Join Lisa Bock for an in-depth discussion in this video Avoiding worms and viruses, part of IT Security Foundations: Core Concepts.
- Two common malicious programs are Viruses and Worms. A Virus is like a human virus in that it can self replicate and spread to other programs within the system. The results can be as simple as a new icon on the desktop or more serious results such as, disabling antivirus or destroying files. A virus has to have some way to travel to another host. A common way is via an email attachment. To minimize the chance of a computer being infected with a virus antivirus and email programs restrict the type of attachments that an email user can receive.
A Worm is like a Virus. However, it has the ability to spread without any help from a transport agent such as an email attachment. A Worm can spread and replicate throughout a system consuming resources such as memory and processing. Over the years there has been significant and famous Viruses and Worms. Here is a short list of some of the more significant ones I though you would find interesting. Sobig was disguised as an email. Sobig was able to activate its own email host, gather emails, and then propigate additional messages throughout the network.
The ILOVEYOU Worm is one of the most costly worms of all time. It was written by a young man in the Philippines and it spread rapidly via email and was able to over-write files almost as if it was eating through your drive. Because of the nature of the subject, people then clicked on it over and over again continuing to propagate it, even though they were told it was possible malware. The Morris worm was written by a Cornell student. Only 99 lines of code.
It was released and then subsequently brought the internet down. Remember it was a very small internet at that time but it was significant damage. An MSBlast, or blaster, was targeted at the Microsoft operating systems. There was a message within it saying, "billy gates why do you make this possible?" Blaster was able to install a Trivial File Transfer Protocol server. It downloaded the code onto the host and then it was able to create a distributed denial-of-service on the windowsupdate.com server.
Blaster used a buffer overflow exploit. Within six months a freely available removal tool was offered via Microsoft and other vendors. Stuxnet is a well-written and clever worm which targeted Microsoft Windows machines and networks and replicated itself. The target was a Siemens Step 7 software used to program industrial control systems that operate equipment such as centrifuges.
Stuxnet modified the scripts of the programmable logic controls. A programmable logic control device has a couple of run cycles and then a rest cycle. One of the key behaviors of the Stuxnet was to modify the script so there was no rest cycle and burned out the machine. Stuxnet was suspected to have been introduced to the target environment via an infected USB flash drive.
Note: This course maps to a number of the exam topics on the Microsoft Technology Associate (MTA) Security Fundamentals 98-367 certification exam and is recommended test prep viewing.
- Differentiate between risks, threats, and vulnerabilities.
- Explain how to avoid worms and viruses.
- Define cookies, and explain how they preserve user information.
- Describe the WPA2 wireless security method.
- Cite the differences between public and private key encryption.
- Summarize how to use a virtual private network.
- Identify ways to minimize the attack surface.