Computer Viruses Author: Alyse Allen
Computer Virus Very common Millions of different ones exist A computer program that can replicate itself and spread from one computer to another causing harm
Three Different Types Macro Viruses Stealth Viruses Polymorphic Viruses
Macro Viruses
Macro Symbol, name, key, etc. that represents a list of commands, actions, or keystrokes Can be very useful
Example If you type a lot of letters Set up a macro that defines all the keystrokes necessary to begin your letter Name, address, etc. Press the assigned key/keys and your letterhead appears Like batch files
Macro Virus Computer virus Usually infects a Microsoft Word document or spreadsheet Causes a sequence of actions to be performed automatically when the application is started or something else triggers it. Most of the time it is relatively harmless
Macro Virus Written in a language that is built into the software application Replaces normal macro commands with the virus
How? Virus replaces the regular commands with the same name and runs when the command is selected. If the infected macro is auto-executable, the macro is opened and the virus executed without the user’s knowledge
How is Macro Viruses spread? Often through emails Discs Networks Modems Internet **HARD TO DETECT**
Macro Virus More easily spread Depends on the application, not the operating system Can infect computers running all different operating systems Some of these viruses can be detected through antivirus software but not all.
Melissa Virus Found March 26, 1999 Not originally designed for harm Overloaded servers and mail systems were shut down Written by David L. Smith He named the virus after a stripper he met Virus was embedded into a word document entitled list.doc Sent out as an email
What did Melissa do? Once opened, the macro virus would run and attempt to mass mail itself Collected the first 50 address book entries and forwarded the email to them with the list.doc attached Subject line of the email read: “Important message from [name]” Body read: “Here is that document you asked for…don’t show anyone else ;-)”
Stealth Viruses
Stealth Virus Virus that hides from antivirus software by: a. masking the size of the file that it hides in b. temporarily removing itself from the infected file and placing a copy of itself in another location on the drive, and replacing the infected file with an uninfected one that it has stored on the hard drive.
How a stealth virus works Fools the antivirus software by catching its requests to the operating system to open a file. The virus can then provide (open) a clean version of the file to the antivirus software The antivirus software is tricked and the virus won!
Frodo Virus Infected file is executed Virus becomes a memory resident Infects any file accessed by the user with the .com or .exe extension On Sept. 22, it attempts to place a Trojan on boot sectors Trojan displays the message “FRODO LIVES” Frodo is a Lord of the Rings character whose birthday is September 22nd.
Polymorphic Viruses
Polymorphic Virus One of the more complex computer viruses Virus that changes its virus signature (binary pattern) every time it replicates and infects a new file in order to keep from being detected by an antivirus software
Effective Polymorphic Virus A coder chooses from a number of different encryption schemes that require different methods of decryption Only one scheme will remain visible in all instances of the infection. If virus scanner is based on string-driven detection, many different strings would have to be detected (one for each probable decryption scheme).
Most complex form AKA: Big Brother of all polymorphic viruses Relies on its Mutation Engine – type of object module Mutation Engine allows ANY virus to reach a polymorphic state by implementing specific codes to the program source code and linking modules able to generate random numbers
Polymorphic Viruses Very harmful Can completely corrupt your system Can go undetected for months
Tequila 1991 First widespread polymorphic virus found Polluted local executable files When users ran infected program(s): a. appended itself to the hard disk’s file storage area b. altered Partition data c. modified the Master Boot Record to “point” to itself
How the infected computers suffered Had File Allocation Table errors Terminal data loss
How do you protect your PC from viruses?
The answer is VERY simple…
Convert to a MAC
Take precautions to secure it Make sure your operating system is up-to-date by: a. installing the latest patches and b. service updates Use antivirus protection Use a firewall Lock down your wireless internet
References http://en.wikipedia.org/wiki/Computer_virus http://searchsecurity.techtarget.com/definiti on/macro-virus http://www.webopedia.com/TERM/M/macro_ virus.html http://www.cert.org/advisories/CA-1999- 04.html http://searchsecurity.techtarget.com/definiti on/Melissa-virus
References http://www.essortment.com/computer-tips- 5-common-types-virus-28878.html http://virus.wikia.com/wiki/Frodo http://www.spamlaws.com/polymorphic- virus.html http://vx.netlux.org/lib/static/vdat/polyevol. htm http://www.infoplease.com/ipa/A0872842.ht ml