Abstract image of a woman sitting on books and studying on a laptop

Malware

Mariwan Hama Saeed, profile picture
Mariwan Hama Saeed

This document provides a summary of a project about malware problems and solutions. It investigates four types of malware (viruses, worms, Trojans, and spyware) and provides three effective countermeasures (firewalls, security software, and training). The project was completed by Mariwan Hama Saeed for their computer science master's program and contains 3095 words.

Technology
1 of 14
Downloaded 44 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
CELE Project 2012 Mariwan Hama Saeed 2110342 10 weeks Computer Science MSc. Advanced Computing Science Permission given to use this project Word count: 3095 Malware in Computer Systems: Problems and Solutions 8 June 2012
Abstract Malware is a harmful programme, which has incredibly developed over the last decade. It infects computer systems, deletes data files and steals valuable information from the computer. This paper will focus on providing the most effective solutions to malware that might mitigate the problems. It investigated four types of malware as well as it provided the best three countermeasures. It suggests to computer users a number of practices, such as training the staff about the security software. Students who study computer science may get some benefits from this project.
Contents Abstract Introduction ....................................................................................................... 1 1. Malware ......................................................................................................... 2 1.1 Virus ..................................................................................................... 2 1.2 Worm .................................................................................................... 2 1.3 Trojan ................................................................................................... 3 1.4 Spyware ................................................................................................ 4 2. Countermeasures of Malware ............................................................................. 5 2.1 Firewall ................................................................................................. 5 2.2 Security Software ................................................................................... 6 2.3 Training ................................................................................................ 7 Conclusion ......................................................................................................... 9 List of references ................................................................................................ 10
Introduction Malware, which is a contraction of malicious software, is designed to destroy computer systems and programmes. It has changed significantly and rapidly in the last decade and the security software has greatly developed in the recent years. Today, there are many forms of malware such as virus, worm, Trojan and spyware. Consequently, there are a number of computer systems around the world which have been damaged as a result of malware. Recently, the latest threat the Flame has been discovered. This threat is a form of the malware that has been found in Iran and has been reported by both Aleks (2012) and Symantec Security Response (2012) as the most complicated threat in the recent year is located in the Middle-East. Aleks, who is a Kaspersky Lab expert, shows that Kaspersky antivirus provided the solution for that threat as well as Symantec Corporation. The purpose of this paper is to evaluate the problems of malware and provide the best solutions of malware on computers. Firstly, the kinds of malware which include virus, worm, Trojan and spyware will be examined. Secondly, the best effective solutions will be presented which include firewall, security software, and training. This project identifies the computer systems which are damaged as a result of harmful programmes. Furthermore, it will show how the problems of malware can be mitigated via hardware such as firewall or via software such as antivirus. However, this project has not provided the completed solutions of threats because this is only a short project on harmful software and indicates the countermeasures in a very few papers. 1
1. Malware According to Moir (2003) defines that malware is related to any harmful programmes which are designed to damage computer systems and programmes such as virus, worm, Trojan and spyware. 1.1 Virus Virus is one of the types of Malware which is a piece of code that attaches to a programme or a file. When the infected programme is run by a user, the virus executes secretly without the user’s noticing (Vacca 2009:56-57). Stallings (200:602) indicates that many viruses need four stages to infect and destroy computer systems. Firstly, dormant phase which is a stage known as an idle step because the virus is idle and it is activated by date or by another programme. Secondly, the virus tries to copy itself to another programme in the propagation phase. Thirdly, triggering phase in this step the virus is ready to perform its function that is caused by several of system tasks such as counting number of times. Damaging programmes, erasing files and then shutting down or restarting of the computer are done by the virus in the execution phase. These steps are changed from one computer to another computer and from one operating system to another one. It also depends on the types of vulnerable points in the system. There are many types of viruses one of them is a macro virus. This is one of the most common of viruses that infect application programmes such as Microsoft Word, Excel and Access. When these programmes are opened, the virus executes itself and performs different actions such as deleting files and replicates itself to another programme. File infector is another type of virus that attaches to executable codes (com and exe) and infect them when the files are installed. After that the virus will execute (Cole et al. 2005:558). Virus has three main actions. Firstly, the virus generates itself between computers on a network. This is a significant point, which distinguishes a virus from other kinds of malware. Secondly, it installs itself on a computer without users noticing. Furthermore, it damages software by changing, deleting the software and randomly executes files then locks many sources such as mouse and keyboard (Salomon 2010:43). 1.2 Worm Salomon (2010:99) defines the worm as “a programme that executes independently of other programmes, replicates itself, and spreads through a network from computer to computer.” This may mean that the worm is harmful software which infects host to host via a vulnerable hole and a security hole in the systems. The main difference between viruses and worms is that the viruses always hide in programmes, however, the worms 2
