Virus Case Study
Briefly explain in detail to the management about various fact/issues about ‘virus’ – what it is, how it spreads, what are the areas of infections, what are specific viruses. Most computer users get alarmed when they heard about the word “virus”. Virus brings a lot of damages in human’s computer works as it brought harmful effects. Viruses affect businesses’ efficiency, productivity and money as it really takes time to get rid off the threat. Viruses do easily, quickly and quietly spreading without the user’s knowledge because of the interoperability between the system and the applications.
The lack of education for user is one of the main reasons for a virus infection. IT staffs are the persons who get upset most of the time when there’s a virus infection in one of the computers in an organization. Users are being informed and advised what they have done wrong and then ask why they did it but the question is, were they educated beforehand or were they just relying in their common sense? It is very important to remember that these users are not IT pros and it is the organization’s IT department job and responsibility to educate them properly.
Need essay sample on "Virus Case Study" ? We will write a custom essay sample specifically for you for only $12.90/page
Usually, what normal end users do is installing anti virus software to avoid computer viruses to infect and get in to their computer systems and data. Computer virus could be prevented by educating each of the users on what are DOs and DON’Ts in preventing virus epidemics. Educating users are one of the big challenges in confronting computer viruses. A lot of effort will be needed to provide a proper education about computer virus especially if the target user includes home user and users with non-IT literature background. Let’s say for example, in an organization, we could create rules for an anti virus campaign.
First we have to define and explain them what a Virus is. A virus is a small program written by skilled programmers, capable of self-replication and implementation of various destructive actions. Virus usually attached to the file, or enters the body file. In this case we say that the file is infected with a virus. The virus gets into your computer only with the infected file. To enable the virus to download an infected file, and only after that, it starts to act independently. Some viruses in the infected file resides in the computer’s memory and can infect other downloadable files and programs.
Another kind of virus immediately after activation can cause serious damage, such as formatting the hard drive. Effect of the virus can manifest itself in different ways, from different visual effects, hindering work to complete loss of information. Most viruses infect the executive program, that is, files with the extension. EXE and. COM, although in recent years increasingly popular viruses that spread through e-mail. The main source of the virus: ?Computer network, including e-mail and Internet ?Hard drive that got the virus from handling infected programs ?
Virus remains in the memory after the previous user The main early symptoms of infection by computer virus: ?Reducing the amount of free memory ?Slow down the computer ?Wierd and unusual changes in files, and change the size and last modification of files ? Error loading operating system ?You cannot save files to the proper location ?Incomprehensible system messages, music, and visual effects, etc. ?Signs of an active phase of the virus ?Disappearance of files ?Formatting the hard drive ?Inability to download files or operating system There are many different viruses.
Conventionally, they can be classified as follows: 1)Boot virus or BOOT-viruses infect boot-disk sectors. These are dangerous as it can lead to complete loss of all data stored on disk. 2)File viruses infect files. It is divided into: •Viruses that infect program (files with the extension. EXE and. COM); •Macro viruses which infect data files, such as Word documents or workbooks Excel •Companion viruses use the names of other files •Virus family DIR distort the system information about the file structure • 3)Loader and viruses are able to infect as boot-sector code and code files. )Stealth viruses or STEALTH-viruses falsify the information read from the disk so that the program, which is the information received bad data. This technology, which sometimes are called Stealth-technology can be used in BOOT-virus and viruses in the file. 5)Retroviruses infect the anti-virus software, trying to destroy them or make disability. 6) Worms supply small emails, so-called title, which is essentially a Web-office address of the virus. When you try to read the message, it starts to read through a global network of Internet its ‘body’ and after loading begins destructive.
It is very dangerous, because they are very hard to find, due to the fact that the infected file is not actually contain the virus code. WHAT COULD VIRUSES DO? Below are the things what viruses could do and their example. ¦ Virus slows down Email Virus does spread by email. For example is Sobig Virus. It generates so much email traffic that causes slow connection or sometimes server just crashed. Companies may react to this risk by shutting down servers. ¦Virus steals confidential data The Bugbear-D worm records the user’s keystrokes, including passwords, and gives the virus writer access to them. Virus uses your computer to attack websites MyDoom used infected computers to flood the SCO software company’s website with data, making the site unusable (a denial of service attack). ¦ Virus let other users to hijack your computer Some viruses place “backdoor Trojans” on the computer where in it allows the virus writer to connect to your computer and use it for their own agenda. ¦ Virus corrupts the data For example is Compatable virus. It makes changes to the data in Excel spreadsheets without the user’s knowledge. ¦ Virus deletes data The Sircam worm attempts to delete or overwrite the hard disk on a certain day. Virus disables hardware CIH, also known as Chernobyl, attempted to overwrite the BIOS chip on April 26, which causes for the computer to be unusable. ¦ Virus plays pranks The Netsky-D worm made computers beep in irregular interval of time for several hours. ¦ Virus displays unnecessary messages Cone-F displays a political message during the month of May. ¦ Virus damages your credibility. The Virus may forward itself from your computer to your customers and business partners’ computers. This may caused a refusal to do business with your company or may demand compensation. ¦ Virus causes you embarrassment
PolyPost virus forwarded and places personal documents and personal info such as your name on sex related newsgroups WHERE ARE THE VIRUS RISKS? ?Programs and documents The infection spreads when you share the infected programs and documents with other users, by saving them on your network or by sending them out. ?The Internet Security vulnerabilities in your operating system allow viruses to infect your computer through the use of Internet without you’re your knowledge by downloading programs or documents that are infected. ?Email Email with attachments might be infected.
