In recent years viruses are the biggest threat to computer systems and the main cause of economic losses in business. It stressed the importance of avoiding pan ic and to understand that viruses are controllable, and that it is possible that our computer never suffers a serious infection. For this reason, the Research D epartment of the Instituto Argentino de Computación (IAC) gives information to k now how the virus originated, what damage may occur on our computer, and how to fix it. The first computer virus that reached a high level of dispersion appeare d during the 80s. When all this started, who wrote those first viruses were expe rt programmers, who knew in depth programming languages such as Assembler low an d the processor architecture. The limited availability of memory and processing speed the time required highly efficient programs to be able to hide in that con text. Today, it takes a lot less knowledge to write a virus, can be generated wi th any single programming tool, as contained in the Word or Excel. In addition, with the help of over 35,000 web sites that exist in Internet hacking. Another p oint which has promoted the progress of the virus is its way of infection, which initially was made dispersal through the exchange of floppy disks or other phys ical media, but today thanks to the Internet, a newly developed virus in Japan c an infect thousands of computers worldwide in a matter of seconds. 2. What harm can a virus in my system? • Software or modification of programs to stop working or modification of progra ms to run incorrectly or the data modification or elimination of programs and / or End the data or free space on hard drive or make the system work more slowly Theft of confidential information or Hardware or BIOS or Quemado Erasing the fal se information processor temperature sensor or break the hard disk to read it re peatedly forcing their specific sectors mechanical operation • How do viruses spread? • • • • • • Floppy disks or other removable storage media pirate software on dis kettes or CDs Computer Networks E-mail messages downloaded from the Internet Sof tware demonstration and test discs free Symptoms that indicate the presence of Virus • • • • • • • • • • • Changes in the length of the program changes the date and / or time delays files to load a program operation of the system slower reductio n in memory capacity and / or hard disk bad sectors on floppy disks activity unu sual error messages on the screen strange failures in implementing the program f ails to boot the computer time scriptures out of disk 3. Types of Computer Virus infection by destination Oo executable file infectors affect extension files EXE, COM, BAT, SYS, PIF, DLL , DRV direct infectors The infected program must be running for the virus to function (keep infecting a nd execute their destructive actions) Memory resident infectors The infected program does not need to be running, the virus stays in memory and stays resident infecting each new program implemented and executing its routine destruction Boot sector infectors Both hard drives and floppies contain a boot sector, which contains specific inf ormation regarding the format of the disk and the data stored in it. It also con tains a small program called Boot Program that runs when you boot from that disk and is responsible to seek and execute files on the disk operating system. This program is showing the famous message "Non-system Disk or Disk Error" if you do not find the operating system files. This is the program affected by the boot s ector virus. The computer is infected with boot sector viruses when you try to b oot from an infected floppy disk. At this time the virus runs and infects the bo ot sector of hard disk, floppy disk then each used to infect the PC. Importantly , as each disk has a boot sector, it is possible to infect the PC with a floppy disk that contains only data ..... Macro viruses Viruses are most popular today. Not be transmitted through executable files, but through the application documents that have some type of macro language. These are all belonging to the Office package (Word, Excel, Power Point,Access) and C orel Draw. When one of these infected files are opened or closed, the virus take s control and copies the template basis of new documents, so that they are infec ted all files open or create in the future ... The macro languages such as Visual Basic For Ap plications are very powerful and have capacity to change the operating system se ttings, delete files, send e-mails, etc. Active Agents and Java Applets In 1997, there are Java applets and Active controls. These little programs are r ecorded in the user's hard drive when connected to the Internet and run when the website on which you sail so requires, be a way to run routines without having to consume bandwidth. The virus developed with Java applets and Active controls access to the hard drive via a www connection so that the user does not detect. It can be programmed to delete or corrupt files, monitor memory, send informatio n to a website, etc. HTML A more efficient mechanism of infection than the Java applets and Active control s appeared in late 1998 with the virus that include its code in HTML files. Just connect to the Internet, any HTML file on a web page can contain and execute a virus. This strain was developed in Visual Basic Script. Attacked for Win98 user s, 2000 and the latest versions of Explorer. This is because they need the Windo ws Scripting Host is active. Potentially can delete or corrupt files. Trojans / Worms Trojans are programs that mimic useful programs or implementing some kind of act ion seemingly harmless, but that hides the user is running the malicious code. T he Trojans do not