are working independently. Moreover, worms are mostly used by hackers rather than viruses because the worms spread from computer to computer across network connections (Kizza 2009:127-128). Stallings (2005:607) notes that the worm uses some ways for spreading itself. Firstly, it uses email facilities to copy itself from system to system. Secondly, the execution methods help the worm to run itself to other systems. After that, it consumes login facilities in order to duplicate itself from one system to a different system. There are several types of worms, Morris is a famous kind of them. It was formed by Robert Morris in 1998 Morris spreads on the UNIX operating system and uses various numbers of techniques for copying itself. It makes several illegal actions such as, receiving, sending and forwarding emails automatically, it also makes a combination between user accounts and it exploits fingerprinting protocols. Code Red is another style of the worms, which was released in 2001, exploits a security hole within the Microsoft Internet Information Server (IIS) and disables the system file checker in Microsoft Windows. This worm infected nearly 360,000 servers in 14 hours. In addition, Nimda is another type of them that was created in 2001. It causes several issues in computers and Internet systems, for example modifying Internet document extensions and it creates several copies of itself under various names Stallings (2005:608-609). 1.3 Trojan Collin (2004:338) explains that Trojan is a programme, which is put into a system by hackers. It copies information without user's authorisation. Sometimes, the Trojans might be useful programmes, such as games and anti-viruses. Users are aware of the installation processes of Trojans, but they do not know about their hidden processes (Vacca 2009:122). Trojans are different from viruses and worms because they do not copy themselves. They might pass many security controls and they might not be stopped by firewalls, these can be great threats to the security of organizations (Cole et al. 2008:312-313). Trojan causes many actions. Firstly, it might steal data or may monitor user’s action (Vacca 2009:295). Secondly, it is used for hacking technique by providing pieces of hidden code in a benefit programme for example Green Saver. Moreover, Trojan uses an executable script, such as JavaScript for introducing them into a user's workstation. Also, the Trojan enters into the system via a lack of security to obtain unauthorized access of resources (Vacca 2009:681). Furthermore, it can be indirectly used to complete actions, whilst unauthorized users cannot finish them directly. For example, Trojan can be used 3
for reading files in another system (Stallings 2005:601). Trojan might run additional code that performs a harmful activity in the system. Attackers use it in order to spreading viruses or other types of malware into systems without the user’s attention (Cole 2005:486-487). There are many types of Trojan that the Farfli Trojan77 is a one kind of Trojan. It was created in 2007 that spreads massively, downloads and installs onto the computer. This affected browsers, which were developed by Chinese programmers (Vacca 2009:681). Net-Bus and Sub-Seven are other types of Trojan, which are used by the hackers and the attackers for destroying systems and stealing significant information from the systems (Nestler 2011:142-143). 1.4 Spyware According to Collin (2004:313), spyware is a kind of software that might be installed on the user's computer without their knowledge and it sends the user’s information to the real source of itself. This means that spyware is created for stealing personal information of the computer users. The main distinction between spyware, viruses and worms is that spyware easily spread in the computers and they can be removed quickly. Furthermore, pop-ups and spam are increased as a result of some types of spyware. These are harassing users of the computer. In 2005 the NCSA reported that 61% of the computers were affected by spyware around the world (CA, Geier, and Geier 2007:5-7). Spyware uses many ways to gather information for the central source. Firstly, it uses keystrokes which are responsible for copying sensitive information and passwords of the computer’s user. Secondly, emails are used by the spyware for sending user’s data to the creator of the spyware. Thirdly, much of the spyware are copying communications between computer users and then sends to the spyware’s owner. Some applications and websites are used by the spyware for monitoring users (Cole et al. 2008:314). Spyware can do many huge actions. The spyware might be installed in computers without user authorisation; it may find some ways to enter computers via free soft-wares and games, which are downloaded from websites. Some types of spyware destroy desktop icons, computer programmes and web browsers. This is annoying computer users. It makes computers and the Internet slowdown that is a significant problem when users are trying to download large files, watching online videos and using computer programmes (CA, Geier, and Geier 2007:5-7). 4
2. Countermeasures of Malware There are many ways that can be used for mitigating the impacts of the malware on computer systems. This section will explain the solutions of malware in terms of Firewall, Security Software and Training. 2.1 Firewall The rapid growth of technology in terms of Internet and computers led to growth in the number of users and activities of the users but no all activities of the users are acceptable. Computers should have been protected against of the unacceptable actions of the users. Therefore, home computers and organisation computers need protection because they are facing threats from the internal users and the external users. The administrators of these computers should be able to find ways to protect the computers. A firewall is one of the best ways for protecting computers (Kizza 2009:249). Microsoft Corporation (n.d.) defines that the firewall as “ a software programme or piece of hardware that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet.” This means that the firewall is a protection of computer systems in a considerable way. The hardware and software firewalls are designed to protect computers from Malware, which include Trojans, Viruses, Spywares and Worms. A personal computer usually one computer that is better to protect it by software firewall that is called a personal firewall (Salomon 2010:202-203). Cole et al. (2008:318) indicate that the personal firewall is a software work on the user’s computer that can be very effective and it can block inside actions and outside actions that come from the Internet. It allows the users of the computer to manually block and permit in and out traffic. However, for connecting various numbers of computers and producing group of computers this needs protection. In that situation, it is better to use a hardware firewall, which is the same as the personal firewall in working but it is more robust than personal firewall (Salomon 2010:202-203). According to Cole et al. (2008:59-60), There are many problems can be solved by a firewall. The firewall helps operating system services for distinguishing fake applications and fake users. This is called poor authentication. It scans free programmes in a highly effective way and identifies which one of them is not optimized and creates a vulnerability hole in the security of the computer operating system. Moreover, hackers are blocked in a highly effective way by firewall. The firewall works all times against attackers, who are 5
responsible for destroying computer programmes because it can be able to block some types of attacks. However, the firewall has many limitations for some kind of problems. Some of the attackers can bypass the firewall. In this situation the firewall cannot block that attackers. Some internal threats cannot remove by firewall such as employees who work with external attacker against the companies. In addition, firewall cannot detect all types of malware because it would be impossible for the firewall to scan all emails, messages and programmes for identifying which types of malware they include (Stallings 2005:623- 624). It is clear that for providing the most effective security for any organisations and companies the firewall is not perfect because it can solve some problems not all of the problems. Security software is another solution that can be used with firewalls for establishing that purpose. 2.2 Security Software Today, much software is designed for securing computer operating systems. Antivirus programmes are one of the most effective programmes that are widely used for securing computers against viruses, worms and Trojans. Computer users also use anti-spyware programmes which are another programme for protecting computers from spyware. Antivirus software, which is one of the best programmes, can be used to protect computers from malware. In the past, antivirus programmes were very simple software packages and viruses were uncomplicated codes. The viruses were solved easily. However, the viruses are more complicated, such as Flame virus, which was reported by Kaspersky and Norton anti-virus programmes as one of the sophisticated viruses that spread in the middle-east last month. Similar to viruses’ antivirus software has significantly grown. Many antivirus programmes use three steps to eliminate viruses from the infected systems one of them is detection step. In this step when the infection has happened, the antivirus programme may locate the virus. Identification is the second stage that viruses are identified by the antivirus programme. Removal is the final, in this stage antivirus programme remove the viruses. However, when the anti-virus programmes are unable to clean the infected systems from viruses in those stages, restoring backup version of the system might be one of the possible alternative ways to solve this problem (Stallings 2005:610). 6
