- •Part III. Malware: Classic Viruses, Worms, Trojans.
- •Malicious programs: what they are like.
- •I. Find in the text the English equivalents to:
- •II. True or false:
- •III. Food for thought.
- •Classic Viruses
- •I. Match these common types of viruses with their functions.
- •II. Here is a list of instructions how to avoid catching a virus, some of them are right, while the others are misleading. Mark the right instructions with a tick.
- •III. A little bit of statistics.
- •IV. Study the following information.
- •Work in pairs. Student a read the information about the Nimda worm. Student b read the information about the iloveyou Worm. Ask each other the questions and complete the chart given below the text.
- •Virus Flood Threatens Home Users.
- •Wireless Mobile Worms. A New Threat?
- •New generation of ie malware now circulating.
- •It is interesting to know The Greek Ruse: from 1250 bc to 1990s ad.
I. Find in the text the English equivalents to:
Уязвимости программного и аппаратного обеспечения, в исследовательских целях, бесплатный доступ в Интернет, электронный кошелек, исполняемый файл, безобидное послание, распространяться через локальные сети и Интернет, засорять дисководы и Интернет многочисленными копиями, совместное использование файла, каналы Интернет-чата, прикрепленный файл, смешанная угроза, считывать данные и отправлять их киберпреступнику, логическая бомба, угроза появления нового вируса.
II. True or false:
1. Malware authors write malicious programs for research purposes.
2. Approximately 90% of malicious code is written by professionals.
3. A virus infects an executable file, while a worm is a stand-alone program.
4. A worm can not propagate automatically via LANs and the Internet.
5. Worms can combine different types of malicious code.
6. A Trojan Horse penetrates remote machines and replicates itself.
7. Logic bombs don’t cause serious damage to computers and networks.
8. Hoaxes are harmless jokes of internet users.
III. Food for thought.
The term blended threat was coined in circa 2002, when the Klez worm was unleashed. The Klez worm could drop a virus into the victim’s computer. It is known that the author of the Klez program was never identified. The original Klez program contained a comment inside HTML code that said: “I am sorry to do so, but it’s hopeless to say sorry I want a good job, I must support my parents. Now you have seen my technical capabilities. How much my year-salary now? NO more than $ 5,500. What do you think of this fact? Don’t call me names, I have no hostility. Can you help me?” Articles at some anti-virus websites mentioned the suspicion that the author lives in the Guangdong province of communist China.
1. Why did the author of the Klez worm chose such a desperate way to show his technical capabilities?
2. What do you think did any software vendor hire the author of the Klez worm?
3. Is it a common practice for software and hardware vendors to employ malware writers?
4. Would you hire a talented author of a malicious program, if you run a software business?
5. Do you know that Sven Jaschan, who released the Sasser worm (2004), landed a job with German security company SecurePoint on the back of his notoriety? What do you think of this fact?
IV. Discussion points:
1. Writing malware as a way to gain notoriety.
2. Can worms, which are stand-alone programs, evolve into free and uncontrolled by the man creatures living in cyber space?
3. Using Trojan Horses by security agencies (for example CIA, FBI) to catch criminals in cyber space. Is it possible? Is it justified?
4. What penalties should be imposed upon hoax creators?
5. It is rumoured that anti-virus companies secretly write and deliberately release various malicious programs to make people buy anti-virus software. What do you think of it?
Classic Viruses
The classification of classic computer viruses is based on the two factors: virus environment and infection methods. The environment is the application or operating system required by any virus to infect files within these systems. Infection methods are the techniques used to inject the virus code into an object. Most viruses can be found in one of the following environments: file systems, boot sectors, macro environments, script hosts.
File viruses. A file virus uses the file system of a given operating system to propagate. These viruses can reload themselves every time the victim starts the computer up. Once they are in the memory, they can spread writing themselves to any disk inserted into the disk drive. Classic file viruses reigned supreme in the 1990s; however they have almost disappeared today. There are currently about 10 file viruses that are active.
File viruses fall into the following categories:
a) Parasitic viruses (the largest group of file viruses). Parasitic viruses modify the code of the infected file. The infected file remains partially or fully functional.
b) Companion viruses. They do not modify the host file. Instead they create a duplicate file containing the virus. When the infected file is launched the copy containing the virus will be executed first.
c) Link viruses. They also do not modify files; however, they force the operating system to execute the virus code by modifying the appropriate file system features.
d) The group of viruses, which do not use executable files to infect a computer, but simply copy themselves to a range of folders in the hope that sooner or later they will be launched by the user.
Boot sector viruses. A boot sector virus is an early type of computer virus that infects the boot sectors of floppy disks and the boot sector or MBR (Master Boot Record) of the hard drive. When infecting disks, a boot virus will substitute its code for that of a program which gains control when the system launches. In order to infect the system, the virus will force the system to read the memory and hand over control not to the original boot program, but the virus code. These viruses were widespread in the 1990s, but have almost disappeared since the introduction of 32-bit processors as standard and the decline of the floppy disks. It would be technically possible to write boot sector viruses for CDs and USB flash ROMs, but no such viruses have yet been detected.
Macro viruses. A macro virus infects Microsoft Office applications (Word, Excel and Power Point). Macro viruses are written in macro languages and propagate by exploiting macro language properties in order to transfer from an infected file to another file. Although not as dangerous as other viruses, they can spread quickly if an infected file is sent via e-mail. After an initial scare, Microsoft added protection into later versions of Office applications, so you receive a warning about infected documents.
Script viruses. Script viruses are a subset of file viruses, written in a variety of script languages (VBS, JavaScript, BAT, PHP). They either infect other scripts for example Windows or Linux command and service files, or form a part of multi-component viruses. Script viruses are able to infect other file formats, such as HTML, if the file format allows the execution of scripts.