Seminar on cell phone virus and security

These will enable cellphone viruses to spread either through SMS or by sending Bluetooth requests when cellphones are physically close enough. Using cellphone data recording calls, SMS and locations of more than 6 million users, we study the spread of SMS and Bluetooth viruses and characterize how the social network and the mobility of mobile phone users affect such spreading processes. You must be logged in to add a seminar report or to leave a reply. Your Name required.

Your Mobile Number required. Seminar Topics. Home Log in. Hello Guest. Sign Up to view and download full seminar reports. Sign me up! As cell phones become a part and parcel of our life so do the threats imposed to them is also on the increase. Like the internet, today even the cell phones are going online with the technologies like the edge, GPRS etc.

This online network of cellphones has exposed them to the high risks caused by malwares viruses, worms and Trojans designed for mobile phone environment. The security threat caused by these malwares are so severe that a time would soon come that the hackers could infect mobile phones with malicious software that will delete any personal data or can run up a victim s phone bill by making toll calls.

All these can lead to overload in mobile networks, which can eventually lead them to crash and then the financial data stealing which poises risk factors for smart phones. As the mobile technology is comparatively new and still on the developing stages compared to that of internet technology, the anti virus companies along with the vendors of phones and mobile operating systems have intensified the research and development activities on this growing threat, with a more serious perspective.

Click here for Quick Contact Request for Topics. Mala, Kallettumkara. As with all programs, there is a size versus functionality tradeoff here. The more sophisticated the search routine is, the more space it will take up. So although an efficient search routine may help a virus to spread faster, it will make the virus bigger, and that is not always so good.

Secondly, every computer virus must contain a routine to copy itself into the area which the search routine locates. The copy routine will only be sophisticated enough to do its job without getting caught. The smaller it is, the better. How small it can be will depend on how complex a virus it must copy. For example, a virus which infects only COM files can get by with a much smaller copy routine than a virus which infects EXE files.

This is because the EXE file structure is much more complex, so the virus simply needs to do more to attach itself to an EXE file. While the virus only needs to be able to locate suitable hosts and attach itself to them, it is usually helpful to incorporate some additional features into the virus to avoid detection, either by the computer user, or by commercial virus detection software. Antidetection routines can either be a part of the search or copy routines, or functionally separate from them.

For example, the search routine may be severely limited in scope to avoid detection. A routine which checked every file on every disk drive, without limit, would take a long time and cause enough unusual disk activity that an alert user might become suspicious. Alternatively, an Anti-detection routine might cause the virus to activate under certain special conditions.

For example, it might activate only after a certain date has passed so the virus could lie dormant for a time. Figure 1. Functional diagram of a virus. Alternatively, it might activate only if a key has not been pressed for five minutes suggesting that the user was not there watching his computer. Search, copy, and antidetection routines are the only necessary components of a computer virus, and they are the components which we will concentrate on in this volume.

Of course, many computer viruses have other routines added in on top of the basic three to stop normal computer operation, to cause destruction, or to play practical jokes. Such routines may give the virus character, but they are not essential to its existence. In fact, such routines are usually very detrimental to the virus goal of survival and self-reproduction, because they make the fact of the virus existence known to everybody.

If there is just a little more disk activity than expected, no one will probably notice, and the virus will go on its merry way. On the other hand, if the screen to ones favorite program comes up saying Ha!

And if theyre smart, theyll get expert help to eradicate it right away. The result is that the viruses on that particular system are killed off, either by themselves or by the clean up crew. High level languages like Basic, C, and Pascal have been designed to generate stand-alone programs, but the assumptions made by these languages render them almost useless when writing viruses.

They are simply incapable of performing the acrobatics required for a virus to jump from one host program to another. That is not to say that one could not design a high level language that would do the job, but no one has done so yet.

Thus, to create viruses, we must use assembly language. It is just the only way we can get exacting control over all the computer systems resources and use them the way we want to, rather than the way somebody else thinks we should. Some virus writer groups are known to target any new platform, just be able to say they were the first to write a virus for this platform.

Currently therefore, WAP devices do not present a big enough target and so no WAP-specific viruses have yet been seen. However, a growing threat is coming in from the horizon as the power of WAP devices is set to increase dramatically with future WAP protocol versions.

As WML also increases in sophistication, so do the opportunities for creating more advanced, malicious code. The implications for the WAP infrastructure as a whole are ominous if this were to occur. For example, public confidence for an activity such as wireless banking would deteriorate if the threat of WAP viruses loomed large.

For example, a virus might attach itself to a program such as a spreadsheet program. Each time the spreadsheet program runs, the virus runs, too, and it has the chance to reproduce by attaching to other programs or wreak havoc. Backdoor or trapdoor A backdoor is a program that allows someone to take control of another users PC via the internet. The backdoor virus can then monitor the PC until it makes a connection to the internet.

Once the PC is on-line, the person who sent the backdoor virus can use software on their computer to open and close programs on the infected computer, modify files and even send items to the printer.

