programmes, replicates itself, and spreads through a network from computer tocomputer.” This may mean that the worm is harmful software which infects host to hostvia a vulnerable hole and a security hole in the systems. The main difference betweenviruses and worms is that the viruses always hide in programmes, however, the worms 2
  • 6. are working independently. Moreover, worms are mostly used by hackers rather thanviruses because the worms spread from computer to computer across networkconnections (Kizza 2009:127-128). Stallings (2005:607) notes that the worm uses someways for spreading itself. Firstly, it uses email facilities to copy itself from system tosystem. Secondly, the execution methods help the worm to run itself to other systems.After that, it consumes login facilities in order to duplicate itself from one system to adifferent system.There are several types of worms, Morris is a famous kind of them. It was formed byRobert Morris in 1998 Morris spreads on the UNIX operating system and uses variousnumbers of techniques for copying itself. It makes several illegal actions such as,receiving, sending and forwarding emails automatically, it also makes a combinationbetween user accounts and it exploits fingerprinting protocols. Code Red is another styleof the worms, which was released in 2001, exploits a security hole within the MicrosoftInternet Information Server (IIS) and disables the system file checker in MicrosoftWindows. This worm infected nearly 360,000 servers in 14 hours. In addition, Nimda isanother type of them that was created in 2001. It causes several issues in computers andInternet systems, for example modifying Internet document extensions and it createsseveral copies of itself under various names Stallings (2005:608-609).1.3 TrojanCollin (2004:338) explains that Trojan is a programme, which is put into a system byhackers. It copies information without users authorisation. Sometimes, the Trojans mightbe useful programmes, such as games and anti-viruses. Users are aware of theinstallation processes of Trojans, but they do not know about their hidden processes(Vacca 2009:122). Trojans are different from viruses and worms because they do notcopy themselves. They might pass many security controls and they might not be stoppedby firewalls, these can be great threats to the security of organizations (Cole et al.2008:312-313).Trojan causes many actions. Firstly, it might steal data or may monitor user’s action(Vacca 2009:295). Secondly, it is used for hacking technique by providing pieces ofhidden code in a benefit programme for example Green Saver. Moreover, Trojan uses anexecutable script, such as JavaScript for introducing them into a users workstation. Also,the Trojan enters into the system via a lack of security to obtain unauthorized access ofresources (Vacca 2009:681). Furthermore, it can be indirectly used to complete actions,whilst unauthorized users cannot finish them directly. For example, Trojan can be used 3
  • 7. for reading files in another system (Stallings 2005:601). Trojan might run additional codethat performs a harmful activity in the system. Attackers use it in order to spreadingviruses or other types of malware into systems without the user’s attention (Cole2005:486-487).There are many types of Trojan that the Farfli Trojan77 is a one kind of Trojan. It wascreated in 2007 that spreads massively, downloads and installs onto the computer. Thisaffected browsers, which were developed by Chinese programmers (Vacca 2009:681).Net-Bus and Sub-Seven are other types of Trojan, which are used by the hackers and theattackers for destroying systems and stealing significant information from the systems(Nestler 2011:142-143).1.4 SpywareAccording to Collin (2004:313), spyware is a kind of software that might be installed onthe users computer without their knowledge and it sends the user’s information to thereal source of itself. This means that spyware is created for stealing personal informationof the computer users. The main distinction between spyware, viruses and worms is thatspyware easily spread in the computers and they can be removed quickly. Furthermore,pop-ups and spam are increased as a result of some types of spyware. These areharassing users of the computer. In 2005 the NCSA reported that 61% of the computerswere affected by spyware around the world (CA, Geier, and Geier 2007:5-7).Spyware uses many ways to gather information for the central source. Firstly, it useskeystrokes which are responsible for copying sensitive information and passwords of thecomputer’s user. Secondly, emails are used by the spyware for sending user’s data to thecreator of the spyware. Thirdly, much of the spyware are copying communicationsbetween computer users and then sends to the spyware’s owner. Some applications andwebsites are used by the spyware for monitoring users (Cole et al. 2008:314).Spyware can do many huge actions. The spyware might be installed in computers withoutuser authorisation; it may find some ways to enter computers via free soft-wares andgames, which are downloaded from websites. Some types of spyware destroy desktopicons, computer programmes and web browsers. This is annoying computer users. Itmakes computers and the Internet slowdown that is a significant problem when users aretrying to download large files, watching online videos and using computer programmes(CA, Geier, and Geier 2007:5-7). 4