fulfill the role of self-reproduction, but they are generally designed so that its content is the same user in charge of the task of spreading the virus. (Usually they are sent by e-mail) 4. Computer Virus Types for their actions and / or mode of activation Pumps Are named the virus running its harmful action as if they were a bomb. This mean s that are activated seconds after the system being infected or after a certain time (time bombs) or some type of verifiable logical condition of the equipment. (Logic bombs). Examples of time bombs are viruses that are activated by a certa in date or time specified. Examples of logic bombs are viruses that are activate d when the hard drive only 10% is left unused, etc. Chameleons A variety of viruses are similar to Trojan horses that act like other similar pr ograms, in which the user trusts, while in reality they are doing any damage. Wh en properly programmed, chameleons can perform all the functions of legitimate p rograms to be replaced (they act as a product demonstration programs, which are simulations of actual programs). A chameleon software could, for example, emulat ing a program access to remote systems to take all the actions they perform, but as an additional task (and hidden from users) is a file stored on different log ins and passwords so that later can be recovered and used illegally by the virus writer chameleon. Widgets The players (also known as rabbit-rabbits) are played steadily once they are ful ly implemented, while supplies last (and their offspring) the disk space or syst em memory. The only function of this type of virus is to create clones and throw to run for them do the same. The purpose is to exhaust the resources of the system, especially i n a networked multi-user environment, to the point that the main system can not continue normal processing. Worms (Worms) Worms are programs that constantly travel through an interconnected computer sys tem, PC to PC, without necessarily damaging the hardware or software systems tha t visit. The main function is to travel secretly through home teams collect cert ain information set (such as password files) to send to a particular computer to which the virus writer has access. Backdoors are also known as remote administration tools hidden. These are progra ms that can remotely control the infected PC. They are usually distributed as a Trojan. When such a virus is executed, it installs into the operating system, wh ich monitors without any message or query to the user. Not even see it in the li st of active programs. The Backdoors allow the author to take full control of th e infected PC and thus sendreceive files, delete or modify, display messages to the user, etc ... more normal rates: Virus "funny" are usually humorous messages on the screen, or make some kind of interference (Flip, The Fly) that at best causes some discomfort and some smiles . Virus "time-bomb": The time bombs are often viruses that are activated on a ce rtain day at a certain time, or where there a number of specified circumstances (Friday 13 Bars). They are usually made by people dissatisfied with their compan y, they leave to go and come several months after the consequences, which are us ually loss of data, erasing hard drives or machine breakdowns. Trojan Horses: Tr aveling in the executables, and its mission is infesting whole hard disk or disk ette that comes into their hands, to be transmitted. Its effects depend on the b ad milk than scheduled. Macro virus: While a virus such as "Trojan Horse" (Troja ns in English) travels in the *. COM and *. EXE, macro viruses are actually macr os or assistance from the most popular word processors, which may be transmitted in a letter, a text, and even email. Usually affect word processors used. Colla pse of the system Virus: Its mission is to halt the system, and he uses every po ssible weapon, such as destroying the partition table, reformat the disk or dama ge the boot sectors. Backdoors: Enjoy the weaknesses of the programs for access to Internet, mail servers and other programming errors (such as the famous hole Cuartango). In this way, can manage your machine remotely, steal data or even ma ke us conveyers of virus without know. One of the most damaging lately is the "Back Oriffice." . 5. Strategies used by the virus infection Addition or joint: The virus code is added to the end of the file to infect, start modifying the fi le structure so that the control passes the virus program before running the fil e. This allows the virus execute its specific tasks and then turned over to the program. This generates an increase in file size which allows easy detection. Insertion: The virus code is hosted on unused areas of code or data segments to the file si ze does not vary. This will require very advanced programming techniques, so it is not often used this method. Reorientation: It is a variant of the above. It introduces the main code of the virus in natura l areas of the hard disk that are marked as defective and files are implanted sm all pieces of code that call the main code to run the file. The main advantage i s that no matter the size of the body of the virus file can be quite important a nd have a lot of functionality. Its elimination is quite simple as just rewrite the sectors marked as faulty. Polymorphism: This is the most advanced method of transmission. The technique involves inserti ng the virus code into an executable file, but to avoid increasing the size of t he infected file, the compact part of the virus code and the code of the host fi le so that the sum of both is equal to the size original file. When run the infe cted program, serving first unpacked the virus code in memory necessary portions . A variant of this