Viruses, Hacking, and AntiVirus

What is a Virus?

• A type of Malware

– Malware is short for malicious software

• A virus – a computer program

– Can replicate itself

– Spread from one computer to another

First Viruses

• Creeper Virus detected on ARPANET

• Would display “I'm the creeper, catch me if you can!“

• “Elk Cloner” – attach to Apple DOS 3.3 OS and spread via floppy disk

Types of Viruses

• Viruses that infects popularly traded software

• Macro Viruses: written in scripting languages for Microsoft programs such as Word and Excel

• Viruses in Executables

How Your Computer Gets Infected

• Binary Executable files (DLL’s, EXE’s)

• An external, physical device

• General Purpose Script files

• System Specific Autorun Script files

• Documents that contain Macros

• Exploitable bugs in a program

• Links to malicious code in PDFs, HTML, other documents

An Example

• A file could be named “picture.png.exe”

• When opened, the program runs and infects computer

• Spoofing an email address to make it sound legitimate so you’ll download and open an attachment

Malware

• Includes viruses, worms, Trojan horses, spyware, adware

Purpose of Malware

• Used to steal personal, financial, or business information

• Destroy data

• Hijacking computers for various purposes

Cookies

• Cookies are small files deposited on a system during a web site visit

• Can be useful: – Allows web servers to maintain state (position and

information) of a session with a user – Can keep track of your login information, shopping

cart, etc.

• May be harmful – Allows web sites to track information unbeknownst to

user – Source of data for Pop-ups

Worms

• Worms are similar to viruses in the way they are spread

• Doesn’t need user action to spread

• Actively transmits itself over networks to infect other computers

Trojan Horses

• A program that looks like a harmless program but contains malicious code

• Used to install other malware such as backdoors or spyware

Rootkits

• Rootkits: modify OS so malware is hidden

• “Each ghost-job would detect the fact that the other had been killed, and would start a new copy of the recently stopped program within a few milliseconds. The only way to kill both ghosts was to kill them simultaneously (very difficult) or to deliberately crash the system.”

Backdoors

• A way to bypass normal authentication procedures

• Example: a hard coded user and password that gives access to a system or computer

• Easter Eggs

• Many viruses and worms attempt to create backdoors for more viruses

Spyware

• Software that monitors and gathers information about your system or computing

• Can collect personal information, Internet surfing habits, user logins, bank or credit account information

• Can change computer settings

• Keyloggers – collects information about what you type

• Port Sniffers – intercept and log data sent over a network

Port Scanners and Sniffers

• Port Sniffers – intercept and log data sent over a network

• Port Scanner – software that probes a server or computer network for open ports. Use ports to access network.

Bots and Botting

• Programs that take control of a computers normal operation, or operate in stealth mode on a computer

• Can be used to disrupt normal operations

• Can turn a user’s computer into a source of malware attacks on others (Email Spamming)

Adware

• Advertising-supported software: automatically renders unwanted advertisements

• Object is to generate revenue for its author

Non-Malware, Active Threats

• Phishing – Posing as a trustworthy entity to acquire information

• Fake websites

• Email Spoofing

Non-Malware, Active Threats

• (Distributed) Denial of Service, AKA DDOS attack

• Flooding a web server with spurious traffic generated to overwhelm the server’s capabilities thus denying legitimate users or exposing system flaws

• Related to Botting

Scareware

• Holds your PC hostage

Hacking

USES ALL OF THE ABOVE

Additional Hacking

• Password Cracking

• Software bugs: buffer-overrun, SQL Injections

• http://hackertyper.com/

• http://en.wikipedia.org/wiki/Stuxnet

Protecting Your Computer

Signs Your Computer May Be Hacked

• Your computer is running slow

• Processes you don’t recognize are running

• You are asked for personal information via email, or by phone

• You see data or programs disappear or change

• A Pop-up says your machine is infected and you need to scan it right now – and it is not the security software you installed

Anti-Spyware

• When a large number of pieces of spyware have infected a Windows computer, the only remedy may involve backing up user data, and fully reinstalling the OS.

1. Scans incoming network data for spyware

2. Detects and removes spyware

Firewalls

• Similar to Anti-Spyware but controls all incoming and outgoing traffic and what should and shouldn’t be allowed in and out

Anti-Virus

Pros:

• Prevents, detects and removes malware

Cons:

• False Positives, False Negatives

• Slows down your computer

Be Smart!

• Don’t open emails that you don’t recognize

• Don’t download attachments you don’t recognize

• Don’t run programs or install applications you don’t know or trust

Personal Checklist

Passwords are set, sufficiently complex, and not shared

Legitimate Anti-Malware software running

Home wireless network protected by WPA

Firewall software running

Browser settings appropriate

Sensitive files are protected - password and encrypted

Smartphone protected – locate, lock, wipe

Software is kept up to date

I'm being cautious:

- Which web sites I visit

- When I open emails

- Where I leave my laptop, smartphone, USB drive

- When asked for information via email, internet, phone

- When I use public wireless networks

- When I download applications

Some Anti-Virus Software

• http://anti-virus-software-review.toptenreviews.com/

• http://www.techsupportalert.com/best-free-anti-virus-software.htm

Some Anti-Virus Software

• Avast!: http://www.avast.com/en-us/index

• Avira: http://www.avira.com/en/index

• AVG: http://www.avg.com/us-en/homepage

• Microsoft Security Essentials: http://windows.microsoft.com/en-US/windows/security-essentials-download

• MalwareBytes: http://www.malwarebytes.org/