Currently, there are many antivirus programmes that can be used to protect computer systems. Microsoft Security Essentials is one of the antivirus programmes, which is used to guard computer systems from threats. It is free, easy to use and it does not need to scan the computer systems or update itself because it does automatically via the Microsoft website. It can be said Norton and Kaspersky antivirus programmes are the best antivirus programmes that can be used to protect systems and eliminate viruses from an infected system. They need virus signature updates because they use virus signature updates for eliminating and protecting systems from the latest viruses (Cole et al. 2008:317-318). It is clear that some antivirus programmes can not able to remove threats such as spyware because antivirus programmes face a number of difficult obstacles. Vacca (2009:61-62) points out that one of the challenges for the antivirus programmes is a complicated malware, which is growing continuously. The infected system is another obstacle for the antivirus programmes. Moreover, many malware stay in memory that affect files and attack the computer system processes. Sometimes the antivirus programmes are turned off by some of the most dangerous threats. In this situation that is possible to use anti-spyware programmes, which are one of the alternative programmes that can be used for removing and cleaning systems from spyware. Anti-spyware programmes guard computer systems from spyware. Today, there are many numbers of anti-spyware programmes that can be seen. Microsoft Corporation (n.d.) argues that the Microsoft Windows Defender one of the programmes that can able to protect systems from a various number of spyware but it needs updating to work properly. It offers two ways to scan computer systems against spyware. Real-time protection in this way the programme alerts the user about the spyware when the spyware wants to install on the system. Scanning options that is the second way offers the user the schedule scan and the custom scan of the system against the spyware. However the security software may not able to protect the computer systems completely. Training method is one of the ways that can assist the security programmes and the firewalls to provide the highly protection of the computer systems against the malware. 2.3 Training Training is an additional protection for the firewalls and the security software for countermeasures of Malware. It can be provided for members and staffs of any organisations because the implementation of a robust and secure organization such as universities and companies is not enough and needs highly skilled employees in terms of 7
security. Today new vulnerabilities and new threats are discovered. It is important for IT staffs in any organisation to be prepared for identifying the vulnerabilities and threats Vacca (ed.) (2009:9-10). Cole et al. (2008) indicate that there are many practices that can be provided for IT staffs. They should open only expected emails no stranger emails because many stranger emails include graphic files and audio files. These files are used by hackers and attackers for spreading threats and catching useful information. Another practice for the staffs should use other email clients for reading and receiving questionable emails because these emails may be shared by other members in public clients. It seems possible that IT staffs should know how to use the security programmes and how can update these programmes. It is better to scan all the downloaded files from emails before using to protect the computer systems from threats. 8
Conclusion The issues of malware have not been solved completely in this project because they have developed considerably. This paper has discussed the problems of the dangerous types of the malware and has provided some significant countermeasures for the malware. The solutions have been presented in great ways in terms of firewalls, the security software and providing training in a highly useful way for the staff of an organisation because insecure organisation is more sustainable to be effected by threats than a more secure one. According to Microsoft Corporation (n.d.), it seems that Microsoft Windows Defender and Microsoft Security Essential are the programmes that may be very useful for mitigating the problems of malware. However, Cole et al. (2008) suggest that there are many practices of the members of the organisations that can be provided. It is clear that this paper has not suggested all the possible solutions to reduce the problems of harmful programmes because this is limited in terms of the number of words. It also suggested that for any users of computer around the world they should be able to use the security programmes and know how these programmes are updated via the Internet and how can the infected computer be solved. Today, the number of hackers and attackers has extremely grown. They use various types of malware for stealing information and damaging, deleting computer systems and data files. It will be better for other researchers to provide extra solutions for the malware. 9
List of References Aleks (2012) The Flame: Questions and Answers [online] available from <http://www.securelist.com/en/blog/208193522/The_Flame_Questionsand_An swers> [5 May 2012] CA, Geier, E., and Geier J. (2007) Simple Computer Security. Indianapolis: Wiley Publishing Cole E., Krutz R., and Conley J. W. (2005) Network Security Bible. Indianapolis: Wiley Publishing Cole, E., Krutz, R. L., Conley, W. J., Reisman, B., Ruebush, M., Gollmann, D., and Reese, R. (2008) Network Security Fundamentals. Danvers: Wiley Publishing Collin, S.M.H. (2004) Dictionary of Computing. Bloomsbury Publishing Plc: Peter Collin Publishing Kizza, J. M. (2009) Guide to Computer Network Security. London: Springer Microsoft Corporation (n.d.) what is a firewall [online] available from <http://www.microsoft.com/security/pc-security/firewalls-whatis.aspx> [27 May 2012] Microsoft Corporation (n.d.) Microsoft Security Essentials [online] available from <http://windows.microsoft.com/en-US/windows/products/security-essentials > [2 May 2012] Microsoft Corporation (n.d.) Windows Defender [online] available from <http://windows.microsoft.com/en-US/windows7/products/features/windows-defender> [2 May 2012] Moir, R. (2003) Defining Malware [online] available from < http://technet.microsoft.com/en-us/library/dd632948.aspx> [20 May 2012] Nestler, V., Conklin, A., White, G., and Hirsch, M. (2011) Principles of Computer Security. New York: McGraw-Hill Salomon, D. (2010) the elements of computer security. London: Springer 10
Stallings, W. (2005) Cryptography and Network Security Principles and Practices. London: Prentice Hall Symantec Security Response (2012) Flamer: Highly Sophisticated and Discreet Threat Targets the Middle East [online] available from <http://www.symantec.com/connect/blogs/flamer-highly-sophisticated-and-discreet- threat-targets-middle-east> [5 May 2012] Vacca, J. R. (ed.) (2009) Computer and Information Security. Burlington: Morgan Kaufmann 11

