Upload
tallys
View
23
Download
0
Embed Size (px)
DESCRIPTION
CS682 – Session 8. Prof. Katz. Virus Warning. - PowerPoint PPT Presentation
Citation preview
CS682 – Session 8
Prof. Katz
Virus WarningDO NOT OPEN "NEW PICTURES OF FAMILY" It is a virus that will erase your whole "C" drive. It will come to you in the form of an E-Mail from a familiar person.I repeat a friend sent it to me, but called & warned me before I opened it.He was not so lucky and now he cant even start his computer! Forward this to everyone in your address book. I would rather receive this 25 times than not at all.
Also: Intel announced that a new and very destructive virus was discovered recently.If you receive an email called "FAMILY PICTURES," do not open it. Delete it right away! This virus removes all dynamic linklibraries (.dll files) from your computer. Your computer will not be able to boot up.
Virus
Dear Friends, We have been unwittingly just infected with a virus from someone's email.
THIS Klez Worm VIRUS SENDS ITSELF TO ALL THE ADDRESSES IN THE ADDRESS BOOK OF THE COMPUTER IT HAS ARRIVED AT. Take the time and remove it now. The instructions are easy and I got rid of it in a few minutes. Some versions of anti virus software including Norton and Inoculate T have not been able to detect it. It is said that the virus HIDES in the computer for 2 weeks and then DAMAGES THE DISC IRREPARABLY.
The virus is called sulfnbk.exe Many apologies for the trouble it is causing.1. Go to "Start" and click on "Find"2. In the box, "find files or folders" type in sulfnbk.exe (the name of the virus)3. Make sure you are searching in the C-drive (check in the box marked "Search in")4. Click on Find5. If the file is found you will find an ugly black icon with the name sulfnbk.exe This file is a program. DO NOT OPEN IT !!!!!!6. Click on the RIGHT button of the mouse, on the file name, and then click on DELETE with the LEFT BUTTON OF THE MOUSE.7. You will be asked to send this file to the recycle bin or wastebasket---respond YES8. Open the recycle bin and eliminate the file, manually or by emptying the entire recycle bin or wastebasket.9. If you do find this virus in your computer, send this email to all the people in your address book because the virus is transmitted in this way. (Even if you don't find the virus, you should probably still send this email to all your addresses)10. I thought this was a joke at first but it is not and we found the ugly icon when we followed the above directions. Good luck.
Virii
Computer virii are as old as computers themselves
Originally written as a “Proof of concept”
Competitions were created There are now almost 60,000
known virii
Propagation methods
Manual – User Intervention required
Email – Either with or without user intervention
Physical – Via infected media Network – usually RPC or SMB
protocols
Different Flavors
Hoaxes Infectious Worms Trojans
Hoaxes
Generally try to convince the user of some believable event
Most commonly in the form of email messages (e.g. government bill to charge for email usage)
(Unfortunately) Cannot be stopped by software
Protecting against Hoaxes
Check one of the following sites: http://www.ciac.org http://www.sarc.com http://www.datafellows.com
Types of Infectious virii
Master Boot Record File infection Macro Email
MBR Infections
Require physical transfer of a disk from one computer to another
They will overwrite a portion of the Master Boot Record on the host to become active in memory each time the computer restarts
Future accesses through BIOS calls to the floppy disk will result in infections
File Infection
Usually Executable files Infection will usually result in
overwriting/rewriting the command.com, autoexec.bat or adding a registry key to HKLM/Software/Microsoft/Windows/Current Version/Run.
These virii are usually passed manually or physically, rarely are they by email
Sometimes benign
Macro virii
Application specific usually .wp or .doc These will usually contain some VB
Code to do harm to the host or otherwise infect it.
Common propagation includes modifying normal.dat so that every word document the user creates is infected
Now the most common (and rapidly propagating) virii
Sometimes application specific (usually to MS Outlook) otherwise classified as trojan
Examples: KakWorm, Happy99, Melissa
Worms
Originally named for the way a Xerox memory print-out looked when infected
Self-replicating Usually is a classification of an
infection virii
Trojans
Users are coerced into activating these virii
Can do anything from provide remote control of the system to cause worm-like infection
E.g. Trinn, Back Orifice, Love Letter
Biometric Authentication
Biometric Authentication
Authentication using measurable physiological and/or behavioral characteristics
Replacements to Username/Password combinations
Problems with U/P authentication
Users frequently document their password
Loss of the password requires administrative intervention
“Passing” of the password become frequent
Biometric advantages Authentication is by a combination of
what you know and what you are “Passing” what you are is difficult or
impossible Impersonation becomes an impossibility Indirect Advantages
Can test medical health with authentication Using centralized database can
authorize/unauthorize people very quickly
Biometric Template storage
At the authentication point Central Repository On a portable token with the user
Biometric types
Fingerprint Hand Geometry Voice Recognition Retinal Scanning Iris Scanning Signature Facial Recognition
Fingerprint
12 or more points on the finger are scanned for a match Gaining popularity, low cost easy to implement Cuts or dirt can cause false rejects Intruders can obtain fingerprints from
anything the authentic user has touched
Digits are easily removed from the body
Hand Geometry
Physical characteristics of the hand are measured
False reject rate (FRR) is very low Popularity means low cost Requires a scanner large enough
for the hand
Voice Recognition
A line of text is read, key points are compared to a baseline sample
Users like the idea of talking to computers
Background noise, anxiety and the common cold can cause a failure
Large storage space required for the template
Retinal Scanning The inside of the eye contains blood
vessels which form in a unique way for each individual
Very accurate Almost impossible to steal Users will not like being shot with a
laser Medical problems may inhibit
authentication
Iris Scanning
Scans the random pattern of the iris
Overcomes many of the problems of Retinal scanners
Almost impossible to steal Users don’t trust the safety of the
cameras
Signature Verification
The user’s signature is compared with a baseline sample
User’s feel comfortable Inexpensive High failure rate Easy to steal
Facial recognition
Distance from a midline to key points on the face is measured
Inexpensive No contact with the device Background “noise” can cause
problems Immature technology
Problems with Biometrics
Passwords cannot be changed once they are compromised
Identical Twins will have the same biometric readings
Most solutions don’t eliminate the possibility of theft