3 Perspectives

1
3 Perspectives

• From Mainframe to PC
• From Computing to Communication
• The changing face of security

2
Virus until 1981
Don Quijote en la cama. Grabado de Gustavo Doré.
3
Definition

• A computer virus is a program which makes some
  unnecessary actions in your computer system
  without you being aware of it

Question how does the virus arrive at your PC?
4
(No Transcript)
5
1981 Elk Cloner - First Virus Apple II
Boot Sector Virus Spread on Apple II floppy disks
(which contained the operating system)
6
Elk Cloner 1981, Apple II

• Cloner stayed in the computer if it was not
  turned off, continuing to copy itself onto other
  disks.

1984
7
1983 - The First Documented Experimental Virus
Fred Cohen given credit for the word VIRUS
being applied to an unwanted piece of code
8
Scientific American, March, 1985
The diseased DOS could even cause an irritating
message to be displayed periodically
9
(No Transcript)
10
1986 Brain - the first IBM PC Computer
VirusThe Pakistani virus

• Virus written by two Pakistani brothers, Amjad
  and Basit Farooq Alvi.
• Bootsector (of any disk)
• information about the disk
• Short program ? to display a message

tool against software piracy
11
Boot sector virus
12
1987 Jerusalem

• The first file virus
• The virus lives inside .exe of .com files
• Virus infects other files of the same type

13
From Virus to Worm

• (File) Virus a program fragment that inserts
  itself into other programs
• Worm a program that propagates itself across a
  network, using resources on one machine to attack
  other machines.

14

• 1988The ARPANET worm, written by Robert Morris,
  disables approx 6,000 computers on the
  network. 

I remember when it happened. It was a big deal
to computer people like me, but in 1988 the
Internet was unknown even to the most
sophisticated media reporters, and the World Wide
Web had not been invented yet. I remember the NBC
Evening News devoting less than 30 seconds to the
topic. If an equally severe disruption of the
Internet were to happen today, the President of
the United States would probably hold a press
conference to calm the nation. - Donn Seeley
15
Internet Worm of 1988

• Used a loophole in the UNIX operating system to
  bypass Login/Authentication

Remember, when you connect with another
computer, you're connecting to every computer
that computer has connected to. Dennis Miller,
on NBC's Saturday Night Live
16

• It has raised the public awareness to a
  considerable degree. Robert H Morris, quoted in
  the New York Times 11/5/88

17
Trojan Horse Virus

• Any program
• with a hidden intent.
• Disguise
• useful program

18
1989 - AIDS TrojanFirst example of ransom-ware?

• In the fall of 1989, approximately 10,000 copies
  of an "AIDS Information" package were sent out
  from a company calling itself PC Cyborg.
• The program encrypted the hard disk. The user was
  then presented with an invoice and a demand to
  pay the license fee in return for the encryption
  key.

19
200.00 for the key to your encrypted files
20

• 1990Anti-virus software begins to
  appear1991Norton Anti-Virus software is
  released by Symantec. 

21
The Michelangelo virus affecting PCs running
MS-DOS
March 6, 1992
22
1994 First major Virus HoaxGood Times

• Good Times was an efficient chain letter.
  Instead of spreading from one computer to another
  by itself, Good Times relied on people to pass it
  on.

23
1980s 1994 virus Summary

• Boot sector virus
• 1981 Apple, Elk Virus
• 1986 Brain Virus Pakistani Virus
• File (Program) Virus late 80s
• Internet Worm of 1988
• AIDS Trojan Virus (example of ransom-ware)
• 1990s first anti- virus software
• 1991 Norton anti-virus software
• 1992 the great scare MichelangeloWell over
  1,000 viruses are now thought to exist.
• 1994 Good Times Hoax
• 1994 Netscape Browser

24
1995 First Macro Virus
WormMacro Boot
96
01
25
What is a Macro?

• A macro is a set of commands
• Instead of performing the set of commands you
  type the macro name which executes the set of
  commands.

26
(No Transcript)
27
Macro Virus

• Pure data files cannot propagate viruses(They do
  not execute)
• The line between a "data" file and executable
  file can easily become blurred to the average
  user by having Macros attached to data.
• In many cases, in order to make things easy for
  users, the macros are set up to run automatically
  whenever the data file is loaded

Word.doc
Word.doc
With Macro
28
1999 Melissa Virus

• Melissa is the first combination Word macro virus
  and worm to use the Outlook and Outlook Express
  address book to send itself to others via E-mail.
  

29
When a user clicked on the DOC file attached the
Word macro virus executed. The macro sent a
message to the first 50 addresses in the Outlook
address book.
30
David Smith He was tracked down electronically by
police and computer technicians and arrested in
April 1999, a week after Melissa appeared.
31
Bubbleboy
BubbleBoy does not come embedded in an
attachment.Bubbleboy has the ability to infect a
computer just by the act of a user reading their
e-mail.
32
Non-Microsoft browsers and mail programs are not
affected.
1845
The cause was an airborne fungus. A single
infected potato plant could infect thousands more
in just a few days.
33
ILOVEYOU, May 4, 2000
Kindly check the attached LOVELETTER coming from
me. Attachment LOVE-LETTER-FOR-YOU.TXT.vbs
34
On May 4, 2000, the virus spread so quickly that
e-mail had to be shut down in a number of major
enterprises such as the Ford Motor Company. The
virus reached an estimated 45 million users in
a single day.
35
LOVE-LETTER-FOR-YOU.TXT.vbs

• The attachment when opened, resulted in the
  message being re-sent to everyone in the
  recipient's Microsoft Outlook address book and,
  perhaps more seriously, the loss of every JPEG,
  MP3, and certain other files on the recipient's
  hard disk.

36
LOVE-LETTER-FOR-YOU.TXT.vbs
VBS stands for Visual Basic Script, a macro
language now built-in to Windows98 and
WindowsNT.)
The virus did not harm users of Macintosh and
Unix workstations, even if they received and
opened the attachment
37
ILOVEYOU Fallout

• It increased awareness of the dangers posed by
  email attachments.
• Microsoft faced some heat for not putting more
  safety checks and restrictions in its Outlook
  mail clients.
• Because of its tight integration between Windows,
  Exchange, Internet Explorer and Outlook, tools
  created for one program can easily interact with
  the others, creating unpredictable -- and
  sometimes chaotic -- results.
• Some critics have even gone as far as to point to
  this incident as an example of the dangers of
  Microsoft's monopoly power.

38
Slammer 2003

• Slammer, exploiting vulnerabilities in
  Microsoft's SQL 2000 servers, hit Super Bowl
  weekend.
• Its spreading technique worked so well that for
  some period of time all of South Korea was
  effectively eliminated from the Internet
  (obscured).

39
(No Transcript)
40
(No Transcript)
41
(No Transcript)