View
2
Download
0
Category
Preview:
Citation preview
1
Computer viruses
© 2007 Abonyi-Tóth Zsolt, SZIE ÁOTK
How do they formed?
�Expert programmers
�Not so expert programmers modify the existing viruses
– or somebody downloads a virus generator from the internet
�Computers don’t write viruses on their own! Forget Darvin and evolution!
Why people write PC viruses?
� Looking for some attention…
� Joking
� To try: am I able to do it?
� Terrorist activities
� Punishment of illegal software usage
� Marketplace for virus-killers (!)
� Money (!!!) (spam)
� Collecting information
– passwords, names, addresses, shopping habit
The definition of computer viruses
�Programs, which are able to spread –they send their own copies to other computers (without telling it to the owner of the computers)
– Several phenomenon from annoying messages to deleted hard drives
Groups of viruses
Groups(not exhaustive)
Trojan VirusHardware virus(built-in)
False virus(bug)
User S. User
Backdoor Logical bomb
time bomb
Hoax Chain letter Spam
Tasks of viruses
�Spreading
�Destructing
2
Spreading
Spreading
Program virus
Bootvirus
Macrovirus
Attach-ment
Script User
Bootsectorvirus
Partitiontablevirus
MBRvirus
WebE-mail
Picture(jpg)
Openport
Security hole
Spreading
Spreading Spreading 2
Spreading 2 What to infect?
�Windows PCs (more frequently)
�Linux PCs, MAC OS computers will be more frequent, as the usage of them will be more frequent
�Smart phones (bluetooth)
�PDA – may be infected when synchronized with a PC.
�Fridge?
3
Dangerous things
� E-mail – attachment or script
� Internet– downloaded programs
– warez, porn sites!!!
– just being connected
– false sites (phising)
� Programs (incl. screen savers)
� Documents, tables
� Floppies, CDs – boot
� Pictures (?)
�Attachment
�Just reading (script)
– M$ programs – download security updates frequently!!!
– Good old Netscape…
World Wide Web
� ActiveX – digital signature may protect, but it can be very dangerous
� VBS script – may be dangerous
�Warez sites
� Porno sites
� False servers (phising)
� Back door (e.g. Back Orifice)
� Cookie – remembers your habit
Destruction
� Asks to send a postcard to a Swedish girl
� Plays some music at 5 PM
� Modifies data in Excel
� Doesn’t allow to save the Word document
� Deletes or rewrites files
� Formats the hard disk
� Destroys hardware
� Overloads the network
� Fills the hard disk
� Sends thousands of advertisements in e-mail (using thousands of PCs in a remote controlled zombie network)
Recognizing the infection
�Unusual behavior
– It can be anything, avoid false alarm!
�Change in the length or other attributes of files
�Programs start or run slower
�Something tries to write to a write-protected device
Recognizing the infection
�Less memory, bad sectors on HDD
�Missing files
�Automatic reboot
�Unusual things on the screen
� (Previously) error-free programs don’t start or freeze
�Unusual network activity, rebounding e-mails, mail client starts automatically
4
Protection
� No sure protection!!!
� Information (e.g. www.antivirus.com)
� Use frequently updated virus-killer
� Use firewall
� Use ad-aware removal tool
� Create backup copies
� Use a virtual PC
� Shouldn’t answer suspicious mails (what is your password, account number, etc.)
� Shouldn’t unsubscribe from suspicious mailing lists.
Protection
� Save to RTF (TXT) and CSV format
� Shouldn’t use unknown program
� Forward the warnings to your system admin only
� Windows Scripting Host should be switched off(Extension vbs should be unknown)
� Check for the security updates
� Shouldn’t allow the PC to boot from floppy or CD
� Floppy, pen drive should be write protected if you insert to an unfamiliar PC
� Back up your data frequently
Programs which protect
�Virus scanner– On-demand
– On-access
– Check-sum, heuristic search, sandbox
�Firewall
�Adware and trojan remover
�Virtual PC
�Hardware: broadband router (firewall or simply NAT)
Reduce of injury
�Backup copies of important programs and data
– Far away, several copies
When the user infects
�Hoax
�Pyramid scheme, chain letter
Hoax
�Warning – new, very dangerous virus!
� You shouldn’t read the letter with subject...
� The warning is originated from an ISP (e.g. AOL), corporation (Microsoft, IBM) or government service (Pentagon, FCC)
� Technological terminology like expressions (e.g. n-order infinite loop)
� You should forward this letter...– Overload
– May become true (Good Times)
5
Hoax2
�Blood is needed for a child! Give blood!
�The child will get USD 1 from AOL for all forwarded e-mails
�Puppies will be killed! Adopt them!
�You will get a laptop or new mobile phone...
Chain letter
�Send it for 20 friends to be lucky, other ways you will lose everything...
�The Matchu Pitchu is a product of aliens, see the picture... Tell it everyone...
�What a beautiful flowers/girls/men/cars/hills/puppies/... are in this presentation
�The best jokes of the world...
Phising
� False letter from your bank – log in, type your name, password, account number...
� Banks, ISPs NEVER send such e-mails!
� The link is false, it points to a server, which copies the looking of the original
� Just type your data... Money transfer will be started from your account on the real server in a few minutes!
� The URL of the bank should be typed always! No link, no bookmark!!! (A problem with the DNS server may be still dangerous)
Phising2
�Similar, but they ask for your e-mail login name and password
�Do you want to allow others to send advertisements or pornographic pictures from your account?
�Firewalls and IE7 (other browsers?) try to protect
Social engineering
�Similar to phising!
�You have a phone call. A sexy voice tells, she is an administrator in your bank and needs your account number and password to check something...
�Do you trust people? You shouldn’t!!!
Recommended