Viruses

A bit of history

2 November 1988 Robert Morris younger, graduate student of informatics faculty of Cornwall University (USA) infected a great amount of computers, connected to Internet network. This network unites machines of university centres, private companies and governmental agents, including National Aeronautics Space Administration, as well as some military scientific centres and labs.

Network worm struck 6200 machines that formed 73% computers to network, and showed that UNIX was not okay too. Amongst damaged were NASA, Los Alamos National Lab, exploratory centre VMS USA, California Technology Institute, and Wisconsin University (200 from 300 systems). Spread on networks ArpaNet, MilNet, Science Internet, NSF Net it practically removed these network from building. According to "Wall Street Journal", virus infiltrated networks in Europe and Australia, where there were also registered events of blocking the computers. Hundreds or thousands of jobs running on a UNIX system brought responses to zero. The attacked systems were UNIX systems, 4.3BSD UNIX & their variants (e.g.: SUNs). This virus was spreading very quickly over the Milnet. Within the past 4 hours, it had hit more than 10 sites across the country, both Arpanet and Milnet sites. Well over 50 sites had been hit. Most of these were "major" sites and gateways.

Morris had written a program that used a hole in SMTP Sendmail utility. This utility can send a message into another program. Apparently what the attacker did was this: he or she connected to, issued the appropriate debug command, and had a small С program compiled. This program took as an argument a host number, and copied two programs - one ending in VAX.OS and the other ending in SunOS - and tried to load and execute them. In those cases where the load and execution succeeded, the worm did two things (at least): spawned a lot of shells that did nothing but clogged the process table and burnt CPU cycles; looked in two places - the password file and the internet services file - for other sites it could connect to. It used both individual host files (which it found using the password file), and any other remote hosts it could locate which it had a chance of connecting to.

All of Vaxen and some of Suns here were infected with the virus. The virus forks repeated copies of themselves as it tried to spread itself, and the load averages on the infected machines skyrocketed. In fact, it got to the point that some of the machines ran out of swap space and kernel table entries, preventing login to even see what was going on!

The virus also "cleaned" up after itself. If you reboot an infected machine (or it crashes), the /tmp directory was normally cleaned up on reboot. The other incriminating files were already deleted by the virus itself.

4 November the author of the virus - Morris - came to FBI headquarters in Washington on his own. FBI imposed a prohibition on all material relating to the Morris virus.

22 January 1989 a court of jurors acknowledged Morris guilty. If denunciatory verdict had been approved without modification, Morris would have been sentenced to 5 years of prison and 250 000 dollars of fine. However Morris' attorney immediately lodged a protest and directed all papers to the Circuit Court with the petition to decline the decision of court. Finally Morris was sentenced to 3 months of prisons and fine of 270 thousand dollars, but in addition Cornwall University carried a heavy loss, having excluded Morris from its members. Author then had to take part in liquidation of its own creation.

What is a computer virus?

It is an executable code able to reproduce itself. Viruses are an area of pure programming, and, unlike other computer programs, carry intellectual functions on protection from being found and destroyed. They have to fight for survival in complex conditions of conflicting computer systems. That's why they evolve as if they were alive. They may have complex crypting/decrypting engines in order to carry out processes of duplicating, adaptation and disguise.

It is necessary to differentiate between reproducing programs and Trojan horses. Reproducing programs will not necessarily harm your system because they are aimed at producing as many copies (or somewhat-copies) of their own as possible by means of so-called agent programs or without their help. In the latter case they are referred to as "worms". Meanwhile Trojan horses are programs aimed at causing harm or damage to PCs.

As you see, there are different types of viruses, and they have already been separated into classes and categories. For instance: dangerous, harmless, and very dangerous. No destruction means a harmless one, tricks with system halts means a dangerous one, and finally with a devastating destruction means a very dangerous virus.

But viruses are famous not only for their destructive actions, but also for their special effects, which are almost impossible to classify. Some virus-writers suggest the following: funny, very funny and sad or melancholy (keeps silence and infects). But one should remember that special effects must occur only after a certain number of contaminations. Users should also be given a chance to restrict execution of destructive actions, such as deleting files, formatting hard disks. Thereby virus can be considered to be a useful program, keeping a check on system changes and preventing any surprises such as of deletion of files or wiping out hard disks.

E-mail Viruses

The latest thing in the world of computer viruses is the e-mail virus, and the Melissa virus in March 1999 was spectacular. Melissa spread in Microsoft Word documents sent via e-mail, and it worked like this: someone created the virus as a Word document uploaded to an Internet newsgroup. Anyone who downloaded the document and opened it would trigger the virus. The virus would men send the document (and therefore itself) in an e-mail message to the first 50 people in the person's address book. The e-mail message contained a friendly note that included the person's name, so the recipient would open the document thinking it was harmless. The virus would then create 50 new messages from the recipient's machine. As a result, the Melissa virus was the fastest-spreading virus ever seen! As mentioned earlier, it forced a number of large companies to shut down their e-mail systems.