More Related Content

PPT
viruses
khadija habib
 
PDF
A short course on computer viruses
UltraUploader
 
PPSX
Ids 005 computer viruses
jyoti_lakhani
 
PPTX
Final malacious softwares
Mirza Adnan Baig
 
PPS
Viruses and Anti-Viruses
Ayman Hussein
 
PPT
Int 2 software slides 2010
iarthur
 
PDF
Dilsher idrees mustafa_6_a_vulnerabilities_study
dilsherece
 
PPTX
Malicious software group 24
Muhammad Zain
 
viruses
khadija habib
 
A short course on computer viruses
UltraUploader
 
Ids 005 computer viruses
jyoti_lakhani
 
Final malacious softwares
Mirza Adnan Baig
 
Viruses and Anti-Viruses
Ayman Hussein
 
Int 2 software slides 2010
iarthur
 
Dilsher idrees mustafa_6_a_vulnerabilities_study
dilsherece
 
Malicious software group 24
Muhammad Zain
 

What's hot (20)

PPTX
O p
saman Iftikhar
 
PDF
Cscu module 02 securing operating systems
Sejahtera Affif
 
PPT
Computer virus_the_things_u_must_know_
wargames12
 
PPT
Computer viruses
nkosana cusson ngwenya
 
PDF
Secure System Password (SSP) Application for NT Editor Hacking Tool
iosrjce
 
PPTX
Operating System & Application Security
Sunipa Bera
 
PDF
Symantec White Paper: W32.Ramnit Analysis
Symantec
 
PPTX
Types of malicious software and remedies
Manish Kumar
 
PPT
Virus and Malicious Code Chapter 5
AfiqEfendy Zaen
 
ODP
Virus and antivirus final ppt
aritradutta22
 
DOCX
Different types of computer viruses
theonlineguru
 
PPT
list of Deception as well as detection techniques for maleware
AJAY VISHKARMA
 
PPTX
Install operating system
Abdulrahman Zalah
 
PDF
Exploitation and distribution of setuid and setgid binaries on Linux systems
Zero Science Lab
 
PPTX
Computer viruses
17 DE SEPTIEMBRE
 
PDF
Operating systems security 2007 vulnerability report
Ajit Gaddam
 
PPTX
Week9 chapter 02_2.6.1.2_up_2016
dilahkmpk
 
PDF
Sattt
satya0564
 
PPTX
Presentación1
Alex Figueroa
 
PPT
Signature based virus detection and protection system
Md. Hasan Basri (Angel)
 
O p
saman Iftikhar
 
Cscu module 02 securing operating systems
Sejahtera Affif
 
Computer virus_the_things_u_must_know_
wargames12
 
Computer viruses
nkosana cusson ngwenya
 
Secure System Password (SSP) Application for NT Editor Hacking Tool
iosrjce
 
Operating System & Application Security
Sunipa Bera
 
Symantec White Paper: W32.Ramnit Analysis
Symantec
 
Types of malicious software and remedies
Manish Kumar
 
Virus and Malicious Code Chapter 5
AfiqEfendy Zaen
 
Virus and antivirus final ppt
aritradutta22
 
Different types of computer viruses
theonlineguru
 
list of Deception as well as detection techniques for maleware
AJAY VISHKARMA
 
Install operating system
Abdulrahman Zalah
 
Exploitation and distribution of setuid and setgid binaries on Linux systems
Zero Science Lab
 
Computer viruses
17 DE SEPTIEMBRE
 
Operating systems security 2007 vulnerability report
Ajit Gaddam
 
Week9 chapter 02_2.6.1.2_up_2016
dilahkmpk
 
Sattt
satya0564
 
Presentación1
Alex Figueroa
 
Signature based virus detection and protection system
Md. Hasan Basri (Angel)
 
Ad

Viewers also liked (11)

PPTX
Types of computer malware 101
Cloud Solutions SA
 
PDF
Detecting hardware virtualization rootkits
Edgar Barbosa
 
PPS
introduction to malwares,virus,trojan horse
Spandan Patnaik
 
PPTX
MALWARE AND ITS TYPES
daniyalqureshi712
 
PPTX
Malware- Types, Detection and Future
karanwayne
 
PPTX
Malicious Software
Hamza Muhammad
 
PPTX
Open Source Malware Lab
ThreatConnect
 
PPT
Introduction to Malware
amiable_indian
 
ODP
Computer Viruses & Management Strategies
Dasun Hegoda
 
PPT
Malware
Tuhin_Das
 
PPT
Computer Malware
aztechtchr
 
Types of computer malware 101
Cloud Solutions SA
 
Detecting hardware virtualization rootkits
Edgar Barbosa
 
introduction to malwares,virus,trojan horse
Spandan Patnaik
 
MALWARE AND ITS TYPES
daniyalqureshi712
 
Malware- Types, Detection and Future
karanwayne
 
Malicious Software
Hamza Muhammad
 
Open Source Malware Lab
ThreatConnect
 
Introduction to Malware
amiable_indian
 
Computer Viruses & Management Strategies
Dasun Hegoda
 
Malware
Tuhin_Das
 
Computer Malware
aztechtchr
 
Ad

Similar to Malware (20)

