- •Part III. Malware: Classic Viruses, Worms, Trojans.
- •Malicious programs: what they are like.
- •I. Find in the text the English equivalents to:
- •II. True or false:
- •III. Food for thought.
- •Classic Viruses
- •I. Match these common types of viruses with their functions.
- •II. Here is a list of instructions how to avoid catching a virus, some of them are right, while the others are misleading. Mark the right instructions with a tick.
- •III. A little bit of statistics.
- •IV. Study the following information.
- •Work in pairs. Student a read the information about the Nimda worm. Student b read the information about the iloveyou Worm. Ask each other the questions and complete the chart given below the text.
- •Virus Flood Threatens Home Users.
- •Wireless Mobile Worms. A New Threat?
- •New generation of ie malware now circulating.
- •It is interesting to know The Greek Ruse: from 1250 bc to 1990s ad.
It is interesting to know The Greek Ruse: from 1250 bc to 1990s ad.
Trojan malware takes its name from a story in Homer’s Iliad where Greek soldiers pretended to make peace with their enemies, the Trojans, and gifted them a large wooden horse. The Greek siege of Troy (12th or 13th century BC) lasted for ten years, but all attempts to capture the city were in vain. The Greek devised a new ruse: a giant hollow wooden horse in which a raiding party hid. Sinon, a Greek spy, convinced the Trojans that the horse was a gift. In ancient times it was customary for a defeated general to surrender his horse to the victorious general in sign of respect. Besides the horse was the sacred animal of Poseidon. The Trojans brought the horse into the walled city and hugely celebrated the end of the siege. Meanwhile the Greek warriors swarmed out of the horse and opened the city gates to the rest of the army. Troy was pillaged ruthlessly, all the men were killed and all the women and children were taken into slavery.
Times change but the essence of the old Greek ruse is still the same. The main goal for many Trojan writers nowadays is total control over victim machines. Infected machines are usually joined in a bot network often using IRC channels or web sites where the coder puts new commands. Moreover the complex Trojans, such as many Agobot variants, unite all infected machines into a single P2P network. Today the most dangerous and the most widespread type of Trojans is backdoors. These Trojans are remote administration utilities that open infected machine to external control via a LAN or the Internet. Backdoors are installed and launched without the knowledge or consent of the user of the victim machine. Backdoors are used by virus writers to detect and download confidential information, execute malicious code, destroy data and so forth.
Besides backdoors there is a great variety of Trojans that damage victim machines or threaten data integrity: Trojan clickers, Trojan downloaders, Trojan droppers, Trojan spies, Trojan proxies and some others. One of the new Trojan proxies is Mitglieder, which appeared in January 2004. Thousands of ICQ users received a message inviting them to visit a specified site. The site contained a Trojan that used a vulnerability in MS IE to install and launch a proxy server on the victim machine without the user’s knowledge. The proxy opened a port making it possible for a remote user to send and receive e-mail using the infected machine. Victim machines were transformed into zombies spewing out spam. So the ruse of Greek warriors inspired malware creators to devise new computer tricks and use them for their criminal purposes.
There is a big “family” of Trojan programs. Match the types of Trojans with their functions
1. Backdoors a) function as proxy servers and provide
anonymous access to the Internet from infected machines
2. Rootkits b) track and save user’s activity on the victim
machine and then forward this information to the “master”
3. ArcBombs c) redirect victim machines to specified
websites or other Internet resources
4. PSW Trojans d) are archived files coded to sabotage the
de-compressor when it attempts to open the
infected archived file
5. Trojan clickers e) open infected machines to external control
via a LAN or the Internet
6. Trojan downloaders f) steal passwords, normally system
passwords, from victim machines
7. Trojan droppers g) used as a form of stealth to hide Trojan
activity and evade detection
8. Trojan proxies i) inform the “master” about an infected
machine
9. Trojan spies j) download and install new malware or
adware on the victim machine
10. Trojan notifiers k) are used to install malware, which is
dropped to a specified location on a local
disk and then launched on the victim
machine
Just for fun
Celebrity Computer Viruses
Ronald Reagan virus: Saves your data, but forgets where it is stored.
Mike Tyson virus: Quits after one byte.
Titanic virus: Makes your whole computer go down.
Disney virus: Everything in the computer goes Goofy.
Sharon Stone virus: Makes a huge initial impact, then you forget it's there.
Bill Clinton virus: Won't let you query the system for information.
Al Gore virus: Runs quietly in background mode but doesn't appear to really do much of anything.
George Michael virus: Runs its course, occasionally releasing excess data buildup.
X-files virus: All your Icons start shape shifting.
Spice Girls virus: Has no real function, but makes a pretty desktop.
Arnold Schwarzenegger virus: Terminates and stays resident. It'll be back.