WORMS AND VIRUS

Malware or malicious code (malcode) is short for malicious software. It is code or software that is specifically designed to damage, disrupt, steal, or in general inflict some other “bad” or illegitimate action on data, hosts, or networks.

Ex. The vast majority, however, are installed by

some action from a user, such as clicking an e-mail attachment or downloading a file from the Internet.

o Malware cannot damage the physical hardware of systems and network equipment, but it can damage the data and software residing on the equipment. Malware should also not be confused with defective software, which is intended for legitimate purposes but has errors or bugs.

Classes of Malicious Software

2 most common:These types of programs are able to

self-replicate and can spread copies of themselves, which might even be modified copies.

Virus---a virus depends on a host program to spread itself

Worm---a worm operates more or less independently of other files

WORMS :A program that makes copies of itself; Computer

worms are similar to viruses in that they replicate functional copies of themselves and can cause the same type of damage.

In contrast to viruses, which require the spreading of an infected host file, worms are standalone software and do not require a host program or human help to propagate.

for example:from one disk drive to another, or by copying itself using email or another transport mechanism. The worm may do damage and compromise the security of the computer. It may arrive in the form of a joke program or software of some sort.

ex of computer WORMS :

Stuxnet virus -a computer worm discovered in June 2010. Stuxnet was created by the United States and Israel, targeting Iran’s Uranium Enrichment Program. Stuxnet was created as part of a top-secret cyber war program codenamed “Olympic Games.”

DUQU computer worm-was discovered in September 2011 and is believed to be linked to the Stuxnet virus. Duqu and Stuxnet operate very similarly and were both created by governments to target nuclear production in Iran. Rather than being used to disrupt the production of nuclear weapons, Duqu was used for stealing information.

ex of computer WORMS :

Flame virus  -was discovered in 2012 and is regarded as one of the most sophisticated computer worms ever found. Flame’s code shares many similarities with the Stuxnet code, and Flame, like Stuxnet, was designed as part of a government-sponsored cyber program. While the Stuxnet computer worm was designed to sabotage nuclear weapon production, Flame is believed to have been created purely for cyber spying. Flame has infected thousands of computers since its deployment, mostly in Iran and other Middle Eastern countries.

ex of WORMS :SLAMMER-The Sapphire Worm was the fastest computer worm in history. As it began spreading throughout the Internet, it doubled in size every 8.5 seconds. It infected more than 90 percent of vulnerable hosts within 10 minutes.BLASTER WORM-was a virus program that mainly targeted Microsoft platforms in 2003. The worm attacked computers by exploiting a security flaw with Microsoft remote procedure call (RPC) process using Transmission Control Protocol (TCP) port number 135. The virus propagated itself automatically to other machines by transmitting itself through email and other methods. --Blaster Worm is also called MSBlast or Lovesan.

contdKLEZ-is an Internet worm that launches automatically when a user previews or reads an e-mail message containing Klez on a system that has not been patched for a vulnerability in Microsoft Internet Explorer mail clients. It is not necessary for a user to explicitly open an attachment in order for Klez to execute.

VIRUSES:A program or code that replicates; that is, infects

another program, boot sector, partition sector, or document that supports macros, by inserting itself or attaching itself to that medium. Most viruses only replicate, though, many do a large amount of damage as well.

A computer virus is a type of malware that propagates by inserting a copy of itself into and becoming part of another program. It spreads from one computer to another, leaving infections as it travels. Viruses can range in severity from causing mildly annoying effects to damaging data or software and causing denial-of-service (DoS) conditions. Almost all viruses are attached to an executable file, which means the virus may exist on a system but will not be active or able to spread until a user runs or opens the malicious host file or program.

Contd...When the host code is executed, the viral code is

executed as well. Normally, the host program keeps functioning after it is infected by the virus. However, some viruses overwrite other programs with copies of themselves, which destroys the host program altogether. Viruses spread when the software or document they are attached to is transferred from one computer to another using the network, a disk, file sharing, or infected e-mail attachments.

ex of virus :ILOVEYOU-The Love Bug flooded internet users with

ILOVEYOU messages in May 2000, forwarding itself to everybody in the user's address book. It was designed to steal internet access passwords for its Filipino creator.

The Melissa virus-The Melissa virus, written by David L Smith in homage to a Florida stripper, was the first successful email-aware virus and inserted a quote from The Simpsons in to Word documents. Smith was later sentenced to jail for causing over $80 million worth of damage.

Concept Virus-The Concept virus, accidentally shipped on a CD-ROM supplied by Microsoft in 1995, was the first virus to infect Microsoft Word documents. Within days it became the most widespread virus the world had ever seen, taking advantage of the fact that computer users shared documents via email.

TROJAN HORSE:A program that neither replicates nor copies

itself, but causes damage or compromises the security of the computer.

A Trojan is another type of malware named after the wooden horse the Greeks used to infiltrate Troy. It is a harmful piece of software that looks legitimate.

Contd...Users are typically tricked into loading and

executing it on their systems. After it is activated, it can achieve any number of attacks on the host, from irritating the user (popping up windows or changing desktops) to damaging the host (deleting files, stealing data, or activating and spreading other malware, such as viruses). Trojans are also known to create back doors to give malicious users access to the system.

Unlike viruses and worms, Trojans do not reproduce by infecting other files nor do they self-replicate. Trojans must spread through user interaction such as opening an e-mail attachment or downloading and running a file from the Internet.

BOTS:"Bot" is derived from the word "robot" and is an

automated process that interacts with other network services. Bots often automate tasks and provide information or services that would otherwise be conducted by a human being. A typical use of bots is to gather information (such as web crawlers), or interact automatically with instant messaging (IM), Internet Relay Chat (IRC), or other web interfaces. They may also be used to interact dynamically with websites.

contd...Bots can be used for either good or malicious

intent. A malicious bot is self-propagating malware designed to infect a host and connect back to a central server or servers that act as a command and control (C&C) center for an entire network of compromised devices, or "botnet." With a botnet, attackers can launch broad-based, "remote-control," flood-type attacks against their target(s). In addition to the worm-like ability to self-propagate, bots can include the ability to log keystrokes, gather passwords, capture and analyze packets, gather financial information, launch DoS attacks, relay spam, and open back doors on the infected host.

How do virus spread?

• A client brings in a diskette with a program that is malfunctioning (because of a viral infection) .

• The consultant runs the program to discover the cause of the bug-the virus spreads into the memory of the consultant's computer.

• The consultant copies the program to another disk for later investigation-the virus infects the copy utility on the hard disk.

• The consultant moves on to other work preparing a letter-the virus infects the screen editor on the hard disk.