MALWARE

By

Farhan Ahmad

farhanahmad@uet.edu.pk

Department of Chemical Engineering,

University of Engineering & Technology Lahore

Introduction : Malwares in brief

Danger of attack

Virus Attacks and Ethics

Economic Impact of Viruses

Example of Computer Viruses

Conclusion

2

Contents

3

malicious software

Computer and macro viruses of any kind

Internet and mass-mailing worms

Trojan horses, backdoors and rootkits

Other computer exploits, bots, zombies

Spyware, adware, and other software installed on a computer

without the user’s knowledge or informed consent

And then there are the “hoax viruses”

Introduction

4

Three key points in malware attacks

Attacker

Victim

Purpose

Attacker: individual or group

Victim: individual or group

Purpose: where ethics lies

Components

5

Not a one-time damage, keeps increasing

Damage in money

Difficult to be contained

Hard to capture the attacker

Danger of attack

6

Labor costs for analyzing and repairing infected systems

Loss of user productivity

Loss of income

Huge investments in anti-malware technology

Secondary costs, e.g. stealing private info

Economic Impact

7

8

“Viruses” appeared in early 1980s

Very soon after first personal computers

They spread by floppy disks, later via “bootleg”

They often weren’t meant to be destructive

Internet “worms” arrived in late 1980s

“There may be a virus loose on the internet.” - Andy Sudduth of

Harvard University, 34 minutes past midnight, November 3, 1988

History

9

First mass-mailing worm came in 1999

Usually called the “Melissa virus”

It was also a “macro virus”

Infected file had to be opened in MS Word

Spyware hits the scene around 2000

“Adware” claims to be legitimate, legal

“Browser hijacking” is common symptom

Other exploits, Trojans, backdoors<

Have been around for a long time

Hackers target entities for malicious attack, or may want “free”

computing resources

History

10

Virus: program that copies itself into other programs

Could be transferred through infected disks

Rate dependent on human use

Worm: a virus that uses the network to copy itself onto other computers

Worms propagate faster than viruses

Large # of computers to infect

Connecting is fast (milliseconds)

Definitions

11

Examples of how worms affect operation of entire Internet

First Worm: Morris Worm (1988)

Code Red (2001)

Nimda (2001)

Blaster (2003)

SQL Slammer (2003)

Example of malwares

12

Damage: 6000 computers in just few hours

Extensive network traffic by worm propagating

What: just copied itself; didn’t touch data

Morris Worm:

13

Examples

ILOVEYOU Virus (2001)

• Spreads through emails and chat clients

• Affects web development and media files ( JPEGs, MP3s <)

• Estimated damage of 10 to 15 billion dollars

14

malware Year Estimated Damage

CIH 1998 20M to 80M $

Melissa 1999 300M to 600M $

Code Red 2001 2.6B $

SQL

Slammer

2003 shut down South Korea's online capacity for 12 hours

Blaster 2003 2B to 10B $

Sobig.F 2003 5B to 10B $

MyDoom 2004 At its peak, slowed global Internet performance by 10 percent

and Web load times by up to 50 percent

Sasser 2004 Tens of millions of dollars

CodeRed

Sobig.F Sasser

Blaster

15

Sluggishness

One or more unexpected restarts

Frequent system crashes

Constant hard disk activity

Generalized “strange behavior”

Symptoms

16

propagate rapidly, exploit common vulnerabilities and cause

widespread damage

Prevention

Eliminate Buffer Overflows (Programmers)

Don’t open email attachments

Disable unnecessary functionality

Patch systems regularly

Detection

Update scanners with latest definitions

Use auto-updating scanners when possible

Employ programs

Preventions