2 Objectives To discuss the history of computer virus outbreaks. To examine the difference between computer worms and viruses.To discover the various types of computer worms and viruses and how to protect a computer.To assess the consequences associated with computer worms and viruses.
3 Main Menu Introduction to Computer Worms & Viruses History of Computer Worms & VirusesProtecting Against Computer Worms & Viruses
5 A Computer VirusIs a malicious computer program created by a user with objectives to harm or steal another’s propertyIs also referred to as MalwareIs important for users to be aware ofComputer Virus: a malicious computer program created by a user with objectives to harm or steal another’s property
6 A Computer VirusIs a piece of code attaching itself to a larger, more frequently used programit then modifies the programthis is referred to as “piggybacking”Is active and running only when the host program is activeIs designed to multiply and infect other programs the computer runsProtect themselves by hiding in a host programHost Program: a large, frequently run program attached to the virusPiggybacking: the act of a computer virus attaching itself to another computer program
7 A Computer VirusBegins to carry out whatever malicious activity it is supposed to, once it has multiplied and infected other programsthe malicious activity is known as the payloadCan spread fast, slow or not spread at allif the virus programmer made an error in designing the virus then it will not spread at allCan remain dormant in a computer until a specified timeCan delete all data and files on a computerPayload: the malicious activity a computer virus or worm is designed to do
8 A Computer Virus Can affect different parts of the computer such as:the hard drivea CD/DVD driveany type of storage deviceCan spread through virtually any computer to server or computer to computer contactExamples of spreading medians: Internetdownloading attachments or musicCD or thumb drive
9 A Computer Worm Is an independent program Is classified by two types: it does not attach itself to files or programsIs classified by two types:a network worma host wormComputer Worm: an independent program which multiplies itself by copying a segment of itself onto another computer
10 A Computer WormCan contain malicious instructions to hinder a computer’s performanceUses flaws or holes in the network to gain access to individual computersthis gives worms the ability to move extremely fast through a network infecting computersit could possibly infect an entire network of computers within seconds
11 A Network WormMultiplies by copying a segment of itself onto another computer over a networkthe segments of the worm, on various computers in a network, remain in contact with each otherif one segment of the worm fails or is removed, then the other remaining segments must find another computer, prepare it for the worm and then add the segment to the rest of the wormthis is how the worm moves through a networkNetwork Worm: a computer worm which copies different segments of itself to computers linked together in a network
12 A Host Worm Is completely contained on one running computer Copies itself to another computer through a networkDeletes itself from the original computer, once it has moved to another computerDoes not fragment or segment itselfa network worm does run different segments of itself on different computersHost Worm: a computer worm which copies itself to another computer in a network and then deletes itself completely from the previous computer in which it was contained
13 Similarities of a Worm & Virus Include:they both usually contain malicious instructionsdesigned to harm a computer and annoy a userthey cause an increasing amount of damagethe more computers the worms or viruses infect the more computers they have access to infect by networking
14 Similarities of a Worm & Virus Include:protecting themselves by hiding in host programs or changing their appearance to evade detectiondestroying evidence of their presence and wrongdoingsspreading through a network, the Internet, software, s or memory devices (such as a rewritable CD)causing system or network slowdowns
15 Differences Between a Worm & Virus Include:a virus requires a host programa worm is an independent programa virus modifies other programsa worm usually does nota virus only executes when the host program is runninga worm is always active
16 Differences Between a Worm & Virus Include:a virus uses host programs to replicatea worm replicates itself over a networka virus needs to be activated or downloaded (such as a virus sent through , it must be double-clicked in order for it to be able to run)a worm does not need to be activatedit will move or copy itself to a computer without the user’s knowledge