  • 8. 2. Countermeasures of MalwareThere are many ways that can be used for mitigating the impacts of the malware oncomputer systems. This section will explain the solutions of malware in terms of Firewall,Security Software and Training.2.1 FirewallThe rapid growth of technology in terms of Internet and computers led to growth in thenumber of users and activities of the users but no all activities of the users areacceptable. Computers should have been protected against of the unacceptable actions ofthe users. Therefore, home computers and organisation computers need protectionbecause they are facing threats from the internal users and the external users. Theadministrators of these computers should be able to find ways to protect the computers. Afirewall is one of the best ways for protecting computers (Kizza 2009:249). MicrosoftCorporation (n.d.) defines that the firewall as “ a software programme or piece ofhardware that helps screen out hackers, viruses, and worms that try to reach yourcomputer over the Internet.” This means that the firewall is a protection of computersystems in a considerable way.The hardware and software firewalls are designed to protect computers from Malware,which include Trojans, Viruses, Spywares and Worms. A personal computer usually onecomputer that is better to protect it by software firewall that is called a personal firewall(Salomon 2010:202-203). Cole et al. (2008:318) indicate that the personal firewall is asoftware work on the user’s computer that can be very effective and it can block insideactions and outside actions that come from the Internet. It allows the users of thecomputer to manually block and permit in and out traffic. However, for connecting variousnumbers of computers and producing group of computers this needs protection. In thatsituation, it is better to use a hardware firewall, which is the same as the personal firewallin working but it is more robust than personal firewall (Salomon 2010:202-203).According to Cole et al. (2008:59-60), There are many problems can be solved by afirewall. The firewall helps operating system services for distinguishing fake applicationsand fake users. This is called poor authentication. It scans free programmes in a highlyeffective way and identifies which one of them is not optimized and creates a vulnerabilityhole in the security of the computer operating system. Moreover, hackers are blocked in ahighly effective way by firewall. The firewall works all times against attackers, who are 5
  • 9. responsible for destroying computer programmes because it can be able to block sometypes of attacks.However, the firewall has many limitations for some kind of problems. Some of theattackers can bypass the firewall. In this situation the firewall cannot block that attackers.Some internal threats cannot remove by firewall such as employees who work withexternal attacker against the companies. In addition, firewall cannot detect all types ofmalware because it would be impossible for the firewall to scan all emails, messages andprogrammes for identifying which types of malware they include (Stallings 2005:623-624). It is clear that for providing the most effective security for any organisations andcompanies the firewall is not perfect because it can solve some problems not all of theproblems. Security software is another solution that can be used with firewalls forestablishing that purpose.2.2 Security SoftwareToday, much software is designed for securing computer operating systems. Antivirusprogrammes are one of the most effective programmes that are widely used for securingcomputers against viruses, worms and Trojans. Computer users also use anti-spywareprogrammes which are another programme for protecting computers from spyware.Antivirus software, which is one of the best programmes, can be used to protectcomputers from malware. In the past, antivirus programmes were very simple softwarepackages and viruses were uncomplicated codes. The viruses were solved easily.However, the viruses are more complicated, such as Flame virus, which was reported byKaspersky and Norton anti-virus programmes as one of the sophisticated viruses thatspread in the middle-east last month. Similar to viruses’ antivirus software hassignificantly grown.Many antivirus programmes use three steps to eliminate viruses from the infectedsystems one of them is detection step. In this step when the infection has happened, theantivirus programme may locate the virus. Identification is the second stage that virusesare identified by the antivirus programme. Removal is the final, in this stage antivirusprogramme remove the viruses. However, when the anti-virus programmes are unable toclean the infected systems from viruses in those stages, restoring backup version of thesystem might be one of the possible alternative ways to solve this problem (Stallings2005:610). 6
  • 10. Currently, there are many antivirus programmes that can be used to protect computersystems. Microsoft Security Essentials is one of the antivirus programmes, which is usedto guard computer systems from threats. It is free, easy to use and it does not need toscan the computer systems or update itself because it does automatically via theMicrosoft website. It can be said Norton and Kaspersky antivirus programmes are the bestantivirus programmes that can be used to protect systems and eliminate viruses from aninfected system. They need virus signature updates because they use virus signatureupdates for eliminating and protecting systems from the latest viruses (Cole et al.2008:317-318).It is clear that some antivirus programmes can not able to remove threats such asspyware because antivirus programmes face a number of difficult obstacles. Vacca(2009:61-62) points out that one of the challenges for the antivirus programmes is acomplicated malware, which is growing continuously. The infected system is anotherobstacle for the antivirus programmes. Moreover, many malware stay in memory thataffect files and attack the computer system processes. Sometimes the antivirusprogrammes are turned off by some of the most dangerous threats. In this situation