Title: 3 Perspectives
13 Perspectives
- From Mainframe to PC
- From Computing to Communication
- The changing face of security
2Virus until 1981
Don Quijote en la cama. Grabado de Gustavo Doré.
3Definition
- A computer virus is a program which makes some
unnecessary actions in your computer system
without you being aware of it
Question how does the virus arrive at your PC?
4(No Transcript)
51981 Elk Cloner - First Virus Apple II
Boot Sector Virus Spread on Apple II floppy disks
(which contained the operating system)
6Elk Cloner 1981, Apple II
- Cloner stayed in the computer if it was not
turned off, continuing to copy itself onto other
disks.
1984
71983 - The First Documented Experimental Virus
Fred Cohen given credit for the word VIRUS
being applied to an unwanted piece of code
8Scientific American, March, 1985
The diseased DOS could even cause an irritating
message to be displayed periodically
9(No Transcript)
101986 Brain - the first IBM PC Computer
VirusThe Pakistani virus
- Virus written by two Pakistani brothers, Amjad
and Basit Farooq Alvi. - Bootsector (of any disk)
- information about the disk
- Short program ? to display a message
tool against software piracy
11Boot sector virus
121987 Jerusalem
- The first file virus
- The virus lives inside .exe of .com files
- Virus infects other files of the same type
13From Virus to Worm
- (File) Virus a program fragment that inserts
itself into other programs - Worm a program that propagates itself across a
network, using resources on one machine to attack
other machines.
14- 1988The ARPANET worm, written by Robert Morris,
disables approx 6,000 computers on the
network.
I remember when it happened. It was a big deal
to computer people like me, but in 1988 the
Internet was unknown even to the most
sophisticated media reporters, and the World Wide
Web had not been invented yet. I remember the NBC
Evening News devoting less than 30 seconds to the
topic. If an equally severe disruption of the
Internet were to happen today, the President of
the United States would probably hold a press
conference to calm the nation. - Donn Seeley
15Internet Worm of 1988
- Used a loophole in the UNIX operating system to
bypass Login/Authentication
Remember, when you connect with another
computer, you're connecting to every computer
that computer has connected to. Dennis Miller,
on NBC's Saturday Night Live
16- It has raised the public awareness to a
considerable degree. Robert H Morris, quoted in
the New York Times 11/5/88
17Trojan Horse Virus
- Any program
- with a hidden intent.
- Disguise
- useful program
181989 - AIDS TrojanFirst example of ransom-ware?
- In the fall of 1989, approximately 10,000 copies
of an "AIDS Information" package were sent out
from a company calling itself PC Cyborg. - The program encrypted the hard disk. The user was
then presented with an invoice and a demand to
pay the license fee in return for the encryption
key.
19200.00 for the key to your encrypted files
20- 1990Anti-virus software begins to
appear1991Norton Anti-Virus software is
released by Symantec.
21The Michelangelo virus affecting PCs running
MS-DOS
March 6, 1992
221994 First major Virus HoaxGood Times
- Good Times was an efficient chain letter.
Instead of spreading from one computer to another
by itself, Good Times relied on people to pass it
on.
231980s 1994 virus Summary
- Boot sector virus
- 1981 Apple, Elk Virus
- 1986 Brain Virus Pakistani Virus
- File (Program) Virus late 80s
- Internet Worm of 1988
- AIDS Trojan Virus (example of ransom-ware)
- 1990s first anti- virus software
- 1991 Norton anti-virus software
- 1992 the great scare MichelangeloWell over
1,000 viruses are now thought to exist. - 1994 Good Times Hoax
- 1994 Netscape Browser
241995 First Macro Virus
WormMacro Boot
96
01
25What is a Macro?
- A macro is a set of commands
- Instead of performing the set of commands you
type the macro name which executes the set of
commands. -
26(No Transcript)
27Macro Virus
- Pure data files cannot propagate viruses(They do
not execute) - The line between a "data" file and executable
file can easily become blurred to the average
user by having Macros attached to data. - In many cases, in order to make things easy for
users, the macros are set up to run automatically
whenever the data file is loaded
Word.doc
Word.doc
With Macro
281999 Melissa Virus
- Melissa is the first combination Word macro virus
and worm to use the Outlook and Outlook Express
address book to send itself to others via E-mail.
29When a user clicked on the DOC file attached the
Word macro virus executed. The macro sent a
message to the first 50 addresses in the Outlook
address book.
30David Smith He was tracked down electronically by
police and computer technicians and arrested in
April 1999, a week after Melissa appeared.
31Bubbleboy
BubbleBoy does not come embedded in an
attachment.Bubbleboy has the ability to infect a
computer just by the act of a user reading their
e-mail.
32Non-Microsoft browsers and mail programs are not
affected.
1845
The cause was an airborne fungus. A single
infected potato plant could infect thousands more
in just a few days.
33ILOVEYOU, May 4, 2000
Kindly check the attached LOVELETTER coming from
me. Attachment LOVE-LETTER-FOR-YOU.TXT.vbs
34On May 4, 2000, the virus spread so quickly that
e-mail had to be shut down in a number of major
enterprises such as the Ford Motor Company. The
virus reached an estimated 45 million users in
a single day.
35LOVE-LETTER-FOR-YOU.TXT.vbs
- The attachment when opened, resulted in the
message being re-sent to everyone in the
recipient's Microsoft Outlook address book and,
perhaps more seriously, the loss of every JPEG,
MP3, and certain other files on the recipient's
hard disk.
36LOVE-LETTER-FOR-YOU.TXT.vbs
VBS stands for Visual Basic Script, a macro
language now built-in to Windows98 and
WindowsNT.)
The virus did not harm users of Macintosh and
Unix workstations, even if they received and
opened the attachment
37ILOVEYOU Fallout
- It increased awareness of the dangers posed by
email attachments. - Microsoft faced some heat for not putting more
safety checks and restrictions in its Outlook
mail clients. - Because of its tight integration between Windows,
Exchange, Internet Explorer and Outlook, tools
created for one program can easily interact with
the others, creating unpredictable -- and
sometimes chaotic -- results. - Some critics have even gone as far as to point to
this incident as an example of the dangers of
Microsoft's monopoly power.
38Slammer 2003
- Slammer, exploiting vulnerabilities in
Microsoft's SQL 2000 servers, hit Super Bowl
weekend. - Its spreading technique worked so well that for
some period of time all of South Korea was
effectively eliminated from the Internet
(obscured).
39(No Transcript)
40(No Transcript)
41(No Transcript)