17 A Summary of Differences Virusrequires host programmodifies other programsonly active when host is activeuses host to replicaterequires user involvement to be activated or downloadedWormindependent programdoes not modify other programsalways active and running on the computerself replicating over a networkcopies itself to a computer without the users permission or knowledge
18 A Trojan HorseIs a malicious program disguised in a seemingly innocent programIs an analogy referencing the “Trojan Horse” used by the Greeks to obtain access to the city of TroyThe Greeks were losing in the battle to overtake the city of Troy, so their leader, Odysseus, built a seemingly innocent giant wooden horse with a hollow belly, large enough for soldiers to hide in. He offered it to the Trojans as a sign of peace. The Trojans accepted the gift and celebrated their victory. Then at night while they were sleeping, the Greeks snuck out of the horse, which they were hiding in, and took the city of Troy.Trojan Horse: a malicious program disguised inside of another program seemingly beneficial or harmless
19 A Trojan HorseWill generally gain access to administrative areas on a computeronce it has gained access to these areas, it will create a back doorthis gives the creator of the Trojan horse unauthorized access to the user’s computer and the information it containsWill sometimes monitor keystrokes and browsing activitythis information is sent to companies sending the user content and information they did not requestCan be discreetmeaning they do not leave any trace of their presence
20 Introduction to Computer Worms & Viruses AssessmentIntroduction to Computer Worms & Viruses
21 Assessment Which of the following is also referred to as malware? PayloadNetwork wormComputer virusPiggybackingWhich of the following is a computer worm which copies different segments of itself to computers linked together in a network?Host worm
22 Assessment3. Which of the following is NOT a similarity between a worm and virus?They both cause system or network slowdowns.The both hide in host programs or change their appearance to evade detection.They both use host programs to replicate.They both can spread through the Internet.4. Which of the following is true about a worm?It requires a host program.It moves or copies itself to a computer without the user’s knowledge.It only executes when the host program is running.It modifies other programs.
23 Assessment5. Which of the following is the act of a computer virus attaching itself to another computer program?Host wormPiggybackingNetwork wormComputer virus
25 The History of the Computer Virus Began in 1949 when John Von Neumann wrote a paper called “Theory and Organization of Complicated Automata”this paper assumed a computer program could self-replicatethis theory was later called “Core Wars”
26 The History of the Computer Virus Became a reality in 1982 when the first virus called the “Elk Cloner” was created by Rich SkrentaThe virus created by Skrenta was created as a prank on his friends. He modified floppy disks containing games or software which were swapped within his group of friends. Instead of running the software or game the disk displayed taunting messages.
27 The “Elk Cloner” VirusWas created as what is now known as a boot sector virusa copy of the virus is downloaded off of a disk when the computer is booted upthen when someone else inserts a disk into the computer, the virus is downloaded to the new diskBegan as an innocent prankhowever this prank opened the door for numerous, harmful viruses to be created
28 The History of the Computer Virus Progressed in the 80s and 90s, when hackers developed new ways to steal information and inhibit regular computer useTook significant strides with the following viruses:“The Brain” in 1986 created in Pakistan by brothers Basit Amjad and Farooq Alvithis was a boot sector virus and technically the first stealth virus, which means if anyone attempted to view the infected sector, the virus would replace it with the clean, original version of the sector
29 The History of the Computer Virus Stealth Virus: a virus in which if anyone attempts to view an infected sector, the virus will replace it with the clean, original version of the sectorBoot Sector Virus: a virus which copies itself onto a computer off of a disk when the computer is booted up; then when someone else inserts a disk into the computer, the virus is downloaded to the new disk
30 The History of the Computer Virus Has been developed by hackers experimenting with other ideas of viruses and then building on themWas greatly effected by the “Vienna Virus”this virus was picked apart by Ralph Burgerhe then wrote a book called Computer Viruses: A High Tech Disease
