Computer Security:

Hackers and Viruses

Theory of Computation

Mesfer Alrizq
Naif Alrashidi
1
 Overview

•Introduction 
•Viruses
•Hackers
•Protecting
•Conclusion

2
 Computer Security
• Definition
– is the protection of information systems from theft or
damage to the hardware, the software, and to the information
on them, as well as from disruption or misdirection of the
services they provide.

• Computer Security measures

– Data encryption
– Passwords

3
 Goals of Computer Security
• Integrity
– Guarantee that the data is what we expect
• Confidentiality
– The information must just be accessible to the authorized
people
• Reliability
– Computers should work without having unexpected
problems
• Authentication
– Guarantee that only authorized persons can access to the
resources
4
 Types of Threats
• Passive Threats
– Interception

• Active Threats
– Interruption
– Modification
– Fabrication

5
 Types of Threats
• Interception
– An unauthorized party gains access to an asset
– Attack on confidentiality
– Wiretapping to capture data in a network
– Illicit copying of files or programs

6
 Types of Threats
• Interruption
– An asset of the system is destroyed of becomes unavailable
or unusable
– Attack on availability
– Destruction of hardware
– Cutting of a communication line
– Disabling the file management system

7
 Types of Threats
• Modification
– An unauthorized party not only gains access but tampers
with an asset
– Attack on integrity
– Changing values in a data file
– Altering a program so that it performs differently
– Modifying the content of messages being transmitted in a
network

8
 Types of Threats
• Fabrication
– An unauthorized party inserts counterfeit objects into the
system
– Attack on authenticity
– Insertion of spurious messages in a network
– Addition of records to a file

9
 Computer System Assets
• Hardware
– Threats include accidental and deliberate damage

• Software
– Threats include deletion, alteration, damage
– Backups of the most recent versions can maintain high
availability

10
 Computer System Assets
• Data
– Involves files
– Security concerns fro availability, secrecy, and integrity
– Statistical analysis can lead to determination of individual
information which threatens privacy

11
 Computer System Assets
• Communication Lines and Networks – Passive Attacks
– Release of message contents for a telephone conversion, an
electronic mail message, and a transferred file are subject to
these threats

– Traffic analysis
• encryption masks the contents of what is transferred so
even if obtained by someone, they would be unable to
extract information

12
 Computer System Assets
• Communication Lines and Networks – Active Attacks
– Masquerade takes place when one entity pretends to be a
different entity

– Replay involves the passive capture of a data unit and its

subsequent retransmission to produce an unauthorized effect

13
 Computer System Assets
• Communication Lines and Networks – Active Attacks
– Modification of messages means that some portion of a
legitimate message is altered, or that messages are delayed
or reordered, to produce an unauthorized effect

– Denial of service prevents or inhibits the normal use or

management of communications facilities
• Disable network or overload it with messages

14
 Overview

•Introduction
•Viruses 
•Hackers
•Protecting
•Conclusion

15
 What is computer virus?
• Computer virus refers to a program which damages computer
systems and/or destroys or erases data files

• Virus is a small piece of program that can infect other programs

by modifying them to include a copy of itself.

16
 Computer Virus History
• First half of the 70'Late 60,s, early 70,s- "Rabbits" cloned themselves occupied system
resources, slowing down the productivity.
• -"The Creeper" capable of entering a network by itself and transferring a copy of itself to the
system.
• Early 80,s-Increasing number of programs written by individuals not by software companies.
Programs caused miner viruses called "Trojan horses".
• 1986'Brain virus' - by Amjad and Basit Farooq Alvi.
- spread through floppy disks,
- infected boot records and not computer hard drives
• Lahore, Pakistani Brain, Brain-A and UIUC virus
-took over free space on the floppy disk and hid from detection
”disguised itself by displaying the uninfected boot sector on the disk.”
• 1987-Lehigh virus
- the first memory resident file infector that attacked executable files and took control when a
file was opened
• The Jerusalem Virus
-had bugs that re-infected programs that were already infected

