CPIC 1 COMPUTER VIRUS is a program which is to damage or sabotage the computer as well as the computer files. It is also designed to attach itself to other program and replicate by itself. The DIFFERENT CLASSIFICATION OF VIRUS PROGRAM 1. Boot sector Virus is a computer virus which has the ability to damage the master boot record of the Hard Drive or diskettes. 2. Parasitic virus a virus type that can infect command and executable files. 3. Macro Virus a virus type that can infect document which are created on Microsoft Office professional programs. 4. Logical virus a virus that has the ability to delete the host file and create new infected files. 5. Trojan virus a virus type that has the ability to reformat your HDD and reprogram your computer BIOS. 6. Sleeping virus (Live and Die) are viruses that activates only at a certain date & time depending on the system clock timer. 7. Compression virus is a virus type which is capable of compressing your files after infection. 8. Email virus is a virus type that can damage email files from the internet. 9. Multi-partite virus is a virus type that has the characteristics of both hardware and file virus. 10. Polymorphic or Mutation virus (Hide & Seek) is a virus type that has the ability to elude detection by changing its characteristics from virus to good file. 11. Stealth virus (buffered virus) is a virus type that the ability to intercept the interrupt table of the computer which is located at the beginning of the computer memory. They have also the ability to control the system by redirecting the interrupt calls and has the ability to hide to escape from detection. HOW DOES A VIRUS INFECT A PROGRAM? Two phases of infection… • Action the virus program must be executed by the user or executes by itself, and attach its structure to the computers memory for further infections. • Replicate a virus program produces an infected program or file. Marker bytes the information located at the beginning of a files which can be determined by the virus program whether that file is can be infected or not. Virus signature a byte added by the virus which indicates that file is an infected file. CHARACTERISTICS OF VIRUS 1. A virus program can modify other program by binding its structures into this program. 2. A virus program can execute the modification on a number of programs. 3. A virus program can recognize the modification done by other virus. 4. A virus program can prevent further modification upon recognition. 5. A virus program can damage computer peripherals and files. CPIC 2 PROTECTION STRATEGIES 1. Always backup your files 2. Purchase and use virus detection softwares 3. Be careful of downloaded files from the internet 4. Be careful of shareware software’s 5. Purchase your software only from dependable developer 6. Do not load your original file to a computer which is unknown to you. 7. Do not permit others to load their USB flash drives, diskettes, and other removable storage in your computer without scanning it first. 8. Make your COM and EXE files read only. 9. Keep inform. SOURCES OF VIRUS 1. Email attachment 2. Internet 3. Downloaded files 4. Shared Network 5. Computer Labs TOP TEN MOST DESTRUCTIVE COMPUTER VIRUS 1. ILOVEYOU (2000) Estimated Damage: 10 to 15 billion dollars Also known as Loveletter and The Love Bug, this was a Visual Basic script with an ingenious and irresistible hook: the promise of love. On May 3, 2000, the ILOVEYOU worm was first detected in Hong Kong. The bug was transmitted via e-mail with the subject line "ILOVEYOU" and an attachment, Love-Letter-For-You.TXT.vbs. Similar to Melissa, the virus mailed itself to all Microsoft Outlook contacts. Thousands of users fell for the lure of a love letter and clicked on the infected attachment. Courtesy of F-Secure. Click image to enlarge and to launch image gallery. CPIC 3 The virus also took the liberty of overwriting music files, image files, and others with a copy of itself. More disturbingly, it searched out user IDs and passwords on infected machines and e- mailed them to its author. An interesting footnote: Because the Philippines had no laws against virus-writing at the time, the author of ILOVEYOU was not charged for this crime. 2. So Big F (2003) Estimated Damage: 5 to 10 billion dollars, over 1 million PCs infected The Sobig worm hit right on the heels of Blaster, making August 2003 a miserable month for corporate and home PC users. The most destructive variant was Sobig.F, which spread so rapidly on August 19 that it set a record (which would later be broken by MyDoom), generating over 1 million copies of itself in its first 24 hours. The virus infected host computers via innocuously named e-mail attachments such as application.pif and thank_you.pif. When activated, this worm transmitted itself to e-mail addresses discovered on a host of local file types. The end result was massive amounts of Internet traffic. E-mails with innocuously named attachments launched Sobig. Courtesy of F-Secure. Click image to enlarge and to launch image gallery. On September 10, 2003, the virus deactivated itself and is no longer a threat. Microsoft (NSDQ:MSFT) has announced a $250,000 bounty for anyone who identifies Sobig.F's author, but to date, the perpetrator has not been caught. 