A computer virus is a malicious program that can spread and infect other computers by modifying or corrupting data, changing the way the computer’s hardware or software operates, or booting from a floppy disk. They are called “computer viruses” because they replicate to other computers like real biological viruses spread from one person to another.
Computer viruses generally come in five different types: macro viruses, file infectors, system infectioners, boot sector infections and web application infections. The first four types of computer virus are initiated by programs with an .exe extension. Web-based applications are not executable programs but rather scripts written in script languages such as JavaScript that run on a web browser.
The first Computer Virus:
The first computer virus was Elk Cloner, written in 1981 by Richard Skrenta while he was a high school student. In 1983 Fred Cohen wrote a paper about self-reproducing computer programs and later coined the term “virus”. The first IBM PC compatible virus, Chess, appeared in 1986. A year later, Brain was detected in the Indian subcontinent but failed to spread further due to its limited payload. Another IBM compatible called Cascade was recovered from an Iranian nuclear facility in 1987.
File Viruses:
File viruses infect files on a computer’s hard disk drive or other storage media such as floppy disks, CDs or DVDs. Macro viruses infect application software such as Microsoft Office documents or HTML documents. System viruses infect operating systems with security vulnerabilities. Boot sector viruses infect the boot sector of a hard disk drive and spread from one computer to another when programs on the target computer execute from an infected floppy disk or similar medium. The first known virus affecting the PC was “Whack a mole”, written in 1986 by Gary Schwartz. They are named “mole” because they can simulate many instances of the virus.
Zombie Computers:
A zombie computer is a computer infected by a virus without being physically accessed by a user or networked remote control. Once infected, the virus compiles and executes instructions within its own memory space, thereby allowing it to perform actions that would not normally be possible for it in its normal state. A compromised computer can be commanded by the virus to transmit information to a remote location. This is the primary means of infection for viruses such as Conficker that do not utilize an existing network, but rather depend on computers spread throughout the world for infection.
There are three common methods of detecting if a computer is infected with malware. The first and most effective way is running an anti-virus program, which uses signatures and heuristics to detect and remove malicious code. The second method is using a file scanner or online scanner, which scans a computer’s hard drive or network for any suspicious content, especially files that have been downloaded from the Internet. The third method is using a live Linux CD with virus scanners, such as Ubuntu, or bootable antivirus CDs like the Live CD Companion or the Ultimate Boot CD.
Other Viruses:
Viruses are circulated via e-mail and other files. They can also be transmitted from person to person on removable media, such as floppy disks, CDs, USB flash drives and e-books. Even if the files are deleted from the computer it is not always possible to completely remove the virus or other malware. Viruses can also infect files that are downloaded automatically by browsers and file sharing programs such as peer-to-peer file sharing software. Another method of infection is by visiting websites harboring viruses.
Other viruses now act covertly, and perform a number of other functions that do not directly cause harm to computers. These viruses are referred to as “Trojan Horses”, “worms” or “spyware”. Microsoft’s operating system is no stranger to malware. However, Microsoft does take action against spyware, such as the recent removal of the Windows Registry Editor FakeAV. The vast majority of computer viruses are created by illicit software vendors.
Botnet:
A botnet (also known as a zombie network or botnet) is a computer network of infected machines usually used in denial-of-service attacks and distributed denial-of-service attacks (DDoS). A botnet can be created by using a virus to infect other computers on the Internet and then used in order to overwhelm an Internet server with traffic. The bot is a form of malware that takes over a large number of computer servers by recording keystrokes, passwords, and other data from infected computers. The infected servers are then used in sending network-based spamming messages, flooding email addresses with junk email, or initiating DDoS attacks against websites.
Botnets can be created by using a worm to alter the operating system’s Boot sector, which keeps track of running processes. When a computer loads the new operating system, the worm automatically creates another botnet for each computer that is infected. It is estimated that there are 300 million computers globally that are infected with viruses from malicious software distributors. Today a computer can be infected with a virus by visiting 20 different websites, being bitten by 15 different spiders and scared to death by 25 animated bugs.
Computer Viruses and Intimidation:
Computer viruses may also be used for other purposes such as political activism or terrorism. Viruses have been used to trigger social and political change. The virus can be programmed to stop spreading at a certain date or after a certain number of infections.
The first computer virus was created by Richard Skrenta, who used it as a weapon in his search for computer security loopholes.
Computer viruses have also been used to initiate cyberattacks for political or ideological reasons. An example of this would be the DDoS attack on Estonian electronic infrastructure conducted by Russian sympathizers as an act of protest against the removal of the Soviet war monument “The Bronze Soldier” on April 27, 2007. This was known as the “Troll War”. Another example of such an attack would be the Stuxnet worm, which infiltrated industrial computer systems and destroyed 1,000 centrifuges in Iran, as described by the New York Times. The worm was allegedly a joint effort of American and Israeli cyberwarfare units.
