Рефераты Computer viruses

Вернуться в Программирование

Computer viruses
Chuvash State University

Economic faculty




student of EC-13-98

Eugene Ivanov

Cheboxary – 2001


A bit of history 3

What is a computer virus? 4

Who writes computer viruses? 5

To whose advantage computer viruses are written? 6

A legal notice. Penal Code of Russian Federation 7

Synopsis 8


Appendix 10

A bit of history

2 November 1988 Robert Morris younger (Robert Morris), graduate student
of informatics faculty of Cornwall University (USA) infected a great amount
of computers, connected to Internet network. This network unites machines
of university centres, private companies and governmental agents, including
National Aeronautics Space Administration, as well as some military
scientific centres and labs.
Network worm has struck 6200 machines that formed 7,3% computers to
network, and has shown, that UNIX not okay too. Amongst damaged were NASA,
LosAlamos National Lab, exploratory centre VMS USA, California Technology
Institute, and Wisconsin University (200 from 300 systems). Spread on
networks ApraNet, MilNet, Science Internet, NSF Net it practically has
removed these network from building. According to "Wall Street Journal",
virus has infiltrated networks in Europe and Australia, where there were
also registered events of blocking the computers.
Here are some recalls of the event participants:
Symptom: hundreds or thousands of jobs start running on a Unix system
bringing response to zero.
Systems attacked: Unix systems, 4.3BSD Unix & variants (e.g.: SUNs) any
sendmail compiled with debug has this problem. This virus is spreading very
quickly over the Milnet. Within the past 4 hours, it has hit >10 sites
across the country, both Arpanet and Milnet sites. Well over 50 sites have
been hit. Most of these are "major" sites and gateways.
Method: Someone has written a program that uses a hole in SMTP Sendmail
utility. This utility can send a message into another program.
Apparently what the attacker did was this: he or she connected to
sendmail (i.e., telnet victim.machine 25), issued the appropriate debug
command, and had a small C program compiled. (We have it. Big deal.) This
program took as an argument a host number, and copied two programs – one
ending in VAX.OS and the other ending in SunOS – and tried to load and
execute them. In those cases where the load and execution succeeded, the
worm did two things (at least): spawn a lot of shells that did nothing but
clog the process table and burn CPU cycles; look in two places – the
password file and the internet services file – for other sites it could
connect to (this is hearsay, but I don't doubt it for a minute). It used
both individual .host files (which it found using the password file), and
any other remote hosts it could locate which it had a chance of connecting
to. It may have done more; one of our machines had a changed superuser
password, but because of other factors we're not sure this worm did it.
All of Vaxen and some of Suns here were infected with the virus. The
virus forks repeated copies of itself as it tries to spread itself, and the
load averages on the infected machines skyrocketed. In fact, it got to the
point that some of the machines ran out of swap space and kernel table
entries, preventing login to even see what was going on!
The virus also "cleans" up after itself. If you reboot an infected
machine (or it crashes), the /tmp directory is normally cleaned up on
Добавить в Одноклассники    


Rambler's Top100