technique allows the use of dynamic encryption methods to av oid detection by antivirus solutions. Substitution: This method is more coarse. It is to replace the original code of the virus file . When you run the desired file, the only thing that runs is the virus, to cover this procedure reported some type of error with the file so that we think the p roblem is the file. Examples of viruses and their actions • • • • Happy99: sent by mail program, opens a window with fireworks. Manipulate Internet connectivity. Melissa: Word macro viruses. It sends itself via email. Damages all. Doc Chernobyl (W95.CIH): Delete the first Mb of HD, where the FAT. Requires reformatting the HD. Also try to rewrite the BIOS of the PC making it n ecessary to change the mother. Activated on 26 April. Michelangelo: boot sector virus. Activated on 6 March. On writing the FAT, leaving the disk unusable. • • • • WinWord.Concept: macro virus that infects the Normal.dot template. Message pops up on the screen and malfunction of Word. FormatC: Trojan that infects the Word, when you open an infected file format the hard disk. Back Orifice2000 (BO2K): F unctional is a virus and used to steal information.Allows you to remotely contr ol the infected PC or server, with the ability to steal information and alter da ta. VBS / Bubbleboy: Trojan running without opening an attachment, and is activa ted immediately after the user opens the mail. It does not generate serious prob lems. 6. Fake virus: Hoax What are they? Hoaxes Examples: Join The Crew, Win a Holiday, Solidarity with Brian What not to do? Answer these chains, because it creates saturation mail servers, and also are us ed to raise e-mails and then sending advertisements. Email Bombing and Spamming Description E-mail bombing is repeatedly sending the same mail to a particular a ccount. E-mail spamming is a variant of bombing, is sending e-mail to hundreds o r thousands of users. The problem is increased if someone responds the message t o everyone. Spamming and bombing can be combined with e-mail spoofing, which is to alter the sender address of the recipient, making it impossible to know who o riginated the chain. When a large number of messages are directed to one server, it can suffer a DoS (Denial of Service), or the system crash as a result of usi ng all server resources, or fill in the discs. What can you do? In principle it is impossible to prevent since any user can e-mail spam any e-ma il account, or user list. Must be enabled message filtering options setpoints Pr actice of message filtering options What not to do? Answer these chains, because it creates saturation mail servers and are also use d to raise e-mails and then sending advertisements. What to do if you receive? Do not open it unless you need the contents in this case, burn it to the HD firs t and then wipe with a virus. What if you must send it? If a text document burn RTF Otherwise you run your antivirus software before you attach the file What is it? Pages with XML, Java, Active objects, etc. When you run? When viewing the page How can I protect myself? Only you can limit risk with options on the Security Zone used. Practice change security settings ..... Malicious Web scripts What are they? A script is a type of computer program used in the programming of websites. (Eg, Javascript, Perl, Tcl, VBScript, etc). A script is in text commands. Each time the browser receives these commands, interprets and executes them. This means th at a script can be included in any web page as if it were text. In principle a s cript is not necessarily a malicious program, but used his evil purpose function ality. How do I get? When visiting a web page containing a script in your code. What can you do? Monitor the user's session, copy personal data to a third site, locally run prog rams, read cookies from the user and forward them to a third party, etc. and all this without the user knowing at all. How do you solve this problem? Disabling all scripting languages in the browser's security settings. How does my browsing this solution? Definitely going to limit their interaction with some websites. Every day more s cripts are used to provide the pages of a site for custom behavior and more dyna mic. Perhaps it is advisable to disable these options when visiting untrusted si tes pages. Introduction ANTIVIRUS There is a famous sentence of computer guru, Paul Mace, who says, "users can be divided into two classes: those who have already lost their data and those who a re about to lose." Well, if we apply this phrase to the world of computer viruse s, is that users can be divided into those who have suffered a virus attack and those who are about to suffer. Do we want to do something to prevent your data b eing destroyed by these malicious programs? Here you will find additional inform ation on the most advanced programs to combat computer viruses that have called generically "anti-virus programs." . Who needs an antivirus? There are several factors to consider, but the main ones are: The danger of havi ng run a virus attacks. The value of data stored on your computer. If any of these points is important, then a good antivirus is essential. If our Computer Science and programming skil ls are limited, it is sufficient to get a program that eliminates the specific p roblems that appear, or simply one that warns of an abnormal situation. The foll owing describes each of the general and particular characteristics of some anti- virusso that we can see which best fits our needs. Virus Types Antivirus programs can be divided into four types: Detectors: detect the presence of known viruses and warn the user to take action against them. This is the simplest type of antivirus. Re movers / Repairers: Also