computer viruses

31
Computer Viruses Ali F. Al Sarraf Eng. Ali F. Al Sarraf E-Mail: [email protected] 1

Upload: ali-al-sarraf

Post on 11-Nov-2014

161 views

Category:

Internet


0 download

DESCRIPTION

Computer viruses history

TRANSCRIPT

Page 1: Computer viruses

1

Computer Viruses

Ali F. Al Sarraf

Eng. Ali F. Al Sarraf E-Mail: [email protected]

Page 2: Computer viruses

Eng. Ali F. Al Sarraf E-Mail: [email protected] 2

Introduction

A computer virus is a program or piece of code that is loaded onto your computer without your knowledge and runs against your wishes. Viruses can also replicate themselves. All computer viruses are man-made. A simple virus that can make a copy of itself over and over again is relatively easy to produce. Even such a simple virus is dangerous because it will quickly use all available memory and bring the system to a halt. An even more dangerous type of virus is one capable of transmitting itself across networks and by passing security systems.

Since 1987, when a virus infected ARPANET, a large network used by the Defense Department and many universities, many antivirus programs have become available. These programs periodically check your computer system for the best-known types of viruses.

Some people distinguish between general viruses and worms. A worm is a special type of virus that can replicate itself and use memory, but cannot attach itself to other programs.

Page 3: Computer viruses

Eng. Ali F. Al Sarraf E-Mail: [email protected] 3

History of Computers Viruses

Computer viruses have been around for a long, long time — pretty much as long as personal computing and mainstream software development — and they've been making international news since the Internet graduated from a researcher's toy to a tool for consumers.

If you've ever wondered what the first viruses were like and just how bad or dangerous they were, this info graphic should be an interesting read for you. And the Space Invaders graphics will be easy on your nerdy eyes, too.

While the first virus in this brief history coincided with the birth of the 3.5-inch floppy disk, a lot of the malware we see these days relies on social media or mobile apps for transmission, adequate proof (as if any was needed) that with any innovation comes an opportunity for exploitation.

The twist these days is that more viruses are specifically targeted to steal personal data and make money for their creators, which was not necessarily a goal for many of the virus-writing hackers of the late 1980s and early 1990s. In fact, according to this data, the first money-making computer virus didn't hit PCs until 2003.

Page 4: Computer viruses

Eng. Ali F. Al Sarraf E-Mail: [email protected] 4

Brain Virus – in 1986Origin - Pakistan

The first virus to infect PC Computers was discovered in 1986. named BRAIN, it spread around the world VIA FLOPPY DISKS. But was not meant to be a destructive virus, which is why authors included their name and contact information in the virus code.

The authors were identified as Brothers AMJAD FAROOD and BASIT FAROOD from Lahore, BAKISTAN.

Today the run a successful internet service provider called BRAIN TELECOMMUNICATION LTD.

Page 5: Computer viruses

Eng. Ali F. Al Sarraf E-Mail: [email protected] 5

Brain Virus – in 1986Origin - Pakistan

Page 6: Computer viruses

Eng. Ali F. Al Sarraf E-Mail: [email protected] 6

Stoned Virus – 1987Origin – New Zealand

Before there was the World Wide Web, the computer viruses spread via floppy disks. One of the earliest was the 1987 boot-sector virus Stoned, which taunted infected users with the on-screen message, "Your computer is now stoned."

Several variants of the virus were written by copycats, ushering in the practice of hackers updating existing virus code to create more infections.

Page 7: Computer viruses

Eng. Ali F. Al Sarraf E-Mail: [email protected] 7

Stoned Virus – 1987Origin – New Zealand

Page 8: Computer viruses

Eng. Ali F. Al Sarraf E-Mail: [email protected] 8

Form Virus – 1990Origin – Switzerland

Form was a boot sector virus isolated in Switzerland in the summer of 1990 which became very common worldwide. The origin of Form is widely listed as Switzerland, but this may be an assumption based on its isolation locale. The only notable characteristics of Form are that it infects the boot sector instead of the Master Boot Record (MBR) and the clicking noises associated with some infections. Infections under Form can result in severe data damage if operating system characteristics are not identical to those Form assumes.