PPTX
Virus and its CounterMeasures -- Pruthvi Monarch
Pruthvi Monarch
 
PPT
computer vipin kumar ppt
vipinkumar940
 
PPTX
MALWARE AND ITS TYPES
Sagilasagi1
 
PPTX
Computer viruses
Dark Side
 
PPTX
Chapter 11 Malicious Software - HCMUT.pptx
PHHPHANTHIN
 
PPT
Malicious
Khyati Rajput
 
PDF
Malicious software
Dr.Florence Dayana
 
PPTX
Program and System Threats
Reddhi Basu
 
PPTX
Ch10 Network security to include malicious software
sumit621242
 
PDF
computer virus Report
rawaabdullah
 
PPT
Computer Viruses and Classification lecture slides ppt
Osama Yousaf
 
PPTX
Malware & Anti-Malware
Arpit Mittal
 
PPTX
Presentation_malware_anti_malware.pptx
itsamuamit11
 
PDF
malwareanti-malware-160630191004 (1).pdf
itsamuamit11
 
PPTX
Module_09_Malware_Presentation_for_IT500.pptx
spiessrobbin
 
PDF
IJSRED-V2I3P69
IJSRED
 
PPTX
Computer virus
Hemn Amin
 
PDF
Threats of Computer System and its Prevention
Universitas Pembangunan Panca Budi
 
PPTX
Introductions To Malwares
Cyber Vignan
 
PPTX
History of Computer Virus
Ammy Vijay
 
Virus and its CounterMeasures -- Pruthvi Monarch
Pruthvi Monarch
 
computer vipin kumar ppt
vipinkumar940
 
MALWARE AND ITS TYPES
Sagilasagi1
 
Computer viruses
Dark Side
 
Chapter 11 Malicious Software - HCMUT.pptx
PHHPHANTHIN
 
Malicious
Khyati Rajput
 
Malicious software
Dr.Florence Dayana
 
Program and System Threats
Reddhi Basu
 
Ch10 Network security to include malicious software
sumit621242
 
computer virus Report
rawaabdullah
 
Computer Viruses and Classification lecture slides ppt
Osama Yousaf
 
Malware & Anti-Malware
Arpit Mittal
 
Presentation_malware_anti_malware.pptx
itsamuamit11
 
malwareanti-malware-160630191004 (1).pdf
itsamuamit11
 
Module_09_Malware_Presentation_for_IT500.pptx
spiessrobbin
 
IJSRED-V2I3P69
IJSRED
 
Computer virus
Hemn Amin
 
Threats of Computer System and its Prevention
Universitas Pembangunan Panca Budi
 
Introductions To Malwares
Cyber Vignan
 
History of Computer Virus
Ammy Vijay
 

Recently uploaded (20)

PPTX
Configure Apache Mutual Authentication
Antonino Piraino
 
PDF
ENT215_Completing-a-large-scale-migration-and-modernization-with-AWS.pdf
ssuser28425f
 
PPTX
2018-HIPAA-Renewal-Training for executives
Mayank Mathur
 
PDF
How ambidextrous entrepreneurial leaders react to the artificial intelligence...
IAESIJAI
 
PDF
Architecture types and enterprise applications.pdf
ChristopherTHyatt
 
PDF
Hybrid horned lizard optimization algorithm-aquila optimizer for DC motor
IAESIJAI
 
PDF
Two-dimensional Klein-Gordon and Sine-Gordon numerical solutions based on dee...
IAESIJAI
 
PPTX
Custom Battery Pack Design Considerations for Performance and Safety
Epec Engineered Technologies
 
PDF
Five Habits of High-Impact Board Members
OnBoard
 
PDF
A comparative study of natural language inference in Swahili using monolingua...
IAESIJAI
 
PDF
NewMind AI Weekly Chronicles – August ’25 Week III
NewMind AI
 
PDF
sustainability-14-14877-v2.pddhzftheheeeee
VenkateshGovindaraja9
 
PPT
Galois Field Theory of Risk: A Perspective, Protocol, and Mathematical Backgr...
Melanie Swan
 
PDF
sbt 2.0: go big (Scala Days 2025 edition)
Eugene Yokota
 
PDF
Credit Without Borders: AI and Financial Inclusion in Bangladesh
Ehsan Tanim
 
PPTX
Chapter 5: Probability Theory and Statistics
RandyFin
 
PDF
The influence of sentiment analysis in enhancing early warning system model f...
IAESIJAI
 
PDF
Developing a website for English-speaking practice to English as a foreign la...
IAESIJAI
 
PDF
Getting started with AI Agents and Multi-Agent Systems
Maxim Salnikov
 
PDF
CloudStack 4.21: First Look Webinar slides
ShapeBlue
 
Configure Apache Mutual Authentication
Antonino Piraino
 
ENT215_Completing-a-large-scale-migration-and-modernization-with-AWS.pdf
ssuser28425f
 
2018-HIPAA-Renewal-Training for executives
Mayank Mathur
 
How ambidextrous entrepreneurial leaders react to the artificial intelligence...
IAESIJAI
 
Architecture types and enterprise applications.pdf
ChristopherTHyatt
 
Hybrid horned lizard optimization algorithm-aquila optimizer for DC motor
IAESIJAI
 
Two-dimensional Klein-Gordon and Sine-Gordon numerical solutions based on dee...
IAESIJAI
 
Custom Battery Pack Design Considerations for Performance and Safety
Epec Engineered Technologies
 
Five Habits of High-Impact Board Members
OnBoard
 
A comparative study of natural language inference in Swahili using monolingua...
IAESIJAI
 
NewMind AI Weekly Chronicles – August ’25 Week III
NewMind AI
 
sustainability-14-14877-v2.pddhzftheheeeee
VenkateshGovindaraja9
 
Galois Field Theory of Risk: A Perspective, Protocol, and Mathematical Backgr...
Melanie Swan
 
sbt 2.0: go big (Scala Days 2025 edition)
Eugene Yokota
 
Credit Without Borders: AI and Financial Inclusion in Bangladesh
Ehsan Tanim
 
Chapter 5: Probability Theory and Statistics
RandyFin
 
The influence of sentiment analysis in enhancing early warning system model f...
IAESIJAI
 
Developing a website for English-speaking practice to English as a foreign la...
IAESIJAI
 