3. Blaster (2003) Estimated Damage: 2 to 10 billion dollars, hundreds of thousands of infected PCs The summer of 2003 was a rough time for businesses running PCs. In rapid succession, IT professionals witnessed the unleashing of both the Blaster and Sobig worms. Blaster, also known as Lovsan or MSBlast, was the first to hit. The virus was detected on August 11 and spread rapidly, peaking in just two days. Transmitted via network and Internet traffic, this worm exploited a vulnerability in Windows 2000 and Windows XP, and when activated, presented the PC user with a menacing dialog box indicating that a system shutdown was imminent. CPIC 4 Hidden in the code of MSBLAST.EXE -- the virus' executable " were these messages: "I just want to say LOVE YOU SAN!!" and "billy gates why do you make this possible? Stop making money and fix your software!!" Like many viruses, Blaster contained hidden messages. Courtesy of F-Secure. Click image to enlarge and to launch image gallery. The virus also contained code that would trigger a distributed denial of service attack on windowsupdate.com on April 15, but Blaster had already peaked and was mostly contained by then. 4. Code Red Estimated Damage: 2.6 billion dollars Code Red was a computer worm that was unleashed on network servers on July 13, 2001. It was a particularly virulent bug because of its target: computers runningMicrosoft (NSDQ: MSFT)'s Internet Information Server (IIS) Web server. The worm was able to exploit a specific vulnerability in the IIS operating system. Ironically, Microsoft had released a patch addressing this hole in mid-June. Also known as Bady, Code Red was designed for maximum damage. Upon infection, the Web site controlled by the affected server would display the message, "HELLO! Welcome to http://www.worm.com! Hacked By Chinese!" Then the virus would actively seek other vulnerable servers and infect them. This would go on for approximately 20 days, and then it would launch denial of service attacks on certain IP addresses, including the White House Web server. In less than a week, this virus infected almost 400,000 servers, and it's estimated that one million total computers were infected. CPIC 5 A Web site infected by Code Red. Courtesy of F-Secure. Click image to launch image gallery. 5. CIH (1998) Estimated Damage: 20 to 80 million dollars worldwide, countless amounts of PC data destroyed Unleashed from Taiwan in June of 1998, CIH is recognized as one of the most dangerous and destructive viruses ever. The virus infected Windows 95, 98, and ME executable files and was able to remain resident in a PC's memory, where it continued to infect other executables. What made CIH so dangerous is that, shortly after activated, it would overwrite data on the host PC's hard drive, rendering it inoperable. It was also capable of overwriting the BIOS of the host, preventing boot-up. Because it infected executable files, CIH wound up being distributed by numerous software distributors, including a demo version of an Activision game named Sin. CIH is also known as the Chernobyl virus because the trigger date of certain strains of the virus coincides with the date of the Chernobyl nuclear reactor accident. The virus is not a serious threat today, thanks to increased awareness and the widespread migration to Windows 2000, XP, and NT, none of which are vulnerable to CIH. 6. Melissa (1999) Estimated Damage: 300 to 600 million dollars On Friday, March 26, 1999, W97M/Melissa became front-page news across the globe. Estimates have indicated that this Word macro script infected 15 to 20 percent of all business PCs. The virus spread so rapidly thatIntel (NSDQ: INTC), Microsoft (NSDQ:MSFT), and a number of other companies that used Outlook were forced to shut down their entire e-mail systems in order to contain the damage. The virus used Microsoft Outlook to e-mail itself to 50 names on a user's contact list. The e-mail message contained the sentence, "Here is that document you asked for...don't show anyone else. ;-)," with an attached Word document. Clicking open the .DOC file -- and thousands of unsuspecting users did so -- allowed the virus to infect the host and repeat the replication.
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages7 Page
-
File Size-