🦠

Understanding Computer Viruses and Worms

May 25, 2025

Computer Viruses and Worms Lecture Notes

Introduction to Computer Viruses

  • Definition: A computer virus is akin to a biological virus; it self-replicates and spreads across computers.
  • Initiation: Typically requires human intervention, such as clicking a link or executing a file.
  • Actions: Can move through file systems and across networks.
  • Impact: Often leads to outages or downtime, but some may operate quietly in the background.

User Concerns

  • Prevalence: Viruses are a common security concern for users.
  • Prevention: Operating systems often include antivirus software to detect malicious executables.
  • Maintenance: Keeping antivirus signature files updated is crucial for detecting new threats.

Types of Viruses

  • Traditional Executable Viruses: Require user action to initiate.
  • Boot Sector Viruses: Activate during system boot-up.
  • Script Viruses: Can be embedded in browser scripts or application macros (e.g., Microsoft Office macros).
  • Fileless Viruses: Operate mainly in memory, making them hard to detect by traditional antivirus solutions.

Fileless Viruses

  • Characteristics: Do not write code to storage; operate entirely in system memory.
  • Example Infection:
    • User clicks a malicious link.
    • Exploits a system vulnerability (e.g., Flash, Java, Windows).
    • Runs unwanted scripts (e.g., Powershell) entirely in memory.
    • Could alter system registry for persistence.

Worms

  • Definition: Malware capable of self-replication without user intervention.
  • Propagation: Quickly spreads across networks due to connectivity.
  • Prevention: Firewalls and intrusion prevention systems can limit worm spread if properly configured.
  • Rarity: Less common than viruses but still a significant threat.

Example: The WannaCry Worm

  • Mechanism:
    • Propagates automatically across networks.
    • Installs ransomware, encrypting user files.
    • Uses vulnerabilities (e.g., EternalBlue) to spread and establish backdoors.
    • Continues to infect all vulnerable systems within a network.

Conclusion

  • The danger of both viruses and worms lies in their ability to exploit system vulnerabilities and propagate through networks.
  • Regular updates, secure configurations, and awareness are key defenses against these types of malware.

Full transcript