This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
A threat is a potential security violation causing harm or loss to a computing system. Actions that cause these violations are attacks and people who initiate or cause these attacks are called attackers. There are different categories of security threats found and with the increasing worms, viruses, and network attacks, it is vital that computer users understand how, why these attacks occur and its prevention methods.
Trojan horses, viruses and worms are types of malicious logic executed in hardware or software to perform harmful unauthorized actions. These programs falsify accesses to a computer system in order to steal or damage information found.
Written by professionals, viruses are malicious program that will attach itself into other computer programs by replicating itself and executes (payload) when the program runs. Payload can be in various forms such as inserting key logger, reformatting disk drives, encrypting files, etc. The most common case of virus attachment is inserting a copy of its code into an executable program file (.exe or .COM) before the first executable instruction. After insertion, the virus's set of instructions will execute first then control flows naturally to what used to be the first program instruction (Pfleeger & Pfleeger, 2006).
First program instructions for execution
Diagram 1: Attachment of virus into a program
Viruses are usually designed to attack data or system files; it can be transient or resident. A transient virus runs when the program its attached to is executed, during this time the virus infect files or other data, it may also spread to other programs. A resident virus situates itself in memory then remains active or be activated as a stand-alone program, even after its attached program ends.(Pfleeger & Pfleeger, 2006) A table on virus effects and causes available in Appendix 1.
Viruses are spread by users and cannot be activated without a user's action; the spread of the virus is unknown to the user. There are several ways a virus is spread:
Method of spreading
Users are unaware that the computer is infected by virus and sends email to another user. The receiver of the e-mail then downloads it, once the file is opened, the virus will start its tasks and spread the infection.
Attackers also use this method to spread their own viruses to the public. Example, the "W32.Myparty@mm" virus is a mass-mailing e-mail virus "capable of spreading itself only between January 25th and 29thof 2002. However, it remains active on infected computers after this period of time." (Symantec.com, 2007)
Picture 1: Sample of the Myparty virus in an e-mail
The attachment contains a link (www.myparty.yahoo.com) which users would think that it's a URL link but the icon is an executable file icon and ".com" is actually an executable file extension (.COM) not the website's address. The virus spreads by sending e-mails to contacts found in the Windows address book and all e-mail contacts found in the Outlook Explorer's folders. The writer tracks the virus by receiving a message from it.
Removable device (USB devices)
Widely popular nowadays almost everyone owns a USB thumb drive for home, office and school/college use. "PandaLabs have discovered around 25% of new worms in 2010 have been designed to spread through devices that connect to your PC via a USB port." (Goldstein, 2010) A USB device is infected by virus if inserted into an infected computer. Once the device is used on other computers with OS that has the AutoRun feature, it will start attacking. In Windows, the AutoRun feature automatically runs installers or other programs once a removable device or CD is inserted.
Another way of spreading is the virus hides itself in a file which is then stored in the USB device and will be activated once that file is opened in another machine.
Any file or software downloaded from the internet has a certain risk of virus attack. Compressed files consist of music, movies or documents are widely available and downloaded by internet users. The moment the downloaded file is uncompressed or opened, the virus will attack.
Worms are program designed to spread replication of itself across the network. Unlike virus, worms do not require human actions to spread around computers. Worms can create copies of itself in large quantities and certain worms spread fast which cause network congestions. For example, a worm replicates and sends out emails (with a copy of itself attached) to all addresses found in the address book. Worms takes up a lot of system memory or network bandwidth causing slow or no respond in Web or network servers and computers. (Beal, 2009)
Name of computer worm
Internet Worm/Morris Worm
One of the first worms to spread thru the internet. Capable of infecting a computer multiple times and slows down computer performance with extra processes. The worm spread by using weaknesses found in Unix sendmail, Finger and rsh/rexec.
SQL Slammer Worm
Spread itself throughout the internet using the weakness found in Microsoft SQL Server 2000. The worm caused global internet slow down. Home users were affected if they had Microsoft SQL Server Desktop Engine (MSDE) installed.
Designed to go into your system and allow malicious users to control your computer remotely. The worm spreads by using the weakness in Microsoft DCOM (Distributed Component Object Model) RPC (Remote Procedure Call). Spreads to only computers running the Microsoft operating system, Windows XP (32bit) and Windows 2000.
Diagram 2: Several examples of computer worms and its effects
Worm attacks in social network
Social network has been increasingly popular among the billions of internet users. There are several attacks identified recently, one of it is the infamous "Koobface" worm which started its attack on Facebook but later found its way to other social network sites such as MySpace, Linkedln and Bebo. This worm spam messages to contacts of an infected account, tricking other users to click on links which directed them to an off-site page that appears to be something like YouTube. The malicious website will then ask users to install a new version of Adobe's Flash Player which is actually a Trojan. Purpose of this worm is to steal sensitive information.
"A new round of attacks aimed at Facebook and Twitter utilized randomized urls and language like "LOL" and "WOW" in the bad messages, making them harder to identify." (Eggebrecht, 2009) This shows how fast and dangerous these worms evolve. There are a lot of similar attacks in the social network recently and are mostly designed by cybercriminals to obtain sensitive data (passwords, personal details, and others).
software keygen or patch
these files are CLASSFIED as trojan
Denial of Service (DoS)
Effect of the computer threats to society
Source: Pfleeger, C.P., Plfeeger, S.L., 2006, 3.3. Viruses and Other Malicious Code (Table 3-2. Virus Effects and Causes), In: Security in Computing, Fourth Edition, Massachusetts, Prentice Hall.
How It Is Caused
Attach to executable program
Modify file directory
Write to executable program file
Attach to data or control file
Append to data
Append data to self
Remain in memory
Intercept interrupt by modifying interrupt handler address table
Load self in nontransient memory area
Intercept operating system call (to format disk, for example)
Modify system file
Modify ordinary executable program
Intercept system calls that would reveal self and falsify result
Classify self as "hidden" file
Infect boot sector
Infect systems program
Infect ordinary program
Infect data ordinary program reads to control its execution
Activate before deactivating program and block deactivation
Store copy to reinfect after deactivation