“Dot bomb”:
An “Internet dot-com” or “dot-bomb” is a colloquial term for one or more companies whose share price and market value were dramatically affected by the late 1990s internet craze. These companies received large amounts of venture capital funding and became highly valued on stock markets based primarily upon expectations of high growth potential for Internet services. The term was coined by combining the “Internet” with the “dot-com” boom, itself a reference to the .com top level domain.[
During the late 1990s, fueled by innovations and advancements within the World Wide Web, Internet service providers (ISPs) began to upgrade their networks from dial-up to broadband in anticipation of a great increase in Internet use. During that time, international venture capital firms invested heavily in new Internet-related companies. Investors were attempting to jump into what they thought would be a lucrative market as early as possible. In May 1997 alone, $22 billion was invested worldwide into companies such as Cisco and Yahoo!, compared to $12 billion raised during 1995 and 1996. By 1999, $60 billion was invested worldwide:
“In the early years of Internet trading, the easiest way to make a fast buck was to start a dot-com company. Venture capitalists cooked up a phenomenal number of them in the late ’90s. Virtually anyone with some technical awareness and some office space could become an overvalued dot-com.”
As the use of the Web exploded in 1997, companies began going public (IPOs — initial public offerings of stock) at extraordinary valuations. Known as “hot issues” or “hot IPO”s, these stocks were valued based on expectations that they would grow significantly. It was a speculative bubble, but the companies were relatively few in number and not all of them or their stock prices failed. In point of fact, in 1997 there were only 35 Internet IPOs.
Some people used “hot IPO”s as a short-term investment. It became possible to buy a stock at extremely high valuation based on past performance of the company, and sell it quickly at a loss before the company’s value declined. A paper by Doug Stumpf and Justin Wolfers found that “high-tech bubble finance” was highly correlated with negative social outcomes for other forms of long-term investing including retirement plans, houses, mutual funds, and individual portfolios. Stumpf and Wolfers found that, when the Internet bubble burst, funds and retirement accounts whose returns were in businesses related to the Internet such as consulting, hardware production and software sales declined by 2.6%, compared to an overall market return of 3.2%. When the market for high-tech stocks burst, even retirement plans for public sector employees declined in value by 5%.
File sharing:
File sharing is a method of distributing digital media such as videos or digital images over a networked environment. File sharing involves transferring digital files from one computer to another via the Internet. The practice has been controversial, with most rightsholders (who produce the material, such as music and film) and some network operators (who operate the Internet infrastructure) objecting to the distribution of copyrighted content without their permission.
The Recording Industry Association of America (RIAA), which represents record labels, is engaged in several high-profile lawsuits against individuals suspected of making music available illegally. These include cases of file sharing networks and individual users.
The RIAA’s anti-piracy campaigns have been heavily criticized by some public interest groups, such as Free Press and Public Knowledge, that question its legal basis and funding sources. They argue that the RIAA’s tactics may be illegal under U.S. law and accuse the association of using misleading statistics to exaggerate the scope of copyright infringement, deliberately scaring music customers away from Internet music stores such as iTunes and AmazonMP3 with threats of lawsuits, and attempting to obtain new legislation like the Inducing Infringement of Copyrights Act.
In 2001, Napster was sued by several record labels for allowing users to share files containing copyrighted material. The litigation was settled in 2002, with Napster agreeing to pay users who used the service for the prior two years and Judge Marilyn Hall Patel forbidding either party from discussing details of the settlement.
In 2003 Kazaa was sued by several record labels represented by the RIAA. The case was settled in 2004, with the parties agreeing to a monetary settlement. The details were not disclosed.
File sharing contains many risks for the people sharing the files: they can get sued by copyright owners, or by their Internet service provider for breaching copyright laws; they can get their network hacked, or lose access to the files they share when their network is hacked. However, file-sharing advocates say that online piracy from peer-to-peer networks is a serious problem that needs to be addressed via legal means rather than other methods. These advocates also believe that parents who restrict access to content on peer-to-peer networks may deprive children of the opportunity to learn about and enjoy different cultures.
In September 2002, Court of Appeals for the Second Circuit Judge Denny Chin, who was appointed by President Clinton, found that Internet providers can be held liable for copyright infringement related to file-sharing networks. The lawsuit was dismissed on the grounds that the Digital Millennium Copyright Act (DMCA) only protects copyrighted works that are owned or authorized by the copyright holder. That ruling was appealed to a higher court and affirmed in 2004; in 2005, Congress passed the Stop Online Piracy Act (SOPA), which would have allowed courts to shut down any website accused of piracy.[30] Although SOPA was not implemented, other bills such as PIPA and CISPA have since tried to address issues similar to those of SOPA.
