DOCSLIB.ORG

Computer Parasites & Remedies

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Couputer Parazsife9 ^me(igs gl Catafogue of 'FirstSigfltin s of RseaC &. Omaginoars 'Betins - Corinne Cnutlemn Wagts itusrr4rdyJ3. STbQns VIRUSES tect and "kill" creepers. (The messages began appearing on the Viruses, in their simplest form, Cincinnati Post, Feb. 1, 1988) ARPAnet. Status messages are nor- just replicate themselves. A slight- Rabbit - One of the first known mally broadcast from each node ly more advanced virus not only viruses, first sighted in 1974 by of the network to relay their read- duplicates a program but renames Bill Kennedy. When Rabbit was iness to handle new data. Each each one slightly differently. More introduced into a system, it copied node then propagates copies of sophisticated viruses erase files, itself and continued to toss the incoming status messages to other scramble memory, turn off the copies back into the input job- nodes in an ongoing determina- power, or do any/all of these things stream (the place where programs tion of the optimal path for the with a time delay, called a time start). This slowed the communi- electronic traffic. Status messages bomb. Some viruses "burn a hole" cation between the input job- are supposed to be trashed im- somewhere so that a certain com- stream and its console (teletype mediately afterward, but in this mand will do something else, i.e., where system operator sees what's case the message from a parti- given an addition command the going on), which made Rabbit cular node somewhere near Los program subtracts instead. harder to kill the longer it ran. Angeles became mutated. Its con- (comp.risks [an electronic journal taminated form caused a "garbage Creeper - Possibly the first collector" malfunction in the re- known virus, first sighted in 1970. on the Usenet network], Mar. 29, 1988). ceiving nodes. No messages could Built by Bob Thomas of BBN, it be thrown out, thus saturating the Pervading Animal was a demonstration program that - An early nodes. Yet the nodes continued to proto-virus attached crawled through ARPAnet, a na- to a Univac propagate waves of this debilitating 1108 game program tionwide Pentagon-funded net- called Animal. message, infecting others which While the user was playing work linking university, military the couldn't dump the infected mes- and corporate computers, spring- game, Pervading Animal copied sage, until it spread throughout ing up on computer terminals itself into every write-enabled the whole network like cancer program with the message, "I'm the file available. (Mike Van and ground it to a halt. It was 72 Pelt, comp.risks creeper, catch me if you can!" Mar. 29, 1988.) hours before technicians could A version of Creeper done by Ray Smart Virus - In the book The revive it. (Software Engineering Tomlinson not only Inoved through Adolescence of P-1 (Thomas J. Notes, Jan. 1981.) the net, but also replicated itself Ryan, Collier Books, 1977), there 2600 VAX Virus - This one at times. is an example of an intelligent, replicates itself, sends jobs con- Reaper - In response to Creeper, information-hunting virus. tinuously to the batch queue this virus also jumped through the ARPAnet Data Virus - On Oc- (where programs line up, waiting network, but it proceeded to de- tober 27, 1980, multiple "status" to be run). All that happens is the 27 GATEFIVE ROAD SAUSAUTO CA 9496S I 07 71(3 Queue might overflow. (2600, come to the dungeon ... Beware response on the 13th of any month, Aug. 1986, vol. 3, no. 8.) of this VIRUS. Contact us for vac- it would also put garbage on the Elk Cloner Virus - First sighted cination." The message includes screen from time to time. What in 1981 or. 1982, this one runs on the address and phone number of called attention to the virus was the Apple II family. It inserts itself Brain Computer Services, a com- an error in the virus code itself, into the DOS operating system. puter company in Lahore, Pakistan, which caused it to mistake pre- Elk Cloner hooks into the RUN, and the names of two brothers, viously infected programs as un- LOAD, BLOAD, and CATALOG Basit and Amjad. infected. In error, it would add commands to make them check The virus markssome disk sectors another copy of itself to the pro- the accessed program disk and as bad.'It modifies several com- gram. Some programs were in- infect it. It prints a poem: mand files, maybe all of them fected as many as 400 times and the growth in The)Program with a personality eventually, without changing file size of the program was noticeable. This It will get on all your disks sizes or dates. Even if the boot one was dis- covered before It will infiltrate your chips sector is rewritten, the virus re- D-day, but it had infected