Getting started with AI Agents and Multi-Agent Systems
Maxim Salnikov
 
CloudStack 4.21: First Look Webinar slides
ShapeBlue
 

Malware

  • 1. CELE Project 2012 Mariwan Hama Saeed 2110342 10 weeks Computer Science MSc. Advanced Computing Science Permission given to use this project Word count: 3095 Malware in Computer Systems: Problems and Solutions 8 June 2012
  • 2. Abstract Malware is a harmful programme, which has incredibly developed over the last decade. It infects computer systems, deletes data files and steals valuable information from the computer. This paper will focus on providing the most effective solutions to malware that might mitigate the problems. It investigated four types of malware as well as it provided the best three countermeasures. It suggests to computer users a number of practices, such as training the staff about the security software. Students who study computer science may get some benefits from this project.
  • 3. Contents Abstract Introduction ....................................................................................................... 1 1. Malware ......................................................................................................... 2 1.1 Virus ..................................................................................................... 2 1.2 Worm .................................................................................................... 2 1.3 Trojan ................................................................................................... 3 1.4 Spyware ................................................................................................ 4 2. Countermeasures of Malware ............................................................................. 5 2.1 Firewall ................................................................................................. 5 2.2 Security Software ................................................................................... 6 2.3 Training ................................................................................................ 7 Conclusion ......................................................................................................... 9 List of references ................................................................................................ 10
  • 4. Introduction Malware, which is a contraction of malicious software, is designed to destroy computer systems and programmes. It has changed significantly and rapidly in the last decade and the security software has greatly developed in the recent years. Today, there are many forms of malware such as virus, worm, Trojan and spyware. Consequently, there are a number of computer systems around the world which have been damaged as a result of malware. Recently, the latest threat the Flame has been discovered. This threat is a form of the malware that has been found in Iran and has been reported by both Aleks (2012) and Symantec Security Response (2012) as the most complicated threat in the recent year is located in the Middle-East. Aleks, who is a Kaspersky Lab expert, shows that Kaspersky antivirus provided the solution for that threat as well as Symantec Corporation. The purpose of this paper is to evaluate the problems of malware and provide the best solutions of malware on computers. Firstly, the kinds of malware which include virus, worm, Trojan and spyware will be examined. Secondly, the best effective solutions will be presented which include firewall, security software, and training. This project identifies the computer systems which are damaged as a result of harmful programmes. Furthermore, it will show how the problems of malware can be mitigated via hardware such as firewall or via software such as antivirus. However, this project has not provided the completed solutions of threats because this is only a short project on harmful software and indicates the countermeasures in a very few papers. 1
  • 5. 1. Malware According to Moir (2003) defines that malware is related to any harmful programmes which are designed to damage computer systems and programmes such as virus, worm, Trojan and spyware. 1.1 Virus Virus is one of the types of Malware which is a piece of code that attaches to a programme or a file. When the infected programme is run by a user, the virus executes secretly without the user’s noticing (Vacca 2009:56-57). Stallings (200:602) indicates that many viruses need four stages to infect and destroy computer systems. Firstly, dormant phase which is a stage known as an idle step because the virus is idle and it is activated by date or by another programme. Secondly, the virus tries to copy itself to another programme in the propagation phase. Thirdly, triggering phase in this step the virus is ready to perform its function that is caused by several of system tasks such as counting number of times. Damaging programmes, erasing files and then shutting down or restarting of the computer are done by the virus in the execution phase. These steps are changed from one computer to another computer and from one operating system to another one. It also depends on the types of vulnerable points in the system. There are many types of viruses one of them is a macro virus. This is one of the most common of viruses that infect application programmes such as Microsoft Word, Excel and Access. When these programmes are opened, the virus executes itself and performs different actions such as deleting files and replicates itself to another programme. File infector is another type of virus that attaches to executable codes (com and exe) and infect them when the files are installed. After that the virus will execute (Cole et al. 2005:558). Virus has three main actions. Firstly, the virus generates itself between computers on a network. This is a significant point, which distinguishes a virus from other kinds of malware. Secondly, it installs itself on a computer without users noticing. Furthermore, it damages software by changing, deleting the software and randomly executes files then locks many sources such as mouse and keyboard (Salomon 2010:43). 1.2 Worm Salomon (2010:99) defines the worm as “a programme that executes independently of other programmes, replicates itself, and spreads through a network from computer to computer.” This may mean that the worm is harmful software which infects host to host via a vulnerable hole and a security hole in the systems. The main difference between viruses and worms is that the viruses always hide in programmes, however, the worms 2
  • 6. are working independently. Moreover, worms are mostly used by hackers rather than viruses because the worms spread from computer to computer across network connections (Kizza 2009:127-128). Stallings (2005:607) notes that the worm uses some ways for spreading itself. Firstly, it uses email facilities to copy itself from system to system. Secondly, the execution methods help the worm to run itself to other systems. After that, it consumes login facilities in order to duplicate itself from one system to a different system. There are several types of worms, Morris is a famous kind of them. It was formed by Robert Morris in 1998 Morris spreads on the UNIX operating system and uses various numbers of techniques for copying itself. It makes several illegal actions such as, receiving, sending and forwarding emails automatically, it also makes a combination between user accounts and it exploits fingerprinting protocols. Code Red is another style of the worms, which was released in 2001, exploits a security hole within the Microsoft Internet Information Server (IIS) and disables the system file checker in Microsoft Windows. This worm infected nearly 360,000 servers in 14 hours. In addition, Nimda is another type of them that was created in 2001. It causes several issues in computers and Internet systems, for example modifying Internet document extensions and it creates several copies of itself under various names Stallings (2005:608-609). 