17
 Computer Virus History
 1988: Robert Morris made a worm that invaded ARPANET computers
- disabled 6,000 computers on the network by overflowing their memory banks with copies of
itself
 1991: Norton Anti-Virus software
 1999: "Melissa" virus
-infected thousands of computers very fast by sending copies of itself to 50 names in the address
book on Outlook e-mail
- Led to an estimated $80 million in damage and record sales of anti-virus products.
 2000: "I Love You" virus
-was sent by email and infected 10 % of computers in only one day
-created by a young Filipino computer student who did not get punished because then the
Philippines had no laws against hacking which led to the European Union's global Cybercrime
Treaty.
 2001: "Nimda" virus.
-had 5 ways of infecting systems

18
 Computer Virus History
• 2004:
MyDoom spreads through emails and file-sharing software faster than any previous virus
or worm.
– Allows hackers to access the hard drive of the infected computer.
An estimated one million computers running Windows are affected by the fast-spreading
Sasser computer worm.
– The worm does not cause irreparable harm to computers or data, but it does slow
computers and cause some to quit or reboot without explanation.
• 2006:
Discovery of the first-ever malware Trojan horse for Mac OS X
• 2008:
Torpig is a Trojan horse which affects Windows, turning off anti-virus applications.
– It allows others to access the computer, modifies data, steals confidential
information and installs malware on the victim's computer.
• 2009:
Conficker infects anywhere from 9 to 15 million Microsoft server systems.
» French air force, Royal Navy warships and submarines, Sheffield Hospital
network, UK Ministry of Defence, German Bundeswehr and Norwegian
Police were all affected.

19
 Total Number of Viruses by year
1985 2
1987 3
1989 6
1990 142
1991 357
1992 1,161
1993 2,482
1994 3,687
1995 5,626
1996 7,764
1997 11,037
1998 16,726
1999 40,850
2000 44,000
2001 48,000
2002 55,000
2003 62,000
20
 Difference between Virus and Worm
The difference between a worm and a virus is that a virus does
not have a propagation vector. i.e., it will only effect one host
and does not propagate to other hosts. Worms propagate and
infect other computers. Majority of threats are actually worms
that propagate to other hosts.

21
 Types of Computer Virus
• Time Bomb
• Logical Bomb
• Worm
• Boot Sector Virus
• Macros Virus
• Script Virus
• Trojan Virus

22
 Time Bomb
• Software that is inherently malicious, such as viruses and
worms, often contain logic bombs that execute a certain
payload at a pre-defined time or when some other condition is
met.

• A time bomb is a virus program that performs an activity on a

particular date

23
 Logical Bomb
• A logical bomb is a destructive program that performs an
activity when a certain action has occurred.

• Other way for the logic bomb is a piece of code intentionally

inserted into a software system that will set off a malicious
function when specified conditions are met.

• For example, a programmer may hide a piece of code that starts

deleting files (such as a salary database trigger), should they
ever be terminated from the company.

24
 Worm Virus
• A worm is also a destructive program that fills a computer
system with self-replicating information, clogging the system so
that its operations are slowed down or stopped.

• A computer worm is a standalone malware computer program

that replicates itself in order to spread to other computers.
Often, it uses a computer network to spread itself, relying on
security failures on the target computer to access it.

25
 Boot Sector Virus
• A boot sector virus infects boot sector of computers. During
system boot, boot sector virus is loaded into main memory and
destroys data stored in hard disk.

• Boot-sector viruses infect computer systems by copying code

either to the boot sector on a floppy disk or the partition table
on a hard disk. During startup, the virus is loaded into memory.
Once in memory, the virus will infect any non-infected disks
accessed by the system.

26
 Macros Virus
• a macro virus is a virus that is written in a macro language: a
programming language which is embedded inside a software
application (e.g., word processors and spreadsheet applications).