It is notable for arguably being the most common virus in the world for a period during the early 1990s.

Page 9: Computer viruses

Eng. Ali F. Al Sarraf E-Mail: [email protected] 9

Michelangelo Virus – 1991Origin – Australia

The Michelangelo virus is a computer virus first discovered in 4 February 1991 in Australia The virus was designed to infect DOS systems, but did not engage the operating system or make any OS calls. Michelangelo, like all boot sector viruses, basically operated at the BIOS level. Each year, the virus remained dormant until March 6, the birthday of Renaissance artist Michelangelo. There is no reference to the artist in the virus, and it is doubtful that the virus writer intended Michelangelo to be referenced to the virus. Michelangelo is a variant of the already endemic Stoned virus.

On March 6, if the PC is an AT or a PS/2, the virus overwrites the first one hundred sectors of the hard disk with nulls. The virus assumes a geometry of 256 cylinders, 4 heads, 17 sectors per track. Although all the user's data would still be on the hard disk, it would be irretrievable for the average user.

On hard disks, the virus moves the original master boot record to cylinder 0, head 0, sector 7.

On floppy disks, if the disk is 360 KB, the virus moves the original boot sector to cylinder 0, head 1, sector 3.

On other disks, the virus moves the original boot sector to cylinder 0, head 1, sector 14.

Page 10: Computer viruses

Eng. Ali F. Al Sarraf E-Mail: [email protected] 10

Michelangelo Virus – 1991Origin – Australia

Page 11: Computer viruses

Eng. Ali F. Al Sarraf E-Mail: [email protected] 11

VCL Virus – 1992Origin – USA

The Virus Creation Laboratory, or VCL, as it is known, was one of the earliest attempts to provide a virus creation tool so that individuals with little to no programming expertise could mass-create computer viruses.

A hacker dubbed "Nowhere Man", of the NUKE hacker group, released it in July 1992.

However, it was later discovered that viruses created with the Virus Creation Laboratory were often ineffective, as many anti-virus programs of the day caught them easily. Also, many viruses created by the program did not work at all - and often, their source codes could not be compiled. Due to a limited feature set and bugs, the Virus Creation Laboratory did not become popular with virus writers, who preferred to write their own.

Page 12: Computer viruses

Eng. Ali F. Al Sarraf E-Mail: [email protected] 12

VCL Virus – 1992Origin – USA

Page 13: Computer viruses

Eng. Ali F. Al Sarraf E-Mail: [email protected] 13

HAPPY 99 Virus – 1999Origin – Unknown

Happy 99 was the first email virus, it greeted you with “ happy new year “ and emailed it self to all contacts in your address book.

Like the very first PC viruses, happy 99 did not cause any real damage, though it did spread to millions of PCS around the world.

Page 14: Computer viruses

Eng. Ali F. Al Sarraf E-Mail: [email protected] 14

Love letter Virus – 2000Origin – Philippines

ILOVEYOU, sometimes referred to as Love Letter, was a computer worm that attacked tens of millions of Windows personal computers on and after 5 May 2000 local time in the Philippines when it started spreading as an email message with the subject line "ILOVEYOU" and the attachment "LOVE-LETTER-FOR-YOU.txt.vbs". The latter file extension (in this case, 'VBS' - a type of interpreted file) was most often hidden by default on Windows computers of the time, leading unwitting users to think it was a normal text file. Opening the attachment activated the Visual Basic script. The worm did damage on the local machine, overwriting image files, and sent a copy of itself to the first 50 addresses in the Windows Address Book used by Microsoft Outlook.