home, university, Yes, it's cloned mains active through the command and military computers before It will stick to you files it modified. No known cure. it like glue was detected. It will modify Ram too (comp.risks, Apr. 5, 1988.) MaclnVirus - First known en- Send in the cloned This is the first virus to infect an counter by David Spector. This (comp.risks, Apr. 26, 1988 by American newspaper's computer virus was written by a West Ger- Phil Goetz) system (The Providence Journal- man and posted to CompuServe Finger Virus - A speculative Bulletin). When the phone number in a HyperCard stack. The virus virus that would go out replicating in Pakistan, was called, the person is disguised as a resource that until it found a specific person. who answered expressed surprise inserts itself in a system trap Then it would send that person's that the virus had travelled so far handler (the place where the e-mail address back to its creator. - and refused to give his last computer catches errors so they (Fred Hapgood, First Artificial name. (New York Times, May Life won't cause system crashes). The Conference, Sept. 1987). 25, 1988.) virus destroys hard disks and the Lehigh Virus - First sighted Nov. Amiga Virus - This one is a applications that run on them. 25, 1987 by Jeffrey Carpenter, simple modification of the Amiga (comp.risks, Jan. 10, 1988.) boot block. On an Amiga floppy posted on Usenet. It attached it- "Good" Virus - Written the boot block consists of the first by a self to a few lines of the operating West German programmer, two sectors on the disk. Normally this system used on the IBM PCs that virus won't let it contains a small bit of code "unknown" pro- Lehigh University provides for stu- grams run on one's that loads and initializes the DOS machine. If dent use. It is a corruption of a le- the programs when it is "booted" or turned to be run aren't gitimate program, Command.Com, already infected on. Some commercial software with THIS virus, the basic boot-up file of MS-DOS they won't be packages and games store special allowed to run at and PC-DOS. The virus destroys all. (comp.risks, Jan. 10, 1988.) data on floppies and hard disks by information in the boot block. writing zeros to the first thirty-two Since the virus overwrites this, the sectors of a disk (which erases the information is lost forever. After directory kept in the first couple a certain number of disks have been of tracks), making the data un- infected the virus will recoverable. print a message: , It spreads when a clean PC is "Something wonderful booted from an infected disk and has happened. the user accesses a second, un- Your Amiga is alivell infected program disk with the and even better ' resident commands: TYPE, COPY, Some of your disks are infecte DIR, CHDIR, ERASE, MKDIR, by a VIRUS RMDIR, VERIFY. The virus waits Another masterpiece of the until it has been copied four times Mega-Mighty SCA" before it wipes out the data on (comp.risks, Dec. 7, 1987.) the disk on which it resides. Israeli Virus-- First sighted by © Brain Virus - First sighted Yuval Rakavy, a student at Hebn Fall, 1987 at the University of Del- University; first mentioned pub- aware. It changes the volume label lically in Maariv, one of Israel's (the given name) of a floppy or daily newspapers, Jan. 8, 1988. hard disk to © Brain. The boot Designed to begin destroying fil record contains a message: "Wel- on May 13, and to slow comput 1 08 WHOLE EARTH REVIEW FALL 1988 2-4141 this virus is to print all your files the virus resources have been onto paper, erase all the disks on deleted, but they have been re- your system, buy fresh software named and will return when the disks from the manufacturer, and Mac is restarted. type in all your data again. But Apparently, the virus doesn't FIRSTI send this message to every- attempt to spread itself over one you know, so that they will networks. also protect themselves. The Scores virus causes printing This virus took Jeff Mogul tvo problems, system crashes, appli- minutes to produce and he didn't cation crashes on launch, and even have to write any code. damaged Excel files. Scores Virus - First sighting MacMag Virus - First sighted mentioned in MacWeek, Apr. 12, by Chris Borton Mar. 8, 1988 and 1988. In existence since at least posted to comp.risks on Usenet. February, and possibly since as First mentioned in print in the early as September 1987. It in- Toronto Star March 16, 1988. The filtrated several government agen- virus was launched in December cies, Apple sales offices, and the 1987 by Richard Brandow, pub- Mac of an unidentified senator, lisher of MacMag magazine in as well as MacWorld and Mac- Montreal, Canada.
Recommended publications
  • Reversing Malware [Based on Material from the Textbook]