• A macro virus is a computer virus that "infects" a Microsoft

Word or similar application and causes a sequence of actions to
be performed automatically when the application is started or
something else triggers it, macro virus is loaded into main
memory and destroys the data stored in hard disk.

27
 Script Virus
• Commonly found script viruses are written using the Visual
Basic Scripting edition (VBS) and the JavaScript programming
languages.

• A Script Virus usually comes from webpage advertisements and

is therefore wide-spread.

28
 Trojan Virus
• Trojan Horse is a destructive program. It usually pretends as
computer games or application software. If executed, computer
system will be damaged.
• Trojan Horse usually comes with monitoring tools and key
loggers.
• These actions can include:
• Deleting data
• Blocking data
• Modifying data
• Copying data

29
 Virus Affecting Turing Machine
• Cohen uses a Turing machine model where each virus in a viral
set produces an element of the set on some part of the TM tape
outside of the original virus specification.

• Formally, a viral set is a pair (M,V) where M is a TM and V is a

set of viruses written as strings in the tape alphabet of M: When
M (in its start state) reads v belongs to V; it writes a string v
belongs to V somewhere else on its tape.

30
 Virus Affecting Turing Machines
The notion of viral infection is associated with following
attributes :
•A Trojan component, since an infected program behaves in an
unwanted manner under some conditions;

•A dormancy component , as the infection may conceal it-self.

•An infective component, since infected programs are destined to

infect other programs.

31
 Virus Affecting Turing Machines
Cohen’s undecidability results show that:

•There is no algorithm that can detect all viruses, some infected

files may be detected as infected (false positive) or no answer
may be returned.

•There is no algorithm (TM) that can decide if one virus evolves

into another.

•Other results include that there are viruses for which no error-
free detection algorithm exists (undetectable computer viruses)

32
 Virus Detection
 Given a known computer virus V, consider the problem of
detecting an infection by V.

 The most straightforward approach to solving this problem is

just to scan incoming messages by <V>.

 But virus can easily evade this technique by altering their text in
ways that have no effect on computation that V performs.

 For example, source code could be modified to add blanks in

meaningless places or to add leading 0’s to numbers.

33
 Virus Detection
 Executable code could be modified by adding jump instructions
to the next instruction.

 So the practical virus detection problem can be stated as “Given

a known virus V and an input message M”, does M contain the
text of a program that computes the same thing V computes?

 We know the equivalence question is undecidable for turing

machines, using that the equivalence question for arbitrary
programs is also undecidable.

34
 Virus Detection
 So, we can’t solve the virus problem by making a list of known
viruses and comparing new code to them.
 Suppose that, instead of making a list of forbidden operations,
we allowed users to define a “white list” of the operations that
are to be allowed to be run on their machines.
 Then the job of a virus filter is to compare incoming code to the
operations on the white list.
 Any code that is equivalent to some allowed operation can be
declared safe. But now we have EXACTLY THE SAME
PROBLEM. No test for equivalence exists.

35
 Overview

•Introduction
•Viruses
•Hackers 
•Protecting
•Conclusion

36
 Definition
• Hacking is a technical effort to manipulate the normal behavior
of network connections and connected systems.

• “Hacking” referred to constructive, clever technical work that

was not necessarily related to computer systems.

• Hackers are most commonly associated with malicious

programming attacks on the internet and other networks.

37
 Types of Hackers
• White hat
– breaks security for non-malicious reasons, perhaps to test
their own security system or while working for a security
company which makes security software.

• Black hat
– a black hat hacker who violates computer security for little
reason beyond maliciousness or for personal gain . Black hat
hackers break in to secure networks to destroy data or make
the network unusable for those who are authorized to use the
network.

38
 Types of Hackers (Cont.)
• Grey hat
– A grey hat hackers is a combination of a black hat and a
white hat hacker. A grey hacker may surf the internet and
hack in to a computer system for the sole purpose of
notifying the administrator that their system has a security
defect
– Ex: then they may offer to correct the defect for a fee
• Script Kiddie
– A script kiddie is some one who looks out to exploit
vulnerability with not so much as trying to gain access to
administrative or root access to the system

39
 Types of Hackers (Cont.)
• Underemployed Adult Hackers
– Former Script Kiddies
• Can’t get employment in the field
• Want recognition in hacker community
• Big in eastern european countries

• Ideological Hackers
– hack as a mechanism to promote some political or
ideological purpose
– Usually coincide with political events

40
 Types of Hackers (Cont.)
• Crackers
– Are the people aiming to create software tools that make it
possible to attack computer systems or crack the copy
protection of use-fee software. A crack is therefore an
executable program created to modify the original software
to as to remove its protection.
• Carder’s
Mainly attack chip card systems (particularly bank cards)
to understand how they work and to exploit their flaws. The term
carding refers to chip card piracy.

41
 Hackers Access Your Internet
• In 1988 a "worm program" written by a college student shut
down about 10 percent of computers connected to the Internet.
This was the beginning of the era of cyber attacks.

• Today we have about 10,000 incidents of cyber attacks which

are reported and the number grows.

42
 Hackers Access Your Internet (Cont.)
Once inside hackers can..
•Modify logs
– To cover their tracks
– To mess with you
•Steal files
– Sometimes destroy after stealing
– A pro would steal and cover their tracks so to be undetected
•Modify files
– To let you know they were there
– To cause mischief
•Install back doors
– So they can get in again
43 •Attack other systems
 Common Attacks
Spoofing
Definition
An attacker alters his identity so that some one thinks he is
some one else
– Email, User ID, IP Address, …
– Attacker exploits trust relation between user and
networked machines to gain access to machines
Types of Spoofing:
1. IP Spoofing
2. Email Spoofing
3. Web Spoofing
44
 Spoofing: IP Spoofing
Definition
Attacker uses IP address of another computer to acquire
information or gain access

How is works
1. Attacker changes his own IP address to spoofed address
2. Attacker can send messages to a machine masquerading
as spoofed machine
3. Attacker can not receive messages from that machine

45
 IP Spoofing: Source Routing
Definition
Attacker spoofs the address of another machine and inserts
itself between the attacked machine and the spoofed machine
to intercept replies
- The path a packet may change over time
- To ensure that he stays in the loop, the attacker uses
source routing to ensure that the packet passes through
certain nodes on the network

46
 Spoofing: Email Spoofing
Definition
Attacker sends messages masquerading as some one else
What can be the repercussions?
Types of Email Spoofing:
1. Create an account with similar email address
– Sanjaygoel@yahoo.com: A message from this account
can perplex the students
2. Modify a mail client
– Attacker can put in any return address he wants to in
the mail he sends
3. Telnet to port 25
– Most mail servers use port 25 for SMTP. Attacker logs
47 on to this port and composes a message for the user
 Spoofing: Web Spoofing
• Basic
– Attacker registers a web address matching an entity e.g.
votebush.com, geproducts.com, gesucks.com

• Man-in-the-Middle Attack
– Attacker acts as a proxy between the web server and the
client
– Attacker has to compromise the router or a node through
which the relevant traffic flows

48
 Spoofing: Web Spoofing (Cont.)
• URL Rewriting
– Attacker redirects web traffic to another site that is
controlled by the attacker
– Attacker writes his own web site address before the
legitimate link

• Tracking State
– When a user logs on to a site a persistent authentication is
maintained
– This authentication can be stolen for masquerading as the
user

49
 Denial of Service (DOS)
Definition
Attack through which a person can render a system unusable
or significantly slow down the system for legitimate users
by overloading the system so that no one else can use it.
Types:
1. Crashing the system or network
– Send the victim data or packets which will cause system to crash
or reboot.
2. Exhausting the resources by flooding the system or network with
information
– Since all resources are exhausted others are denied access to the
resources
3. Distributed DOS attacks are coordinated denial of service attacks
50 involving several people and/or machines to launch attacks
 Password Attacks
• A hacker can exploit a weak passwords & uncontrolled
network modems easily
• Steps
– Hacker gets the phone number of a company
– Hacker runs war dialer program
• If original number is 555-5532 he runs all numbers in the 555-55xx
range
• When modem answers he records the phone number of modem
– Hacker now needs a user id and password to enter
company network
• Companies often have default accounts e.g. temp, anonymous with
no password
• Often the root account uses company name as the password
• For strong passwords password cracking techniques exist
51
 Password Security

Client Server
Hash Hashed Compare Hashed
Function Password Password Password

Password

Salt Stored Password

Allow/Deny Access

• Password hashed and stored

– Salt added to randomize password & stored on system
• Password attacks launched to crack encrypted password
52 http://www.albany.edu/~goel/classes/spring2004/msi604/resources.shtml
 Password Attacks - Process
• Find a valid user ID
• Create a list of possible passwords
• Rank the passwords from high probability to low
• Type in each password
• If the system allows you in – success !

• If not, try again, being careful not to exceed password lockout

(the number of times you can guess a wrong password before
the system shuts down and won’t let you try any more)

53
 Password Attacks - Types
• Dictionary Attack
– Hacker tries all words in dictionary to crack password
– 70% of the people use dictionary words as passwords
• Brute Force Attack
– Try all permutations of the letters & symbols in the alphabet
• Hybrid Attack
– Words from dictionary and their variations used in attack
• Social Engineering
– People write passwords in different places
– People disclose passwords naively to others
• Shoulder Surfing
– Hackers slyly watch over peoples shoulders to steal passwords
• Dumpster Diving
– People dump their trash papers in garbage which may contain
information to crack passwords
54
 Why do Hackers Attack?
• Financial Gain

• Espionage

• Venting anger at at a company or organization

• Terrorism

• Because they can!

55
 Ethical Hacking
• Independent computer security Professionals breaking into the
computer systems.

• Neither damage the target systems nor steal information.

• Evaluate target systems security and report back to owners

about the vulnerabilities found.

56
 Ethical Hackers: not Criminal Hackers
• Completely trustworthy.

• Strong programming and computer networking skills.

• Learn about the system and trying to find its weaknesses.

• Techniques of Criminal hackers-Detection-Prevention.

• Published research papers or released security software.

• No Ex-hackers.

57
 Overview

•Introduction
•Viruses
•Hackers
•Protecting 
•Conclusion

58
 Security Strategies

Firewall
– allows normal Web browser operations but prevents other
types of communication
– checks incoming data against a list of known sources
– data rejected if it does not fit a preset profile

59
 Security Strategies (Cont.)

Network Sniffer
– displays network traffic data
– shows which resources employees use and Web sites they visit
– can be used to troubleshoot network connections and improve
system performance

60
 Security Strategies (Cont.)

Antivirus Software
– detects and deletes known viruses
– Internet allows antivirus software to update itself to detect
newer viruses.
– Some popular anti-virus programs:
• McAfee
• Norton Utilities
• Inoculan
• F-Secure
• Internet Guard Dog
• PC-cillin

61
 Security Strategies (Cont.)

Data Backups
Organizations protect critical files by
– keeping a copy of programs and data in a safe place
– keep more than one backup of important databases and update
them on a set schedule

62
 Security Strategies (Cont.)

Disaster Recovery Plan

A safety system that allows a company to restore its systems after
a complete loss of data; elements include:
– data backup procedures
– remotely located backup copies
– redundant systems with mirrored hard drive which
contains same data as original hard drive and is
updated automatically when original drive is updated

63
 Security Strategies (Cont.)

Monitoring and Auditing

Employees’ online and offline activities can be monitored at
work by:
– keyboard loggers store keystrokes on hard drive
– Internet traffic trackers record Web sites visited
– webcams provide video surveillance
– auditing reviews monitored data and system logins
for unauthorized access

