Pc viruses

1,343 views

Published on

Basics about PCViruses

Published in: Technology, Education
  • Be the first to comment

Pc viruses

  1. 1. PC Viruses How they got the name What they are How they spread How to prevent themand how to prevent their annoying evil twin, virus hoaxes
  2. 2. PC VirusesHow they got that name
  3. 3. PC Viruses How they got the nameq Computer viruses are called viruses because they share some of the traits of biological viruses. • A computer virus passes from computer to computer like a biological virus passes from person to person.
  4. 4. PC Viruses How they got the nameq A biological virus is not living. • It’s a fragment of DNA inside a protective jacket. Unlike a cell, a virus has no way to do anything or to reproduce by itself -- it is not alive.q Computer viruses also can not reproduce by themselves
  5. 5. PC Viruses How they got the nameq A biological virus inject itself into a cell • And uses the cells existing machinery to reproduce itselfq A computer virus “piggybacks” on top of a program or document • And “reproduces (gets executed) • Once running, it’s able to infect other programs or documents
  6. 6. PC VirusesWhat they are
  7. 7. PC Viruses What they areq A virus is a small piece of software (code) that piggybacks on real programs, like Excel, that have “embedded executable languages” • Macro languages -- Visual Basic, etc. • Each time the program runs the virus runs, too • and it has the chance to reproduce (by attaching to other programs) or wreak havoc.
  8. 8. PC Viruses What they areq E-mail viruses • An e-mail virus moves around in attachments to e-mail messages, and usually replicates itself by automatically mailing itself to dozens of people in the victims e-mail address book.
  9. 9. PC Viruses What they areq Dave Parry, TPC User explains • Most e-mails are sent as plain ASCII text, which cannot run programs. • Word and Excel files can carry viruses because they have a macro language. • The files as such are quite harmless if they have no macros. • One way to cleanse WinWord DOC files is to save them as RTF, which is text only and no macros.
  10. 10. PC Viruses What they areq TPC October Meeting participants respond: • email that uses HTML coding can carry viruses embedded in the HTML coding of the message. • Users have a choice to use HTML coding or not • the suggestion from the floor was to turn it off
  11. 11. PC Viruses What they areq Trojan Horse • A Trojan horse is a computer program • The program claims to do one thing (it may claim to be a game) but instead does damage when you run it (it may erase your hard disk) • Trojan horses have no way to replicate automatically.
  12. 12. PC Viruses What they areq Worms • A worm is a small piece of software that uses computer networks and security holes to replicate itself. • A copy of the worm scans the network for another machine that has a specific security hole. • It copies itself to the new machine and starts replicating from there
  13. 13. PC Viruses What they areq Worms and Trojan horses are actually more common today than viruses. • Antivirus programs offer protection against all viruses, worms, and Trojans • refer to all of these types of malware as viruses.
  14. 14. PC VirusesHow they spread
  15. 15. PC Viruses How they spreadq A virus runs first when a legitimate program is executed. • The virus loads itself into memory and looks to see if it can find any other programs on the disk. • If it can find one, it modifies it to add the viruss code to the new program. • Then the virus launches the "real program."
  16. 16. PC Viruses How they spreadq The user has no way to know that the virus ever ran. • Unfortunately, the virus has now reproduced itself, so two programs are infected. • The next time either of those programs gets executed, they infect other programs, and the cycle continues.
  17. 17. PC Viruses How they spreadq When the infected program • is distributed by • floppy disk • uploaded to a bulletin board • zipped and delivered as an executable • then other programs get infectedq This is how viruses spread
  18. 18. PC Viruses How they spreadq Virus Attacks • Some sort of trigger will activate the attack phase, and the virus will then "do something” • Anything from printing a silly message on the screen to erasing all of your data. • The trigger might be a specific date, or the number of times the virus has been replicated, or something similar.
  19. 19. PC Viruses How they spreadq Virus creator’s tricks • load viruses into memory so they ran in the background • infect the boot sector on floppy disks and hard disks
  20. 20. PC VirusesHow to prevent them
  21. 21. PC Viruses How to prevent themq Run a secure operating system like UNIX or Windows NT • security features keep viruses awayq Buy virus protection softwareq Avoid programs from unknown sources (like the Internet)q Stick with commercial software purchased on CDs
  22. 22. PC Viruses How to prevent themq With E-mail viruses • defense is personal discipline • Never double-click on an attachment that contains an executable program • Attachments that come in as • Word files (.DOC), spreadsheets (.XLS), images (.GIF and .JPG), etc., are data files • and they can do no damage • excepting the macro virus problem in Word and Excel documents mentioned above