31 Burger’s Book Explained the process of creating a virus Was widely publicizedMade computer viruses popular, and hackers began widely creating and distributing viruses
32 The History of Computer Worms Begins with the idea of computer virusesMade its first significant stride around 1980 when researchers at Xerox Palo Alto Research center developed the first worm for experimental researchthis worm was developed to handle mail, administer diagnostics and execute other functionswas created without malicious intentions
33 The Morris Worm Was created by Robert Morris in 1988 Was the first worm to be distributed over a network without other users being aware of its presenceWas designed for experimental purposesWas released onto a network to remain present without negatively affecting the network
34 The Morris Worm Began clogging the network by multiple versions of the worm being run on the same machine at oncethis slowed the system by using all of its processing power, and inhibited new users from accessing the networkRobert Morris went on trial and was convicted and received a fine, probation and community serviceAffected approximately 6,000 servers and caused between $10 million to $100 million dollars worth of damage
35 Significant Viruses and Worms in History: A Timeline 1949 – John Von Neumann wrote a paper theorizing a self-replicating computer program1980 – Researchers at Xerox Palo Alto Research developed the first experimental worm1982 – First virus, “Elk Cloner”, was created by Rich Skrenta1986 – “The Brain” was created by brothers Basit and Amjad and Farooq Alvi1988 – “The Vienna Virus” was picked apart by Ralph Burger who then wrote a book explaining how to create a virus1988 – “Morris Worm” was the first worm was released damaging computers
36 Significant Viruses and Worms in History: A Timeline 1993 – The “SatanBug” was created devastating many computersthe FBI investigated and discovered the creator was a child 1996 – The “Concept Virus” was released and devastated the computer worldfirst virus widely affecting Word® documents1999 – The “Melissa Worm” was releasedthis macro devastated many commercial organizations because of their high usage of Word® and Excel®2001 – “Code Red” worm was discoveredprovided control of the Web server to anyone who knew the security had been compromised
37 History of Computer Worms & Viruses AssessmentHistory of Computer Worms & Viruses
38 Assessment1. In which year was the first virus, “Elk Cloner”, created?1949197619801982In which year did researchers at Xerox Palo Alto Research developed the first experimental worm?
39 Assessment3. Which of the following types of viruses copies itself onto a computer or a disk when the computer is booted up?Internet virusStealth virusBoot sector virusBoot system virus4. Who wrote the book “Computer Virus: A High Tech Disease” which explains how to create a virus?John Von NeumannRalph BurgerRich SkrentaBasit Amjad
40 Assessment5. Which of the following is the first worm to be distributed over a network without other users being aware of its presence?SatanbugMorris wormMelissa wormCode red
42 Computer Virus & Worm Laws Are at both the state and federal levelmeaning a hacker can be prosecuted at the state level if the virus did not leave the state or at the federal level if it crossed state boundariesif it is prosecuted at the federal level the U.S. Secret Service will generally investigateAre usually considered a felonyCan be found onthis is for individual state legislation
43 Computer Virus & Worm Laws at the Federal Level Began in 1986 with the Computer Fraud and Abuse Actthis lays out the prosecution for using the computer for fraudthe punishment varies depending on:the amount of damage caused by the wormif the amount of damage caused was intentionalthis would be difficult to find evidenceif the worm or virus was created for commercial advantage or personal financial gainthe punishment for such a crime is imprisonment for up to 20 years and/or a finethe fine is decided by a judge
44 The Computer Fraud & Abuse Act Was amended in 1994 and 1996it was amended because of:innovative worms and virusesclarification issuesthe fines and punishments remained the same
45 Clarification IssuesArose from distinguishing whether something was a worm, virus or Trojan horsethe legislation was amended so all of the above would fall under the following statement"transmission of a program, information, code, or command" that "cause[s] damage to a computer, computer system, network, information, data or program." 18 U.S.C. Sec. 1030(a)(5)(A).