Other novel types of malware:
Rootkits: Malicious software that is able to subvert the operating system, or kernel, or other software application (such as a database management system) to hide itself from detection. Rootkits are often installed by trojan horses; they are also a common way for a computer worm to gain administrative privileges.
Trojan Horses: A trojan horse is malware that installs itself on a host computer by pretending to be something useful or benign. These programs include many viruses and worms, but not all.
These programs include many viruses and worms, but not all. Rootkit: A type of Trojan Horse that hides itself from detection by the operating system and is able to subvert the operating system to hide itself from detection.
Worms: Software that propagates without human intervention (automatically) through a computer network. At least some worms can affect other hosts on the Internet as well as local area networks (LANs) or wide area networks (WANs), using port numbers. They may be spread by email, use file transfer protocols such as FTP , connect to an IRC chat room or peer-to-peer file sharing program, etc.
Visitor Input Manipulation: Malware that is placed into a web page by an attacker to trap the user into performing malicious actions, such as entering their password while in a session-hijacking phishing attack.
Malicious Mobile Code: Malicious programs capable of propagating themselves from computer to computer in computer networks and may even propagate from devices whose computers have been breached. These programs are capable of being spread using removable media, like USB thumb drives or floppy disks.
Rootkit: A type of backdoor which hides itself very well and at the same time does not allow any kind of detection. It is installed by rootkits or trojan horses.
Zero-Day Exploits: Zero-day exploits are computer security vulnerabilities that are exploited before the software developer or vendor know about them. Zero-day exploits can be used to attack any software applications, such as antivirus programs or web browsers.
Viruses (not technically a worm): A virus is a type of malicious software which may infect a system and then replicate itself, potentially causing damage to the system, files stored on it, or related systems. The term “virus” is also commonly but erroneously used to refer to other types of malware such as spyware, adware, and other types of malicious software.
Spam: A form of mass email in which the message is sent to many recipients with the goal of raising the recipient’s annoyance level. Common examples are commercial offers for products or services, and unsolicited advertisements. Some spam is malicious; it is typically transmitted by viruses or other types of malware or by an attacker looking for a way to acquire and spread other malware.
Some spam is malicious; it is typically transmitted by viruses or other types of malware or by an attacker looking for a way to acquire and spread other malware. Phishing: An attack where an attacker attempts to fraudulently acquire sensitive information such as a user’s bank account number, credit card number, Social Security number or password from the user.
Fraud: A malicious act which deceives a person or entity into believing that the act is real while it is in fact a deception.
Spamming: Sending unsolicited mass emails using commercial email lists for profit. The term spamming has come to have negative connotations because of the “spam” word that has been used in numerous other contexts.
phishing: A form of email fraud. It is used by attackers to attempt to acquire sensitive information such as bank account numbers, credit card numbers, Social Security numbers or passwords from the user.
Adware: Software installed on a computer that displays advertisements when it is running, typically in the form of pop-up windows or via push notifications. [47] Adware may be installed without the user’s knowledge, often bundled with another program (such as a game) or included by an employee in order to show advertising revenue for the employer.
Adware may be installed without the user’s knowledge, often bundled with another program (such as a game) or included by an employee in order to show advertising revenue for the employer. Spyware: Malicious software that gathers information about a computer user, often by covertly sending out data over the Internet. Programs designed to steal data from users are called keyloggers.
Programs designed to steal data from users are called keyloggers. Security Misconfiguration: An attack on a computer system due to a failure in the security features of that system.
Privacy:
Privacy, or more correctly secrecy, is the ability to keep private and control information. A person’s “private space” normally correlates directly to what that person knows about themself and what others know about that person; this concept is generally accepted as a universal human right.
In some cases, information can be shared between people without the consent or knowledge of the individual(s), such as in social media such as Facebook. Sharing private information with another or authorizing sharing violates an individual’s right to privacy.
There are many instances where privacy is violated by hacking into computer systems, both for criminal and non-criminal purposes. For example, hacking into a computer system may give an attacker access to information that had been hidden from the public, including personal information about a person (such as their Social Security Number) or other private data. However, hackers are often not criminals but rather computer security professionals who have been hired by criminals or companies to perform cyber-attacks on existing and potential targets. In some cases, hackers do not even know who they are working for or where their attacks may be targeted.
In the past, most electronic information is not usually very sensitive and is easy to uncover. However, with the increasing popularity of online banking and more people using the Internet for day-to-day activities such as shopping and using social networking sites, the security, safety and privacy of this information becomes important to keep it from being accessed by criminals.