  23. 23. PC Viruses How to prevent themq With E-mail viruses • defense is personal discipline • Never double-click on an attachment that contains an executable program • A file with an extension like .EXE, .COM or .VBS is an executable • and an executable can do all sorts of damage • once run, you have given it permission to do anything on your machine. • Never run executables from e-mail.
  24. 24. PC Viruses How to prevent themq Don’t victimize yourself • learn where to find legitimate information on hoaxes, myths etc. • do not forward warnings if you haven’t personally checked them out!q vmyths.com/index.cfmq http//antivirus.about.comq www3.ca.com/virusinfo/
  25. 25. PC Viruses How to prevent themq Some rules of thumb: • if you merely find JDBGMGR.EXE on your computer, then its probably not infected;q But. . . • if you receive JDBGMGR.EXE as an email attachment, then it probably is infected.
  26. 26. PC Viruses How to prevent themq TPC Member Jim Tittsler reports: • “...there have been problems with buffer overflows where downloading a message with carefully crafted Date: header was enough to execute code. • No attachment, no preview or "opening" required, since the attack begins when the client retrieves the Date: header of the message from the server. • http://www.iss.net/security_center/static/4953.php
  27. 27. PC Viruses How to prevent themDon’t fall for theq "False Authority Syndrome” • Most people who claim to speak with authority about computer viruses have little or no genuine expertise. • The person feels competent to discuss viruses because of • his job title, • because of expertise in another computer field, • simply because he knows how to use a computer
  28. 28. PC Viruses How to prevent themq E-mail is clearly the predominant vulnerability point for viruses • Current viruses are spread via security holes in Microsoft Outlook and Outlook Express • Free patches are available from Microsoft to address these problems • many people are reluctant to apply them.
  29. 29. PC Viruses How to prevent themq First, update your system with Windows Update and Office Update • or, buy a Macq Buy virus protection software • eTrust EZ Anti Virus • (TPC NG’s Tom Young from Osaka recommends it) • http://www2.my-etrust.com/products/Antivirus
  30. 30. PC Viruses How to prevent themq What’s the best one to buy? • The WildList International: • As each package offers slightly different features, only the individual or corporate administrator can decide which package would best suit the need. • There are a number of papers written on how to choose the best personal antivirus software.
  31. 31. PC Viruses How to prevent themq What’s the best one to buy? • The WildList International: • We encourage you to arm yourself with as much knowledge as possible prior to making a final purchasing decision. • This includes being familiar with • the affiliation of the authors of such papers and • any affiliations between testers and software developers. • (see False Authority Syndrome)
  32. 32. PC Viruses How to prevent themProduct Editors Members(rated by PC Magazine) Rating RatingNorton Anti Virus 2002 5 3McAfee Security Suite No rating No ratingTrend PC-Cillin 2002 3 4Panda Antivirus Platinum 6.0 4 No ratingNorman Virus Control 5.2 3 No ratingMcAfee Virus Scan 6.0 3 4Kaspersky Anti-Virus Personal 3 No ratingF-Secured Anti-Virus Pesonal Edition 3 No ratingETrust EX Armor Suite 3 No rating
  33. 33. PC VirusesHow to spot a hoax
  34. 34. PC Viruses How to spot a hoaxq "Thoughts travel faster in a vacuum." • Think about it. By removing the actual thinking process, thoughts can travel uninhibited and thus exceed all logical bounds. • In addition, such thoughts often tend to become hyperdriven (adj. driven by hype).
  35. 35. PC Viruses How to spot a hoaxq Rule of thumb: If you receive a virus alert message, dont believe it. • There are warnings usually in ALL CAPS about reading or downloading an e-mail message • Also look for the multiplication of exclamation marks. • Salvation by immediate deletion is also nearly universal.
  36. 36. PC Viruses How to spot a hoaxq For some reason the word "miscreant" is a common catchphrase in hoaxes.q Hoax viruses always seem to wield the powers of a vengeful binary god. • Such godlike viruses can often do nasty things to your system that are beyond the abilities of software, mere mortals, or even most hardware technicians.
  37. 37. PC Viruses How to spot a hoaxq (it says) forward this mail to anyone you care about. • Here it is. This is the replication engine. This is what gives the virus the pesky lifelike ability to multiply. This is also a dead giveaway that it is a hoax.
  38. 38. PC Viruses How to spot a hoaxq The Authoritative Source Syndrome • "Whoa! The FCC. This must be real." • This aspect of cited authority is meant to lend credibility to the hoax. • The truth is, however, that according to the FCC they have never, and will never, send out virus warnings.
  39. 39. PC Viruses How to spot a hoaxq Superlative abilities of the virus: • unparalleled in its destructive capability • this virus is "highly intelligent” • Odd. All the viruses seen (at IBM Research) are extremely dumb. • “most destructive” • “most polymorphic” • “stealthiest” virus.
  40. 40. PC Viruses How to spot a hoaxq The language is crafted to sound technical.q It uses computer jargon • It tends to lend credibility to the hoax. • Do you believe that a CPU can be melted down by "an nth-complexity infinite binary loop”?
  41. 41. Bonus Pack!TPC User Comments
