WORMS AND VIRUS

Malware or malicious code (malcode) is short for malicious software. It is code or software
that is specifically designed to damage, disrupt, steal, or in general inflict some other bad or
illegitimate action on data, hosts, or networks.
* Ex.
The vast majority, however, are installed by some action from a user, such as clicking an e-
mail attachment or downloading a file from the Internet.
o Malware cannot damage the physical hardware of systems and network equipment, but it can
damage the data and software residing on the equipment. Malware should also not be
confused with defective software, which is intended for legitimate purposes but has errors or
bugs.
Classes of Malicious Software
* 2 most common:
These types of programs are able to self-replicate and can spread copies of themselves, which
might even be modified copies.
Virus---a virus depends on a host program to spread itself
Worm---a worm operates more or less independently of other files
WORMS :
A program that makes copies of itself; Computer worms are similar to viruses in that they
replicate functional copies of themselves and can cause the same type of damage.
In contrast to viruses, which require the spreading of an infected host file, worms are
standalone software and do not require a host program or human help to propagate.
* for example:
* from one disk drive to another, or by copying itself using email or another transport
mechanism. The worm may do damage and compromise the security of the computer. It may
arrive in the form of a joke program or software of some sort.
ex of computer WORMS :
Stuxnet virus -a computer worm discovered in June 2010. Stuxnet was created by the United
States and Israel, targeting Irans Uranium Enrichment Program. Stuxnet was created as part
of a top-secret cyber war program codenamed Olympic Games.
DUQU computer worm
* -was discovered in September 2011 and is believed to be linked to the Stuxnet virus. Duqu and
Stuxnet operate very similarly and were both created by governments to target nuclear
production in Iran. Rather than being used to disrupt the production of nuclear weapons,
Duqu was used for stealing information.
ex of computer WORMS :
Flame virus -was discovered in 2012 and is regarded as one of the most sophisticated
computer worms ever found. Flames code shares many similarities with the Stuxnet code,
and Flame, like Stuxnet, was designed as part of a government-sponsored cyber program.
While the Stuxnet computer worm was designed to sabotage nuclear weapon production,
Flame is believed to have been created purely for cyber spying. Flame has infected thousands
of computers since its deployment, mostly in Iran and other Middle Eastern countries.
ex of WORMS :
SLAMMER
* -The Sapphire Worm was the fastest computer worm in history. As it began spreading
throughout the Internet, it doubled in size every 8.5 seconds. It infected more than 90 percent
of vulnerable hosts within 10 minutes.
BLASTER WORM
* -was a virus program that mainly targeted Microsoft platforms in 2003. The worm attacked
computers by exploiting a security flaw with Microsoft remote procedure call (RPC) process
using Transmission Control Protocol (TCP) port number 135. The virus propagated itself
automatically to other machines by transmitting itself through email and other methods.
--Blaster Worm is also called MSBlast or Lovesan.
contd
KLEZ
* -is an Internet worm that launches automatically when a user previews or reads an e-mail
message containing Klez on a system that has not been patched for a vulnerability in
Microsoft Internet Explorer mail clients. It is not necessary for a user to explicitly open an
attachment in order for Klez to execute.
VIRUSES:
A program or code that replicates; that is, infects another program, boot sector, partition
sector, or document that supports macros, by inserting itself or attaching itself to that
medium. Most viruses only replicate, though, many do a large amount of damage as well.
A computer virus is a type of malware that propagates by inserting a copy of itself into and
becoming part of another program. It spreads from one computer to another, leaving
infections as it travels. Viruses can range in severity from causing mildly annoying effects to
damaging data or software and causing denial-of-service (DoS) conditions. Almost all viruses
are attached to an executable file, which means the virus may exist on a system but will not
be active or able to spread until a user runs or opens the malicious host file or program.
Contd...
When the host code is executed, the viral code is executed as well. Normally, the host
program keeps functioning after it is infected by the virus. However, some viruses overwrite
other programs with copies of themselves, which destroys the host program altogether.
Viruses spread when the software or document they are attached to is transferred from one
computer to another using the network, a disk, file sharing, or infected e-mail attachments.
ex of virus :
ILOVEYOU-The Love Bug flooded internet users with ILOVEYOU messages in May 2000,
forwarding itself to everybody in the user's address book. It was designed to steal internet
access passwords for its Filipino creator.
The Melissa virus-The Melissa virus, written by David L Smith in homage to a Florida stripper,
was the first successful email-aware virus and inserted a quote from The Simpsons in to Word
documents. Smith was later sentenced to jail for causing over $80 million worth of damage.
Concept Virus-The Concept virus, accidentally shipped on a CD-ROM supplied by Microsoft in
1995, was the first virus to infect Microsoft Word documents. Within days it became the most
widespread virus the world had ever seen, taking advantage of the fact that computer users
shared documents via email.
TROJAN HORSE:
A program that neither replicates nor copies itself, but causes damage or compromises the
security of the computer.
A Trojan is another type of malware named after the wooden horse the Greeks used to
infiltrate Troy. It is a harmful piece of software that looks legitimate.
Contd...
Users are typically tricked into loading and executing it on their systems. After it is activated,
it can achieve any number of attacks on the host, from irritating the user (popping up
windows or changing desktops) to damaging the host (deleting files, stealing data, or
activating and spreading other malware, such as viruses). Trojans are also known to create
back doors to give malicious users access to the system.
Unlike viruses and worms, Trojans do not reproduce by infecting other files nor do they self-
replicate. Trojans must spread through user interaction such as opening an e-mail attachment
or downloading and running a file from the Internet.
BOTS:
"Bot" is derived from the word "robot" and is an automated process that interacts with other
network services. Bots often automate tasks and provide information or services that would
otherwise be conducted by a human being. A typical use of bots is to gather information (such
as web crawlers), or interact automatically with instant messaging (IM), Internet Relay
Chat (IRC), or other web interfaces. They may also be used to interact dynamically with
websites.
contd...
Bots can be used for either good or malicious intent. A malicious bot is self-propagating
malware designed to infect a host and connect back to a central server or servers that act as a
command and control (C&C) center for an entire network of compromised devices, or
"botnet." With a botnet, attackers can launch broad-based, "remote-control," flood-type
attacks against their target(s). In addition to the worm-like ability to self-propagate, bots can
include the ability to log keystrokes, gather passwords, capture and analyze packets, gather
financial information, launch DoS attacks, relay spam, and open back doors on the infected
host.
How do virus spread?
A client brings in a diskette with a program that is malfunctioning (because of a viral infection)
.
The consultant runs the program to discover the cause of the bug-the virus spreads into the
memory of the consultant's computer.
The consultant copies the program to another disk for later investigation-the virus infects the
copy utility on the hard disk.
The consultant moves on to other work preparing a letter-the virus infects the screen editor
on the hard disk.