Lecture 22 - Malware: Viruses and worms. After studying this chapter you will be able to understand: Attributes of a virus, educational examples of a virus in Perl and Python, attributes of a worm, educational examples of a worm in Perl and Python, some well-known worms of the past, the conficker and stuxnet worms, how afraid should we be of viruses and worms? | Lecture 22: Malware: Viruses and Worms Lecture Notes on “Computer and Network Security” by Avi Kak (kak@) April 21, 2016 9:59am c 2016 Avinash Kak, Purdue University Goals: • Attributes of a virus • Educational examples of a virus in Perl and Python • Attributes of a worm • Educational examples of a worm in Perl and Python • Some well-known worms of the past • The Conficker and Stuxnet worms • How afraid should we be of viruses and worms? CONTENTS Section Title Page Viruses 3 The Anatomy of a Virus with Working Examples in Perl and Python 6 Worms 12 Working Examples of a Worm in Perl and Python 15 Morris and Slammer Worms 32 The Conficker Worm 35 The Anatomy of and 44 The Anatomy of 49 The Stuxnet Worm 52 How Afraid Should We Be of Viruses and Worms 56 Homework Problems 62 2 Computer and Network Security by Avi Kak Lecture 22 : VIRUSES • A computer virus is a malicious piece of executable code that propagates typically by attaching itself to a host document that will generally be an executable file. • Typical hosts for computer viruses are: – Executable files (such as the ‘.exe’ files in Windows machines) that may be sent around as email attachments – Boot sectors of disk partitions – Script files for system administration (such as the batch files in Windows machines, shell script files in Unix, etc.) – Documents that are allowed to contain macros (such as Microsoft Word documents, Excel spreadsheets, Access database files, etc.) 3 Computer and Network Security by Avi Kak Lecture 22 • Any operating system that allows third-party programs to run can support viruses. • Because of the way permissions work in Unix/Linux systems, it is more difficult for a virus to wreak havoc in such machines. Let’s say that a virus embedded itself into one of your script files. The virus code will execute only with the permissions that .