Cyber terrorism: Cyberterrorism is a form of terrorism utilizing computer networks that are connected to the Internet. It involves a criminal act which has a result of disrupting or influencing services on a computer network in furtherance of political or social objectives. The term was coined by US President George W. Bush in his 2002 State of the Union address after the September 11, 2001 attacks on the World Trade Center and the Pentagon.
Malware: Malware, or malicious software, is a broad category of computer programs intended to do harm.[53] Malware is typically designed to disrupt computer operation, gather sensitive information, or gain unauthorized access to computer systems. The term “malware” can apply to software that deliberately causes harm to a user’s machine and software that harms users unintentionally through security errors or other bugs. The term is also often used as a synonym for viruses, trojans, etc.
Hackers: A hacker is a person who is skilled in the use of computers and computer networks. The term refers to a person who has a deep understanding of computers and enjoys modifying or designing software or hardware. It may be applied as a verb to mean browsing around computer systems without authorization. The term may also be applied as an adjective, such as “hacker attack”, “hacker crime”, “hacker-related”.
A computer hacker is one who is experienced with the technical aspects of computers, such as computer systems, software, and programming. A computer hacker can be employed by a governmental organization, individual or other entity. According to this definition, a hacker may also be referred to as a “hacker” or “cracker”. In the entertainment world, a hacker may refer to someone who delights in exploring the inner workings of an operating system or another piece of software and then publishing their findings (or findings regarding how to exploit another program) for others to learn from for personal gain.
A computer criminal is an individual who uses computers for criminal activity. It is a very broad, generic term. A criminal who uses a computer may also be known as a computer criminal, although computer crimes involving only computers and not people are not always considered “true crimes”.
Computer security: Computer security refers to the practice of defending computer systems from potential attacks or faults. Security is possible through different types of defense mechanisms, such as monitoring, risk analysis and encryption. It is the protection provided by a computing system in accordance with the security policy of the system. This is usually implemented using access control systems that restrict unauthorized access to both hardware and software. In general, secure computer systems are not vulnerable to some types of attacks. A computer security breach is any adverse event that occurs against a system or network due to the violation of a security policy, an attack on the system or its users, or a flaw in the system.
Cleartext: Cleartext refers to text data that can be seen, deciphered and understood by any observer who may get access to it while being transmitted over a network such as the Internet. Contrast with ciphertext.
Encryption: Encryption refers to the process of encoding/scrambling data into a form only intended for valid recipients to understand, without loss of information in transmission. Encryption is a process for encoding data using an algorithm such as the Advanced Encryption Standard (AES). The encryption of data or its transfer over networks can be accomplished through various mechanisms. Commonly, encryption utilizes algorithms such as Triple Data Encryption Standard (3DES), Advanced Encryption Standard (AES) or Data Encryption Standard (DES); however, digital signature schemes can also be used in conjunction with encryption mechanisms. Depending on the encryption algorithms used and other factors such as length of data to be encrypted and type of network, the same size of ciphertext may result from several different key lengths.
Ciphertext: Ciphertext refers to the encrypted data. The ciphertext should not be readable by anyone while being transmitted over a network such as the Internet.
Key management: Key management is the process of storing and controlling cryptographic keys. Keys are used to turn plaintext into ciphertext, and vice versa. This is commonly achieved with public-key encryption schemes such as RSA or Elliptic Curve Cryptography (ECC). Key storage can be in a physically secure location or an electronic database accessible by authorized personnel only. However, if access control is implemented, unauthorized access can be detected by comparing encrypted processes and key lengths with known authorized key lengths. Key management can be accomplished by either maintaining keys on a computer’s hard drive or in a hardware device. For example, proving key generation and distribution in the context of the Common Criteria (CC) setting is not technically challenging, but achieving the same operating within IT systems is difficult. Proper key storage can mitigate these issues.
Cryptography: Cryptography is a collection of techniques for securing information and/or communication that occurs via the use of secret codes (ciphertext). It is widely used for ensuring confidentiality, integrity, authentication or non-repudiation. In many cases, cryptography aids in securing information from unauthorised access by both cyber criminals and nation states.
Encryption is the process of encoding data using an algorithm, in such a way that only authorised parties can see the content of the message. The information that is encrypted (the plaintext) cannot be understood by others unless they have access to a key that enables them to decrypt the message and read it. Encryption is used in many cryptographic protocols, including transport layer security (TLS), secure sockets layer (SSL), and secure HTTP (HTTPS). Conversely, decryption is the process of turning encrypted data back into plaintext.
Encrypt: To convert something into ciphertext or code through a mathematical transformation. The reverse operation is called decryption. Both terms are widely used when referring to cryptography.
