Go to Bottom

Back To Home

My Thoughts about Mr. Sasabe's problem

Akira Sasabe (G7) had a virus problem towards the end of the semester. He wrote in an email message:

Date: Tue, 2 Dec 1997 17:59:32 -1000
From: Akira Sasabe
To: Leon James
Subject: My Report 2

Dr. James, I decided to retype the whole thing today and I did just about the half of it now, and the information seems to appear all right on my web page. It was really unfortunate since this time I decided to use computers only at Porteus and Moore Hall. I still do not know what was the cause of the virus problem, but I think as long as I stick with one computer, it seems to be OK. I found my "favorite" computer at Porteus and do my best to secure the seat whenever I come in to do the work.

I just hope that I find out the cause of this problem so other people who do not have computers at home will not suffer like me...

    It's easy to recognize that Mr. Sasabe of generation 7 have his computer data being infected by the computer virus, and all the data files were deleted.  He has to redo all of his stuffs and upload it to the web again.  It's such a regret for me.  I was lucky that I didn't meet such kinds of problems while I was doing my report.  After this incident, Mr. Sasabe decided to stick with one computer and worked on his project.  Luckily he finished his report without being infected again.

    Actually most of the computers in UH are being used by different kinds of people everyday.  They brought in diskettes with different kinds of data.   If one of the students brings a virus to the computer, then those students who use the same computer after he does will have chance to be infected by computer virus.  It's so easy for the computers to get infected by the computer viruses when people got the viruses (data from the diskettes or from the web) and saved it back to their own computer.

    My experienced with computer viruses started when I owned my first computer 7 to 8 years ago.  I was still using the floppy disk to start up my computer.  The diskette was so easy to get infected by computer viruses, and I have to keep buying a new boot diskette from the computer store.  Other kinds of computer viruses I've been infected before is a virus called "Stone Michaelangelo."  This computer viruses damaged the system files which made the computer unable to start up.  This is so irritating because I don't even know where I get the viruses from.

    For me, I'm not really worried about the computer viruses since I didn't have much experiences with them.  It does make somebody angry when you really want to use it but the computer tell you that there's some kind of computer virus inside your computer and you were not able to use it.  There are a lot of anti-viruses programs available on the web for people to download.  I'm currently using the same anti-virus program which came along while I purchase my computer.  But I have founded it out-dated, and I will try download a new one from the web as soon as possible because prevention is always better than cure.

Back To Top
 
 
 

Edupage Online, December 1997, DOE Warning

DOE ISSUES WARNING ON CRACKER TOOLS The U.S. Department of Energy has issued a bulletin
warning that two new computer attack tools, known as Teardrop and Land, are being used maliciously by
crackers intent on breaking into computer systems and networks. The software sniffs out vulnerable servers and
launches attacks based on the "denial-of-service" strategy that overwhelms servers with bogus messages, blocking
out legitimate traffic. "They hit the button and go down to the cinema with their girlfriends," says a senior systems
consultant with the Defense Information Systems Agency. "They come back and see that they have looked at
200,000 systems." (TechWeb 24 Dec 97)

    Computer attack tools are available all over the web nowadays.  Softwares like ICQ gives out user IP address easily.  Other people are easy to check the address by clicking on the information of the user.  With this IP address, people are able to send "flood messages," or even have the chance to remote another computer.  I have tried this software before and it is proved to be very effective and destructive.  I think that it's so innocent for people who didn't know such stuff.  The only thing I can say is that it's sort of dangerous to go online.  Once you go online, nothing is going to be private.  Who knows big companies like Hotmail.com have security problems.  News from several weeks before report that hackers are able to go in and out users' account easily.  I think these news are continually to make people feel insecure to go online.

 Back To Top
 
 
 

Online Resources of Computer Viruses

1.   http://ciac.llnl.gov/ciac

2.   http://www.mcafee.com/support

3.   IBM's virus warning site http://www.av.ibm.com/BreakingNews/HypeAlert/

4.   Computer Virus Myths  http://www.kumite.com/myths

5.   Symantec's Anti-Virus Research Centre   http://www.symantec.com/avcenter/hoax.html

6.   http://www2.offutt.af.mil/wipo/virushoax.html  (this site is not available)

7.   http://csrc.ncsl.nist.gov/virus/
 

My Recommendations

1.  Microsoft for the year 2000   The year 2000 is rapidly approaching, Microsoft has set up a Web site that you can access whenever you wish.  The site provided information and software updates for the year 2000.  Access to this site and any software updates you need are free of charge.

2.  The Free Site   Provide anti-virus and other kinds software for people to download.

3.   Designing and Implementing Virus Protection   This site leads small businesses and other Fortune 1000 companies in designing an anti-virus policy that fits their needs. There are many definitions and abstracts relating to computer viruses and their types.

4.  Hok Lam Un's Anti-virus Page   This state of the art multimedia site will bring you anti-virus tips, software downloads, cyclopedias, products review, links to anti-virus community...

  Back To Top
 
 
 

What are Computer Viruses?