    Reversing Malware [Based on Material from the Textbook]

    SoftWindows 11/23/05 Reversing Malware [based on material from the textbook] Reverse Engineering (Reversing Malware) © SERG What is Malware? • Malware (malicious software) is any program that works against the interest of the system’s user or owner. • Question: Is a program that spies on the web browsing habits of the employees of a company considered malware? • What if the CEO authorized the installation of the spying program? Reverse Engineering (Reversing Malware) © SERG Reversing Malware • Revering is the strongest weapon we have against the creators of malware. • Antivirus researchers engage in reversing in order to: – analyze the latest malware, – determine how dangerous the malware is, – learn the weaknesses of malware so that effective antivirus programs can be developed. Reverse Engineering (Reversing Malware) © SERG Distributed Objects 1 SoftWindows 11/23/05 Uses of Malware • Why do people develop and deploy malware? – Financial gain – Psychological urges and childish desires to “beat the system”. – Access private data – … Reverse Engineering (Reversing Malware) © SERG Typical Purposes of Malware • Backdoor access: – Attacker gains unlimited access to the machine. • Denial-of-service (DoS) attacks: – Infect a huge number of machines to try simultaneously to connect to a target server in hope of overwhelming it and making it crash. • Vandalism: – E.g., defacing a web site. • Resource Theft: – E.g., stealing other user’s computing and network resources, such as using your neighbors’ Wireless Network. • Information Theft: – E.g., stealing other user’s credit card numbers. Reverse Engineering (Reversing Malware) © SERG Types of Malware • Viruses • Worms • Trojan Horses • Backdoors • Mobile code • Adware • Sticky software Reverse Engineering (Reversing Malware) © SERG Distributed Objects 2 SoftWindows 11/23/05 Viruses • Viruses are self-replicating programs that usually have a malicious intent.
  • Malware Primer Malware Primer

    Malware Primer Malware Primer

    Malware Primer Malware Primer Table of Contents Introduction Introduction ...........................................................................................................................................................................2 In The Art of War, Sun Tzu wrote, “If you know the enemy and know yourself, you need not fear the result of a hundred battles.” This certainly applies Chapter 1: A Brief History of Malware—Its Evolution and Impact ..............................3 to cyberwarfare. This primer will help you get to know cybercriminals by providing you with a solid foundation in one of their principle weapons: Chapter 2: Malware Types and Classifications ....................................................................................8 malware. Chapter 3: How Malware Works—Malicious Strategies and Tactics ........................11 Our objective here is to provide a baseline of knowledge about the different types of malware, what malware is capable of, and how it’s distributed. Chapter 4: Polymorphic Malware—Real Life Transformers .............................................14 Because effectively protecting your network, users, data, and company from Chapter 5: Keyloggers and Other Password Snatching Malware ...............................16 malware-based attacks requires an understanding of the various ways that the enemy is coming at you. Chapter 6: Account and Identity Theft Malware ...........................................................................19 Keep in mind, however, that we’re only able here
  • Topics in Malware What Is Malware?

    Topics in Malware What Is Malware?

    Topics in Malware What is Malware? • Malware (malicious software) is any program that works against the interest of the system’s user or owner. • Question: Is a program that spies on the web browsing habits of the employees of a company considered malware? • What if the CEO authorized the installation of the spying program? Uses of Malware • Why do people develop and deploy malware? – Financial gain – Psychological urges and childish desires to “beat the system”. – Access private data – … Typical purposes of Malware • Backdoor access: – Attacker gains unlimited access to the machine. • Denial-of-service (DoS) attacks: – Infect a huge number of machines to try simultaneously to connect to a target server in hope of overwhelming it and making it crash. • Vandalism: – E.g., defacing a web site. • Resource Theft: – E.g., stealing other user’s computing and network resources, such as using your neighbors’ Wireless Network. • Information Theft: – E.g., stealing other user’s credit card numbers. Types of Malware • Viruses • Worms • Trojan Horses • Backdoors • Mobile code • Adware • Sticky software Metamorphic viruses • Instead of encrypting the program’s body and making slight alterations in the decryption engine, alter the entire program each time it is replicated. • This makes it extremely difficult for antivirus writers to use signature-matching techniques to identify malware. • Metamorphism requires a powerful code analysis engine that needs to be embedded into the malware. Metamorphic viruses: Operation • Metamorphic engine scans the code and generates a different version of it every time the program is duplicated. • The metamorphic engine performs a wide variety of transformations on the malware and on the engine itself.
  • Virus Bulletin, June 1996

