Tag: Computer virus

When did viruses, Trojans and worms begin to pose a threat?

When did viruses, Trojans and worms begin to pose a threat?

Most histories of viruses start with the Brain virus, written in 1986. But that was just the first virus for a Microsoft PC. Programs with all the characteristics of viruses date back much farther. Here’s a timeline showing key moments in virus history.

1949 Self-reproducing “cellular automata”

John von Neumann, the father of cybernetics, published a paper suggesting that a computer program could reproduce itself.

1959 Core Wars

H Douglas Mcllroy, Victor Vysottsky, and Robert P Morris of Bell Labs developed a computer game called Core Wars, in which programs called organisms competed for computer processing time.

1960 “Rabbit” programs

Programmers began to write placeholders for mainframe computers. If no jobs were waiting, these programs added a copy of themselves to the end of the queue. They were nicknamed “rabbits” because they multiplied, using up system resources.

1971 The first worm

Bob Thomas, a developer working on ARPANET, a precursor to the Internet, wrote a program called Creeper that passed from computer to computer, displaying a message.

1975 Replicating code

A K Dewdney wrote Pervade as a sub-routine for a game run on computers using the UNIVAC 1100 system. When any user played the game, it silently copied the latest version of itself into every accessible directory, including shared directories, consequently spreading throughout the network.

1978 The Vampire worm

John Shoch and Jon Hupp at Xerox PARC began experimenting with worms designed to perform helpful tasks. The Vampire worm was idle during the day, but at night it assigned tasks to under-used computers. 

1981 Apple virus

Joe Dellinger, a student at Texas A&M University, modified the operating system on Apple II diskettes so that it would behave as a virus. As the virus had unintended side-effects, it was never released, but further versions were written and allowed to spread.

1982 Apple virus with side effects

Rich Skrenta, a 15-year-old, wrote Elk Cloner for the Apple II operating system. Elk Cloner ran whenever a computer was started from an infected floppy disk, and would infect any other floppy put into the disk drive. It displayed a message every 50 times the computer was started.

1985 Mail Trojan

The EGABTR Trojan horse was distributed via mailboxes, posing as a program designed to improve graphics display. However, once run, it deleted all files on the hard disk and displayed a message.

1986 The first virus for PCs

The first virus for IBM PCs, Brain, was allegedly written by two brothers in Pakistan, when they noticed that people were copying their software. The virus put a copy of itself and a copyright message on any floppy disk copies their customers made.

1987 The Christmas tree worm

This was an email Christmas card that included program code. If the user ran it, it drew a Christmas tree as promised, but also forwarded itself to everyone in the user’s address book. The traffic paralyzed the IBM worldwide network.

1988 The Internet Worm

Robert Morris, a 23-year-old student, released a worm on the US DARPA internet. It spread to thousands of computers and, due to an error, kept re- infecting computers many times, causing them to crash. 

1989 Trojan demands ransom

The AIDS Trojan horse came on a floppy disk that offered information about AIDS and HIV. The Trojan encrypted the computer’s hard disk and demanded payment in exchange for the password.

1991 The first polymorphic virus

Tequila was the first widespread polymorphic virus. Polymorphic viruses make detection difficult for virus scanners by changing their appearance with each new infection.

1992 The Michelangelo panic

The Michelangelo virus was designed to erase computer hard disks each year on March 6 (Michelangelo’s birthday). After two companies accidentally distributed infected disks and PCs, there was worldwide panic, but few computers were infected.

1994 The first email virus hoax

The first email hoax warned of a malicious virus that would erase an entire hard drive just by opening an email with the subject line “Good Times”.

 1995 The first document virus

The first document or “macro” virus, Concept, appeared. It spread by exploiting the macros in Microsoft Word.

1998 The first virus to affect hardware

CIH or Chernobyl became the first virus to paralyze computer hardware. The virus attacked the BIOS, which is needed to boot up the computer.

1999 Email viruses

Melissa, a virus that forwards itself by email, spread worldwide.Bubbleboy, the first virus to infect a computer when email is viewed, appeared.

 2000 Denial-of-service attacks

Distributed denial-of-service” attacks by hackers put Yahoo!, eBay, Amazon and other high profile websites offline for several hours.Love Bug became the most successful email virus yet.

