Читайте также:
|
1987 - Lehigh virus infected the COMMAND.COM file on DOS diskettes at Lehigh University. The author of the Lehigh virus was never identified, so there was no punishment for him.
1992 – MBDF virus (created at Cornell University) was released in shareware programs (computer games). The virus caused some programs to crash when the user selected an item from the menu bar. The virus took several seconds to infect each program file on the victim’s computer, and, during those several seconds, the display would freeze. If the victim rebooted the computer during those several seconds, application files on the computer could become corrupted.
1994 – Pathogen computer virus was released in the United Kingdom, by uploading an infected file to a computer bulletin board, where victims could download a copy of the file. The Pathogen virus counted the number of executable (e.g. *.EXE and *.COM) files that it infected. When the virus infected 32 files and an infected file was executed between 17:00 and 18:00 on a Monday: the keyboard was disabled; data in the first 256 cylinders of the hard disk drive are corrupted; a message appeared that include: “I’ll be back for breakfast…. Unfortunately some of your data won’t!!!!”
1. What types of viruses are mentioned above?
2. What was the source of initial release of the viruses?
3. Have the viruses become more sophisticated over the past years?
Find information about a recent virus and tell it to the class.
Jigsaw activities.
Work in pairs. Student A read the information about the Nimda worm. Student B read the information about the ILOVEYOU Worm. Ask each other the questions and complete the chart given below the text.
| Nimda Worm The Nimda Worm was released on 18 September 2001 and it rapidly spread on the Internet. The name of the Nimda worm is reversal of the word admin (administrator), because by exploiting a defect in Windows, the Nimda worm was able to act as an administrator, who designates a user with the privilege of modifying system files. Unlike the other existing worms Nimda had two novel features: 1) Nimda could infect a computer when the user read or previewed an e-mail that contained a copy of Nimda. With all previous viruses or worms transmitted by e-mail, the user would need to click on an attachment to infect the computer. 2) Nimda could modify webpages on a webserver, so that accessing those webpages could download a copy of Nimda to the browser’s computer. These two new features represented a significant “advance” in ability to harm victims. The Nimda worm can propagate in several different ways. Every copy of Nimda generates many random IP addresses to target http get requests, i.e. a request to get a webpage from a server and infects that server. Nimda also creates a copy of itself in a file, readme.eml, on an infected browser. The user’s web browser might automatically download readme.eml and execute the Nimda worm, thus infecting the user’s computer. Once every ten days, Nimda searches the hard drive of an infected computer to harvest e-mail addresses. After harvesting e-mail addresses Nimda selects one of the addresses as the From: address and the remainder as To: addresses and sends copies of Nimda in an apparently blank e-mail. Nimda adds a copy of itself to the beginning of *EXE files. Such executable files are sometimes transferred to other computers, which will spread the Nimda infection. The Nimda worm has a length of 57344 bytes, which makes it a relatively large file compared to many webpages and e-mail messages. This large size helps Nimda clog the Internet. The anti-virus softvendor Trend Micro reported on 14 May 2002 that a total of 1.2x106 computers worldwide had been infected with Nimda. The author of the Nimda worm was never identified. The code for the Nimda contained a copyright notice stating that it originated in communist China, but nobody can confirm that this statement is correct. | ILOVEYOU Worm The ILOVEYOU incident was commonly reported as a virus in the news media, but it was actually a worm, because this malicious program didn’t infect other programs. The ILOVEYOU worm was first reported in Hong Kong on 4 May 2000 and spread westward on that day. The ILOVEYOU worm arrived at the victim’s computer in the form of e-mail with the ILOVEYOU subject line and an attachment. The e-mail itself was innocuous, but when a user clicked on the attachment (LOVE-LETTER-FOR-YOU.TXT.VBS) to read the alleged love letter a horrible sequence of bad things occurred. The worm overwrote and then deleted files from the victim’s hard disk drive, specially targeting files with extensions: *.JPG, *GIF, *.WAV, *COM, and *EXE. The worm made it much more difficult (if not impossible) to recover the original files on the victim’s hard drive. In addition, the worm marked files of type *.MP3 as hidden, so they would no longer appear in directory listings, then copied the worm to new files *.MP3.VBS. The attachment LOVE-LETTER-FOR-YOU.TXT.VBS automatically set the Microsoft Internet Explorer start page to a URL at a web server in the Philippines, which would download to the victim’s machine WIIN-BUGSFIX.EXE, which was a Trojan Horse, that collected user names and passwords and e-mailed them to an address in the Philippines. The worm transmitted itself scanning the address book in Microsoft Outlook and sending ILOVEYOU e-mail to all those e-mail addresses. The ILOVEYOU worm affected computers at more than half of the companies in the USA and more than 105 mail servers in Europe. The ILOVEYOU worm did more damage than any other malicious program in the history of computing: approximately US$ 9x109. Police in the Philippines knew the name and location of the suspect within 12 hours after the initial release of the worm. A weak after the release of the worm the author’s attorney said that the worm had been released “accidentally” and his client didn’t realize how rapidly the worm would propagate. The investigation was closed because the creation and release of the worm was not a crime in Philippines. |
1. Where and when the worm, you have just read about, was released?
2. What did the name of the worm originate from?
3. How did the worm propagate?
4. How did it infect the victim machine?
5. What files were vulnerable to the worm’s infection?
6. Did the worm have any specific features unlike the other worms?
7. What damage did the worm cause?
8. How many computers were infected?
9. Was the author of the worm identified?
10. Was the worm perpetrator prosecuted for computer crime?
| The date of release | Country | Perpetrator | Files infected | Damage | |
| Nimda | |||||
| ILOVEYOU |
In the news…
Here are three articles about novel malware. Look at the following newspaper headlines:
1) Which headline seems interesting to you? Choose one headline only.
2) Look at the following list of word combinations. They all come from the articles to go with the headlines. Which word combinations do you think go with which headline? Why?
smart phone signatures of known viruses
to fox security firms new era of computer worms
to freeze victims’ browsers to install unauthorized software
to block the worm to catch viruses
malicious software to drain the battery of the phone
to scan e-mail attachments to exploit an unpatched vulnerability
3) What interesting information do you expect to find in the article? Write two questions:
Examples
Are anti-virus companies able to protect home users?
Can mobile worms propagate via SMS?
What problems will new versions of malware cause to Internet users?
Дата добавления: 2014-12-15; просмотров: 131 | Поможем написать вашу работу | Нарушение авторских прав |