thatis possible to use anti-spyware programmes, which are one of the alternativeprogrammes that can be used for removing and cleaning systems from spyware.Anti-spyware programmes guard computer systems from spyware. Today, there aremany numbers of anti-spyware programmes that can be seen. Microsoft Corporation(n.d.) argues that the Microsoft Windows Defender one of the programmes that can ableto protect systems from a various number of spyware but it needs updating to workproperly. It offers two ways to scan computer systems against spyware. Real-timeprotection in this way the programme alerts the user about the spyware when thespyware wants to install on the system. Scanning options that is the second way offersthe user the schedule scan and the custom scan of the system against the spyware.However the security software may not able to protect the computer systems completely.Training method is one of the ways that can assist the security programmes and thefirewalls to provide the highly protection of the computer systems against the malware.2.3 TrainingTraining is an additional protection for the firewalls and the security software forcountermeasures of Malware. It can be provided for members and staffs of anyorganisations because the implementation of a robust and secure organization such asuniversities and companies is not enough and needs highly skilled employees in terms of 7
  • 11. security. Today new vulnerabilities and new threats are discovered. It is important for ITstaffs in any organisation to be prepared for identifying the vulnerabilities and threatsVacca (ed.) (2009:9-10).Cole et al. (2008) indicate that there are many practices that can be provided for ITstaffs. They should open only expected emails no stranger emails because many strangeremails include graphic files and audio files. These files are used by hackers and attackersfor spreading threats and catching useful information. Another practice for the staffsshould use other email clients for reading and receiving questionable emails becausethese emails may be shared by other members in public clients. It seems possible that ITstaffs should know how to use the security programmes and how can update theseprogrammes. It is better to scan all the downloaded files from emails before using toprotect the computer systems from threats. 8
  • 12. ConclusionThe issues of malware have not been solved completely in this project because they havedeveloped considerably. This paper has discussed the problems of the dangerous types ofthe malware and has provided some significant countermeasures for the malware. Thesolutions have been presented in great ways in terms of firewalls, the security softwareand providing training in a highly useful way for the staff of an organisation becauseinsecure organisation is more sustainable to be effected by threats than a more secureone.According to Microsoft Corporation (n.d.), it seems that Microsoft Windows Defender andMicrosoft Security Essential are the programmes that may be very useful for mitigatingthe problems of malware. However, Cole et al. (2008) suggest that there are manypractices of the members of the organisations that can be provided. It is clear that thispaper has not suggested all the possible solutions to reduce the problems of harmfulprogrammes because this is limited in terms of the number of words. It also suggestedthat for any users of computer around the world they should be able to use the securityprogrammes and know how these programmes are updated via the Internet and how canthe infected computer be solved. Today, the number of hackers and attackers hasextremely grown. They use various types of malware for stealing information anddamaging, deleting computer systems and data files. It will be better for otherresearchers to provide extra solutions for the malware. 9
  • 13. List of ReferencesAleks (2012) The Flame: Questions and Answers [online] available from<http://www.securelist.com/en/blog/208193522/The_Flame_Questionsand_An swers> [5May 2012]CA, Geier, E., and Geier J. (2007) Simple Computer Security. Indianapolis: WileyPublishingCole E., Krutz R., and Conley J. W. (2005) Network Security Bible. Indianapolis: WileyPublishingCole, E., Krutz, R. L., Conley, W. J., Reisman, B., Ruebush, M., Gollmann, D., and Reese,R. (2008) Network Security Fundamentals. Danvers: Wiley PublishingCollin, S.M.H. (2004) Dictionary of Computing. Bloomsbury Publishing Plc: Peter CollinPublishingKizza, J. M. (2009) Guide to Computer Network Security. London: SpringerMicrosoft Corporation (n.d.) what is a firewall [online] available from<http://www.microsoft.com/security/pc-security/firewalls-whatis.aspx> [27 May 2012]Microsoft Corporation (n.d.) Microsoft Security Essentials [online] available from<http://windows.microsoft.com/en-US/windows/products/security-essentials > [2 May2012]Microsoft Corporation (n.d.) Windows Defender [online] available from<http://windows.microsoft.com/en-US/windows7/products/features/windows-defender>[2 May 2012]Moir, R. (2003) Defining Malware [online] available from <http://technet.microsoft.com/en-us/library/dd632948.aspx> [20 May 2012]Nestler, V., Conklin, A., White, G., and Hirsch, M. (2011) Principles of Computer Security.New York: McGraw-HillSalomon, D. (2010) the elements of computer security. London: Springer 10
  • 14. Stallings, W. (2005) Cryptography and Network Security Principles and Practices. London:Prentice HallSymantec Security Response (2012) Flamer: Highly Sophisticated and Discreet ThreatTargets the Middle East [online] available from<http://www.symantec.com/connect/blogs/flamer-highly-sophisticated-and-discreet-threat-targets-middle-east> [5 May 2012]Vacca, J. R. (ed.) (2009) Computer and Information Security. Burlington: MorganKaufmann 11

×