Module 2: Computer Security Risks Page 5

Module II
COMPUTER SECURITY RISKS

Today, people depend on computers to create, store, and manage critical information.
Thus, it is crucial that users take measures to protect their computers and data from loss, damage,
and misuse. A computer security risk is any event or action that could cause a loss or damage to
computer hardware, software, data, information or processing capability. While some breaches to
computer security are accidental, any are intentional. Some intruders do not damage; they merely
access data, information or programs on the computer. Other intruders indicate some evidence of
their presence either by leaving a message or by deliberately doing actions against the law.

2.1. Computer and Cyber Crimes

Any illegal act involving a computer generally is referred to as computer crime. On the
other hand, the term cybercrime refers to online or Internet-based illegal acts. Today, cybercrime
is one of the priorities of both the national and international government to prevent widespread.
Some of the perpetrators of such crime fall into the seven basic categories namely:
1. Hacker. “Hacking” means illegally accessing other people's computer systems for
destroying, disrupting or carrying out illegal activities on the network or computer
systems. It is morally bad if it is intended to steal private information or destroy a
computer system. Otherwise, it may strengthen it.

A Hacker may refer to a person who:

o who accesses a computer system by circumventing its security system
o who makes innovative customizations or combinations of retail electronic and
computer equipment
o who combines excellence, playfulness, cleverness and exploration in performed
activities

2. Cracker. A cracker is someone who accesses a computer or network illegally but has
the intent of destroying data, stealing information, or other malicious action.

3. Script kiddie. A script kiddie has the same intention as the cracker and hacker abut does
not have technical skills and knowledge. They often use prewritten hacking and cracking
programs to break into computers.

4. Corporate spy. Corporate spies are hired to break into specific computer and steal its
propriety data and information. Unscrupulous companies hire corporate spies, a practice
known as corporate espionage, to gain a competitive advantage.

5. Unethical employee. Unethical employees break into their employer’s computers for a
variety of reasons:

o exploit a security weakness

o seek financial gains from selling confidential information revenge

6. Cyber extortionist. A cyber extortionist is someone who uses email as a vehicle for
extortion
MSU – Computer Studies Department ©2013
Module 2: Computer Security Risks Page 6

7. Cyber terrorist. A cyber terrorist is someone who uses the Internet or network to
destroy or damage computers for political reasons. It might target the nation’s air traffic
control system or a telecommunications infrastructure

2.2. Internet and Network attacks

Information transmitted over networks has a higher degree of security risk than
information kept on an organization’s premises. In an organization, network administrators
usually take measures to protect a network from security risks. On the Internet, where no central
administrator is present, the security risk is greater.
Internet and network attacks that jeopardize security include malicious software’s
(malwares), botnets, denial of service attacks, backdoors and spoofing. The following sections
address these computer security risks and suggest measures organizations and individuals can
take to protect their computers while on the Internet or connected to a network.

1. Malwares
Computer Malwares are programs that perform specific operations without a
user’s knowledge and deliberately alter the computer’s operations. This utilizes common
communication tools to spread from one computer to another. Malware will also seek to
exploit existing vulnerabilities on systems making their entry quiet and easy.

Malware Classification
 The general term computer virus usually covers programs that modify how a
computer works (including damaging the computer) and can self-replicate. A
true computer virus requires a host program to run properly.
 A worm, on the other hand, doesn't require a host program. It's an
application that can replicate itself and send itself through computer
networks.
 Trojan horses are programs that claim to do one thing but really do another.
Some might damage a victim's hard drive. Others can create a backdoor,
allowing a remote user to access the victim's computer system.
 Rootkit is a program that hides in a computer and allows someone from a
remote location to take full control of the computer

2. Computer Virus

Computer viruses can be a nightmare. Some can wipe out the information on a hard
drive, tie up traffic on a computer network for hours, turn an innocent machine into a
zombie and replicate and send themselves to other computers. If you've never had a
machine fall victim to a computer virus, you may wonder what the fuss is about. But
the concern is understandable -- according to Consumer Reports, computer viruses
helped contribute to $8.5 billion in consumer losses in 2008 [source: MarketWatch].
Computer viruses are just one kind of online threat, but they're arguably the best known
of the bunch.