Page 15: Computer viruses

Eng. Ali F. Al Sarraf E-Mail: [email protected] 15

Love letter Virus – 2000Origin – Philippines

Page 16: Computer viruses

Eng. Ali F. Al Sarraf E-Mail: [email protected] 16

SASSER Virus – 2004Origin – Germany

Sasser was first noticed and started spreading on April 30, 2004. This worm was named Sasser because it spreads by exploiting a buffer overflow in the component known as LSASS (Local Security Authority Subsystem Service) on the affected operating systems. The worm scans different ranges of IP addresses and connects to victims' computers primarily through TCP port 445. Microsoft's analysis of the worm indicates that it may also spread through port 139. Several variants called Sasser.B, Sasser.C, and Sasser.D appeared within days (with the original named Sasser.A). The LSASS vulnerability was patched by Microsoft in the April 2004 installment of its monthly security packages, prior to the release of the worm. Some technology specialists have speculated that the worm writers reverse-engineered the patch to discover the vulnerability, which would open millions of computers whose operating system had not been upgraded with the security update

Page 17: Computer viruses

Eng. Ali F. Al Sarraf E-Mail: [email protected] 17

SASSER Virus – 2004Origin – Germany

Page 18: Computer viruses

Eng. Ali F. Al Sarraf E-Mail: [email protected] 18

Types Of Viruses

1. Boot Sector Virus

The term “boot sector” is a generic name that seems to originally come from MS-DOS but is now applied generally to the boot information used by any operating system. In modern computers this is usually called the “master boot record,” and it is the first sector on a partitioned storage device.

Boot sector viruses became popular because of the use of floppy disks to boot a computer. The widespread usage of the Internet and the death of the floppy has made other means of virus transmission more effective.

Page 19: Computer viruses

Eng. Ali F. Al Sarraf E-Mail: [email protected] 19

Types Of Viruses

2. Browser Hijacker

This type of virus, which can spread itself in numerous ways including voluntary download, effectively hijacks certain browser functions, usually in the form of re-directing the user automatically to particular sites. It’s usually assumed that this tactic is designed to increase revenue from web advertisements.

There are a lot of such viruses, and they usually have “search” included somewhere in their description. Cool Web Search may be the most well known example, but others are nearly as common.

Page 20: Computer viruses

Eng. Ali F. Al Sarraf E-Mail: [email protected] 20

This type of virus, unlike most, only comes into action when the file containing the virus is executed. The payload is delivered and then the virus essentially becomes dormant – it takes no other action unless an infected file is executed again.

Most viruses do not use the direct action method of reproduction simply because it is not prolific, but viruses of this type have done damage in the past. The Vienna virus, which briefly threatened computers in 1988, is one such example of a direct action virus.

Types Of Viruses

3. Direct Action Virus

Page 21: Computer viruses

Eng. Ali F. Al Sarraf E-Mail: [email protected] 21

Perhaps the most common type of virus, the file infector takes root in a host file and then begins its operation when the file is executed. The virus may completely overwrite the file that it infects, or may only replace parts of the file, or may not replace anything but instead re-write the file so that the virus is executed rather than the program the user intended.

Although called a “file virus” the definition doesn’t apply to all viruses in all files generally – for example, the macro virus below is not referred to by the file virus. Instead, the definition is usually meant to refer only to viruses which use an executable file format, such as .exe, as their host.

Types Of Viruses

4. File Infector Virus

Page 22: Computer viruses

Eng. Ali F. Al Sarraf E-Mail: [email protected] 22

A wide variety of programs, including productivity applications like Microsoft Excel, provide support for Macros – special actions programmed into the document using a specific macro programming language. Unfortunately, this makes it possible for a virus to be hidden inside a seemingly benign document.

Macro viruses very widely in terms of payload. The most well known macro virus is probably Melissa, a Word document supposedly containing the passwords to pornographic websites. The virus also exploited Word’s link to Microsoft Outlook in order to automatically email copies of itself.

Types Of Viruses

5. Macro Virus

Page 23: Computer viruses

Eng. Ali F. Al Sarraf E-Mail: [email protected] 23

While some viruses are happy to spread via one method or deliver a single payload, Multipartite viruses want it all. A virus of this type may spread in multiple ways, and it may take different actions on an infected computer depending on variables, such as the operating system installed or the existence of certain files.