    Virus Bulletin, June 1996

    ISSN 0956-9979 JUNE 1996 THE INTERNATIONAL PUBLICATION ON COMPUTER VIRUS PREVENTION, RECOGNITION AND REMOVAL Editor: Ian Whalley CONTENTS Assistant Editor: Megan Skinner EDITORIAL Technical Editor: Jakub Kaminski A Little Knowledge… 2 Consulting Editors: VIRUS PREVALENCE TABLE 3 Richard Ford, Command Software, USA Edward Wilding, Network Security, UK NEWS 1. Yisrael Radai 3 2. Scary Monsters and Super Creeps? 3 IBM PC VIRUSES (UPDATE) 4 IN THIS ISSUE: INSIGHT • Through the looking-glass. Windows 95 descended on The Road is Long… 6 the world last year with a media outcry reminiscent of a VIRUS ANALYSIS major discovery in the medical field. With it, inevitably, came the threat of viruses, followed by anti-virus soft- CNTV – New Technology 8 ware developed for the system. What is available, and COMPARATIVE REVIEW how good are the products? VB has done an exhaustive When I’m Cleaning Windows 10 series of tests: turn to p.10 for the whole story. CONFERENCE REPORT • On being professional. NetPROT has been reincarnated as F-PROT Professional for NetWare: an evaluation of IVPC 96: Exponentially Yours 25 Command Software’s latest network baby can be found PRODUCT REVIEWS on p.26. 1. F-PROT Professional for NetWare 26 • Yisrael Radai. Just before going to print, VB learned of 2. Vi-Spy 29 the death of Yisrael Radai, internationally recognised END NOTES & NEWS 32 anti-virus researcher. Story on p.3. VIRUS BULLETIN ©1996 Virus Bulletin Ltd, 21 The Quadrant, Abingdon, Oxfordshire, OX14 3YS, England. Tel +44 1235 555139. /96/$0.00+2.50 No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form without the prior written permission of the publishers.
  • Virus Bulletin, July 1990

    Virus Bulletin, July 1990

    July 1990 ISSN 0956-9979 THE AUTHORITATIVE INTERNATIONAL PUBLICATION ON COMPUTER VIRUS PREVENTION, RECOGNITION AND REMOVAL Editor: Edward Wilding Technical Editor: Fridrik Skulason, University of Iceland Editorial Advisors: Jim Bates, Bates Associates, UK, Phil Crewe, Fingerprint, UK, Dr. Jon David, USA, David Ferbrache, Heriot-Watt University, UK, Dr. Bertil Fortrie, Data Encryption Technologies, Holland, Hans Gliss, Datenschutz Berater, West Germany, Ross M. Greenberg, Software Concepts Design, USA, Dr. Harold Joseph Highland, Compulit Microcomputer Security Evaluation Laboratory, USA, Dr. Jan Hruska, Sophos, UK, Dr. Keith Jackson, Walsham Contracts, UK, Owen Keane, Barrister, UK, Yisrael Radai, Hebrew University, Israel, John Laws, RSRE, UK, David T. Lindsay, Digital Equipment Corporation, UK, Martin Samociuk, Network Security Management, UK, John Sherwood, Computer Security Consultants, UK, Roger Usher, Coopers&Lybrand, UK, Dr. Ken Wong, BIS Applied Systems, UK. CONTENTS FOR PROGRAMMERS The Structure of Virus Infection Part I .COM Files 10 EDITORIAL 2 SPECIAL FEATURE TUTORIAL Virus Writers and Distributors 12 Detection and Brute Force CONTERMEASURES Disinfection 3 Virus Monitoring Software - An Endless Battle 15 VIRUS ANALYSES MAC THREATS 17 Burgers Legacy I - Demonstration Disks 6 Burgers Legacy Continued PRODUCT EVALUATION - The Vienna Virus 7 Copy Protection: VB Policy 18 KNOWN IBM VIRUSES (UPDATES) 9 ENDNOTES & NEWS 20 VIRUS BULLETIN ©1990 Virus Bulletin Ltd, 21 The Quadrant, Abingdon Science Park, Oxon, OX14 3YS, England. Tel (+44) 235 555139. /90/$0.00+2.50 This bulletin is available only to qualified subscribers. No part of this publication may be reproduced, stored in a retrieval system, or transmitted by any form or by any means, electronic, magnetic, optical or photocopying, without the prior written permission of the publishers.
  • Virus Bulletin, August 1993