1.3 Trojan Collin (2004:338) explains that Trojan is a programme, which is put into a system by hackers. It copies information without user's authorisation. Sometimes, the Trojans might be useful programmes, such as games and anti-viruses. Users are aware of the installation processes of Trojans, but they do not know about their hidden processes (Vacca 2009:122). Trojans are different from viruses and worms because they do not copy themselves. They might pass many security controls and they might not be stopped by firewalls, these can be great threats to the security of organizations (Cole et al. 2008:312-313). Trojan causes many actions. Firstly, it might steal data or may monitor user’s action (Vacca 2009:295). Secondly, it is used for hacking technique by providing pieces of hidden code in a benefit programme for example Green Saver. Moreover, Trojan uses an executable script, such as JavaScript for introducing them into a user's workstation. Also, the Trojan enters into the system via a lack of security to obtain unauthorized access of resources (Vacca 2009:681). Furthermore, it can be indirectly used to complete actions, whilst unauthorized users cannot finish them directly. For example, Trojan can be used 3
  • 7. for reading files in another system (Stallings 2005:601). Trojan might run additional code that performs a harmful activity in the system. Attackers use it in order to spreading viruses or other types of malware into systems without the user’s attention (Cole 2005:486-487). There are many types of Trojan that the Farfli Trojan77 is a one kind of Trojan. It was created in 2007 that spreads massively, downloads and installs onto the computer. This affected browsers, which were developed by Chinese programmers (Vacca 2009:681). Net-Bus and Sub-Seven are other types of Trojan, which are used by the hackers and the attackers for destroying systems and stealing significant information from the systems (Nestler 2011:142-143). 1.4 Spyware According to Collin (2004:313), spyware is a kind of software that might be installed on the user's computer without their knowledge and it sends the user’s information to the real source of itself. This means that spyware is created for stealing personal information of the computer users. The main distinction between spyware, viruses and worms is that spyware easily spread in the computers and they can be removed quickly. Furthermore, pop-ups and spam are increased as a result of some types of spyware. These are harassing users of the computer. In 2005 the NCSA reported that 61% of the computers were affected by spyware around the world (CA, Geier, and Geier 2007:5-7). Spyware uses many ways to gather information for the central source. Firstly, it uses keystrokes which are responsible for copying sensitive information and passwords of the computer’s user. Secondly, emails are used by the spyware for sending user’s data to the creator of the spyware. Thirdly, much of the spyware are copying communications between computer users and then sends to the spyware’s owner. Some applications and websites are used by the spyware for monitoring users (Cole et al. 2008:314). Spyware can do many huge actions. The spyware might be installed in computers without user authorisation; it may find some ways to enter computers via free soft-wares and games, which are downloaded from websites. Some types of spyware destroy desktop icons, computer programmes and web browsers. This is annoying computer users. It makes computers and the Internet slowdown that is a significant problem when users are trying to download large files, watching online videos and using computer programmes (CA, Geier, and Geier 2007:5-7). 4
  • 8. 2. Countermeasures of Malware There are many ways that can be used for mitigating the impacts of the malware on computer systems. This section will explain the solutions of malware in terms of Firewall, Security Software and Training. 2.1 Firewall The rapid growth of technology in terms of Internet and computers led to growth in the number of users and activities of the users but no all activities of the users are acceptable. Computers should have been protected against of the unacceptable actions of the users. Therefore, home computers and organisation computers need protection because they are facing threats from the internal users and the external users. The administrators of these computers should be able to find ways to protect the computers. A firewall is one of the best ways for protecting computers (Kizza 2009:249). Microsoft Corporation (n.d.) defines that the firewall as “ a software programme or piece of hardware that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet.” This means that the firewall is a protection of computer systems in a considerable way. The hardware and software firewalls are designed to protect computers from Malware, which include Trojans, Viruses, Spywares and Worms. A personal computer usually one computer that is better to protect it by software firewall that is called a personal firewall (Salomon 2010:202-203). Cole et al. (2008:318) indicate that the personal firewall is a software work on the user’s computer that can be very effective and it can block inside actions and outside actions that come from the Internet. It allows the users of the computer to manually block and permit in and out traffic. However, for connecting various numbers of computers and producing group of computers this needs protection. In that situation, it is better to use a hardware firewall, which is the same as the personal firewall in working but it is more robust than personal firewall (Salomon 2010:202-203). According to Cole et al. (2008:59-60), There are many problems can be solved by a firewall. The firewall helps operating system services for distinguishing fake applications and fake users. This is called poor authentication. It scans free programmes in a highly effective way and identifies which one of them is not optimized and creates a vulnerability hole in the security of the computer operating system. Moreover, hackers are blocked in a highly effective way by firewall. The firewall works all times against attackers, who are 5
  • 9. responsible for destroying computer programmes because it can be able to block some types of attacks. However, the firewall has many limitations for some kind of problems. Some of the attackers can bypass the firewall. In this situation the firewall cannot block that attackers. Some internal threats cannot remove by firewall such as employees who work with external attacker against the companies. In addition, firewall cannot detect all types of malware because it would be impossible for the firewall to scan all emails, messages and programmes for identifying which types of malware they include (Stallings 2005:623- 624). It is clear that for providing the most effective security for any organisations and companies the firewall is not perfect because it can solve some problems not all of the problems. Security software is another solution that can be used with firewalls for establishing that purpose. 2.2 Security Software Today, much software is designed for securing computer operating systems. Antivirus programmes are one of the most effective programmes that are widely used for securing computers against viruses, worms and Trojans. Computer users also use anti-spyware programmes which are another programme for protecting computers from spyware. Antivirus software, which is one of the best programmes, can be used to protect computers from malware. In the past, antivirus programmes were very simple software packages and viruses were uncomplicated codes. The viruses were solved easily. However, the viruses are more complicated, such as Flame virus, which was reported by Kaspersky and Norton anti-virus programmes as one of the sophisticated viruses that spread in the middle-east last month. Similar to viruses’ antivirus software has significantly grown. Many antivirus programmes use three steps to eliminate viruses from the infected systems one of them is detection step. In this step when the infection has happened, the antivirus programme may locate the virus. Identification is the second stage that viruses are identified by the antivirus programme. Removal is the final, in this stage antivirus programme remove the viruses. However, when the anti-virus programmes are unable to clean the infected systems from viruses in those stages, restoring backup version of the system might be one of the possible alternative ways to solve this problem (Stallings 2005:610). 6