The ILOVEYOU virus, which appeared on May 4, 2000, was even simpler. It contained a piece of code as an attachment. People who double clicked on the attachment allowed the code to execute. The code sent copies of itself to everyone in the victim's address book and then started corrupting files on the victim's machine. This was the simplest thing the virus could do. It was really more of a Trojan horse distributed by e-mail than it was a virus. The Melissa virus took advantage of the programming language built into Microsoft Word called VBA, or Visual Basic for Applications. It is a complete programming language and it can be programmed to do things like modify files and send e-mail messages. It also has a useful but dangerous auto-execute feature. A programmer can insert a program into a document that runs instantly whenever the document is opened. This is how the Melissa virus was programmed. Anyone who opened a document infected with Melissa would immediately activate the virus. It would send the 50 e-mails, and then infect a central file called NORMAL.DOT so that any file saved later would also contain the virus! It created a huge mess.

Microsoft applications have a feature called Macro Virus Protection built into them to prevent this sort of thing. With Macro Virus Protection turned on (the default option is ON), its auto-execute feature is disabled. So when a document tries to auto-execute viral code, a dialog pops up warning the user. Unfortunately, many people don't know what macros or macro viruses are, and when they see the dialog they ignore it, so the virus runs anyway. Many other people turn off the protection mechanism. So the Melissa virus spread despite the safeguards in place to prevent it.

What Is A Macro Virus?

The most common viruses that infect computers today - viruses such as Concept, Nuclear, Showoff, Adam, Wazzu, and Laroux - are macro viruses. They replicate by a completely different method than conventional viruses.

Macro viruses can not attach themselves to just any program. Rather, each one can only spread through one specific program. The two most common types of macro viruses are Microsoft Word and Microsoft Excel viruses. These two programs are equipped with sophisticated macro languages so that many tasks can be automated with little or no input from the user. Virus writers quickly realized that it would be possible to construct self-replicating macros using these languages. The reason why this is possible is because Word documents and Excel spreadsheets can contain auto open macros. This means that when you open a Word Document in Word or an Excel spreadsheet in Excel any auto open macros contained within the document will execute automatically and you won't even know it's happening. You open an infected document in Microsoft Word. (Remember, Word documents can contain auto open macros). These macros, which in this example contain a virus, execute when the document is opened and copy themselves into the global template that Word uses to store global macros. In this case, since the infected macros are now part of your global template file they will automatically execute and copy themselves into other word documents whenever you open any document in Microsoft Word. Excel macro viruses work in relatively the same way. Because Word documents and Excel spreadsheets contain auto open macros it is important to think of them as computer programs in a sense. In other words, when you open Word documents in Word, or excel spreadsheets in Excel, you could be executing harmful code that is built right into the objects you're opening. They should be checked thoroughly for viruses before you open them in their respective programs. It is important to have an effective anti-virus strategy in place to prevent infection by these and all other kinds of viruses.

Developing an Effective Antivirus Strategy

Anyone who does a lot of downloading, or accesses diskettes from the outside world on a regular basis should develop an antivirus strategy. The most important weapon in your antivirus arsenal is a clean, write-protected bootable system diskette. Booting from a clean write-protected diskette is the only way to start up your system without any viruses in memory. No virus scanner/cleaner of any quality will run if there is a virus in memory because more programs can be infected by the virus as the scanner opens the files to check them. This diskette should also contain a record of your hard disk's master boot record, partition table, and your computer's CMOS data. Most antivirus packages contain utilities that can store this information for you. Lastly, this diskette should contain your favorite scanning/cleaning software because a virus may have infected this program on your hard drive. Running it from a clean diskette will ensure that you're not spreading the virus further.

A second effective defense against viruses is a clean backup of your hard drive. Many antivirus packages will attempt to disinfect infected programs for you so that the virus is no longer in your system. However, there are times when removing the harmful code from programs or from the master boot record does not solve the problem completely. Some programs may not run properly because their code has been altered, or your system may not boot properly because of the alterations made to the master boot record. In addition, there are some viruses,

Midnight for example, that encrypts or scrambles the data files associated with a program which are then descrambled by the virus when the program is executed. If you remove the virus from the program the data is still scrambled and the virus is not there anymore to descramble it. A good reliable backup ensures that all of these problems are solved and everything is back to normal. If you have files you can't afford to lose, make sure you have more than one copy of them. Programs may already be backed up on their original installation disks, but what about the files that you create? Business records, spreadsheets, manuscripts, and other important files can be lost in an instant to a virus, or to other causes, hard disk failure among them. If no other copy of your files exists, make copies of them, before it's too late.

The third part of your antivirus strategy should be antivirus software, preferably more than one package since no one product can do everything. There are many products out there to help you guard against viruses. After all, no one but the author of the virus can bring valuable information on the way it should be treated and cured.

Contents

Unit l “History of computers”………………………………………………..3

Unit 2 “Characteristics” ……………………………………………………..7

Unit 3 “Hardware and Software”……………………………………………12

Unit 4 “Main Hardware” ……………………………………………………15

Unit 5 “Motherboard”……………………………………………………….18

Unit 6 “Removable storage”………………………………………………...22

Unit 7 “Optical auxiliary storage devices”………………………………….26

Unit 8 “Modems”…………………………………………………………....30

Unit 9 “Internet”…………………………………………………………….36

Unit 10 “Technology to be”…………………………………………………45

Supplementary reading ……………………………………………. ………52

58