    Virus Bulletin, August 1993

    August 1993 ISSN 0956-9979 THE AUTHORITATIVE INTERNATIONAL PUBLICATION ON COMPUTER VIRUS PREVENTION, RECOGNITION AND REMOVAL Editor: Richard Ford Technical Editor: Fridrik Skulason Consulting Editor: Edward Wilding, Network Security Management, UK Advisory Board: Jim Bates, Bates Associates, UK, David M. Chess, IBM Research, USA, Phil Crewe, Ziff-Davis, UK, David Ferbrache, Defence Research Agency, UK, Ray Glath, RG Software Inc., USA, Hans Gliss, Datenschutz Berater, West Germany, Igor Grebert, McAfee Associates, USA, Ross M. Greenberg, Software Concepts Design, USA, Dr. Harold Joseph Highland, Compulit Microcomputer Security Evaluation Laboratory, USA, Dr. Jan Hruska, Sophos, UK, Dr. Keith Jackson, Walsham Contracts, UK, Owen Keane, Barrister, UK, John Laws, Defence Research Agency, UK, Dr. Tony Pitt, Digital Equipment Corporation, UK, Yisrael Radai, Hebrew University of Jerusalem, Israel, Roger Riordan, Cybec Pty, Australia, Martin Samociuk, Network Security Management, UK, John Sherwood, Sherwood Associates, UK, Prof. Eugene Spafford, Purdue University, USA, Dr. Peter Tippett, Symantec Corporation, USA, Steve R. White, IBM Research, USA, Joseph Wells, Symantec Corporation, USA, Dr. Ken Wong, PA Consulting Group, UK, Ken van Wyk, CERT, USA. CONTENTS VIRUS ANALYSES 1. Daemaen: Multi-multipartism 9 EDITORIAL 2. 8888 - The Poor Man’s Commander Bomber 12 Crime and Punishment 2 ROGUES’ GALLERY VIRUS PREVALENCE TABLE 3 Keep It To Yourself 14 NEWS Storing Up Trouble 3 PRODUCT REVIEW 40Hex Print DAME Source code... 3 Better CPAV than CPAV? 16 Crown Wins Logic Bomb Case 3 COMPARATIVE REVIEW IBM PC VIRUSES (UPDATE) 4 OS/2 Virus Protection 20 INSIGHT Getting to the Point 7 END NOTES & NEWS 24 VIRUS BULLETIN ©1993 Virus Bulletin Ltd, 21 The Quadrant, Abingdon Science Park, Oxon, OX14 3YS, England.
  • Malware Slides

    Malware Slides

    Topics in Malware What is Malware? • Malware (malicious software) is any program that works against the interest of the system’s user or owner. • Question: Is a program that spies on the web browsing habits of the employees of a company considered malware? • What if the CEO authorized the installation of the spying program? Uses of Malware • Why do people develop and deploy malware? – Financial gain – Psychological urges and childish desires to “beat the system”. – Access private data – … Typical purposes of Malware • Backdoor access: – Attacker gains unlimited access to the machine. • Denial-of-service (DoS) attacks: – Infect a huge number of machines to try simultaneously to connect to a target server in hope of overwhelming it and making it crash. • Vandalism: – E.g., defacing a web site. • Resource Theft: – E.g., stealing other user’s computing and network resources, such as using your neighbors’ Wireless Network. • Information Theft: – E.g., stealing other user’s credit card numbers. Types of Malware • Viruses • Worms • Trojan Horses • Backdoors • Mobile code • Adware • Sticky software Viruses • Viruses are self-replicating programs that usually have a malicious intent. • Old fashioned type of malware that has become less popular since the widespread use of the Internet. • The unique aspect of computer viruses is their ability to self-replicate. • However, someone (e.g., user) must execute them in order for them to propagate. Viruses (Cont’d) • Some viruses are harmful (e.g.,): – delete valuable information from a computer’s disk, – freeze the computer. • Other viruses are harmless (e.g.,): – display annoying messages to attract user attention, – just replicate themselves.
  • SPECIAL FEATURE Modified Version of the South African Virus (Which Interpath Call X-12)