2000 Palm virus

The first virus appeared for the Palm operating system, although no users were infected.

2001 Viruses spread via websites or network shares

Malicious programs began to exploit vulnerabilities in software, so that they could spread without user intervention. Nimda infected users who simply browsed a website. Sircam used its own email program to spread, and also spread via network shares.

 2003 Zombie, Phishing

The Sobig worm gave control of the PC to hackers, so that it became a “zombie”, which could be used to send spam.The Mimail worm posed as an email from PayPal, asking users to confirm credit card information.

 2004 IRC bots

Malicious IRC (Internet Relay Chat) bots were developed. Trojans could place the bot on a computer, where it would connect to an IRC channel without the user’s knowledge and give control of the computer to hackers.

2005 Rootkits

Sony’s DRM copy protection system, included on music CDs, installed a “rootkit” on users’ PCs, hiding files so that they could not be duplicated. Hackers wrote Trojans to exploit this security weakness and installed a hidden “back door.” 

2006 Share price scams

Spam mail hyping shares in small companies (“pump-and-dump” spam) became common.

2006 Ransomware

The Zippo and Archiveus Trojan horse programs, which encrypted users’ files and demanded payment in exchange for the password, were early examples of Ransomware.

 2006 First Advanced Persistent Threat (APT) identified

First coined by the U.S. Air Force in 2006 and functionally defined by Alexandria, Virginia security firm Mandiant in 2008 as a group of sophisticated, determined and coordinated attackers. APTs are equipped with both the capability and the intent to persistently and effectively target a specific entity. Recognized attack vectors include infected media, supply chain compromise and social engineering. 

2008 Fake antivirus software

Scaremongering tactics encourage people to hand over credit card details for fake antivirus products like Antivirus 2008.

2008 First iPhone malware

The US Computer Emergency Response Team (US-CERT) issues a warning that a fraudulent iPhone upgrade, “iPhone firmware 1.1.3 prep,” is making its way around the Internet and users should not be fooled into installing it. When a user installs the Trojan, other application components are altered. If the Trojan is uninstalled, the affected applications may also be removed.

2009 Conficker hits the headlines

Conficker, a worm that initially infects via unpatched machines, creates a media storm across the world.

2009 Polymorphic viruses rise again

Complex viruses return with a vengeance, including Scribble, a virus which mutates its appearance on each infection and used multiple vectors of attack.

2009 First Android malware

Android FakePlayerAndroid/FakePlayer.A is a Trojan that sends SMS messages to premium rate phone numbers. The Trojan penetrates Android-based smartphones disguised as an ordinary application. Users are prompted to install a small file of around 13 KB that has the standard Android extension .APK. But once the “app” is installed on the device, the Trojan bundled with it begins texting premium rate phone numbers (those that charge). The criminals are the ones operating these numbers, so they end up collecting charges to the victims’ accounts.

2010 Stuxnet

Discovered in June 2010 the Stuxnet worm initially spreads indiscriminately, but is later found to contain a highly specialized malware payload that is designed to target only Siemens supervisory control and data acquisition (SCADA) systems configured to control and monitor specific industrial processes. Stuxnet’s most prominent target is widely believed to be uranium enrichment infrastructure in Iran.

2012 First drive-by Android malware

The first Android drive-by Malware is discovered, a Trojan called NotCompatible that poses as a system update but acts as a proxy redirect. The site checks the victim’s browser’s user-agent string to confirm that it is an Android visiting, then automatically installs the Trojan. A device infected with NotCompatible could potentially be used to gain access to normally protected information or systems, such as those maintained by enterprise or government.

My Technorati Claim Token : 5E93YY3UTKZ7

Source: sophos

Computer Virus

Computer Virus:  Like most people, you run a Windows-based operating system (or perhaps something else), you run anti-virus software. Perhaps you’re even diligent about keeping your virus definitions up-to-date. Are you completely protected against viruses?  Of course not. Let’s examine what viruses and Trojans are, and how they find their way onto your computer. We all have heard the terms Virus, Worms, Trojans and spyware but only a few of us know the difference between them. We generally consider everything that is detected by an antivirus as virus but this is not the case. All these can be harmful to your computer hardware and software. To differentiate all these terms from each other. let’s start with the introduction to viruses.

