CS682 – Session 8

Prof. Katz

Virus WarningDO NOT OPEN "NEW PICTURES OF FAMILY" It is a virus that will erase your whole "C" drive. It will come to you in the form of an E-Mail from a familiar person.I repeat a friend sent it to me, but called & warned me before I opened it.He was not so lucky and now he cant even start his computer! Forward this to everyone in your address book. I would rather receive this 25 times than not at all.

Also: Intel announced that a new and very destructive virus was discovered recently.If you receive an email called "FAMILY PICTURES," do not open it. Delete it right away! This virus removes all dynamic linklibraries (.dll files) from your computer. Your computer will not be able to boot up.

Virus

Dear Friends, We have been unwittingly just infected with a virus from someone's email.

THIS Klez Worm VIRUS SENDS ITSELF TO ALL THE ADDRESSES IN THE ADDRESS BOOK OF THE COMPUTER IT HAS ARRIVED AT. Take the time and remove it now. The instructions are easy and I got rid of it in a few minutes. Some versions of anti virus software including Norton and Inoculate T have not been able to detect it. It is said that the virus HIDES in the computer for 2 weeks and then DAMAGES THE DISC IRREPARABLY.

The virus is called sulfnbk.exe Many apologies for the trouble it is causing.1. Go to "Start" and click on "Find"2. In the box, "find files or folders" type in sulfnbk.exe (the name of the virus)3. Make sure you are searching in the C-drive (check in the box marked "Search in")4. Click on Find5. If the file is found you will find an ugly black icon with the name sulfnbk.exe This file is a program. DO NOT OPEN IT !!!!!!6. Click on the RIGHT button of the mouse, on the file name, and then click on DELETE with the LEFT BUTTON OF THE MOUSE.7. You will be asked to send this file to the recycle bin or wastebasket---respond YES8. Open the recycle bin and eliminate the file, manually or by emptying the entire recycle bin or wastebasket.9. If you do find this virus in your computer, send this email to all the people in your address book because the virus is transmitted in this way. (Even if you don't find the virus, you should probably still send this email to all your addresses)10. I thought this was a joke at first but it is not and we found the ugly icon when we followed the above directions. Good luck.

Virii

Computer virii are as old as computers themselves

Originally written as a “Proof of concept”

Competitions were created There are now almost 60,000

known virii

Propagation methods

Manual – User Intervention required

Email – Either with or without user intervention

Physical – Via infected media Network – usually RPC or SMB

protocols

Different Flavors

Hoaxes Infectious Worms Trojans

Hoaxes

Generally try to convince the user of some believable event

Most commonly in the form of email messages (e.g. government bill to charge for email usage)

(Unfortunately) Cannot be stopped by software

Protecting against Hoaxes

Check one of the following sites: http://www.ciac.org http://www.sarc.com http://www.datafellows.com

Types of Infectious virii

Master Boot Record File infection Macro Email

MBR Infections

Require physical transfer of a disk from one computer to another

They will overwrite a portion of the Master Boot Record on the host to become active in memory each time the computer restarts

Future accesses through BIOS calls to the floppy disk will result in infections

File Infection

Usually Executable files Infection will usually result in

overwriting/rewriting the command.com, autoexec.bat or adding a registry key to HKLM/Software/Microsoft/Windows/Current Version/Run.

These virii are usually passed manually or physically, rarely are they by email

Sometimes benign

Macro virii

Application specific usually .wp or .doc These will usually contain some VB

Code to do harm to the host or otherwise infect it.

Common propagation includes modifying normal.dat so that every word document the user creates is infected

Email

Now the most common (and rapidly propagating) virii

Sometimes application specific (usually to MS Outlook) otherwise classified as trojan

Examples: KakWorm, Happy99, Melissa

Worms

Originally named for the way a Xerox memory print-out looked when infected

Self-replicating Usually is a classification of an

infection virii

Trojans

Users are coerced into activating these virii

Can do anything from provide remote control of the system to cause worm-like infection

E.g. Trinn, Back Orifice, Love Letter

Biometric Authentication

Biometric Authentication

Authentication using measurable physiological and/or behavioral characteristics

Replacements to Username/Password combinations

Problems with U/P authentication

Users frequently document their password

Loss of the password requires administrative intervention

“Passing” of the password become frequent

Biometric advantages Authentication is by a combination of

what you know and what you are “Passing” what you are is difficult or

impossible Impersonation becomes an impossibility Indirect Advantages

Can test medical health with authentication Using centralized database can

authorize/unauthorize people very quickly

Biometric Template storage

At the authentication point Central Repository On a portable token with the user

Biometric types

Fingerprint Hand Geometry Voice Recognition Retinal Scanning Iris Scanning Signature Facial Recognition

Fingerprint

12 or more points on the finger are scanned for a match Gaining popularity, low cost easy to implement Cuts or dirt can cause false rejects Intruders can obtain fingerprints from

anything the authentic user has touched

Digits are easily removed from the body

Hand Geometry

Physical characteristics of the hand are measured

False reject rate (FRR) is very low Popularity means low cost Requires a scanner large enough

for the hand

Voice Recognition

A line of text is read, key points are compared to a baseline sample

Users like the idea of talking to computers

Background noise, anxiety and the common cold can cause a failure

Large storage space required for the template

Retinal Scanning The inside of the eye contains blood

vessels which form in a unique way for each individual

Very accurate Almost impossible to steal Users will not like being shot with a

laser Medical problems may inhibit

authentication

Iris Scanning

Scans the random pattern of the iris

Overcomes many of the problems of Retinal scanners

Almost impossible to steal Users don’t trust the safety of the

cameras

Signature Verification

The user’s signature is compared with a baseline sample

User’s feel comfortable Inexpensive High failure rate Easy to steal

Facial recognition

Distance from a midline to key points on the face is measured

Inexpensive No contact with the device Background “noise” can cause

problems Immature technology

Problems with Biometrics

Passwords cannot be changed once they are compromised

Identical Twins will have the same biometric readings

Most solutions don’t eliminate the possibility of theft