Types Of Viruses

6. Multipartite Virus

Page 24: Computer viruses

Eng. Ali F. Al Sarraf E-Mail: [email protected] 24

Another jack-of-all-trades, the Polymorphic virus actually mutates over time or after every execution, changing the code used to deliver its payload. Alternatively, or in addition, a Polymorphic virus may guard itself with an encryption algorithm that automatically alters itself when certain conditions are met.

The goal of this trickery is evasion. Antivirus programs often find viruses by the specific code used. Obscuring or changing the code of a virus can help it avoid detection.

Types Of Viruses

7. Polymorphic Virus

Page 25: Computer viruses

Eng. Ali F. Al Sarraf E-Mail: [email protected] 25

This broad virus definition applies to any virus that inserts itself into a system’s memory. It then may take any number of actions and run independently of the file that was originally infected.

A resident virus can be compared to a direct payload virus, which does not insert itself into the system’s memory and therefore only takes action when an infected file is executed.

Types Of Viruses

8. Resident Virus

Page 26: Computer viruses

Eng. Ali F. Al Sarraf E-Mail: [email protected] 26

Many websites execute complex code in order to provide interesting content. Displaying online video in your browser, for example, requires the execution of a specific code language that provides both the video itself and the player interface.

Of course, this code can sometimes be exploited, making it possible for a virus to infect a computer or take actions on a computer through a website. Although malicious sites are sometimes created with purposely infected code, many such cases of virus exist because of code inserted into a site without the webmaster’s knowledge.

Types Of Viruses

9. Web Scripting Virus

Page 27: Computer viruses

Eng. Ali F. Al Sarraf E-Mail: [email protected] 27

10 Simple Tips to Protect PC from Viruses

Page 28: Computer viruses

Eng. Ali F. Al Sarraf E-Mail: [email protected] 28

10 Simple Tips to Protect PC from Viruses

1. The first thing I would recommend – is to read about current viruses. It is difficult to protect your computer from viruses if you do not even know what they are. You can get it from here: http://www.securelist.com/en/

2. If you really care about the security of your computer, arm it with the best anti-virus software. If you do not have antivirus software on your computer, then you probably get some virus in the first hour of work on the Internet. It’s easy! In addition to paying Kaspersky, Norton and free Avast, Microsoft Security Essentials is Best and Free.

3. Also update your antivirus software as often as possible. Typically, antivirus software is updated every day. Do not forget to do it manually, if not configured to automatically update.

Page 29: Computer viruses

Eng. Ali F. Al Sarraf E-Mail: [email protected] 29

4. Be sensible: do not visit untrusted websites containing illegal software, links, etc.

5. Update need not only anti-virus, but the whole system too Windows update. These updates include improved security systems that will help in the fight against viruses and other problems. Remember: If you do not perform regular updates to Windows, you leave your computer in a vulnerable state.

6. The main channel of the spread of viruses is e-mail. Be careful with e-mails, when you have something to bother them, it is better not to open. These days a lot of mails are phishing mails that redirects you to fake webpages. So, avoid opening such mails.

10 Simple Tips to Protect PC from Viruses

Page 30: Computer viruses

Eng. Ali F. Al Sarraf E-Mail: [email protected] 30

7. If you are serious about protecting your computer, you can change your e-mail and receive only text messages. You can also disable the ability to open email attachments. This is what Hotmail, Gmail and Yahoo mails are doing by default.

8. Do not use peer (p2p) network. Such programs include for example, Torrents. These programs allow you to download files from other users. You have no way of knowing that you’re actually downloading, until the file is completely downloaded to your computer.

9. Download files only from reliable web sites and sources. Of course, it is impossible do not download anything, but you must remember that the file that you download may not match the name and content.

10. Make sure that your computer has a firewall. Windows comes with built-in firewall, but you can use any other (eg, Zone Alarm). If you don’t have other firewall, then enable default Windows Firewall

10 Simple Tips to Protect PC from Viruses

Page 31: Computer viruses

Eng. Ali F. Al Sarraf E-Mail: [email protected] 31

The End