Virus: A virus is a self-replicating program that attaches itself to an executable file. When  the file is executed the virus automatically gets executed and enters into the system memory .Once it enters into the system memory it either searches for other files that can be infected or stays in the background and infects the files that  uses the virus infected program.

Worms: Worms are very similar to viruses but differ in way that they do not bind themselves to executable files instead they uses the network to replicate themselves. If you find excessive use of your network bandwidth then you may be infected by a worm. So, a worm does not require a user to execute any file for its execution it can work without user intervention.

Trojan horse: A Trojan horse is harmful program which may seem harmless to the user before its installation but instead it is programmed or reverse engineered to facilitate unauthorised remote access to the computer. Trojan’s do not replicate themselves.

  The name Trojan horse comes from that fateful episode in the novel The IliadThe limitation of Trojans is that the user needs to be convinced to accept/run them, just as the Trojans had to first accept the Greek gift of the wooden horse, in order for them to have their way. So they are typically mislabeled, or disguised as something else, to  fool the user into running them.

Spyware: A spyware is a program that secretly monitors and collects pieces of information. It usually runs in stealth mode and cannot be detected easily. Key loggers is a great example of spyware software. It is not limited to just spying but can also send data to remote computers.

Rootkit:  A rootkit is a collection of tools (programs) that enable administrator-level access to a computer or computer network. Typically, a cracker installs a rootkit on a computer after first obtaining user-level access, either by exploiting a known vulnerability or by cracking a password. Once the rootkit is installed, it allows the attacker to mask intrusion and gain root or privileged access to the computer and, possibly, other machines on the network.

A rootkit may consist of spyware and other programs that: monitor traffic and keystrokes; create a “backdoor” into the system for the hacker’s use; alter log files; attack other machines on the network; and alter existing system tools to escape detection.

If a rootkit is detected, however, the only sure way to get rid of it is to completely erase the computer’s hard drive and reinstall the operating system.

Botnets: Once users’ computers are infected with viruses, the computers are turned into “zombies”. These computers, serving as “Bots” controlled by hackers, are used to send a large number of forged data packets or junk data packets to the pre-defined target for launching a DOS (Denial-of-service ) attack. As a result, the attacked target breaks down.

 Grayware: The spyware and rogue software are software designed by certain immoral companies to collect users’ habits in browsing Web pages for working out their advertisement push policies. The grayware does not harm computers greatly. The privacy of victims, however, is compromised and collected by others. Once being installed, the gray-ware cannot be deleted or uninstalled normally. For example, advertisement software designed for the Internet Explorer can change and lock default homepages automatically, and load the toolbars of advertisement companies.

 Malware: Malware is mischief. Malware is not infectious, but can also lead to serious consequences. For example, when certain malware is run, hard disks are formatted automatically, which causes the great losses of users’ important data.

 Features of Computer Viruses:

  • Destructive  

               When a computer is infected with viruses, normal programs cannot be run, and important data may be damaged or stolen. Thus, huge losses are caused.

  • Infectious

                     Computer viruses are destructive as well as infectious. The infectivity is more harmful. Once viruses are reproduced or virus variations are generated, the spread speed is rather fast. The viruses are hard to be defended. Viruses can spread through multiple means such as storage media and networks. Among them, the network becomes a major means of virus spread.

  • Covered

                   Computer viruses are well-covered. For common users, computer viruses are difficult to sense.

  • Latent

                   Certain viruses have “latent periods”. These viruses burst out sometime in the future. For example, in 1999, CIH viruses damaged the BIOS. The CIH viruses burst out on April 26 every year. If latent periods of viruses are long, viruses can exist in systems for a long time. Thus, the infectious scale of viruses is large.

Basically, viruses are programs that the programmer designed to do something you generally would not want to have happen if you were aware of their function. These programs usually get onto your computer through some sort of trickery. They pretend to be something else, they’re attached to a program you wanted, or they arrive on media you inserted without knowing it was infected. They can also be placed by a remote attacker who has already compromised your security.

How does anti-virus software work? Before program execution can take place, the anti-virus software will scan the program or media for “bad things,” which usually consist of viruses, Trojans, and even a few potential hacker tools.

