Paper on viruses
Computer viruses are an unfortunate daily occurrence, due to their high prevalence and ability to do a range of things. They can range from simple packet sniffing to data mining to keylogging. In my paper, I will be discussing computer viruses, how they’re constructed, the different types of viruses, how they work and the steps that can be taken to prevent against them. I believe that computer viruses are an extremely dangerous part of the internet of things, and everyone should be very cautious when it comes to how they use the internet and how they act online.
A computer virus, as stated by Xiaofan Yang and Lu-Xing Yang in their paper entitled “Towards the Epidemiological Modeling of Computer Viruses” is, “a malicious program that can replicate itself and spread from computer to computer…a virus can perform devastating operations such as modifying data, deleting data, deleting files, encrypting files, and formatting disks” (Yang). This is important because the crucial thing about viruses is that they are almost always intended for harm. The authors believe that as technology betters itself, the worry of computer viruses grows exponentially and current antivirus technology cannot predict how computer viruses will evolve in the coming years. There are many different types of viruses and what they can do. Most common is the Trojan horse. It hides itself in applications and files you normally associate with safe files, and injects itself into the computer once you open the file or run the program. There are also different types of attacks when it comes to networks instead of single user pc’s. For example, a “spoof” is a type of attack in when the bad node miss-represents itself to the network, so that the sender’s topology changes. The most prevalent type of attack that viruses can use are botnets. A botnet is a collection of computers that have been hacked into and can be used all at once to be used for a hacker’s whim. For example, a hacker can use a botnet to accomplish a DOS attack, or Denial of Services attack. This essentially shuts down any website the hacker wants, as the botnet consumes all the bandwidth of the site and forces the website to display error messages as it can’t handle the amount of traffic being tunneled through the server.
There are many real-world examples of viruses being used to wreak havoc. In the article written by Lauren Sporck entitled “Most Destructive Malware of All Time” she discusses the biggest malware hacks ever. For example, in 2004 the fastest spreading virus in history made its way. It’s called the “My Doom Worm”. It was usually, as the authors says “transmitted via email and usually contained a variety of subject lines including, “Error”, “Mail Delivery System”, “Test” or “Mail Transaction Failed” (Sporck). This is interesting because the creator of the virus played on people opening up most every email they received without notice, and in this case, played off the fact that people were curious if, for example, the email they sent didn’t go through and wanted to know what the error was. The “Superfish Adware” is another case of viruses taking hold. The author states that “Superfish adware made its claim to fame through a class action lawsuit filed against Lenovo, the largest maker of PCs in the world. Superfish spyware came pre-installed on Lenovo machines without Lenovo customers being told of its existence. Superfish installed its own root certificate authority which allowed it to void SSL/TLS connections, creating an opening or “hole” for attackers. This exposed Lenovo users to potential cyber criminals while providing Superfish and Lenovo with a way to target unsuspecting users with tailored advertisements” (Sporck). This is very interesting because it reveals multiple sides of the story. In one hand, you have the hole that is left wide open and vulnerable for hackers which could be easily manipulated, and in the other hand you have the use of tailored advertising which many frown upon. A third real world virus is the “Code Red Worm”. This worm affected almost 360,000 computers by targeting the computers that were running a specific Microsoft web server and that web server only. This is interesting because the hackers chose to do this because it was most likely the most commonly used web server at the time, and using a little black hat magic they were able to inject their code into the server and pushed it to every computer that was running the server. The worm was able to do this by using a security vulnerability known as buffer overflow. Another real-world example of a computer virus is the “SoBig.F Worm” which was a malware that was injected via email and then searched the infected computers email directory and sent the malware email to all the contacts, spreading the virus even faster. In the end, the worm ended up causing around $37 Billion in damages and brought down freight and computer traffic in Washington. One final real world example of a virus is the “CIH Virus”. It was named after the Chernobyl disaster and was set to go on the anniversary of the disaster. The virus, as stated in the article, “The virus worked by wiping data from the hard drives of infected devices and overwriting the BIOS chip within the computer, which rendered the device unusable.
This virus caused tremendous damage because the BIOS chip was not removable on many PCs, requiring the user to replace the entire motherboard” (Sporck). This is an especially heinous virus because it renders a person’s PC essentially unusable and thus, they must purchase a completely new computer and hope that they don’t get caught with the same virus again or potentially get a new one. In all, there are many different types of viruses and they can do many different things, what we as a people need to do is focus on how we are going to stop viruses moving forward and what we can do to better protect ourselves online and offline.