  • 10. Currently, there are many antivirus programmes that can be used to protect computer systems. Microsoft Security Essentials is one of the antivirus programmes, which is used to guard computer systems from threats. It is free, easy to use and it does not need to scan the computer systems or update itself because it does automatically via the Microsoft website. It can be said Norton and Kaspersky antivirus programmes are the best antivirus programmes that can be used to protect systems and eliminate viruses from an infected system. They need virus signature updates because they use virus signature updates for eliminating and protecting systems from the latest viruses (Cole et al. 2008:317-318). It is clear that some antivirus programmes can not able to remove threats such as spyware because antivirus programmes face a number of difficult obstacles. Vacca (2009:61-62) points out that one of the challenges for the antivirus programmes is a complicated malware, which is growing continuously. The infected system is another obstacle for the antivirus programmes. Moreover, many malware stay in memory that affect files and attack the computer system processes. Sometimes the antivirus programmes are turned off by some of the most dangerous threats. In this situation that is possible to use anti-spyware programmes, which are one of the alternative programmes that can be used for removing and cleaning systems from spyware. Anti-spyware programmes guard computer systems from spyware. Today, there are many numbers of anti-spyware programmes that can be seen. Microsoft Corporation (n.d.) argues that the Microsoft Windows Defender one of the programmes that can able to protect systems from a various number of spyware but it needs updating to work properly. It offers two ways to scan computer systems against spyware. Real-time protection in this way the programme alerts the user about the spyware when the spyware wants to install on the system. Scanning options that is the second way offers the user the schedule scan and the custom scan of the system against the spyware. However the security software may not able to protect the computer systems completely. Training method is one of the ways that can assist the security programmes and the firewalls to provide the highly protection of the computer systems against the malware. 2.3 Training Training is an additional protection for the firewalls and the security software for countermeasures of Malware. It can be provided for members and staffs of any organisations because the implementation of a robust and secure organization such as universities and companies is not enough and needs highly skilled employees in terms of 7
  • 11. security. Today new vulnerabilities and new threats are discovered. It is important for IT staffs in any organisation to be prepared for identifying the vulnerabilities and threats Vacca (ed.) (2009:9-10). Cole et al. (2008) indicate that there are many practices that can be provided for IT staffs. They should open only expected emails no stranger emails because many stranger emails include graphic files and audio files. These files are used by hackers and attackers for spreading threats and catching useful information. Another practice for the staffs should use other email clients for reading and receiving questionable emails because these emails may be shared by other members in public clients. It seems possible that IT staffs should know how to use the security programmes and how can update these programmes. It is better to scan all the downloaded files from emails before using to protect the computer systems from threats. 8
  • 12. Conclusion The issues of malware have not been solved completely in this project because they have developed considerably. This paper has discussed the problems of the dangerous types of the malware and has provided some significant countermeasures for the malware. The solutions have been presented in great ways in terms of firewalls, the security software and providing training in a highly useful way for the staff of an organisation because insecure organisation is more sustainable to be effected by threats than a more secure one. According to Microsoft Corporation (n.d.), it seems that Microsoft Windows Defender and Microsoft Security Essential are the programmes that may be very useful for mitigating the problems of malware. However, Cole et al. (2008) suggest that there are many practices of the members of the organisations that can be provided. It is clear that this paper has not suggested all the possible solutions to reduce the problems of harmful programmes because this is limited in terms of the number of words. It also suggested that for any users of computer around the world they should be able to use the security programmes and know how these programmes are updated via the Internet and how can the infected computer be solved. Today, the number of hackers and attackers has extremely grown. They use various types of malware for stealing information and damaging, deleting computer systems and data files. It will be better for other researchers to provide extra solutions for the malware. 9
  • 13. List of References Aleks (2012) The Flame: Questions and Answers [online] available from <http://www.securelist.com/en/blog/208193522/The_Flame_Questionsand_An swers> [5 May 2012] CA, Geier, E., and Geier J. (2007) Simple Computer Security. Indianapolis: Wiley Publishing Cole E., Krutz R., and Conley J. W. (2005) Network Security Bible. Indianapolis: Wiley Publishing Cole, E., Krutz, R. L., Conley, W. J., Reisman, B., Ruebush, M., Gollmann, D., and Reese, R. (2008) Network Security Fundamentals. Danvers: Wiley Publishing Collin, S.M.H. (2004) Dictionary of Computing. Bloomsbury Publishing Plc: Peter Collin Publishing Kizza, J. M. (2009) Guide to Computer Network Security. London: Springer Microsoft Corporation (n.d.) what is a firewall [online] available from <http://www.microsoft.com/security/pc-security/firewalls-whatis.aspx> [27 May 2012] Microsoft Corporation (n.d.) Microsoft Security Essentials [online] available from <http://windows.microsoft.com/en-US/windows/products/security-essentials > [2 May 2012] Microsoft Corporation (n.d.) Windows Defender [online] available from <http://windows.microsoft.com/en-US/windows7/products/features/windows-defender> [2 May 2012] Moir, R. (2003) Defining Malware [online] available from < http://technet.microsoft.com/en-us/library/dd632948.aspx> [20 May 2012] Nestler, V., Conklin, A., White, G., and Hirsch, M. (2011) Principles of Computer Security. New York: McGraw-Hill Salomon, D. (2010) the elements of computer security. London: Springer 10
  • 14. Stallings, W. (2005) Cryptography and Network Security Principles and Practices. London: Prentice Hall Symantec Security Response (2012) Flamer: Highly Sophisticated and Discreet Threat Targets the Middle East [online] available from <http://www.symantec.com/connect/blogs/flamer-highly-sophisticated-and-discreet- threat-targets-middle-east> [5 May 2012] Vacca, J. R. (ed.) (2009) Computer and Information Security. Burlington: Morgan Kaufmann 11