               Keep in mind, though, that your anti-virus software vendor is the sole determiner of what to check for, unless you take the time to develop your own signature files. Signature files are the meat of most anti-virus programs. They usually consist of pieces of code or binary data that are (you hope) unique to a particular virus or Trojan. Therefore, if you get a virus that does not appear in the database, your anti-virus software cannot help you.

             So why is the process so slow? In order to produce a signature file, an antivirus vendor has to get a copy of the virus or Trojan, analyse it, produce a signature, update the signature file (and sometimes the anti-virus program too) and publish the update. Finally, the end user has to retrieve and apply the update. As you might imagine, there can be some significant delays in getting new virus information to end users, and until they get it they are vulnerable. You cannot blindly run any program or download any attachment simply because you run anti-virus software. Not so long ago, anti-virus software could usually be relied upon, because viruses propagated so slowly, relying on people to move them about via diskettes or shared programs. Now, since so many computers connect to the Internet, that connectivity has become a very attractive carrier for viruses. They spread via Web pages, e-mail and downloads. Chances are much greater now that you will see a new virus before your anti-virus software vendor does. And don’t forget that a custom virus or Trojan may be written specifically to target you at any time. Under those circumstances, your anti-virus software will never save you.

Steps to remove virus from computers: 

    1. If the computer is on then restart. Keep tapping F8 and start the computer simultaneously and select “safe mode with networking” from the Advanced Boot Menu by using the arrow keys and press the “Enter” key on the keyboard.

Note: The reason we go to safe mode is because, most viruses do not function in safe mode.   

                 

2. Delete Temp (temporary) files.

For Windows XP – Click on “start” button from the desktop and select “Run”. In the run text box type “%temp%” and press “Enter”.

For Windows Vista and Windows 7 – Click on “Windows logo” and on the search box just above the Windows logo, type “%temp%” and press “Enter”.

Now the “Temp” folder will open. Select all the files and press Shift + Delete to delete the files.

3. Delete prefetch files.

For Windows XP – Click on “start” button from the desktop and select “Run”. In the run text box type “prefetch” and press “Enter”.

For Windows Vista and Windows 7 – Click on “Windows logo” and on the search box just above the Windows logo, type “prefetch” and press “Enter”.

Now the “Prefetch” folder will open. Select all the files and press Shift + Delete to delete the files.

4. In Windows XP , MS Removal Tool is running or keeps popping up, look for them in the task manager and close it. Also, you can disable them in services. To access services follow the steps below:

For Windows XP – Click on “start” button from the desktop and select “Run”. In the run text box type “services.msc” and press “Enter”.

For Windows Vista and Windows 7 – Click on “Windows logo” and on the search box just above the Windows logo, type “services.msc” and press “Enter”.

5. Download the free version of Malwarebytes and run a virus scan. Following the scan if there is any infection it will show and give you the option to delete . After you remove the virus, it may ask you to restart.

6. If Malwarebytes does not help, then try Hitman pro. Before downloading check whether the system is 32 bit or 64 bit as Hitman Pro has different version for 32 bit and 64 bit.

7. Try TDS Killer from Kaspersky. Download TDS Killer.exe file and run a scan for Rootkits.

8. Try Combofix. It is a freeware but  very good software to remove virus. It is available for free download. While you run Combofix you may lose Internet connection temporarily.

9. You may also try SuperAntispyware. You may try this only when none of the other software given here helped.

10. If you are unable to run or access the computer even in safe mode then create a new user account and login to that. Now start running the software. If they do not detect anything, go to the user account which is affected and look for suspicious files. Confirm with the user, if they are aware of such file, if not, delete it. Then try going to the affected user account and run the anti virus software.

11. If after virus removal, you face issues with file association or running .exe files on Windows XP, then try the tweaks from Kellys Korner XP.

12. If nothing works and severe damage is done. Then we have two options left:

  • If there is important data on the computer then you should take the hard disk to a local vendor to check if the data can be backed up. Then perform a clean installation of operating system. That is, you should format your hard drive and install your Windows OS again.
  • If there is no important data, then you can go ahead and do a clean installation of Windows OS.
source: Huawei Symantec,Hack Proofing Your Network,pctipstricks