Computer viruses have been around for many years. In fact, in 1949, a scientist
named John von Neumann theorized that a self-replicated program was possible
[source: Krebs]. The computer industry wasn't even a decade old, and already someone
had figured out how to throw a monkey wrench into the figurative gears. But it
MSU – Computer Studies Department ©2013
Module 2: Computer Security Risks Page 7

took a few decades before programmers known as hackers began to build computer
viruses.

While some pranksters created virus-like programs for large computer systems, it
was really the introduction of the personal computer that brought computer viruses to
the public's attention. A doctoral student named Fred Cohen was the first to describe
self-replicating programs designed to modify computers as viruses. The name has stuck
ever since.

In the good old days (i.e., the early 1980s), viruses depended on humans to do the
hard work of spreading the virus to other computers. A hacker would save the virus to
disks and then distribute the disks to other people. It wasn't until modems became
common that virus transmission became a real problem. Today when we think of a
computer virus, we usually imagine something that transmits itself via the Internet. It
might infect computers through e-mail messages or corrupted Web links. Programs like
these can spread much faster than the earliest computer viruses.

3. Computer Worm

Aside from computer viruses, computer worm can be your PC’s demon. It uses up
your computer’s processing time and network bandwidth when they replicate and often
times they carry loads that do considerable damage to your system. Experts predicted
that as worm (specifically the worm called Code Red) could clog the Internet so
effectively that things would completely grind to a halt.

Worms are often confused with computer viruses; the difference lies in how they
spread. Computer worms self-replicate and spread across networks, exploiting
vulnerabilities, automatically; that is, they don’t need a cybercriminal’s guidance, nor
do they need to latch onto another computer program. As such, computer worms pose a
significant threat due to the sheer potential of damage they might cause. A particularly
notorious incident occurred in 1988. A computer worm since named the Morris worm
caused hundreds of thousands, if not millions, of dollars in damage, and its creator was
convicted under the Computer Fraud and Abuse Act.

Different types of Computer Worms:

1. Email Worms – the spreading goes via infected email messages. Any
form of attachment or link in an email may contain a link to an infected
website. In the first case activation starts when the user clicks on the
attachment while in the second case the activation starts when clicking
the link in the email.

2. Instant Messaging Worms - the spreading used is via instant messaging

applications by sending links to infected websites to everyone on the
local contact list. The only difference between these and email worms are
the way chosen to send the links.

MSU – Computer Studies Department ©2013

Module 2: Computer Security Risks Page 8
3. Internet Worms - these ones will scan all available network resources
using local operating system services and/or scan the Internet for
vulnerable machines. Attempt will be made to connect to these machines
and gain full access to them.

4. IRC Worms - chat channels are the main target and the same
infection/spreading method is used as above - sending infected files or
links to infected websites. Infected file sending is less effective as the
recipient needs to confirm receipt, save the file and open it before
infection will take place.

5. File-sharing Networks Worms – this copies itself into a shared folder,

most likely located on the local machine. The worm will place a copy of
itself in a shared folder under a harmless name. Now the worm is ready
for download via the P2P network and spreading of the infected file will
continue.

4. Trojan Horse

You've probably heard of the Trojan horse from Greek mythology, chances are
you've also heard of Trojan horses in reference to computers. Trojan horses are
common but dangerous programs that hide within other seemingly harmless
programs. They work the same way the ancient Trojan horse did: Once they're
installed, the program will infect other files throughout your system and potentially
wreak havoc on your computer. They can even send important information from your
computer over the Internet to the developer of the virus. The developer can then
essentially control your computer, slowing your system's activity or causing your
machine to crash.

