Computer Viruses and Worms Overview

Questions and Answers

What is a virus in the context of computer programs?

A programming glitch that causes software to crash

A standalone application that performs automated tasks

A type of hardware that damages computer systems

A piece of self-replicating code embedded in another program (correct)

How do viruses typically spread?

Through social media platforms exclusively

By being intentionally deleted by users

Via diskettes, email, and files downloaded from the Internet (correct)

Only through websites with known vulnerabilities

What major step allows a virus to replicate once a user executes an infected program?

The virus modifies system preferences to allow access

The virus creates a new version of another executable program (correct)

The virus sends email notifications to all contacts

The virus automatically updates the user’s system

Which action can trigger an email virus spread?

Opening an attachment that contains a virus

What is the importance of keeping antivirus software up-to-date?

It allows for detection and destruction of new viruses

What type of application should consumers be wary of?

Fake antivirus applications

What moral accountability does Butler have regarding Firesheep?

He has some moral responsibility for facilitating wrong actions

What is a defining characteristic of a worm in computer networks?

It is a self-contained program.

How did Robert Tappan Morris, Jr. release the Internet worm?

From an MIT computer.

What was one significant consequence of the Internet worm's release?

Infected computers kept crashing or became unresponsive.

What ethical theory argues that Morris violated others by accessing their computers without permission?

Kantian ethics.

What was a societal benefit attributed to Morris's actions with the worm?

Organizations learned of security flaws.

Which of the following consequences did Morris face for releasing the Internet worm?

Three years' probation and 400 hours of community service.

What did the Sasser worm disrupt in its attack?

Operations at Delta Airlines and several other organizations.

Who confessed to being responsible for the Sasser worm?

Sven Jaschan, a German juvenile.

What punishment did Sven Jaschan receive for his actions with the Sasser worm?

30 hours of community service and probation.

Which ethical evaluation suggests that Morris acted selfishly by using the Internet as a lab?

Virtue ethics evaluation.

What significant cyber attack occurred in Estonia in 2007?

Politically motivated cyber attacks

Which countries were targeted during the Fourth of July attacks in 2009?

United States and South Korea

What specific vulnerability is associated with Internet-based SCADA systems?

They create potential security risks due to remote diagnostics

Which cyber weapon was developed to attack Iran's nuclear capabilities?

Stuxnet worm

What event coincided with the DDoS attack on Twitter and other sites in 2009?

The anniversary of the Georgia-Russia war over South Ossetia

What was the primary concern addressed by the Department of Justice regarding Apple?

Apple could maintain custody of the software used.

What does sidejacking involve?

Capturing a user’s cookie on an open Web session.

What was the main function of the Firesheep extension released by Eric Butler?

To allow users to sidejack Web sessions easily.

What was a notable outcome following the release of Firesheep?

Improved security measures from Facebook and Twitter.

How did the act utilitarian analysis view the release of Firesheep?

It was viewed as good due to raised awareness of security issues.

Which ethical attribute did Butler demonstrate by making Firesheep freely available?

Benevolence

What was the primary security vulnerability highlighted by the internet security community?

Sidejacking on unencrypted wireless networks.

What was the FBI's motive for requesting Apple to unlock the iPhone?

To create a legal precedent regarding privacy.

What notable effect did Firesheep have on users in its first week after release?

It reached more than 500,000 downloads.

What is a significant benefit of the Bring Your Own Device (BYOD) policy for employers?

Reduced hardware and software expenditures

What is a main security risk associated with Bring Your Own Device?

Compromise of company data if the device is stolen

What does spear-phishing specifically target?

Specific individuals or groups through selective email addresses

What action can a company take regarding its data on a stolen personal device?

They may erase all data from the device

How does SQL injection attack a web application?

By injecting SQL queries into text strings

What is the primary purpose of phishing attacks?

To gain sensitive information from unwary users

What should companies consider for personal devices under a BYOD policy?

Security standards like password requirements and anti-malware

What potential harm can occur due to insecure personal devices in a BYOD environment?