64
 Security Strategies (Cont.)

Authentication
Proof of identity of a user and of authority to access data; identity
can be confirmed by:
– personal identity (PIN) numbers
– user IDs and passwords
– smart cards
– biometrics

65
 Authentication
• © 2011 Pearson Education, Inc. Publishing as Prentice Hall

66
 Password Authentication
• Reusable Passwords
– Strings of characters typed to authenticate the use of a
username (account) on a computer.
– They are used repeatedly and so are called reusable
passwords.
• Benefits
– Ease of use for users (familiar)
– Inexpensive because built into operating systems

67
 Password Authentication
• Often Weak (Easy to Crack)
– Word and name passwords are common.
• spot, mud, helicopter, veterinarian
– They can be cracked quickly with dictionary attacks.
– Word and name passwords are never adequately strong,
regardless of how long they are.

68
 Password Authentication
• Hybrid Dictionary Attacks
– Look for common variations of names and words.
• Capitalizing only the first letter
• Ending with a single digit
• And so on

– Passwords that can be cracked with hybrid dictionary

attacks are never adequately strong, regardless of how
long they are.

69
 Password Authentication
• Passwords Should Be Complex
– Should mix case, digits, and other keyboard characters
($, #, etc.).
– Complex passwords can be cracked only with brute force
attacks (trying all possibilities).
• Passwords Also Should Be Long
– Should have a minimum of eight characters.
– Each added character increases the brute force search
time by a factor of about 70.

70
 Password Authentication
• For each password, how would it be cracked, and is it
acceptably strong:

– Mississippi

– 4$5aB

– 34d8%^tdy

71
 Password Authentication
• Other Concerns
– If people are forced to use long and complex passwords,
they tend to write them down.

– People should use different passwords for different sites.

• Otherwise, a compromised password will give access
to multiple sites.

– Overall, reusable passwords are too vulnerable

to be used for high security today.

72
 Access Control
• Controlling Access to Resources
– If criminals cannot get access,
they cannot do harm.

• Authentication
– Proving one’s identity
– Cannot see the other party

73
 Helpful Hints to Avoid Viruses
• Obtain software only from trusted sources.
• Use a safe Web browser and e-mail client.
• Scan all newly-obtained disks, programs, and files.

74
 Actions to prevent virus infection
• Always update your anti-virus software at least
weekly.

• Back up your important files and ensure that they can

be restored.

• Change the computer's boot sequence to always start

the PC from its hard drive

75
 Actions to prevent virus infection
• Don't share Drive C: without a password and without
read-only restrictions.

• Empty floppy drives of diskettes before turning on

computers, especially laptops.

76
 Actions to prevent virus infection
• Forget opening unexpected e-mail attachments, even if
they're from friends

• Get trained on your computer's anti-virus software and

use it.

• Have multiple backups of important files. This lowers

the chance that all are infected.

77
 Actions to prevent virus infection
• Install security updates for your operating system and
programs as soon as possible.

• Jump at the chance to learn more about your computer.

This will help you spot viruses.

78
 Overview

•Introduction
•Viruses
•Hackers
•Protecting
•Conclusion 

79
 Conclusions
• Computer Security is a continuous battle
– As computer security gets tighter hackers are getting
smarter

80
 Questions
• List and define the goals of computer security?
• List and explain the three types of Active threats?
• Explain the difference between virus and worm?
• List and define the four types of web spoofing?
• Define disaster recovery plan and list its elements?

81
 The End

Any Questions?

82
 References
• http://www.spamlaws.com/virus-types.html
• http://www.spamlaws.com/virus-comtypes.html
• http://vxheaven.org/lib/pdf/Self-
Replicating%20Turing%20Machines%20and%20Com
puter%20Viruses.pdf
• http://dataanalysis.vsb.cz/Data/Vyuka/PVB11%20Hac
king.pdf

83