Information Security Essay - 1,637 words

Information Security Outline: General definitions of virus and worm; I-Worm.Mydoom; Slammer - internet worm; Klez - internet worm; Conclusion. Internet is the most dangerous source of computer viruses. It can take as little as several minutes to acquire a trojan, virus or a worm. Is there any difference between a trojan and a virus? What distinguishes a virus from a worm? There are two main differences between worm and a virus. A virus should become a part of another executable program, whereas worm is a self-replicating computer program. What is virus? According to Symantec, it is a parasitic program written intentionally to enter a computer without the user's permission or knowledge. The word parasitic is used because a virus attaches to files or boot sectors and replicates itself, thus continuing to spread.


Though some viruses do little but replicate, others can cause serious damage or affect program and system performance. A virus should never be assumed harmless and left on a system." (Master Glossary, 1997, p.1) Win95.CIH, Win32.Funlove and Win32.Elkern are the most widespread viruses. According to Computer Virus FAQ, viruses have the potential to infect any type of executable code, not just the files that are commonly called 'program files' (tanstaafl@pobox.com, 1999, p.1). Trojan programs are often associated with viruses, although they arent the ones. Trojan is a program (often quite harmful) that pretends to be something else. You can download a game or useful program, but when you run it, it deletes files on your hard drive. Mary Landesman writes that Most often, Trojans are associated with remote access programs that perform illicit operations such as password-stealing or which allow compromised machines to be used for targeted denial of service attacks (Landesman, 2005, p.1).


Internet worm is defined as a self-replicating program that reproduces itself over a network (Cheap56k Website, Worm Definition). So, in contrast to viruses that damage files, Internet worms copy themselves from system to system. There are two main types of Internet E-mail worms: Self-executable worms (they run themselves without users knowledge). Such worms use vulnerabilities of E-mail clients (Outlook Express, etc). Actually, internet worm uses vulnerability in Internet Explorer rather then in Outlook Express: MS Outlook creates pages as HTML page and represents the page using IE (the viruses that use such vulnerability, are I-Worm.Klez, I.Worm.Avron, I-Worm.Frethern, I-Worm.Aliz); Executable worms (the user has to save attached file and/or run it). The worm pretends to be a very important document/picture/useful program, etc. For example, I-Worm.LovGate creates answers for e-mails in your mail database.


Such worm also can have double extension (i.e. "Doc1.doc.pif", "pict.jpg.com", etc). Quite often worms run trojan programs and send information from users computer to computer of hacker. In contrast to worms, viruses usually dont use network resources. The virus can be safe if you dont run it. Lets choose three recent worms, define them, discuss what each attack did, what types of systems were affected, what was the course of action or remedy proposed and impact of the virus/worm attack.


I-Worm.Mydoom. This E-mail worm replicates itself sending files attached with infected e-messages. There are several modifications of I-Worm.Mydoom: I-Worm.Mydoom.a, *.aa, *.ab, *.b, *.e, *.q, *.m, *.n, *.t, *.y, etc. I-Worm.Mydoom itself is 34979 bytes. After you run the worm, it shows the mistake: Unable to open specified file, File cannot be opened, File is corrupted. Then after Mydoom.f copies itself into Windows system folder with random name and *.exe extension.


It creates corresponding entry in registry that leads to automatic running of file. HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentV ersionRun = %SysDir% HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVe rsionRun < random name > = %SysDir%< random file name > I-Worm.Mydoom creates dll-file in Windows system folder under a random name. This dll contains Backdoor-module. The worm starts sending itself using its own SMTP engine. It searches for addresses in files with following extensions: WAB, MBX, NCH, MMF, ODS, RTF, UIN, OFT, MHT, VBS, MSG, PL, EML, ADB, TBB, DBX, ASP, PHP, SHT, HTM, TXT. The worm omits addresses containing sub-lines: mozilla, gnu, unix, sendmail, sun.com, usenet, fido, linux, kernel, google, ibm.com, etc. The worm searches for files with extensions MDB, DOC, XLS, SAV, JPG, AVI, BMP on all disks (C: - Z:) and deletes files using random probability. As part of its infection routine, W32/MyDoom attempts create files and add entries to the Windows registry. Depending on the privileges of the user executing the virus, these changes may not be permitted. (W32/MyDoom.B Virus, 2004, p.1) The worm also executes DOS attacks at websites www.riaa.com or www.microsoft.com.


The attack takes place when the system date is between 17 and 22 of each month. Backdoor module opens port 1080 TCP/IP in order to receive commands. Connecting to this port, a hacker can use your computer as proxy-server for his own purposes. In February 1, 2004, I-Worm.Mydoom destroyed SCO Group (the software producer) website. Japanese comp ...................................................................................................................................................................................................................................................................................................................................................................

...................You are reading a preview................... Visit our Blog and Unlock Full Access to this essay

Continue READING the FULL Essay by clicking HERE

Essay Tags: virus, computer, file, information security, viruses

This is an Essay sample / Research paper, you can use it for your research of: Information Security