1  

While  calling  all  malware  “viruses”  is  not  technically  correct,  it  is  likely  you’ll  be  understood!  Virus:  relies  on  another  file  to  replicate  and  spread.  Influenza  spreads  by  infecFng  your  body’s  cells  and  using  them  to  replicate,  it  cannot  spread  on  its  own  Worm:  Self-­‐contained  and  self  replicaFng.  May  spread  over  a  network,  use  e-­‐mail,  malicious  websites,  or  other  methods  to  spread  itself  Trojan:  SoLware  (downloadable  programs  or  AcFveX  controls,  Java  applets  on  websites)  that  appears  to  be  desirable/innocuous  but  is  not  (Rogue  AV)  Adware:  Ad-­‐supported  soLware,  may  be  innocuous  (remember  Eudora  Light?)  or  may  also  be  spyware  Spyware:  Monitors  computer  use,  collects  personal  informaFon,  may  also  include  keyloggers,  password  stealers,  and  more  malicious  informaFon  stealing  programs  

2  

Neither  destroyed  data—they  were  mere  annoyances.  Most  early  malware  and  viruses  were  done  to  gain  notoriety,  experiment,  or  as  pranks.  Before  the  late  1980s,  most  viruses  spread  via  removable  media,  usually  floppy  disk.  Viruses  and  Trojans  did  start  to  appear  on  BBSes  and  newsgroups  devoted  to  soLware  sharing  and  piracy  during  this  Fme.  

Elk  Cloner:  h`p://en.wikipedia.org/wiki/Elk_Cloner  ©Brain:  h`p://en.wikipedia.org/wiki/%28c%29Brain  

3  

Yes,  the  Creeper  worm  on  ARPANET  predates  this  worm,  but  we’re  talking  about  networks  that  sFll  exist  in  this  context.  The  creator  of  the  Morris  worm  was  convicted  of  a  crime,  but  served  a  suspended  sentence,  performed  community  service,  and  paid  a  $10,000  fine.  

Morris  worm:  h`p://en.wikipedia.org/wiki/Morris_worm  h`p://news.cnet.com/16-­‐candles-­‐for-­‐first-­‐Internet-­‐worm/2100-­‐7349_3-­‐5438291.html  

4  

Chernobyl/CIH:  h`p://en.wikipedia.org/wiki/CIH_%28computer_virus%29    Melissa:  h`p://en.wikipedia.org/wiki/Melissa_%28computer_worm%29    

5  

6  

This  is  classified  as  a  worm  because  it  is  self-­‐propagaFng.  Systems  infected  with  the  Storm  worm  would  send  spam  e-­‐mails  out  containing  links  to  the  malicious  file.  

Subject  lines:  U.S.  Secretary  of  State  Condoleezza  Rice  has  kicked  German  Chancellor  Angela  Merkel    BriFsh  Muslims  Genocide    Naked  teens  a`ack  home  director.  230  dead  as  storm  ba`ers  Europe.    Re:  Your  text  

7  

Report:  Security-­‐Wise,  the  Mac  Plaoorm  Is  Gepng  Shaky:  h`p://www.macnewsworld.com/story/Report-­‐Security-­‐Wise-­‐the-­‐Mac-­‐Plaoorm-­‐Is-­‐Gepng-­‐Shaky-­‐61522.html  

8  

How  many  here  use  Windows  on  their  computers?  

9  

Destroy  data  Open  up  backdoors  (so  the  hackers  can  use  your  computer  for  other  things,  install  more  malware,  etc)  Join  your  computer  to  a  botnet  Send  spam  (botnet)  Use  your  computer  to  a`ack  other  computers  (botnet)  Self  replicate/spread  Steal  keystrokes  Disable  anFvirus  ,  turn  off  firewall,  and/or  prevent  you  from  visiFng  security  websites  Observe  your  surfing  habits,  display  pop-­‐ups  

10  

Installs  itself  and  then  makes  changes  to  your  system  so  you  can’t  shut  it  off  Sets  itself  up  so  it  runs  when  the  computer  boots  up  Checks  to  make  sure  its  malicious  sepngs  are  sFll  present,  resets  them  if  not  Rewrites  system  files  (rootkit)  Hides  itself  in  memory  (can’t  see  malware  process  in  Task  Manager)  

11  

12  

13

The file linked to by this malicious spam is part of the Psyme family of Trojans. Psyme exploits a vulnerability in IE and downloads more malware that can infect your system. Want to know how I figured out where that link led? I hovered over it with my mouse pointer—the yellow box that popped up (called a ToolTip) showed a very suspect-looking web address.

14

The malicious link in this e-mail led the user to a CNN look-alike page which attempted to download a program named “Adobe_Player.exe” to the user’s system. If run, this program actually installed what’s known as “scareware” or “rogue antivirus software.” It tells the user they’re infected with malware and they need to pay $40 for the “pro” version of the software that can remove said malware. All scareware removes is money from your pocketbook!

Use  Secunia  PSI/AppFresh  to  help  with  updates  

15  

16

Green icon is put there by McAfee SiteAdvisor. http://www.siteadvisor.com (Another good option is WOT: Web Of Trust) SAFE (green): Very low or no risk issues. CAUTION (yellow): Minor risk issues. WARNING (red): Serious risk issues. UNKNOWN (grey): Not yet rated. Use caution.

McAfee SiteAdvisor rating methodology Risky downloads—Downloadable files that contain viruses, spyware, or adware or make unrelated changes to the downloading computer • Browser exploits—Also known as a driveby download, this type of malicious code enables viruses, keystroke loggers, or spyware to install on a consumer’s computer without consent and/or knowledge • Email practices—Registration forms and other sign-ups that result in high volume email, highly commercial email or both. We also test for difficultly unsubscribing. • Phishing—Scam sites that try to trick visitors into believing the site is legitimate • Excessive popups—Sites that engage in aggressive popup behavior or display large numbers of popups • Linking practices—Sites that aggressively link to other red- or yellow-rated sites

Stay  Safe  Online  is  on  2/2/09,  Networking  is  2/9/09  

17