Computer Forensics 2

1
Computer Forensics 2 CGS 5132 Dr. S. Lang April
23, 2002
2
Computer Viruses, Trojans, Worms

• By Hiep Dang

3
Introduction

• As computer scientists, we are all familiar with
  the term computer virus

• But, do we really understand how these nuisances
  work?

4
Definition

• Computer viruses were named after their
  biological counterparts because of their similar
  traits

• A virus passes from one entity to another

• A virus can cause inconvenience and suffering

• A virus can spread into an epidemic

5
Definition

• A biological virus is not a living thing. A
  virus is a fragment of DNA inside a protective
  jacket

• Unlike a cell, a virus has no way to do anything
  or to reproduce by itself

• Instead, a biological virus must inject its DNA
  into a cell. The viral DNA then uses the cells
  existing machinery to reproduce itself

6
Background

• Computer viruses became widespread in the 1980s
  due to many factors

• The increased usage of computers

Trojan Horse

• Bulletin Boards

• Floppy disks

• These factors set the stage for a technological
  petri dish for computer viruses to flourish

7
Initialization

• When first turned on, a computer loads an
  operating system or DOS into main memory from a
  disk

• When an infected file is run, that file is loaded
  into main memory also

• Once the file begins to execute, the virus
  becomes active

8
Reproduction

• Typically, its first objective is to replicate
  (or reproduce)

• Virus programs, typically written in machine
  code, usually employ DOS commands to commandeer
  system resources that the virus must use.

9
Reproduction
This findfileLOAD (this)loc search
(this)insert (loc)STORE (this)findfile
search insert
findfile uses DOS to open the directory of
executable files on disk, picks a random file
name, and assigns it to this
LOAD A DOS command that brings the selected
file into main memory
search a subroutine that scans the file to find
a suitable insertion site for the virus and
assigns its physical memory to loc
insert the virus appends itself at the end of
the file and reroutes the progression of the file
to the virus and back
10
Reproduction
loc
Unaffected program
memory
Virus
Infected program
11
Trigger Bomb
day/date check (clock)if day 5 and date
13 then bombcheckbomb
check uses DOS commands to read the system
clock and assigns the appropriate values to day
and date
bomb this is the heart of the virus, what does
all the damage
12
Evolution

• Luckily, executable and boot sector viruses are
  declining because of CDs

• Computer technology is ever growing. Along with
  it, unfortunately, comes the evolution of
  computer viruses

13
Macro Viruses

• Macro viruses are the most common virus today

• Unlike executable viruses, macro viruses cannot
  infect any file

• Microsoft Word documents Excel spreadsheets

• The reason is the convenient macro languages that
  automatically perform tasks with little to no
  user input

• Once an infected file is opened, the virus copies
  itself into the global template used to store
  global macros

14
The Computer Worm

• Also known as the email virus

• This new virus takes advantage of the Worlds
  growing dependency on electronic mail

• The most famous is the Melissa virus of 1999

• It was the fastest spreading epidemic in history

15
Code Red Worm

• FBI agent Dave Thomas mentioned Code Red in his
  speech

• What is Code Red? http//news.com.com/2100-1001-27
  0892.html?legacycnet

• How it attacks http//www.symantec.com/avcenter/v
  enc/data/codered.worm.html

• Headlines it causedhttp//news.com.com/2009-1001
  -270945.html?legacycnet

16
Other Famous Viruses

• Lorena Bobbit Virus turns your hard disk into a
  3.5 inch floppy

• Woody Allen Virus bypasses the motherboard and
  turns on a daughter card

• Tonya Harding Virus turns your .BAT files into
  lethal weapons

• Paul Revere Virus warns of impending virus
  infection 1 if by LAN, 2 if by C\

• Adam and Eve Virus Takes a couple bytes out of
  your Apple computer

• Freudian Virus your computer becomes obsessed
  with its own motherboard, or becomes very jealous
  of the size of your friends hard drive

17
No Laughing Matter

• U.S. Businesses lost 5 billion to 6 billion due
  to computer viruses

• Viruses have penetrated the computers of

• NASA

• The Defense Data Network

• The 2nd Circuit Court of Appeals

• Capitol Hill

• IBM

• The White House

• A British Nuclear Power Plant

• The Naval Ocean Systems Command

• At least 2 viruses infiltrated Allied computers
  in 1991 during the Gulf War

18
Antivirus Strategy

• Knowledge Understanding how viruses will help
  identify some bad computing habits that would
  otherwise increase your susceptibility to virus
  attack

• Antivirus software Programs such as McAfee and
  Norton are very popular

• Backup Make clean copies of your precious data
  and files. (The Midnight virus, once removed
  leaves your files encrypted)

• Macro Protection Turn on Macro Virus Protection
  in all Microsoft applications..

19
Antivirus Strategy
20
Conclusion

• Generally thought upon as being awful human
  creations, the existence of computer viruses,
  however, has opened the worlds eyes to the
  potential powers they possess and..

• How susceptible we are to our own ingeniousness

• Chinese saying, For every Yin, there is a Yang

• As much as the computer revolution has helped
  mankind in its quest for omniscience, there will
  always be a force that deters our efforts.