Vulnerability to data breaches

How many phishing attacks were recorded globally in the second half of 2014?

124,000

What type of support might a company's IT department provide under a BYOD policy?

Limited support for specific applications

What was the primary target of the Stuxnet worm?

SCADA systems running Siemens software in Iran

Which attack occurred on the Fourth of July weekend in 2009?

A DDoS attack on governmental agencies in the U.S. and South Korea

What security risk is associated with Internet-based SCADA systems?

Vulnerability to external hacking due to remote accessibility

Which notable event coincided with the DDoS attacks on Twitter and other social networking sites in 2009?

The anniversary of the war between Georgia and Russia over South Ossetia

Which group is believed to have orchestrated the DDoS attack during the Fourth of July weekend in 2009?

North Korean cyber forces

What characteristic defines a worm in computer networks?

It spreads through exploitation of security holes.

What was one of the immediate effects of the Internet worm released by Robert Tappan Morris, Jr.?

Significantly slowed traffic on communication networks.

What alone can be considered a violation of property rights in Morris's actions?

Accessing computers without permission.

What was one of the benefits associated with Morris's release of the Internet worm?

It helped organizations identify security flaws.

What ethical evaluation suggests Morris demonstrated a lack of responsibility for his actions?

Virtue ethics evaluation.

What disruption did the Sasser worm cause upon its release?

Disrupted operations at major transportation organizations.

What was the consequence for Sven Jaschan regarding his involvement in the Sasser worm?

30 hours of community service.

What motivation might Morris have had for releasing the Internet worm according to ethical evaluations?

To demonstrate his coding skills.

Which of the following evaluations considers the consequences of Morris's actions on overall societal benefit?

Utilitarian evaluation.

What conclusion did the Act Utilitarian Analysis draw about the release of Firesheep?

It was considered beneficial as it highlighted security issues.

What did the release of Firesheep prompt Facebook and Twitter to announce?

Options to use their sites securely.

What action did the FBI take regarding Apple's software request for unlocking the iPhone?

They withdrew their request after successfully accessing the iPhone.

What vulnerability allowed sidejacking to occur, according to the content?

Cookies being sent over unencrypted networks.

How did Eric Butler's release of Firesheep affect public awareness?

It increased public understanding of security vulnerabilities.

What ethics-related attributes did Butler demonstrate by releasing Firesheep?

Courage and a commitment to public good.

What was a common criticism of e-commerce sites regarding sidejacking?

They failed to change their practices despite vulnerability complaints.

What is the primary purpose of the Conficker worm?

To propagate itself

What is a characteristic of a Trojan horse in malware?

It appears to have a legitimate function

How can ransomware be installed on a victim's computer?

All of the above are potential methods

What method do attackers use in cross-site scripting attacks?

Inserting harmful code into web applications

What is a defining feature of drive-by downloads?

They happen without user intent when visiting a website

Which of the following examples is a known instant messaging worm?

Kelvir

In which year did the Conficker worm emerge?

2008

Which of the following can potentially lead to cross-site scripting vulnerabilities?

Websites allowing user-generated content

What is the main action performed by backdoor Trojans?

Provide unauthorized access to attackers

What percentage of Google's search queries return a malicious URL, according to the Google Anti-Malware Team?

1.3%

What is the main objective of a denial-of-service (DoS) attack?

To prevent legitimate users from using a computer service

Which of the following describes a Distributed Denial-of-Service (DDoS) attack?

An attack launched from multiple compromised devices simultaneously

Which IoT devices are commonly exploited for DDoS attacks?

Network routers and baby monitors

What significant event occurred during the DDoS attack on Dyn in October 2016?

Multiple prominent websites went offline for several hours

What challenge did Blue Security face that led to the termination of its anti-spam activities?

Spammers retaliated with DDoS attacks and increased spam volume

Which factor contributed to the vulnerability of IoT devices being co-opted for DDoS attacks?

Default passwords that are often unchanged by users

Which organization was Jeanson James Ancheta associated with in the context of cybercrime?

Avalanche Gang

What response did Blue Frog implement against spam messages?

Auto-replying with opt-out messages

What was the outcome of the DDoS attacks launched by PharmaMaster against Blue Security?

Termination of Blue Security's anti-spam initiatives

How did spammers react to Blue Security's spam deterrence system initially?

Many agreed to stop sending spam to Blue Frog users

Which principle best describes the moral implications of Butler releasing Firesheep?

He facilitated privacy breaches for personal gain.

What is a common misconception about how viruses spread through email?

They can only spread through email attachments.

Which method do users often neglect that affects antivirus software effectiveness?

Regularly updating it.

In what manner does a virus typically replicate after a user runs an infected program?

It embeds itself into executable files and spreads through downloads.

What ethical issue is highlighted by Butler's decision to release Firesheep?

Neglecting informed consent of users.

What is a significant misconception many users have regarding fake antivirus applications?

Purchasing them always guarantees device security.

What specific behavior by users can exacerbate the spread of viruses through email?

Ignoring security warnings for attachments.

Which activity is criminalized under the Computer Fraud and Abuse Act?

Transmitting classified government information

What is the maximum penalty for offenses under the Computer Fraud and Abuse Act?

$250,000 fine and 20 years in prison

Which of the following actions is illegal under the Electronic Communications Privacy Act?

Interception of telephone conversations

What was Apple's main concern regarding the FBI's request to disable iPhone security features?

Risk of creating a vulnerability for all iPhone users

Which security feature of the iPhone 5C protects personal data after multiple incorrect passcode attempts?

Encryption key deletion

What was the outcome of the FBI's order for Apple to comply with unlocking the iPhone?

The FBI found another way to unlock the phone

What aspect of Malik's actions raised concerns regarding national security?

Her pledge of allegiance to the Islamic State

Which method did the FBI utilize to compel Apple to assist with the locked iPhone?

A magistrate's court order

What impact did the delay between incorrect passcode attempts have on the security of the iPhone?

It helped deter brute force attacks

What was a primary concern of the FBI regarding Apple's software?

The possibility of setting a legal precedent

What was one of the immediate effects of the Firesheep release?

Widespread media coverage and public awareness of security issues

Which ethical theory best describes Butler's actions in releasing Firesheep?

Virtue ethics emphasizing character and virtue

Which factor contributed to the sidejacking vulnerability?

The transmission of cookies over unencrypted networks

What was the response of Facebook and Twitter following the Firesheep release?

They allowed users to enable security protocols for better protection

What aspect of public perception did the release of Firesheep primarily influence?

The recognition of the importance of encryption in web security

How did the Department of Justice ultimately resolve its request to Apple regarding the locked iPhone?

By withdrawing the request entirely after accessing the phone

What minimal harm was observed following the release of Firesheep?

A significant rise in identity theft cases

What characteristic of Butler was highlighted in the virtue ethics analysis?

His willingness to take responsibility for his actions

What was a significant outcome of the Stuxnet worm's attack on Iran's nuclear facilities?

Halt of uranium enrichment temporarily

Which of the following best describes the nature of the 2009 DDoS attack on Twitter and other sites?

A politically motivated attack coinciding with a significant anniversary

What characteristic of SCADA systems increases their vulnerability to security risks?

The exposure of their protocols to Internet Protocol

What was the common attribution for the Fourth of July attacks in 2009?

Retaliation by North Korea for United Nations sanctions

Which event involved a significant espionage threat attributed to China's military?

Espionage aimed at gaining access to SCADA systems

What is the primary aim of a Denial-of-Service (DoS) attack?

To disrupt a server's ability to respond to clients

What type of attack involves using multiple devices to overwhelm a target?

Distributed Denial-of-Service (DDoS) attack

Which event is primarily associated with the Mirai botnet?

The 2016 attack on Dyn's DNS services

What was Blue Security known for before its decline?

Selling a spam deterrence system

What tactic did PharmaMaster use to combat Blue Security’s efforts?

Sending more spam and executing DDoS attacks

Which characteristic of Internet-of-Things (IoT) devices made them susceptible to DDoS attacks?

Many users do not change default passwords

What significant consequence did Blue Security face from the DDoS attacks?

Terminating their anti-spam activities

Which group was primarily known for generating revenue from malware attacks?

Criminal organizations

Which of the following was NOT a reason for the success of the Mirai botnet?

The complex encryption methods employed

What was a significant outcome of the Blue Frog bot's operation?

A reduction in spam for Blue Frog users

Study Notes

Chapter 7: Computer and Network Security

• Chapter covers computer and network security, including hacking, malware, cybercrime, and online voting.

Learning Objectives

• Introduction to computer security
• Hacking definitions and methods
• Types of Malware
• Cybercrime and cyberattacks
• Online voting

7.1 Introduction

• Increasing computer use highlights the growing importance of computer security.
• Lack of security leads to harmful consequences like stolen information and extortion.
• Computer systems can be weaponized, impacting governments and organizations.

7.2 Hacking

• Original meaning of "hacker" involved exploration, risk-taking, and system innovation (e.g., MIT Tech Model Railroad Club).
• Modern meaning of "hacker" is someone who gains unauthorized access to computers and networks.
• Methods for gaining login names and passwords include eavesdropping, dumpster diving, social engineering, brute-force searches, and dictionary attacks.

Password Dos and Don'ts

• Avoid short, dictionary-based passwords.
• Do not reuse passwords.
• Utilize strong, complex passwords.
• Enable two-factor authentication when available.
• Have password recoveries sent to a secure email address.

Computer Fraud and Abuse Act

• Criminalizes various hacker activities, such as transmitting damaging code, gaining unauthorized access to computers, transmitting classified information, and trafficking in passwords.
• Maximum penalty includes 20 years in prison and a $250,000 fine.

Electronic Communications Privacy Act

• Illegal to intercept phone conversations, emails, or other data transmissions.
• Criminal to access stored email messages without authorization.

FBI and the Locked iPhone

• December 2015: Syed Farook and Tashfeen Malik killed and wounded people in California. FBI recovered an iPhone 5C from the perpetrator but it was encrypted.
• February 2016: FBI asked Apple to create a new version of iOS to disable passcode security features. Apple refused.
• FBI persuaded a US magistrate for an order.
• Apple argued that creating a "backdoor" for the FBI would harm the security of all iPhones.

Sidejacking

• Sidejacking is hijacking an open web session by capturing user cookies.
• Sidejacking is frequently achievable with unencrypted wireless networks.
• Internet security community long warned about this phenomenon, but ecommerce didn't act upon it for years.

Case Study: Firesheep

• October 2010: Eric Butler released a Firesheep Firefox extension.
• Firesheep allowed easy sidejacking of web sessions.
• In its first week, more than 500,000 downloads occurred.
• Firesheep brought media attention to security issues.
• Early 2011: Facebook and Twitter introduced new ways to increase site security.

Act Utilitarian Analysis for Firesheep

• Release of Firesheep helped focus media's attention on security.
• Benefits: improved security by prompting changes to Facebook and Twitter.
• Harms: minimal evidence suggesting Firesheep increased malicious activity in online theft.
• Conclusion: Releasing Firesheep, according to Act Utilitarianism, was likely a good act.

Virtue Ethics Analysis for Firesheep

• Butler's actions helped the public understand security issues on unencrypted networks.
• Butler's actions reflected an interest in protecting privacy and good.
• Butler's courage in taking responsibility for the program and the benevolence in making the software freely.

Kantian Analysis for Firesheep

• Accessing someone else's account is an invasion of privacy and therefore wrong.
• Butler created a tool for malicious activities; therefore, he had some moral responsibility for the misuse of Firesheep.
• Butler's hope that public pressure would prompt improvement of site security led to negative outcomes when he was willing to tolerate short-term increase in privacy violations.
• Treating victims as mere tools was ethically objectionable.
• Butler's release of Firesheep was wrong under a Kantian framework.

7.3 Malware

• Virus: A self-replicating code embedded within other programs (like documents or executables).
• Viruses are often included in downloaded software.
• Viruses are often associated with:
  • Hard disks
  • Floppy disks
  • CDs/DVDs
  • Email attachments
• Viruses spread via:
  • Diskettes or CDs
  • Email attachments
  • Files downloaded from the Internet

Email Attachments with Possible Virus

• Email attachments can conceal viruses.

How an Email Virus Spreads

• Users open attachments containing viruses.
• The virus reads the user's address book.
• The virus sends emails with virus-containing attachments.

Antivirus Software Packages

• Antivirus software is used to detect and destroy viruses.
• Antivirus software needs to be kept up-to-date.
• Consumers need to be cautious of fake antivirus applications.

Worm

• Worm: A self-contained program that spreads through a computer network, often exploiting vulnerabilities.
• It spreads by exploiting security holes in interconnected computers.
• Examples include the:
  • Internet Worm (Morris Worm)
  • Sasser Worm
  • Conficker Worm
  • Other instant messaging worms

The Internet Worm

• Released by Robert Tappan Morris.
• Infected Unix computers.
• Led to widespread computer crashes.
• Resulted in significant penalties for Morris.

Ethical Evaluation of the Internet Worm

• Kantian evaluation— Morris used others by gaining access without authorization.
• Social contract theory evaluation – violated organizations’ property rights.
• Benefits—organizations learned about their security vulnerabilities.
• Harms—waste of time, unavailable computers, disrupted network traffic, and Morris's punishment.
• Virtue ethics evaluation— Morris misused the Internet and did not take responsibility for the consequences of his actions.
• Conclusion—Morris acted wrongly, exhibiting poor ethical character.

Sasser Worm

• Launched in 2004.
• Infected 18 million computers.
• Disrupted the operations of companies (Delta Airlines, European Commission, Australian railroads, British Coast Guard).
• German juvenile Sven Jaschan confessed and received 30 hours of community service.

Instant Messaging Worms (e.g., Choke and Hello, Kelvir, Palevo)

• Malware spreads through instant messaging services.
• Some required users to delete or downgrade their systems to remove the worms.

Conficker Worm

• 2008 Windows computer worm.
• Widely circulated among computers using older software.
• Often found in legacy systems of factories and healthcare facilities.

Cross-Site Scripting

• Downloading malware without knowing.
• Web sites used by others to view posted documents or comments used to inject malware.
• Victims download malicious code from web servers when clicking links or reading comments.

Drive-By Downloads

• Malware unknowingly downloaded by visiting a compromised website.
• Pop-up windows prompt users for consent and downloads.
• Google's search engine occasionally returns a malicious link resulting in drive-by-downloads.

Trojan Horses and Backdoor Trojans

• Trojan horse: A program with a benign capability that conceals a sinister purpose.
• Backdoor Trojan: A type of Trojan that grants attackers access to the victim's computer.

Ransomware

• Malware that extorts money from the victim, often by encrypting victims files and asking for payments to release them.
• Installed via:
  • Drive-by downloads
  • Trojan Horses
  • Email attachments
  • Other means.

Rootkits

• A set of programs that provides privileged access to the computer.
• Activated whenever the computer is started.
• Uses security privileges to prevent recognition by the user.

Spyware and Adware

• Spyware: Software communicating over the internet without user knowledge.
• Monitors web surfing.
• Logs keystrokes.
• Captures snapshots of the computer screen.
• Sends reports back to the host computer.
• Adware: displays pop-up advertisements.
• Backdoor Trojans sometimes used to install spyware/adware.

Bots

• Bots are Trojan backdoor programs that respond to commands from another computer.
• First bots involved in legitimate activities such as internet relay chat/multiplayer games.
• Later bots were also used for illegal activities such as distributing spam/collecting personal information for theft and denial of service attacks.

Bots and Botnets

• Bot: a backdoor Trojan program that responds to commands from another computer.
• Botnet: a collection of infected computers controlled by the same command-and-control software.
• Botnet herders distribute spam and launch distributed denial-of-service attacks.

Protecting Your Internet-Connected Devices

• Keep security patches up-to-date on systems.
• Install and maintain anti-malware.
• Examine manufacturer's precautions before purchasing an Internet-connected device.
• Change default passwords on devices immediately upon connection to the Internet.
• Never use the same password on multiple devices.
• If possible, replace insecure Internet-of-Things (IoT) devices.

Security Risks of "Bring Your Own Device"

• 87% of US companies rely on employees using their personal devices for work purposes.
• The advantages of BYOD include reduced investments in hardware.
• Productivity and employee job satisfaction also improve when employees are allowed to use their personal tech for work.
• The risks of BYOD include corporate data breaches, especially when devices are lost or stolen.

"Bring Your Own Device" Policy Questions

• The concerns related to this policy regarding the security of employed devices.
• The apps that employers permit employees to utilize on personal devices.
• The type of technical support the company offers.
• In case of data breaches, the company's control over personal worker data.
• Company procedure for removing company data from employee devices.

7.4 Cyber Crime & Cyberattacks

• Phishing: Large-scale efforts to acquire user information.
• Spear Phishing: A variant where targeted users are selected.
• SQL Injection: Attacks on improperly secured database-driven web applications.
• Denial-of-Service Attacks (DoS): Attacks disrupting computer services.
• Distributed Denial-of-Service Attacks (DDoS): Attacks from numerous computers.

Internet-of-Things Devices Co-opted for DDoS Attacks

• IoT devices like network routers, security cameras, baby monitors, are often vulnerable to use in DDoS attacks.

Cyber Espionage

• Large-scale government hacking. Hundreds of terabytes of stolen data, dozens of countries.
• People's Liberation Army suspected of involvement.

Anonymous

• Loosely organized hacktivism group with various political aims.

Actions Attributed to Anonymous

• Cyberattacks often related to protests or social/political issues.

Convictions of Anonymous Members

• Numerous people arrested and convicted for Anonymous-related cyber activities.
• Examples of specific individuals and prison sentences provided.

7.5 Online Voting

• The 2000 US Presidential election, particularly in Florida, highlights the issues with using traditional voting machines.
• Two voting irregularities included:
  • Hanging chads
  • The "Butterfly ballot" design

Benefits of Online Voting

• Increase voter participation - more people would participate at a quicker rate.
• Faster vote counting.
• Eliminates ambiguity present in traditional voting.
• Reduced costs.
• Eliminates ballot-box tampering and potential manipulation.
• Accurate vote counts through software protections against over/under-voting.

Risks of Online Voting

• Possible bias in digital voting since some may rely on home computers over others.
• Voter privacy is more threatened in electronic voting.
• More opportunities to sell votes.
• Online voting is often a target for attacks such as denial-of-service.
• Vulnerability to software and/or hard drive manipulation/hacks affecting votes.
• Lack of physical ballots for auditing or recounts.

Utilitarian Analysis of Online Voting

• Time savings from online voting is weighed against the increased risk of DDoS attacks.
• The probability of a successful attack that changes the outcome of the election needs a determination.

Kantian Analysis of Online Voting

• Voter's will to be reflected in their ballots - integrity of the votes is necessary.
• Recounts require the ability to verify votes – integrity is paramount.
• A paper record of each vote is crucial for auditing and recounting, protecting vote integrity.
• Electronic voting may decrease costs, but the lack of paper records means a loss of auditability, impinging upon vote integrity.
• Eliminating paper votes may seem cost-effective, but at the expense of vote integrity.

Summary of Cyber Security

• Cyber security issues highlight the trade-off between security and convenience.
• Individuals can become infected with malware in several ways.
• Internet-of-Things (IoT) devices are a new vector for cyberattacks.
• Issues need to be addressed regarding when cyberattacks become acts of war.

Description

This quiz covers key concepts related to computer viruses and worms, including how they spread, their characteristics, and notable historical events like the Internet worm. Test your knowledge on the ethical implications and consequences of these malicious programs.