    In 1983 Dr. Frederick Cohen experimented at the University of Pennsylvania with "self-replicating" code and started using the term "virus".  Computer viruses, as we know them now, originated in 1986 with the creation of Brain the first virus for personal computers. Two brothers wrote it (Basid and Farooq Alvi who ran a small software house in Lahore, Pakistan) and started the race between viruses and antivirus programs which still goes on today.  Since then much has changed.
 

What is their Purpose?

    Virus authors have mastered techniques which were never dreamt of viruses which hide from antivirus programs (stealth viruses), viruses which deliberately change their code (polymorphic viruses), and viruses which can infect data files (macro viruses). We can safely assume that the development of computer viruses is nowhere near an end. The release of new operating systems will lead to new viruses which will use the specific functions of these operating systems.
 

Who Creates them? Why?

    Viruses can be written by anyone, anywhere in the world, who has enough programming skill. A few have been developed by researchers for demonstration purposes, and some others are jokes, written by pranksters. Other viruses are written by people learning programming, who think writing a virus is accomplishing something. In many cases, these viruses get passed around, and later are altered by other people.

 Back To Top
 
 
 

How do they work?

    A virus is inactive until the infected program is run or boot record is read. As the virus is activated it loads into the computers memory where it can perform a triggered event or spread itself. Disks used in an infected system can then carry the virus to another machine. Programs downloaded from bulletin boards can also spread a virus. Data files, however, can not transfer a virus but they can become damaged.
 

How do they spread?

    When a program infected by a virus is executed, the virus code will also run, and it will try to infect other programs. This can be done on the same computer or on other computers connected by a network. The new infected programs will try to infect more programs. When a copy of an infected file is shared with other computer users, running the file may also infect their computer, and infected files will continue to spread to more computers. If a computer is infected with a boot sector virus, the virus tries to write copies of itself to the system areas of floppy disks and hard disks. Then the infected floppy disk may infect other computers that boot from them, and the virus copy on the hard disk will try to infect more floppies.
 

What types are there?

Virus are classified by the ways they infect computer systems:

         Program: Executable program files such as .Com, .Exe, .Ovl, .Drv, .Sys, .Bin, Vbx, and DLL

         Boot: Boot Record, Master Boot, FAT and Partition Table.

         Multipartite: Both program and boot infector.

  Back To Top
 
 
 

Famous Computer Virus

CIH - which first surfaced in late June 1998, is capable of overwriting MBR's making all the data
on hard disks inaccessible. The flash memory chips of some systems are also vulnerable to attack,
potentially causing unrecoverable damage. The virus is a Windows95/98 portable-executable file infector
that insidiously hides within these files, waiting to infect additional files as they are executed. In general,
infected files work correctly, giving no clue that the system is infected. There are a number of Windows
95/98 files which cannot be repaired upon disinfection due to the mechanism by which the virus inserts itself
into the files. Windows NT systems may store infected files, though the NT systems themselves cannot be
damaged by the virus. The virus has two payloads. One of its capabilities is erasing or damaging the flash
memory and/or flash BIOS of some machines. The other is to overwrite the MBR and boot sector. The file
acts at the file system level, allowing it to bypass standard BIOS virus protection. There are three virus
versions known, which are very closely related They have different lengths, texts inside the virus code and
trigger dates.

Melissa - The most recent virus to make the news as of April 1999 is a Word97 Macro virus that spreads
through e-mail. Once a resident in mail servers, the Melissa virus spreads as an e-mail attachment with the
header "Important Message From [registered user's name]." As innocent recipients click on the attachment, the
virus sends itself to the first 50 addresses in the personal address book. The virus was annoying and blocked
systems for a few days. It even hit government agencies and utility companies.

Michelangelo - This boot sector virus began in Asia in 1991 and infects the partition sector of the hard disk
when booted from an infected floppy disk. The virus then infects any floppy disk accessed when the virus is
memory resident. It would infect the computer on March 6th by writing garbage on all tracks of all cylinders.
I remembered this because I've infected by this a couple times already.

 Back To Top
 
 
 

What are the Virus Myths?  Why do people propagate them?

    Many myths have surfaced about the threat of computer "viruses."  There are myths about how widespread they are, how dangerous they are, and even myths about what a computer virus really is. We want you to know the facts.  The first thing you need to know is that a computer virus falls in the realm of malicious programming techniques known as "Trojan horses." All viruses are Trojan horses, but relatively few Trojan horses can be called a virus. Viruses, like all Trojan horses, purposely make a program do things you don't expect it to do. Some viruses will just annoy you, perhaps only displaying a "Peace on earth" greeting. The viruses we worry about will try to erase your data (the most valuable asset of your computer!) and waste your valuable time in recovering from an attack.

    I believed that people who propagate these Virus Myths are not expertise in computer field.  They are making false beliefs and assumptions of what might bring to the computer users when they experienced computer viruses.  They are not sure whether the myths are true or not.  Such kind of myths can be easily found in the computer world.  People kept on rece
 

Describe some that you find astonishing

1.  MYTH: "all purposely destructive code spreads like a virus"

Reality:  Remember, "Trojan horse" describes purposely destructive code in general. Viruses may get almost all the media attention, but only a few Trojan horses actually qualify as viruses. Newspaper & magazine reporters tend to call almost anything a virus because they often have no real understanding of computer crime.