    SPECIAL FEATURE Modified Version of the South African Virus (Which Interpath Call X-12)

    Page 12 VIRUS BULLETIN July 1990 Virus-B is not, in fact an entirely new specimen, but a SPECIAL FEATURE modified version of the South African virus (which InterPath call X-12). Virus-B only infects .COM files and Dr. Jan Hruska displays a clear infection message upon execution of infected programs. According to the documentation the Virus Writer and Distributors virus will: increase the size of the infected program by about Attributable Viruses 500 bytes. An infected program will cause no damage but it will be a nuisance if a large number of systems It is not easy to establish the origins of a computer virus programs become infected. and it is rare that positive indicators as to authorship can be found by examining virus code. There are, of course, The documentation also acknowledges certain dangers notable exceptions to this. including the possibility that Hackers could re-activate Virus-B to return to destructive mode. It goes on to say The Brain virus, for instance, includes the authors names, that Such a person could just as easily write a virus from address and telephone numbers embedded in the boot scratch if they were so inclined, but the potential for sector. The virus code was written by two computer reactivation exists. software retailers and was reportedly developed as a means of copy-protection - a measure to punish Reference is made to built in protection mechanisms bootleggers. (see Figure 1.) which explains that the code segment for the destructive mechanism has been left intact (so that it may be Toulme analysed) but that the branch instructions to these segments have been removed.
  • Limiting Vulnerability Exposure Through Effective Patch Management: Threat Mitigation Through Vulnerability Remediation

    Limiting Vulnerability Exposure Through Effective Patch Management: Threat Mitigation Through Vulnerability Remediation

    Limiting Vulnerability Exposure through effective Patch Management: threat mitigation through vulnerability remediation Submitted in fulfilment of the requirements of the degree MASTER OF SCIENCE in the Department of Computer Science of Rhodes University Dominic Stjohn Dolin White <[email protected]> January 2006 Abstract This document aims to provide a complete discussion on vulnerability and patch management.It looks first at the trends relating to vulnerabilities, exploits, attacks and patches. These trends provide the drivers of patch and vulnerability management. Understanding these allows the fol- lowing chapters to present both policy and technical solutions to the problem. The policy lays out a comprehensive set of steps that can be followed by any organisation to implement their own patch management policy, including practical advice on integration with other policies, manag- ing risk, strategies for reducing downtime and vulnerability and generating patch metrics. It then discusses how best a vendors should implement a related patch release policy that will allow end-users to most effectively and timeously mitigate vulnerabilities. The next chapter discussed the technical aspect of automating parts of such a policy and how defence in depth can be ap- plied to the field of patch management. The document then concludes that patch management is becoming more difficult and the guidelines described will go a long way into creating a workable and effective means for mitigating exposure to vulnerabilities. However, more research is needed into vulnerabilities, exploits and particularly into threats. Contents 1 Introduction 1 1.1 Backgrounds .................................... 1 1.2 PatchManagement ................................. 3 1.2.1 Definitions ................................. 4 1.3 TheNeedforPatchManagement.
  • The Silent Network: Denying the Spam and Malware Chatter

