NOTE: Free essay sample provided on this page should be used for references or sample purposes only. The sample essay is available to anyone, so any direct quoting without mentioning the source will be considered plagiarism by schools, colleges and universities that use plagiarism detection software. To get a completely brand-new, plagiarism-free essay, please use our essay writing service.
One click instant price quote
Information Security Outline: General definitions of virus and worm; I-Worm. Mydoom; Slammer - internet worm; Klez - internet worm; Conclusion. Internet is the most dangerous source of computer viruses. It can take as little as several minutes to acquire a trojan, virus or a worm. Is there any difference between a trojan and a virus? What distinguishes a virus from a worm?
There are two main differences between worm and a virus. A virus should become a part of another executable program, whereas worm is a self-replicating computer program. What is virus? According to Symantec, it is a parasitic program written intentionally to enter a computer without the user's permission or knowledge. The word parasitic is used because a virus attaches to files or boot sectors and replicates itself, thus continuing to spread. Though some viruses do little but replicate, others can cause serious damage or affect program and system performance.
A virus should never be assumed harmless and left on a system. " (Master Glossary, 1997, p. 1) Win 95. CIH, Win 32. Fun love and Win 32. Elder are the most widespread viruses. According to Computer Virus FAQ, viruses have the potential to infect any type of executable code, not just the files that are commonly called 'program files' (, 1999, p. 1). Trojan programs are often associated with viruses, although they arent the ones.
Trojan is a program (often quite harmful) that pretends to be something else. You can download a game or useful program, but when you run it, it deletes files on your hard drive. Mary Landesman writes that Most often, Trojans are associated with remote access programs that perform illicit operations such as password-stealing or which allow compromised machines to be used for targeted denial of service attacks (Landesman, 2005, p. 1). Internet worm is defined as a self-replicating program that reproduces itself over a network (Cheap 56 k Website, Worm Definition).
So, in contrast to viruses that damage files, Internet worms copy themselves from system to system. There are two main types of Internet E-mail worms: Self-executable worms (they run themselves without users knowledge). Such worms use vulnerabilities of E-mail clients (Outlook Express, etc). Actually, internet worm uses vulnerability in Internet Explorer rather then in Outlook Express: MS Outlook creates pages as HTML page and represents the page using IE (the viruses that use such vulnerability, are I-Worm. Klez, I.
Worm. Aaron, I-Worm. Frethern, I-Worm. All); Executable worms (the user has to save attached file and / or run it). The worm pretends to be a very important document / picture /useful program, etc. For example, I-Worm.
Lov Gate creates answers for e-mails in your mail database. Such worm also can have double extension (i. e. "Doc 1. doc. pif", "pict. jpg.
com", etc). Quite often worms run trojan programs and send information from users computer to computer of hacker. In contrast to worms, viruses usually dont use network resources. The virus can be safe if you dont run it. Lets choose three recent worms, define them, discuss what each attack did, what types of systems were affected, what was the course of action or remedy proposed and impact of the virus / worm attack.
I-Worm. Mydoom. This E-mail worm replicates itself sending files attached with infected e-messages. There are several modifications of I-Worm. Mydoom: I-Worm. Mydoom.
a, . aa, . ab, . b, .
e, . q, . m, . n, . t, .
y, etc. I-Worm. Mydoom itself is 34979 bytes. After you run the worm, it shows the mistake: Unable to open specified file, File cannot be opened, File is corrupted. Then after Mydoom. f copies itself into Windows system folder with random name and .
exe extension. It creates corresponding entry in registry that leads to automatic running of file. HKEYLOCALMACHINESoftwareMicrosoftWindowsCurrentV ersionRun
It searches for addresses in files with following extensions: WAB, MBX, NCH, MMF, ODS, RTF, UIN, OFT, MHT, VBS, MSG, PL, EML, ADB, TBB, DBX, ASP, PHP, SHT, HTM, TXT. The worm omits addresses containing sub-lines: mozilla, gnu, unix, sendmail, sun. com, usenet, fido, linux, kernel, google, ibm. com, etc.
The worm searches for files with extensions MDB, DOC, XLS, SAV, JPG, AVI, BMP on all disks (C: - Z: ) and deletes files using random probability. As part of its infection routine, W 32 /MyDoom attempts create files and add entries to the Windows registry. Depending on the privileges of the user executing the virus, these changes may not be permitted. (W 32 /MyDoom. B Virus, 2004, p. 1) The worm also executes DOS attacks at websites web or web The attack takes place when the system date is between 17 and 22 of each month. Backdoor module opens port 1080 TCP/IP in order to receive commands. Connecting to this port, a hacker can use your computer as proxy-server for his own purposes.
In February 1, 2004, I-Worm. Mydoom destroyed SCO Group (the software producer) website. Japanese company Nippon Network Association reported that worm MyDoom infected more than 500. 000 computers over the world. The losses reached more than 2. 6 billion dollars.