Reality:  If 25% suffer an infection every month, then 100% would suffer a virus every four months -- in other words, every IBM PC would suffer an infection three times per year.  Computer viruses exist all over the planet, yes -- but they won't take over the world. Only about 500 different viruses exist at this time; many of them have never existed "in the wild" and some have since been completely eliminated "from the wild." You can easily reduce your exposure to viruses with a few simple precautions. Yes, it's still safe to turn on your computer!

This myth continues to linger largely because antivirus companies issue press releases claiming other antivirus companies can't
detect the latest galactic threat to computers.
 

Reality:  Most viruses employ a character-based "signature" which identifies it both to the virus (so it doesn't infect an executable file repeatedly) and to antivirus software (which uses the signature to detect the virus). A Mutation Engine virus employs an algorithm signature rather than a character-based signature -- but it still has a unique, readily identifiable signature.  The technique of using algorithm signatures really doesn't make it any harder to detect a virus. You just need to do some calculations to know the correct signature -- no big deal for an antivirus program (despite what the company's advertisements may tell you). Likewise, certain "macro viruses" can hide themselves from the curious user who inspects his computer with the naked eye, but it too has a unique, readily identifiable signature. Again, no big deal.

4.  MYTH: "my computer could be infected if I simply connect to the Internet or dial an infected BBS"
 

Reality:  Internet connections and BBSs can't write information on your disks -- the communications software you use performs this task.  You can only transfer a dangerous file to your computer if you let your software do it.

Significance of Computer Virus

    The significance of computer virus is to improve the overall level of security of computer system.  A news in Singapore several weeks before was giving out a large sum of money for hackers to hack a specific government's computer system.  The first one who successfully put a message in the system will be rewarded.  The news seemed to be ridiculous, but the government of Singapore is actually wanted to improve its security system.  For the safety for the people living there and the large amount of investors in Singapore, the government is willing to let the hackers to challenge the system.  There are a lot of people like to challenge the computer system.  Some of them didn't mean to do any destructive act to the computers, whereas the others are.  Most of them simply want to prove themselves that they can beat down the computer system.

Back To Top
 
 
 

How are they like biological viruses in function?

    A computer virus is a special sort of computer program which spreads by making copies of itself. It `infects' programs and disks, usually in a surreptitious way, and can be very difficult to detect.  A user is normally unaware that the PC has a virus, and may spread the infection unwittingly by everyday operations such as sharing floppy disks between machines.  This is the same as some of the biological viruses are spread by air and other kinds of media.  The biological viruses are able to replicate by themselves, and it is very hard to detect unless it is damaging the human parts.  Same as the biological viruses, computers should be equiped with some sort of anti-viruses program to do the same jobs as the antibodies in the human.

  Back To Top
 
 
 

The Invasion of Computer Virus

    I think one of the most destructive computer virus is the CIH viruses designed by a Taiwanese.  It was first founded in June 1998.
 

     This is a Windows95/98 specific parasitic virus infecting Windows PE files (Portable Executable), about 1Kbyte of length. This virus was found "in-the-wild" in Taiwan in June 1998 -  it was released by the virus author in a local university where he was studying at that time, then the virus was (accidentally?) posted to a local Internet conference that released the virus out of
 Taiwan: within a week the virus was found in Austria, Australia, Israel, United Kingdom, and was also reported from several other countries (Switzerland, Sweden, USA, Russia, Chile, e.t.c.).

     In about a month the infected files were accidentally put on several Web sites in USA (game software distribution sites) that caused global virus epidemic. In about a year after the virus' appearance, on April 26th 1999 the "bomb" in virus code caused a computer "catastrophe". A great number of computers were damaged because of virus infection: all of them lost data on
 the hard drive, many of them also got a destroyed chip on the motherboard (in addition to damaged data on their hard drives). This incident was a major one - there were no such global and terrible computer incidents known before.

     Because the virus "bomb" day falls to the day of the Chernobyl catastrophe, which shocked the world on 26th April 1986, the virus, already known as "CIH" got its second name - "Chernobyl".

     Despite this the virus author did not link his "bomb" with Chernobyl (maybe he even hasn't heard this name before). It seems the "bomb" day was selected by another reason. The first virus version (that fortunately hasen't left Taiwan) was released on April 26 1998, so the virus celebrated its "birthday" on April 26 1999.
 

  Back To Top
 
 
 

Conclusion

    I think this report is very informative for the new computer users who have no deep knowledge of what a computer viruses are.  Viruses myths make terror to the new users.  After reading this report, people will have a deeper understanding of the biological-liked computer viruses.  They will know how a viruses worked, and how they spread from one computer to the other.  This report should be very valuable for them.

  Back To Top
 
 
 

Epilogue

    I've been spending almost a week for this report.  Before that, I'm not very sure what a computer viruses was liked.  The only thing that came into my mind is it will only bring destruction to my computer.  I have a better understanding of what is a myth and when will a viruses takes place.  A viruses can be very destructive such as the virus CIH, so what I recommend is to get an updated anti-virus program for your computer.

  Back To Top

Navigation Table