A computer infected by malware may have any of these following

symptoms:
 Operating system runs much slower than usual
 Available memory is less than expected
 Files become corrupted
 Screen displays unusual message or image
 Unknown programs or files mysteriously appear
 Music or unusual sounds plays randomly
 Existing programs and files disappear
 Programs or files do not work properly
 System properties change
 Operating system does not start up
 Operating system shuts down unexpectedly

Currently, more than 300,000 Websites can infect your computer with known
malicious software. These programs infect computers in a variety of ways: when a user
(1) opens an infected file, (2) runs an infected program, (3) boots the computer with
infected removable media inserted in a drive or plugged in a port, (4) connects an
unprotected computer to a network, or (5) when a certain condition or event occurs, such
as the computer’s clock changing to a specific date, and (5) opens an infected e-mail
attachments.
MSU – Computer Studies Department ©2013
Module 2: Computer Security Risks Page 9

The list below summarizes important tips for protecting your computer from
malicious software:

1. Never start a computer with removable media inserted in the drives or

plugged in ports, unless the media are uninfected.

2. Never open an e-mail attachment unless you are expecting it and it is from a
trusted source

3. Set the macro security in programs so that you can enable or disable macros.
Enable macros only if the document is from a trusted source and you are
expecting it.

4. Install an antivirus program on all of your computers. Update the software

and virus signature files regularly
5. Scan all downloaded programs for malware
6. If the antivirus program flags an e-mail attachment as infected, delete or
quarantine the attachment immediately.
7. Before using any removable media, scan the media for malware. Follow this
procedure even for shrink wrapped software from major developers.
8. Install a personal firewall program.
9. Stay inform about new virus alerts and virus hoaxes

5. Botnets

A botnet is a group of compromised computers connected to a network such as the

Internet that are used as part of a network that attacks other networks, usually for nefarious
purposes. A compromised computer known as a zombie, is one whose owner is unaware the
computer is being controlled remotely by an outsider. Cybercriminals use botnets to send
spam via e-mail, spread viruses and other malware, or commit a denial of service attack

Note:
The number of zombie is increasing at a rapid rate. A computer may be a
zombie or part of a botnet if there is unusually high disk activity, a slower than normal
Internet connection, or devices connected to the computer becoming increasingly
unresponsive

6. Denial of service attacks

In a denial-of-service (DoS) attack, an attacker attempts to prevent legitimate

users from accessing information or services. By targeting your computer and its network
connection, or the computers and network of the sites you are trying to use, an attacker
may be able to prevent you from accessing email, websites, online accounts (banking,
etc.), or other services that rely on the affected computer.

MSU – Computer Studies Department ©2013

Module 2: Computer Security Risks Page 10
The most common and obvious type of DoS attack occurs when an attacker
"floods" a network with information. When you type a URL for a particular website into
your browser, you are sending a request to that site's computer server to view the page.
The server can only process a certain number of requests at once, so if an attacker

overloads the server with requests, it can't process your request. This is a "denial of
service" because you can't access that site.

An attacker can use spam email messages to launch a similar attack on your
email account. Whether you have an email account supplied by your employer or one
available through a free service such as Yahoo or Hotmail, you are assigned a specific
quota, which limits the amount of data you can have in your account at any given time.
By sending many, or large, email messages to the account, an attacker can consume your
quota, preventing you from receiving legitimate messages.

Not all disruptions to service are the result of a denial-of-service attack. There
may be technical problems with a particular network, or system administrators may be
performing maintenance. However, the following symptoms could indicate a DoS or
DDoS attack:
 unusually slow network performance (opening files or accessing websites)
 unavailability of a particular website
 inability to access any website
 dramatic increase in the amount of spam you receive in your account

7. Backdoors

A backdoor is a program or a set of instructions in a program that allow users to

bypass security controls when accessing a program, computer, or network. Once
perpetrators gain access to unsecure computers, they often install a backdoor or modify
an existing program to include a back door, which allows them to continue to access the
computer remotely without the user’s knowledge
8. Spoofing

Spoofing is a technique intruders use to make their networks or Internet

transmission appear legitimate to victim computer or a network.
2 types of Spoofing
 E-mail spoofing – occurs when the sender’s address or other components
of the e-mail header are altered so that it appears the e-mail originated
from a different
 sender. It is commonly used for virus hoaxes, spam and phishing scams.
 IP spoofing – occurs when an intruder computer fools a network into
believing its IP address is associated with a trusted source. Its
perpetrators trick their victims into interacting with a phony Web site

In order to safeguard against these attacks, the following are recommended:

1. Implement firewall solutions

MSU – Computer Studies Department ©2013

Module 2: Computer Security Risks Page 11
2. Install intrusion detection software

2.3. Unauthorized access and use

Unauthorized access is the use of a computer or network without permission.
Unauthorized use is the use of a computer or its data for unapproved or possibly illegal
activities. In order to minimize the chance of unauthorized access and use, many organizations
use access controls. An access control is a security measure that defines who can access a
computer, when they can access it, and what actions they can take while accessing the computer.
Many systems implement access controls using a two-phase process called identification
and authentication. Identification verifies that an individual is a valid user. Authentication
verifies that the individual is the person he/she claims to be.
Three (3) methods of Identification and Authentication
 Usernames and passwords
 Possessed objects. A possessed object is any item that you must carry to gain access
to a computer or a computer facility.
 Biometric devices. A biometric device authenticates a person’s identity by translating
personal characteristics such as a finger print, into a digital code that is compared
with a digital code stored in the computer verifying physical or behavioral
characteristics.

Some websites use a CAPTCHA (Completely Automated Public Turing test to tell Computers
and Humans Apart), a program that verifies user input is not computer generated

2.4 Hardware theft and Vandalism

Hardware theft is the act of stealing computer equipment’s while Hardware vandalism
is the act of defacing or destroying computer equipment
2.5 Software theft
Software theft occurs when someone steals software media, intentionally erases
programs, illegally copies a program, and/or illegally registers or activates a program
Forms of software theft:
 Physically stealing the media that contain the software or the hardware that contains
the media
 Software piracy

To protect from software piracy, software manufacturers issue users license agreement. A
license agreement is the right to use the software. It provides specific conditions for use of the
software which a user must accept before using the software. The most common type of license
included with software purchased by individual users is a single user license agreement also
called an end-user license agreement (EULA). According to the EULA:
Users are permitted to:
o Install the software on only one computer
o Make one copy of the software as a backup
MSU – Computer Studies Department ©2013
Module 2: Computer Security Risks Page 12
o Give or sell the software to another individual, but only if the software is
removed from the user’s computer first

Users are not permitted to:

o Install the software on a network
o Give copies to friends and colleagues while continuously using the
software
o Export the software
o Rent or lease the software

2.6 Information Theft

Information theft occurs when someone steals personal or confidential information.
Some companies attempt to prevent information theft by implementing the user identification and
authentication controls. Other companies use a variety of encryption techniques

2.7 System failure

System failure is the prolonged malfunction of a computer. It may result to loss of
hardware, software, data and information. Some of the common causes of System failure include:
1. Aging hardware
2. Natural disasters such as fire, floods, and lighting strikes
3. Random events such as electrical power problems
4. Errors in computer programs

To protect against electrical power variations, use a surge protector which uses a special
electrical components to provide a stable current flow to the computer and other electrical
equipment

The following are Top 10 of the worst computer viruses:

1. Melissa

Created by David L. Smith in 1999, Melissa is a macro virus. It tempts recipients

to open an infected document through an e-mail message “Here is that document you
asked for, don’t show it to anybody else”. The virus replicates through the recipient’s
address book.

2. I LOVE YOU

Believed to have originated in the Philippines by the author named Onel de

Guzman, this malware comes in the form of a worm, a stand-alone program which is
capable of replicating itself. It travels through the Internet via an attachment in an e-
mail message with a subject Love Letter

3. The Klez Virus

MSU – Computer Studies Department ©2013

Module 2: Computer Security Risks Page 13
The basic Klez worm infected a victim's computer through an e-mail message,
replicated itself and then sent itself to people in the victim's address book. Some
variations of the Klez virus carried other harmful programs that could render a victim's
computer inoperable. Depending on the version, the Klez virus could act like a normal
computer virus, a worm or a Trojan horse. It could even disable virus-scanning
software and pose as a virus-removal tool.

4. Code red and Code red II

The Code Red and Code Red II worms popped up in the summer of 2001. Both
worms exploited an operating system vulnerability that was found in machines running
Windows 2000 and Windows NT. The vulnerability was a buffer overflow problem,
which means when a machine running on these operating systems receives more
information than its buffers can handle; it starts to overwrite adjacent memory.

The original Code Red worm initiated a distributed denial of service (DDoS)
attack on the White House. That means all the computers infected with Code Red tried
to contact the Web servers at the White House at the same time, overloading the
machines.

5. Nimda

Another virus to hit the Internet in 2001 was the Nimda (which is admin spelled
backwards) worm. Nimda spread through the Internet rapidly, becoming the fastest
propagating computer virus at that time.

The Nimda worm's primary targets were Internet servers. While it could infect a
home PC, its real purpose was to bring Internet traffic to a crawl. It could travel
through the Internet using multiple methods, including e-mail. This helped spread the
virus across multiple servers in record time.

The Nimda worm created a backdoor into the victim's operating system. It
allowed the person behind the attack to access the same level of functions as whatever
account was logged into the machine currently. In other words, if a user with limited
privileges activated the worm on a computer, the attacker would also have limited
access to the computer's functions. On the other hand, if the victim was the
administrator for the machine, the attacker would have full control.

The spread of the Nimda virus caused some network systems to crash as more of
the system's resources became fodder for the worm. In effect, the Nimda worm became
a distributed denial of service (DDoS) attack.

MSU – Computer Studies Department ©2013

Module 2: Computer Security Risks Page 14

Not all computer viruses focus on computers. Some target other electronic
devices. Here's just a small sample of some highly portable viruses:

 CommWarrior attacked smartphones running the Symbian operating

system (OS).
 The Skulls Virus also attacked Symbian phones and displayed screens of
skulls instead of a home page on the victims' phones.
 RavMonE.exe is a virus that could infect iPod MP3 devices made
between Sept. 12, 2006, and Oct. 18, 2006.
 Fox News reported in March 2008 that some electronic gadgets leave the
factory with viruses pre-installed -- these viruses attack your computer
when you sync the device with your machine

6. SQL Slammer/Sapphire

In late January 2003, a new Web server virus spread across the Internet. Many
computer networks were unprepared for the attack, and as a result the virus brought down
several important systems. The Bank of America's ATM service crashed, the city of
Seattle suffered outages in 911 services and Continental Airlines had to cancel several
flights due to electronic ticketing and check-in errors.

Some hackers program viruses to sit dormant on a victim's computer only to unleash an
attack on a specific date. Here's a quick sample of some famous viruses that had time
triggers:

 The Jerusalem virus activated every Friday the 13th to destroy data on the victim
computer's hard drive
 The Michelangelo virus activated on March 6, 1992 -- Michelangelo was born on
March 6, 1475
 The Chernobyl virus activated on April 26, 1999 -- the 13th anniversary of the
Chernobyl meltdown disaster

The Nyxem virus delivered its payload on the third of every month, wiping out files on the
victim's computer

7. MYDoom

The MyDoom (or Novarg) virus is another worm that can create a backdoor in the victim
computer's operating system. The original MyDoom virus -- there have been several variants --
had two triggers. One trigger caused the virus to begin a denial of service (DoS) attack starting
Feb. 1, 2004. The second trigger commanded the virus to stop distributing itself on Feb. 12,
2004. Even after the virus stopped spreading, the backdoors created during the initial infections
remained active.

MSU – Computer Studies Department ©2013

Module 2: Computer Security Risks Page 15
Later that year, a second outbreak of the MyDoom virus gave several search engine
companies grief. Like other viruses, MyDoom searched victim computers for e-mail addresses
as part of its replication process. But it would also send a search request to a search engine and
use e-mail addresses found in the search results. Eventually, search engines like Google began
to receive millions of search requests from corrupted computers. These attacks slowed down
search engine services and even caused some to crash.

Not all viruses cause severe damage to computers or destroy networks. Some just
cause computers to act in odd ways. An early virus called Ping Pong created a
bouncing ball graphic, but didn't seriously damage the infected computer. There are
several joke programs that might make a computer owner think his or her computer is
infected, but they're really harmless applications that don't self-replicate. When in
doubt, it's best to let an antivirus program remove the application.