According to The Visious World of Viruses and Worms, the first version of MyDoom appeared on January 27, and immediately made its presence known across the Internet. It affected 78. 32 % of all infected computers that month even though it showed up late into January, and along with version b, accounting for 69. 31 % of all infected computers in February. It is the fastest spreading virus to date, and has cost companies an expected 250 million dollars in lost productivity and technical support expenses. (The Visious World, 2005) Slammer Internet worm. The Slammers attack (January 2003) is considered one of the fastest attacks in the history of Internet. This worm has infected Internet for 10 minutes only. "[Saturday] in our operations centers we were seeing between 200, 000 and 300, 000 attacks per hour. [Sunday] we " re seeing between 9, 000 and 10, 000 per hour, which is around what we see for the NIMDA virus on an average day, " said Chris Round, director of Internet Security Systems' X-Force. (Williams, 2003, p. 1) How does it work?
Slammer infects Microsoft SQL Server. Due to its small size (376 bytes only) and special technology Slammer replicates very quickly. It is so-called worm without body that runs in operation memory of your computer. If you use traditional anti-virus scanners, youll not be able to neutralize the worm. The new worm modification infects computers running on basis of SUBD Microsoft SQL Server 2000. Slammer infects computer using a breach called Buffer overrun.
After Slammer infects server, it runs an endless cycle of program replication. It runs command sendto to random addresses in Internet network at UDP 1434 port (using random data from command GetTickCount) and increases network traffic. However, you can delete Slammer easily. You need to reload infected computer; the worm runs in computer memory, and will be erased after reloading.
However, you should install the special patch to protect your computer from repeated infecting. Slammer attack can be called the most destructive attack in the history of Internet. Virus deprived South Korea of Internet and violated work of cash dispensers in the USA. Robert Vamosi from Zdnet writes about Slammers attack: What a mess. 247, 000 computers infected worldwide. Bank of America's ATMs down. E-commerce Web sites unable to process online orders.
Worse, police and fire districts unable to receive 911 calls. Even Microsoft was affected by the SQL Slammer worm, also known as Sapphire and Helen, which broke out just over a week ago (Vamosi, 2003, p. 1) The third worm, Klez is responsible for sending sensitive personal material to others. This virus attempts to shutdown the virus scanner so it can not be detected in the infected computer (Techman, 2002, p. 1). According to the information of antivirus company MessageLabs, virus Klez. h is even more dangerous than Sir Cam worm. From the very beginning (March 2002), Messagelabs has registered more than 775. 000 copies of this worm.
Caspersky lab informs about new modification of Klez worm infected many countries, including Japan, China, Austria and Czech republic. Klez uses the IFRAME-breach. Thanks to this breach the worm can infect computer after the user reads the infected e-mail. To protect your computer from Klez. h Caspersky lab recommends updating antivirus database. You should also install patch for Internet Explorer that is available at Microsoft website: web According to Techweb, The biggest virus of 2002 also was the one with the most staying power.
The Klez virus infected users for seven months, said antivirus vendor Sophos, which released on Thursday a top 10 list of the nagging, costly, and seemingly endless security problems. (Waggner, 2002, p. 1) The Internet viruses and worms are very dangerous. They can destroy your files, paralyze the work of many people and reduce productivity. They can slow down Internet traffic and cause damages to computer systems. Nothing will be able to guarantee your information security 100 %.
However, you should keep your anti-virus databases up to date and close the gates to viruses before they infect your system. Bibliography: Landesman, Mary. (No date). What is a virus? Newsletter Act Now! < web > [ 2005, Feb. 13 ]. Master Glossary. (1997). Online Dictionary of Computing. < web > [ 2005, Feb. 13 ]... (1999, July 18).
Computer Virus FAQ for New Users. < web > [ 2005, Feb. 13 ]. Techman, Tim, (2002). Technical Support. The Klez. h Attack! < web > [ 2005, Feb. 13 ]. The Visious World of Viruses and Worms Website (No date).
Recent Viruses. < web > [ 2005, Feb. 13 ]. US-CERT Website. (2004). W 32 /MyDoom. B Virus. < web > [ 2005, Feb. 13 ]. Vamosi, Robert. (2003, Feb. 3).
How the feds failed us when Slammer attacked. < web > ZDnet Website. [ 2005, Feb. 13 ]. Waggner, Mitch. (2002, Dec. 6). TechWeb: Klez virus year's biggest. InternetWeek.
com, InformationWeek < web > [ 2005, Feb. 13 ]. Williams, M. (2003). Spread of Slammer Worm Slows. Investigators are searching for the source of the worm that caused major disruptions to Internet service over the weekend. < web > [ 2005, Feb. 13 ]. Worm Definition. (No date). Worm.
Cheap 56 Website. < web > [ 2005, Feb. 13 ].
Free research essays on topics related to: internet explorer, computer virus, outlook express, sql server, anti virus
Research essay sample on Outlook Express Anti Virus