There are many ways to protect from computer viruses. The easiest way is to download an antivirus software that routinely scans your computer hard drives and system and checks for any viruses. If it finds one, it usually quarantine’s them until you give a directive as to what you want the antivirus software to do. Sometimes the programs will pick-up “false positives”, programs or files that you know are safe but the antivirus program thinks are a virus for some reason. This is usually because the file that trips the false positive has some similarities to the files that the antivirus algorithm is looking for. Another way to protect from viruses and avoid malware is to invent new detection framework. For example, a paper written by Sushma Verma and S.K. Muttoo entitled “An Android Malware Detection Framework-based on Permissions and Intents”. This paper discusses how Android phones and smartphones in general have become a viable source of hacking recently. In this paper the authors discuss how current Android virus protection and malware security works and they provide a clear hybrid method for android malware detection by analyzing permissions and intent filters of the applications that you wish to be downloaded on your phone. The authors state that “The increased usage of smartphones can be combined with tremendous increase in the security breaches due to the exploitation of the increasing number of android application-related vulnerabilities. The continuing exponential growth in the usage of the smart mobile technology has necessitated the research in security solutions for mobile devices” (Verma, Muttoo). Later in the paper, the authors, in describing how they plan to achieve this new type of malware detection state “Our methodology aims at developing a detection system that focuses on feature extraction and selection to measure and characterize the malicious applications on the basis of permissions and intents specified in the manifest file of the application” (Verma, Muttoo). This is interesting because the authors state that the way they will be finding malware is by simply checking the permissions and intents of what the file or program wants to change or modify. This is interesting because it is very hard for a hacker to hide what the program does and this will result in hackers having to be even more clever when it comes to bypassing android security. Another way programmers find out ways to stop hackers is by finding the exploitable holes first and plugging them up. A paper written by Adam Kiezun, Philip Guo, Karthick Jayaraman and Michael Ernst entitled “Automatic Creation of SQL Injection and Cross-Site Scripting Attacks” discusses this type of prevention. The paper states that “We present a technique for finding security vulnerabilities in Web applications. SQL Injection (SQLI) and cross-site scripting (XSS) attacks are widespread forms of attack in which the attacker crafts the input to the application to access or modify user data and execute malicious code. In the most serious attacks an attacker can corrupt a database so as to cause subsequent users to execute malicious code” (Kiezun et al.). This is interesting because what the authors are saying is they made a technique that injects a bit of code into a web application and it finds all the security flaws of the website so they can be fixed and can prevent against hackers. When discussing how it works, the authors stated “our technique works on unmodified existing code, creates concrete inputs that expose vulnerabilities, operates before software is deployed, has no overhead for the released software, and analyzes application internals to discover vulnerable code…Ardilla is a white-box testing tool, i.e., it requires the source code of the application. Ardilla is designed for testing PHP applications before deployment. Security vulnerabilities that Ardilla identifies can be fixed before the software reaches the users because Ardilla creates concrete attacks that exploit the vulnerability. In our experiments, Ardilla discovered 68 previously unknown vulnerabilities in five applications” (Kiezun et al.). This is important because it shows that using the tool they invented, when shown with a PHP script, the tool found 68 vulnerabilities in five separate applications that were unknown beforehand. This is important because using this tool many websites will be much safer when it comes to potentially being hacked and invested with viruses. A final source that shows methods of virus protection and how we are bracing for the new wave of potential viruses that will come from the general increase of technology is a paper written by Dr. Milind Joshi and Bhaskar Patil entitled “Computer Virus and Methods of Virus Detection Using Performance Parameter”. This paper discusses types of virus detection methods and how they are used. Most common is the integrity check or check summing. This is when, are per the article, “An integrity checker records integrity information about important files on disk, usually by check summing. An integrity check program with built-in intelligence is the only solution that can handle all the threats to your data as well as viruses. Integrity checkers also provide the only reliable way to discover what damage a virus has done. These methods require software update at specific intervals” (Joshi, Patil). This is important because this is the most basic and general way that viruses are stopped. This is not great because many viruses and virus programmers have begun ways to figure out how to circumvent these types of virus checks. The authors believe that antivirus is only good if it is updated, as new virus software is being created daily and older antivirus software might not be able to capture the new viruses or malware as they may be too advance and get past the old antivirus programs.
In closing, I believe that viruses are an extreme risk to everyone today; but if the right precautions are taken and people are attentive and always keep their antivirus programs up to date they should be protected from most basic types of viruses and malware. But the big stuff is going to have to be creation of new detection methods for finding viruses as new ones are created every day and they keep getting trickier and trickier and are being able to be hidden very easily in a file, flash drive, or even a picture. I believe that if the right steps are taken, eventually technological advancements will get us to a place that antivirus programs will be ahead of viruses and the algorithms that are currently being developed to fight viruses will help in the long run to be able to block out malware and viruses for a long time to come.