46 Protecting a ComputerAgainst computer worms and viruses comes from anti-virus software and good judgment from the computer useruse good judgment when opening suspicious s or downloading attachmentsif it really does not look important, then do not open itviruses in s can find a user’s list then send itself in an attachment to all of the contacts on the list
47 Protecting a ComputerMay be completed by scanning all disks and files used on another computer before opening filesthis is an easy feature contained in anti-virus softwareRequires users to scan attachments and downloads from the Internet by an anti-virus software before opening them
48 Protecting a ComputerCalls for users in a computer lab to clean up or “reboot” a computer before usingthis can be done with a simple action called Disk Cleanupit can be found by going to Start>All Programs>Accessories>System Tools> Disk Cleanupthis removes all potentially harmful temporary Internet filesalso be sure to log out when using a public computer
49 Protecting a ComputerRequires users to back up all important information periodicallyin case a virus or worm does destroy all files contained on a computerInvolves users to advise caution when accepting copied softwaresometimes software will be considered public domain, where the manufacturer will give it to users at little or no costbe sure the copied software is from a trusted source
50 Anti-Virus SoftwareIs the most common form of computer protection against viruses and wormsWas first introduced in 1990Needs to be high-qualitythere is free anti-virus software on the Internet which will not protect a user’s computer as well as a program paid forNeeds to updated regularlymost software will update itself regularly when connected to the Internet, be sure to install all updates possible
51 Anti-Virus Software Recommended for Windows® includes: McAfee VirusScan®Norton AntiVirus®Recommended for Mac® includes:McAfee Virex®Intego VirusBarrier®
52 Protecting Against Computer Worms & Viruses AssessmentProtecting Against Computer Worms & Viruses
53 Assessment1. Which of the following is NOT an action of protecting a computer from viruses? A. Rebooting the computer before using B. Leaving the computer log in when using a public computer C. Scanning downloads before opening them D. Advising caution when accepting copies software 2. According to the Computer Fraud and Abuse Act, what is the punishment for creating a worm or virus for fraud? A. Imprisonment for up to five years and/or a fine B. Imprisonment for up to 10 years and/or a fine C. Imprisonment for up to 15 years and/or a fine D. Imprisonment for up to 20 years and/or a fine
54 Assessment3. In which year was the first anti-virus software introduced? A B C D Which of the following is an anti-virus software recommended only for the Windows® system? A. McAfee VirusScan® B. McAfee Virex® C. Intego VirusBarrier® D. Norton AntiVirus®
55 Assessment5. Which of the following is an anti-virus software recommended for both the Windows® and Mac® system? A. Norton AntiVirus® B. McAfee VirusScan® C. Intego VirusBarrier® D. McAfee Virex®
57 AssessmentA computer __________ is a malicious, self-replicating independent program but a computer __________ is a malicious program requiring a host program to replicate.Bug; DisorderDisorder; BugVirus; WormWorm; Virus2. There are two types of computer worms: a network worm and a __________.Server wormHost wormTrojan horseMorris worm
58 Assessment3. A Trojan horse will generally attempt to gain access to which type of area on a computer?AdministrativeMemory or storageNetwork linksHard drive4. Imprisonment time for a computer virus can range from 0 to __________.10 years15 years20 years25 years
59 Assessment5. The first virus created in 1982 was the ______________ virus.Trojan horseMorrisBurgerElk Cloner6. A virus which, if anyone attempted to view an infected sector, would replace it with the clean, original version of the sector is known as a(n) __________.Boot sector virusStealth virusElk Cloner virusMorris virus
60 Assessment 7. A Trojan horse will possibly ___________. Monitor keystrokesMonitor browsing activityClog a networkBoth A and B8. Computer files generally back themselves up automatically, so there is no need to frequently back up important files.TrueFalse
61 AssessmentViruses in s can find a user’s list then send itself in an attachment to all of the contacts on the list.TrueFalseFree anti-virus software on the Internet will protect a user’s computer as well as a paid program.
62 ResourcesComputer Fraud and Abuse Act. (2003, January). Retrieved October 9, 2008, from Laws and Texas Tech University System Policies Affecting Computer Use:Economics. (2008). Retrieved October 9, 2008, from About.Com:Hacker Marks 25th Anniversary of First Computer Virus. (2007, September 6). Retrieved October 9, 2008, from FOXNews.Com:Kutner, T. (2007). Tips from Tonna for your PC. Retrieved October 9, 2008, from Computer Lynx:Lehtinen, Rick, and G. T. Gangemi. Computer Security Basics, 2nd Edition. O'Reilly, 2006.
63 ResourcesComputer Viruses: Making the Time Fit the Crime. (1997). Retrieved October 9, 2008, from Ford Marrin Esposito Witmeyer & Gleser, L.L.P:Fosnock, C. (2005). Computer Worms: Past, Present, and Future. Retrieved October 9, 2008, from East Carolina University:Protecting your computer from viruses. (2007). Retrieved October 9, 2008, from University of Washington:The History of Computer Viruses. (2008). Retrieved October 9, 2008, from Virus Scan Software:Worms. (2007). Retrieved October 9, 2008, from Cybercrime: