Beruflich Dokumente
Kultur Dokumente
10 Mobile Virus 22
Computer viruses are called viruses because they share some of the traits of
biological viruses. A computer virus passes from computer to computer like a
biological virus passes from person to person.
There are similarities at a deeper level, as well. A biological virus is not a
living thing. A virus is a fragment of DNA inside a protective jacket. Unlike a
cell, a virus has no way to do anything or to reproduce by itself -- it is not alive.
Instead, a biological virus must inject its DNA into a cell. The viral DNA then
uses the cell's existing machinery to reproduce itself. In some cases, the cell fills
with new viral particles until it bursts, releasing the virus. In other cases, the new
virus particles bud off the cell one at a time, and the cell remains alive.
A computer virus shares some of these traits. A computer virus must
piggyback on top of some other program or document in order to get executed.
Once it is running, it is then able to infect other programs or documents.
Obviously, the analogy between computer and biological viruses stretches things
a bit, but there are enough similarities that the name
Before 1988, the word "virus" had a strictly biological meaning. In that year, Robert Morris
wrote and released the first "Internet worm", forcing everyone in the computer community to
immediately consider this new electronic threat. While Morris created his virus to demonstrate a
security flaw in ARPANET,(Advanced Research Projects Agency Network) the predecessor to
the Internet, today's virus writers often have a more malicious intent. The Internet today spans
the globe and serves billions of users, providing an environment in which a single virus can
conceivably cause rapid and widespread damage to systems throughout the world.
There are at least three reasons. The first is the same psychology that drives vandals and
arsonists. Why would someone want to bust the window on someone else's car, or spray-paint
signs on buildings or burn down a beautiful forest? For some people that seems to be a thrill. If
that sort of person happens to know computer programming, then he or she may funnel energy
into the creation of destructive viruses.
The second reason has to do with the thrill of watching things blow up. Many people have a
fascination with things like explosions and car wrecks. When you were growing up, there was
probably a kid in your neighborhood who learned how to make gunpowder and then built bigger
and bigger bombs until he either got bored or did some serious damage to himself. Creating a
virus that a spread quickly is a little likes that -- it creates a bomb inside a computer, and the
more computers that get infected the more "fun" the explosion.
The third reason probably involves bragging rights, or the thrill of
doing it. Sort of like Mount Everest. The mountain is there, so someone is compelled to climb it.
If you are a certain type of programmer and you see a security hole that could be exploited, you
might simply be compelled to exploit the hole yourself before someone else beats you to it.
"Sure, I could TELL someone about the hole. But wouldn't it be better to SHOW them the
hole???" That sort of logic leads to many viruses. Of course, most virus creators seem to miss the
point that they cause real damage to real people with their creations. Destroying everything on a
person's 6 hard disk is real damage. Forcing the people inside a large company to waste
Computer Virus is a kind of malicious software written intentionally to enter a computer without
the user’s permission or knowledge, with an ability to replicate itself, thus continuing to spread.
Some viruses do little but replicate others can cause severe harm or adversely effect program and
performance of the system.
A file virus attaches itself to a file usually an executable application (e.g. a word processing
program or a DOS program). In general, file viruses don't infect data files. However, data files
can contain embedded executable code such as macros, which may be used by virus or Trojan
writers. Recent versions of Microsoft Word are particularly vulnerable to this kind of threat. Text
files such as batch files, postscript files, and source code which contain commands that can be
compiled or interpreted by another program are potential targets for malware (malicious
software), though such malwares not at present common.
There are literally dozens of different ways a computer can become infected with spyware,
viruses, and other malware. Below is a list of the most common ways a computer can contract
these infections listed in the order we believe are most commonly done.
By far one of the most common ways a computer becomes infected is the user accepts what he or
she sees on the screen without reading the prompt or understand what it's asking.
1. While browsing the Internet, an Internet advertisement or window appears that says your
computer is infected or that a unique plug-in is required. Without fully understanding
what it is you're getting, you accept the prompt.
2. When installing or updating a program, you're prompted (often checkboxes already
checked) if it's ok to install additional programs that you may not want or are designed to
monitor your usage of the program.
Another very common way people become infected with viruses and other spyware is by
opening e-mail attachments, even when from a co-worker, friend, or family member. E-mail
addresses can be easily faked and even when not faked your acquaintance may unsuspectingly be
forwarding you an infected file.
When receiving an e-mail with an attachment, if the e-mail was not expected or from someone
you don't know delete it. If the e-mail is from someone you know, be cautious when opening the
attachment.
Many of the updates, especially those associated with Microsoft Windows and other operating
systems and programs, are security updates. Running a program or operating system that is not
up-to-date with the latest updates can be a big security risk and can be a way your computer
becomes infected.
If you or someone on your computer is participating in underground places on the Internet where
you're downloading copyrighted music, movies, software, etc. for free, often many of the files
can contain viruses, spyware or malicious software.
If you're running a computer with Microsoft Windows it's highly recommended you have some
form of anti-virus and spyware protection on that computer to help clean it from any infections
currently on the computer and to help prevent any future infections.
Finally, downloading any other software from the Internet can also contain viruses and other
malware. When downloading any software (programs, utilities, games, updates, demos, etc.),
make sure you're downloading the software from a reliable source and while installing it you're
reading all prompts about what the program is putting on your computer.
The following are some primary indicators that a computer may be infected:
1. Trojan Horse
As mentioned earlier on, the term "Trojan horse" was taken from a clever Greek plan described
by Homer in the Iliad. After seemingly abandoning the siege of Troy, the Greeks placed armed
men inside a huge wooden horse. The horse was Welcomed into the city by the Trojans, who
believed it was a symbol of peace; they slept while the Greeks exited the Horse and opened the
gates allowing the Greek army into Troy, conquering the city.
Trojan horses in this way require interaction with a hacker to fulfill their purpose, though the
hacker need not be the individual responsible for distributing the Trojan horse. It is possible for
individual hackers to scan computers on a network using a port scanner in the hope of finding
one with a malicious Trojan horse installed, which the hacker can then use to control the target
computer.
4.Overwrite-Virus
Virus of this kind is characterized by the fact that it deletes the information contained in the files
that it infects, rendering them partially or totally useless once they have been infected. The only
way to clean a file infected by an overwrite virus is to delete the file completely, thus losing the
original content.
Examples of this virus include: Way, Trj.Reboot, Trivial.88.D.
6. Macro Virus
Macro viruses infect files that are created using certain applications or programs that contain
macros. These mini-programs make it possible to automate series of operations so that they are
performed as a single action, thereby saving the user from having to carry them out one by one.
7. Worms
Computer worms are programs that reproduce, execute independently and travel across the
network connections. The key difference between a virus and worm is the manner in which it
reproduces and spreads. A virus is dependent upon the host file or boot sector, and the transfer of
files between computers to spread, whereas a computer worm can execute completely
independently and spread on its own accord through network connections.
The security threat from worms is equivalent to that of viruses. Computer worms are skilled of
doing an entire series of damage such as destroying crucial files in your system, slowing it down
to a large degree, or even causing some critical programs to stop.
8. E-Mail Virus
The virus was originally created as a Word document and was then uploaded via email to an
internet newsgroup. Any recipient who opened the email, downloaded the document and opened
it on their computer, unknowingly triggered Melissa's payload. From there, the virus sent itself
as a document to the first 50 contacts in the victim's address book. The email was attached with
a friendly note which included the recipient's name. This was done to make the virus appear
harmless and trick them into opening it. It then created 50 new infected documents from that
victim's machine. At this continuous rate, Melissa quickly became the fastest spreading virus
seen by anyone at the time. The virus was so severe that it resulted in a number of large
commercial companies disabling their email systems.
Melissa was so powerful because it capitalized on a vulnerability found in the Microsoft Word
programming language known as VBA (Visual Basic for Applications). VBA is a complete
language that can be programmed to perform actions such as modifying files and distributing
9. Stealth Virus
In computer security, a stealth virus is a computer virus that uses various mechanisms to avoid
detection by antivirus software.
Typically, when an antivirus program runs, a stealth virus hides itself in memory, and uses
various tricks to also hide changes it has made to any files or boot records. The virus may
maintain a copy of the original, uninfected data and monitor system activity. When the program
attempts to access data that's been altered, the virus redirects it to a storage area maintaining the
original, uninfected data. A good antivirus program should be able to find a stealth virus by
looking for evidence in memory as well as in areas that viruses usually attack.
Virus cannot replicate themselves but worm and Trojan can do that.
A virus cannot be spread without a human action such as running an infected file or program but
worm and Trojan have the capabilities to spread themselves automatically from computer to
computer through network connation.
A virus does not consume system memory but worm consumes too much system memory and
network bandwidth because of their copying nature.
Trojans are used by malicious users to access your computer information but viruses and worms
can’t do so, they simply infect your computer.
Over a five-hour period, during May 4, 2000, this virus spread across Asia, Europe and the
United States via e-mail messages titled "ILOVEYOU." The menace clogged Web servers,
overwrote personal files and caused corporate IT managers to shut down e-mail systems.
A scan of the Visual Basic code included in the attachment reveals that the virus may be
corrupting MP3 and JPEG files on users' hard drives, as well as mIRC, a version of Internet
Relay Chat. It also appears to reset the default start page for Internet Explorer.
This virus arrives as e-mail with the subject line "I Love You" and an attachment named "Love-
Letter-For-You.txt.vbs." Opening the attachment infects your computer. The infection first scans
your PC's memory for passwords, which are sent back to the virus's creator (a Web site in the
Philippines which has since been shut down). The infection then replicates itself to everyone in
2. Slammer
SQL Slammer is a computer worm that caused a denial of service on some Internet hosts and
dramatically slowed down general Internet traffic, starting at 05:30 UTC on January 25, 2003. It
spread rapidly, infecting most of its 75,000 victims within ten minutes. So named by Christopher
J. Rouland, the CTO of ISS, Slammer was first brought to the attention of the public by Michael
Bacarella (see notes below). Although titled "SQL slammer worm", the program did not use the
SQL language; it exploited a buffer overflow bug in Microsoft's flagship SQL Server and
Desktop Engine database products, for which a patch had been released six months earlier in
MS02-039. Other names include W32.SQLExp.Worm, DDOS.SQLP1434.A, the Sapphire
Worm, SQL_HEL, W32/SQLSlammer and Helker
3. Storm
The latest virus on our list is the dreaded Storm Worm. It was late 2006 when computer security
experts first identified the worm. The public began to call the virus the Storm Worm because one
of the e-mail messages carrying the virus had as its subject "230 dead as storm batters Europe."
Antivirus companies call the worm other names. For example, Symantec calls it Peacomm while
McAfee refers to it as Nuwar. This might sound confusing, but there's already a 2001 virus
called the W32.Storm.Worm.
Next, the Nimda virus sends all of these recipients an email with an empty body and a subject
chosen at random (and often very long). It adds to the message an attachment named
Readme.exe or Readme.eml (file containing an executable). The viruses use an .eml extension to
exploit a security flaw in Microsoft Internet Explorer 5.
What's more, in Microsoft Windows the Nimda virus can spread over shared network folders,
infecting executable files found there.
Viewing Web pages on servers infected by the Nimda virus may lead to infection when a user
views pages with the vulnerable Microsoft Internet Explorer 5 browser.
The Nimda virus is also capable of taking control of a Microsoft IIS (Internet Information
Server) Web server, by exploiting certain security holes.
Finally, the virus infects executable files found on the contaminated machine, meaning that it can
also spread by file transfers.
Antivirus software typically uses a variety of strategies in detecting and removing viruses,
worms and other malware programs.
The following are the two most widely employed identification methods:
1. Signature-Based Detection
This is the most commonly employed method which involves searching for known patterns of
virus within a given file. Every antivirus software will have a dictionary of sample malware
codes called signatures in its database. Whenever a file is examined, the antivirus refers to the
dictionary of sample codes present within its database and compares the same with the current
file.
If the piece of code within the file matches with the one in it’s dictionary then it is flagged and
proper action is taken immediately so as to stop the virus from further replicating. The antivirus
may choose to repair the file, quarantine or delete it permanently based on it’s potential risk.
As new viruses and malwares are created and released every day, this method of detection cannot
defend against new malwares unless their samples are collected and signatures are released by
the antivirus software company. Some companies may also encourage the users to upload new
viruses or variants, so that the virus can be analyzed and the signature can be added to the
dictionary.
2. Heuristic-based detection
Heuristic-based detection involves identifying suspicious behavior from any given program
which might indicate a potential risk. This approach is used by some of the sophisticated
antivirus softwares to identify new malware and variants of known malware. Unlike the
signature based approach, here the antivirus doesn’t attempt to identify known viruses, but
instead monitors the behavior of all programs.
For example, malicious behaviors like a program trying to write data to an executable program is
flagged and the user is alerted about this action. This method of detection gives an additional
level of security from unidentified threats.
1) AVG Anti-Virus
2) Avira Antivirus
3) Bit Defender
4) ESET NOD32
5) Kaspersky Anti-Virus
6) McAfee Antivirus
7) Norton Antivirus
8) Panda Antivirus
9) Quick Heal Antivirus
10) Trend Micro Antivirus etc….
WAP THREATS
The use of WAP-enabled mobile phones is booming. Cellular phones with support for WAP
(Wireless Application Protocol) allow users to access a wide variety of services. WAP enables
users to do on-line banking, monitor stock markets, use email, access the Internet – all from their
mobile phones. Future WAP services with positioning support will enable even more advanced
services – for example, you could ask your phone to find the closest restaurant in a strange city
and your phone would answer back with map and directions. When it comes to WAP security,
why worry?
From the outset, vendors of mobile phones and WAP servers have ensured that much
consideration was given to on fidentiality and privacy issues for WAP data, as well as to user
authentication. Add this to the fact that data integrity checking has been taken into account, and
you could be forgiven for thinking that the WAP infrastructure is already secure enough.
However, we believe that there are still a number of security issues to be resolved. Firstly, there
is no content security for the WAP infrastructure, and yet this is where one of the biggest threats
typically lies.
As we have already seen in the desktop-PC world, content-related security is the single biggest
security issue for home and corporate users alike. Even now, we receive an average of seven new
PC virus samples every day, with actions that range from benign to potentially catastrophic. In
the telecommunications world, content has traditionally been speech – with no security risks
involved. Now the content is code, and the whole picture changes. The WAP infrastructure has
not taken executable mobile content – such as downloadable programs into account from a
content-security point of view. The WAP content requested by the mobile device and returned by
the origin server can, for example, contain WML cards, which may display text or pictures,
working similarly to HTML pages on the Web. The pages can also contain script written with
WML Script language – which is a close relative to the JavaScript scripting language. As a side
note, several PC viruses written with JavaScript were discovered during 1999 and 2000. The
WLAN weak link A security weakness in the encryption standard used within IEEE-based
WLANs has been uncovered. Three cryptographers have described a practical way of attacking
What about palmtop computers and PDAs-can they be infected by computer viruses? PDAs run
specially written scaled-down operating systems, such as EPOC, PalmOS or PocketPC. They are
often connected to home or office PCs to synchronize the data between the two machines. This
presents an opportunity for viruses to spread onto them. Yet, no viruses currently exist for the
PocketPC and EPOC operating systems, although there is no technical reason why they could not
be written. There is a virus called Palm/Phage, which is able to infect Palm OS, but it is not in
the wild and poses little threat. Nonetheless, it is sensible to keep backups of any Palm
applications and data. There is also a Trojan horse known as Palm/Liberty-A, which is able to
infect the Palm OS
People mostly think that there are only viruses are threat but there are
other threats as well.
Such as spam's, spyware, trojans , worms, etc.
From spam's we know there are different sorts, such as phishing.
Spywares are used in order to breach the the security.
Trojans do not replicate but are destructive.
Antivirus should be installed and should be upgraded to its latest
version in order to provide security against the latest viruses.
12-REFERENCES
http://www.mines.edu/academic/computer/viri-sysadmin.htm
http://www.google.com
http:// www.shashachu.com
http://www.wikipedia.org
http://www.youtube.com