  42. 42. PC Viruses Bonus Pack! TPC Users commentq Recent virus unleashed! • W32/Bugbear@MM • found on McAfee’s site • reported by TPC Member Sam Julien
  43. 43. PC Viruses Bonus Pack! TPC Users commentq Andrew Hayes writes: • “Store your original program installation CDs and license information in a safe place (A safe place is not next to you PC) • Keep backups of your data or any downloaded software • (after it has been thoroughly scanned) • Run AV software 24/7
  44. 44. PC Viruses Bonus Pack! TPC Users commentq Andrew Hayes writes: • Dont open email attachments unless youre 110% certain they are safe, • if youre not expecting something from a friend, confirm with them before opening it. • (He’s) seen a few infected systems, from a relatively benign Word Macro virus to one that trashed the HDD (so that) a low- level format was need to get it working again.
  45. 45. PC Viruses Bonus Pack! TPC Users commentq Andrew Hayes writes: • “I also saw one that blew the mobo by setting registers to a certain combination that caused an overload in part of the circuit, but Im sure those sort are very rare now. • Modern motherboards dont have those types of defects, do they?”
  46. 46. PC Viruses Bonus Pack! TPC Users commentq David Parry (uses) • Virus Buster from Leprechaun Software • Updates are available very soon after a new virus appears • e-mailed notification of new viruses and also news of hoaxes. • (He) gave up on McAfee after paying for upgrades and getting the runaround when (he couldn’t) log in to download the goodies. • He goes on to say that the Australian Gov’t uses Leprechaun antivirus software
  47. 47. PC Viruses Bonus Pack! TPC Users commentq CR Lipton has interesting comments • about security on the Trend Micro site • “Apparently, if this mornings CNet News is to be believed, one of the things you should NOT do is to scurry down to the Trend Micro website and buy anything from them. • According to the story, their shopping pages have a little glichette that causes it to pop up with the previous buyers name, address, and credit card information already filled in for you. • If anyone wants to, they can then charge their purchase to your credit card while getting the product delivered to themselves. • And, even better, your credit card info continues to be displayed until the next honest person erases yours and types in theirs.
  48. 48. PC Viruses Resources
  49. 49. PC Viruses Resourcesq www.tokyopc.org/ Chit Chat Newsgroup -- Chit Chat “Personal Computer Virus Attacks”q www.vmyths.com/ This site is NOT sponsored by antivirus companies – it lists virus hoaxesq www.symantec.com/avcenter/hoax.html Here’s another hoax site, from Symantecq www.symantec.com/avcenter/ Symantec Security Advisory siteq www.howstuffworks.com/virus.htm How computer viruses workq www.cert.org/other_sources/viruses.html Carnegie Mellon Software Engineering Institute, CERT® Coordination Center Computer Virus Resourcesq www.virusbtn.com/ Virus Bulletin Independent Anti Virus Adviceq www.ciac.llnl.gov/ciac/CIACVirusDatabase.html Although the Computer Incident Advisory Capability site (associated with the DOE) is no longer being maintained, it has loads of advice and information about PC and Mac viruses. Also links to other sites that are being maintained.q www.zdnet.com/products/stories/reviews/0,4161,2248291,00.html ZD Nets tells you how to protect against computer viruses.
  50. 50. PC Viruses Resourcesq www.special.northernlight.com/compvirus/ Current news, Journal articles and editorials; Virus Writers and Hackers; Journals, Portals and Reference; US Government Resources; Web bugs; Malware, Spyware, Adware and Trojan Horses; Diagnostics; Anti-Virus Solutions (over 30 of them!)q www.research.ibm.com/antivirus/SciPapers/Wells/HOWTOSPOT/howtospot.htm l Joe Wells seminar and funny paper on getting “in the know”q www.jaring.nmhu.edu/virus.htm Computer viruses have been with us since the late 1980s and continue to increase in number. The following list includes some of the best sites on the Internet for describing computer viruses as well as links to many of the top anti-virus software sites. From Wayne Summers at New Mexico Highlands University.q www3.ca.com/virusinfo/ More than I ever wanted to know about computer viruses. The Virus Information Center serves as a rich, up-to-the-minute resource, containing detailed information on viruses, worms, Trojans, and hoaxes, as well as valuable documentation on the implementation of comprehensive antivirus protection. CA’s eTrust Antivirus Research Centers monitor around-the-clock to defend against the damaging effects a virus outbreak could cause.
  51. 51. PC Viruses Resourcesq www.sophos.com/virusinfo/whitepapers/videmys.html An introduction to computer viruses written by Carole Theriault, carole.theriault@sophos.com, Sophos Plc, Oxford, UK and first published in: October 1999q www.cknow.com/vtutor/index.htm Computer Knowledge Virus Tutorialq www.pcmag.com/article2/0,4149,6276,00.asp PC Magazine Personal Antivirus Articleq www.wildlist.org/ The worlds premier source of information on which viruses are spreading In the Wild. But dont take our word for it. Read what PC Magazine, MSNBC an others have to say about usq www.research.ibm.com/antivirus/SciPapers.htm With scientific papers titled, Where There’s Smoke, There’s Mirrors, how can you go wrong?q http://vil.mcafee.com/dispVirus.asp?virus_k=99728McAfee detailed information on latest virus released into the Wild.
  52. 52. PC Viruses Thank you!

×