known as "matavirus." In addition to detecting the pres ence of a virus, you can remove infected files or disk boot area, leaving the pr ograms in their original state. This is not always possible, and since some viru s overwrites part of the original code of the infected program. Protectors: Also known as "prevention programs" or "immunized." Anticipate the infection of any virus, Trojan horse, or voluntary action involuntary destruction of data (for ex ample, a FORMAT C:), remaining resident in memory of the computer and monitor th e implementation of program operations, copying files, formatting records, etc.. They tend to be very sure that programs can usually detect new viruses and prev ent the action of Trojan horses and logic bombs. Vaccine Programs: add code to a n executable file so that it is self-checking to run, or calculate and store a l ist of checksums in a certain part of the disc. Such programs often have compati bility problems. Before turning to the individual analysis of each product and c onclusions, indicate the most important characteristics to consider (and what pr oducts stand out in each field). To start, a good antivirus should be able to de tect more virus, the better. While a few years ago we had news on countries beyo nd the seas in which there was a virus very rare that we knew they would never get to Spain, we are now in the era of T elecommunications and the Internet, so that through a simple e-mail may come a v irus. This means that before we could have an antivirus that would detect known viruses from 1940 to 1950 in our country and we were covered, but today is not s o. A virus is currently required to be able to detect everything and have been, and even their mutations. With regard to suspicious situations, once was not nee ded as much protection. But today, we know that viruses are capable of encrypted , modify Windows registry information to hide, change date and time, etc. It is necessary that the antivirus is always hanging these little details, even when w e that we make these changes. For this program are residents who are part of the anti-virus are loaded onto the computer's memory in order to monitor each and e very one of the movements of the computer, or the programs we run. Such protecti on is usually necessary but, Oh! With such monitoring, machine performance can p lummet. Another added value to the virus today is being able to monitor the proc esses of the Internet, since today is very common for E-Mail infested can come a nd send the files to other users. Such is the case of the famous Melissa virus, which has done much damage. A good antivirus should be able to check e-mails, an d monitor a possible management of your machine by someone at the other end of t he Internet. Another thing: While years ago it was enough to turn off the antivi rus can detect viruses in *. COM and *. EXE, which was the only way to deliver a virus we all know that Windows DLL also carry executable code inside, and that may also be a virus in a program which in turn is compressed with ZIP or ARJ. To decompress a file to scan its interior is now a basic and indispensable option. Finally, for some time have become fashionable macro viruses hidden in Word, Vi sual Basic and even Java applets, so it is essential to check all these things. . Anyware Antivirus The Anyware security package, completely developed in Spain by pioneers in the f ight antivirus, includes several modules: AnyScan, a virus detector, AnyProtect, a protector and Endvirus system that detects and removes known viruses. The ful l package also includes opportunity for new virus updates as they appear AnyProt ec is the first security measure that can detect a lot of viruses on the fly as files are executed or copied. It has 16 levels of security, including detection of unauthorized access to the disk, try to stay resident programs, modification of interruptions, etc.AnyScan is capable of detecting a large number of viruses by searching the entire disk. It is specially designed to detect the most wides pread virus in Spain as well as the most widespread and dangerous in the world. It has a convenient drop-down menu system, and includes an impressive database o f information about each virus, with its characteristics and forms of action. Fo r the elimination of the virus, Endvirus, along with antivirus modules, allowing them "clean" files infected by known viruses. The package includes technical su pport, free monthly updates (12 in total) and Web access to information. The hig h price / performance ratio of this product have made him one of the best in the comparative test Antivirus Measures No one who uses computers is immune to computer viruses. An antivirus program is good it becomes obsolete very quickly to new viruses that appear every day. • • • • • • • • • • • Disable booting from floppy setup to not run boot virus. Disa ble file and printer sharing. Analyze all the antivirus file received by e-mail before opening it. Update antivirus. Enable macro virus protection of Word and E xcel. Be careful when downloading files from Internet (Consider whether it is wo rth the risk and if the site is secure) Do not send your personal or financial i nformation unless you know who makes the application and necessary for the trans action. Do not share disks with other users. Do not give anyone your passwords, even if they call it the Internet or other service. Teach your children safety p ractices, particularly the delivery of information. When you make a transaction make sure to use an SSL connection under • • • Write-protect the Normal.dot file Distribute RTF files instead of DOCs Back up MADE BY: - LEON RAMOS MARILUZ - ELIZABETH CHUQUIYAURI LLIUYACC Huancavelica 28 JUNE 2007