You are risking infecting your machine if you will open infected attachment. Malicious scripts that are included in the email automatically run when you read the email. ?CDs and portable USB Hard drives USB Hard drives’ boot sector is possible to be infected. It is able to hold infected programs or documents same with the CD. (b)Explain in detail what are the preventive measures against viruses? If you do not take measures to protect against computer viruses, the consequences of infection can be very serious. In some countries, legislation provides for criminal liability for computer crimes, including the introduction of viruses.
Security software includes various anti-virus softwares. Anti-Virus – is a program that identifies and neutralizes computer viruses. Viruses should be immediately noted in their development ahead of anti-virus software, so even in the case of regular use of anti-virus, there is no 100% secure system. Anti-virus programs can detect and destroy a known virus. However, many modern anti-virus packages are composed of a special software module, called heuristic analyzer that can examine the contents of files for code that is characteristic of a computer virus.
This allows for timely detection and warning of the risk of infection by a new virus. Distinguish these types of antivirus software: 1) Program-detectors: designed to find the infected files of the known viruses. Some programs detectors can also treat the files from viruses or destroy the infected files. There are specialized, that is designed to combat a virus detectors and polyphagous, which can deal with many viruses. 2) Program-doctors: used to treat infected drives and programs. 3) Programs, auditors: designed to identify infected files, as well as finding corrupted files.
These programs are stored on the status of the program and the system areas of disks in the normal state (before infection) and compared the data in the computer. In case of discrepancy of data there is a message that will appear about the possibility of infection 4)Doctors, auditors: designed to detect changes in files and system areas of the disk and, in the case of changes, return to the initial state. 5) Filter program: designed to intercept system calls, which are used for virus propagation and report it to the user. The user can enable or disable the corresponding operation.
Such programs are resident, they are in the computer’s memory. 6) Vaccine program: used to handle files and boot-sector in order to prevent infection of known viruses (In early years of virus history, this method is used more and more often). PREVENTING VIRUSES Inform and make users aware of the risks Inform users that it is risky to open unknown email attachment and download files from Internet. Installation of anti-virus software and regular updates Anti-virus programs detect and disinfect viruses. Download software patches to close security loopholes
Make yourself aware of latest “patches” for your operating system. Most of the time, it closes loopholes that make your system vulnerable to viruses. Installation of firewalls Firewall helps to prevent unauthorized access to your network and doesn’t allow viruses to send out information. Perform and keep a regular backup for all your data You’ll be able to replace your files and programs with clean copies if you have backup of all your data when there’s a virus attack. DOs and DON’Ts to follow with regards to anti-virus rules: Do inform and make the management and staffs be aware of a written policy and responsibilities on how to maintain the anti-virus and what they need to do in case of emergency. •Do ensure that there is installed anti-virus software on every computer; even the computer is not running any e-mail. •Do a regular or daily update on anti-virus software on every machine. •Do run the scanning of every computer’s memory, master and boot records, and system files after start up. •Do program the anti-virus to do scanning in all files and not only executable files. If anti-virus heuristic controls are available, do enable it. •Don’t allow (WSH) Windows Scripting Host to run on computers that don’t need it. The virus operates in VB (Visual Basic) language and WSH is the one who controls it. So without the WSH, the virus is unable to operate •Macro Virus Protection needs to be enabled in all Microsoft Office programs. •Viruses could be activated by previewing emails. Don’t enable the Preview Pane view in Outlook. •Do program your e-mail not to open the attachments automatically and don’t open any unknown or suspicious attachments. Do inform users not to disable the anti-virus. Educate users about the type of anti-virus program you are using and how it works. This will help them to understand that they shouldn’t disable the anti-virus program installed in their machines. (c)If LAN is infected, then explain in detail the possible treatments. If the worst has just happened and you think your Local Area Network has been infected with a virus. The first thing to do is don’t panic! Below are the set of procedures that you have to do. 1.
Identify what kind of infection that infected the machines If your anti-virus program can’t specifically identify which virus has infected your system, you have to do further research regarding its symptoms. Updated anti-virus program should easily identify the virus. Update your anti-virus program immediately if regular updated wasn’t done. 2. Find the source of the infection Check all the computers on your local are network to identify which ones have been infected 3. Immediately put infected machines to quarantine Disable all the machines from the network so the infection wouldn’t spread. 4.
Cure or get rid of the infection Disinfect all the machines in the network by running the anti-virus program. The anti-virus will take care of the entire virus detected. 5. Rescan all the machines Don’t re-enable the machines back to the network until it is sure that virus epidemic has been gone. 6. Inform and report to everyone what happened by setting up a meeting. Explain why it happened and what you have done to do to fix it. Don’t blame or pinpoint the person who had caused the virus attacked. Take it as opportunity to explain them that this is a lesson learned and make sure it will never happen again.
REFERENCES . 2012. . [ONLINE] Available at: http://www. sophos. com/sophos/docs/eng/comviru/viru_ben. pdf. [Accessed 04 November 2012]. Network Security: Anti-Virus Do’s and Don’ts – For Dummies . 2012. Network Security: Anti-Virus Do’s and Don’ts – For Dummies . [ONLINE] Available at: http://www. dummies. com/how-to/content/network-security-antivirus-dos-and-donts. html. [Accessed 04 November 2012]. Hughes, S. , 2012. Computer Security: Keeping Your Computer Safe with Virus Removal CISSP, P. H. G. C. , 2004. Computer Viruses For Dummies, For Dummies.