8. Sasser and Netsky

Sometimes computer virus programmers escape detection. But once in a while,

authorities find a way to track a virus back to its origin. Such was the case with the Sasser and
Netsky viruses. A 17-year-old German named Sven Jaschan created the two programs and
unleashed them onto the Internet. While the two worms behaved in different ways, similarities
in the code led security experts to believe they both were the work of the same person.

The Sasser worm attacked computers through a Microsoft Windows vulnerability. Unlike
other worms, it didn't spread through e-mail. Instead, once the virus infected a computer, it
looked for other vulnerable systems. It contacted those systems and instructed them to
download the virus. The virus would scan random IP addresses to find potential victims. The
virus also altered the victim's operating system in a way that made it difficult to shut down the
computer without cutting off power to the system.

The Netsky virus moves through e-mails and Windows networks. It spoofs e-mail
addresses and propagates through a 22,016-byte file attachment. As it spreads, it can cause a
denial of service (DoS) attack as systems collapse while trying to handle all the Internet traffic.

9. Leap A/Oompa-A

Maybe you've seen the ad in Apple's Mac computer marketing campaign where
Justin "I'm a Mac" Long consoles John "I'm a PC" Hodgman. Hodgman comes down
with a virus and points out that there are more than 100,000 viruses that can strike a
computer. Long says that those viruses target PCs, not Mac computers.

For the most part, that's true. Mac computers are partially protected from virus
attacks because of a concept called security through obscurity. Apple has a reputation
for keeping its operating system (OS) and hardware a closed system -- Apple produces
both the hardware and the software. This keeps the OS obscure. Traditionally, Macs have
been a distant second to PCs in the home computer market. A hacker who creates a virus
for the Mac won't hit as many victims as he or she would with a virus for PCs.

MSU – Computer Studies Department ©2013

Module 2: Computer Security Risks Page 16

But that hasn't stopped at least one Mac hacker. In 2006, the Leap-A virus, also
known as Oompa-A, debuted. It uses the iChat instant messaging program to propagate
across vulnerable Mac computers. After the virus infects a Mac, it searches through the
iChat contacts and sends a message to each person on the list. The message contains a
corrupted file that appears to be an innocent JPEG image.

The Leap-A virus doesn't cause much harm to computers, but it does show that even a
Mac computer can fall prey to malicious software. As Mac computers become more
popular, we'll probably see more hackers create customized viruses that could damage
files on the computer or snarl network traffic. Hodgman's character may yet have his
revenge.

10. Storm Worm

The latest virus on our list is the dreaded Storm Worm. It was late 2006 when
computer security experts first identified the worm. The public began to call the virus the
Storm Worm because one of the e-mail messages carrying the virus had as its subject "230
dead as storm batters Europe." Antivirus companies call the worm other names. For
example, Symantec calls it Peacomm while McAfee refers to it as Nuwar. This might
sound confusing, but there's already a 2001 virus called the W32.Storm.Worm. The 2001
virus and the 2006 worm are completely different programs.

The Storm Worm is a Trojan horse program. Its payload is another program,
though not always the same one. Some versions of the Storm Worm turn computers into
zombies or bots. As computers become infected, they become vulnerable to remote
control by the person behind the attack. Some hackers use the Storm Worm to create a
botnet and use it to send spam mail across the Internet.

Many versions of the Storm Worm fool the victim into downloading the
application through fake links to news stories or videos. The people behind the attacks will
often change the subject of the e-mail to reflect current events. For example, just before
the 2008 Olympics in Beijing, a new version of the worm appeared in e-mails with
subjects like "a new deadly catastrophe in China" or "China's most deadly earthquake."
The e-mail claimed to link to video and news stories related to the subject, but in reality
clicking on the link activated a download of the worm to the victim's computer

As if viruses, worms and Trojan horses or other malwares weren't enough, we

also have to worry about virus hoaxes. These are fake viruses -- they don't actually
cause any harm or replicate themselves.

Instead, the creators of these hoax viruses hope that people and media
companies treat the hoax as if it were the real deal. Even though these hoaxes aren't
immediately dangerous, they are still a problem. Like the boy who cried wolf, hoax
viruses can cause people to ignore warnings about real threats.

MSU – Computer Studies Department ©2013