    The Silent Network: Denying the Spam and Malware Chatter

    The silent network Denying the spam and malware chatter using free tools Peter N. M. Hansteen [email protected] According to statements by a certain proprietary software marketer, the spam and malware problem should have been solved by now. That company isn’t even close, but in the free software world we are getting there fast and having fun at the same time. This paper offers an overview of principles and tools with real life examples and data, and covers the almost-parallel evolution of malware and spam and effective counter-measures. We present recent empirical data interspersed with examples of practical approaches to ensuring a productive, malware and spam free environment for your colleagues and yourself, using free tools. The evolution of content scanning is described and contrasted with other methods based on miscreants’ (and their robot helpers’) behavior, concluding with a discussing of recent advances in greylisting and greytrapping with an emphasis on those methods’ relatively modest resource demands. Copyright © 2006-2007 by Peter N. M. Hansteen This document is Copyright © 2006-2007 Peter N. M. Hansteen. All rights reserved. Paper presented at the BSDCan conference in Ottawa, Ontario, Canada on May 18, 2007. Table of Contents Malware, virus, spam - some definitions ..........................................................................1 A history of malware .............................................................................................................2 The first virus: the Elk Cloner .........................................................................................2
  • Tietokonevirusten Toiminnallisuuden Tutkiminen

    Tietokonevirusten Toiminnallisuuden Tutkiminen

    Tietokonevirusten toiminnallisuuden tutkiminen Jonne Okkonen, TTV18S3 Joonas Niinimäki, TTV18S3 Harjoitustyö Kyberturvallisuus, Jarmo Nevalainen 17.11.2019 Tieto – ja viestintätekniikka 1 Sisältö 1 Johdanto ........................................................................................................ 3 2 Virusten historiaa 1960-1979 .......................................................................... 3 2.1 Vuodet 1980-1989 ....................................................................................... 5 2.2 Vuodet 1990-1999 ....................................................................................... 8 3 Virukset informaatioaikakautena 2000-2019 ................................................... 9 3.1 Korkeaprofiilisia viruksia ........................................................................... 10 3.2 Tietokonevirusten trendit maailmalla ....................................................... 17 4 Tutkittavat virukset ...................................................................................... 20 5 Pohdinta....................................................................................................... 25 Lähteet ................................................................................................................ 26 Kuvat Kuva 1 The Creeper tietokoneviruksen näyte. ....................................................... 4 Kuva 2 Elk-cloner tietokoneviruksen näyte. ........................................................... 5 Kuva 3 Cascade tietokoneviruksen näyte. .............................................................
  • A Short Course Computer Viruses

    A Short Course Computer Viruses

    A Short Course on Computer Viruses by Dr. Frederick B. Cohen Copyright c ASP Press, 1990 { All Rights Reserved ISBN# 1-878109-01-4 ASP Press PO Box 81270 Pittsburgh, PA 15217 USA Contents 0.1 Introduction 1 Computer Virus Basics 1.1 What is a Computer Virus? 1.2 How Do Viruses Spread Through Systems? 1.3 What Damage Could A Malicious Virus Do? 1.4 Some Other Things Malicious Viruses Might Do 1.4.1 A Data Diddling Virus 1.4.2 The Random Deletion Virus 1.4.3 A Production Destruction Virus 1.4.4 A Protection Code Changing Virus 1.4.5 A Network Deadlock Virus 1.4.6 An Ex- ecutive Error Virus 1.4.7 A Covert Channel Virus 1.4.8 Synergism in Attack 1.5 What Could a Benevolent Virus Do? 1.5.1 Maintenance Viruses 1.5.2 Distributed Databases with Viruses 1.5.3 Life for Its Own Sake 1.5.4 Practical Limits 1.6 Viruses in Specific Computing Environments 1.6.1 Viruses in MVS 1.6.2 PC, MacIntosh, and Amiga Viruses 1.6.3 Viruses in Unix and VMS 1.6.4 Viruses in LANs 1.7 The Three Differ- ences 1.7.1 Generality 1.7.2 Range of Effect 1.7.3 Persistence 1.8 High Risk Activities 1.9 Summary 2 Real World Viruses 2.1 Some Early Experiments 2.1.1 The First Scientific Experiment 2.1.2 A Compression Virus 2.1.3 A Bell-LaPadula Based System 2.1.4 Instrumentation 2.1.5 Psychological Effects of Experi- ments 2.2 The Computer Virus Record Book 2.2.1 The Smallest 2.2.2 The Fastest on a PC 2.2.3 Spreading in Networks 2.2.4 Other Time Dependent Indications of Interest 2.3 Real World Computer Viruses 2.3.1 The Xerox Worm 2.3.2 The First Maintenance Viruses 2.3.3 The Lehigh