Subseven and Back Orifice are among the best known backdoor virus. Logic bomb A logic bomb employs code that lies inert until specific conditions are met. Logic bombs may reside within standalone programs, or they may be part of worms or viruses. An example of a logic bomb would be a virus that waits to execute until it has infected a certain number of hosts. An example of a time bomb is the infamous Friday the 13th virus.

E-mail viruses An e-mail virus moves around in e-mail messages, and usually replicates itself by automatically mailing itself to dozens of people in the victim's e-mail address book.

The latest thing in the world of computer viruses is the e-mail virus, and the Melissa virus in March was spectacular.

Melissa spread in Microsoft Word documents sent via e-mail, and it worked like this:. Someone created the virus as a Word document uploaded to an Internet newsgroup. Anyone who downloaded the document and opened it would trigger the virus. The virus would then send the document and therefore itself in an e-mail message to the first 50 people in the person's address book. The e-mail message contained a friendly note that included the person's name, so the recipient would open the document thinking it was harmless.

The virus would then create 50 new messages from the recipient's machine. As a result, the Melissa virus was the fastest-spreading virus ever seen! As mentioned earlier, it forced a number of large companies to shut down their e-mail systems. It contained a piece of code as an attachment. People who double clicked on the attachment allowed the code to execute. The code sent copies of itself to everyone in the victim's address book and then started corrupting files on the victim's machine.

This is as simple as a virus can get. It is really more of a Trojan horse distributed by e-mail than it is a virus. It is a complete programming language and it can be programmed to do things like modify files and send e-mail messages.

It also has a useful but dangerous auto-execute feature. A programmer can insert a program into a document that runs instantly whenever the document is opened. This is how the Melissa virus was programmed. Anyone who opened a document infected with Melissa would immediately activate the virus. DOT so that any file saved later would also contain the virus!

It created a huge mess. Microsoft applications have a feature called Macro Virus Protection built into them to prevent this sort of thing. With Macro Virus Protection turned on the default option is ON , the auto-execute feature is disabled.

So when a document tries to auto-execute viral code, a dialog pops up warning the user. Unfortunately, many people don't know what macros or macro viruses are, and when they see the dialog they ignore it, so the virus runs anyway.

Many other people turn off the protection mechanism. So the Melissa virus spread despite the safeguards in place to prevent it. If a person double-clicked on the program that came as an attachment, then the program ran and did its thing. What fueled this virus was the human willingness to double-click on the executable.

Worms A worm is a small piece of software that uses computer networks andsecurity holes to replicate itself.

A copy of the worm scans the network for another machine that has a specific security hole. It copies itself to the new machine using the security hole, and then starts replicating from there, as well. A worm is a computer program that has the ability to copy itself from machine to machine. Worms normally move around and infect other machines through computer networks. Using a network, a worm can expand from a single copy incredibly quickly. For example, the Code Red worm replicated itself over , times in approximately nine hours on July 19, A worm usually exploits some sort of security hole in a piece of software or the operating system.

This article offers a fascinating look inside Slammer's tiny byte program. Worms use up computer time and network bandwidth when they are replicating, and they often have some sort of evil intent. A worm called Code Red made huge headlines in Experts predicted that this worm could clog the Internet so effectively that things would completely grind to a halt.

The Code Red worm slowed down Internet traffic when it began to replicate itself, but not nearly as badly as predicted. Each copy of the worm scanned the Internet for Windows NT or Windows servers that do not have the Microsoft security patch installed.

Each time it found an unsecured server, the worm copied itself to that server. The new copy then scanned for other servers to infect. Depending on the number of unsecured servers, a worm could conceivably create hundreds of thousands of copies. The Code Red worm was designed to do three things:. Replicate itself for the first 20 days of each month Replace Web pages on infected servers with a page that declares "Hacked by.

Un-patched systems are susceptible to a "buffer overflow" in the Idq. This memory resident worm, once active on a system, first attempts to spread itself by creating a sequence of random IP addresses to infect unprotected web servers. Each worm thread will then inspect the infected computer's time clock. Trojan horses A Trojan horse is simply a computer program. The program claims to do one thing it may claim to be a game but instead does damage when you run it it may erase your hard disk.

Trojan horses have no way to replicate automatically. In addition to the general classification ,viruses can also be classified according to the following behavior patterns exhibited by them: Nature of attack. Deception techniques employed. Frequency of infection. Boot Sector Viruses - As virus creators got more sophisticated, they learned new tricks.

One important trick was the ability to load viruses into memory so they could keep running in the background as long as the computer remained on. This gave viruses a much more effective way to replicate themselves. Another trick was the ability to infect the boot sector on floppy disks and hard disks. The boot sector is a small program that is the first part of the operating system that the computer loads.

The boot sector contains a tiny program that tells the computer how to load the rest of the operating system. By putting its code in the boot sector, a virus can guarantee it gets executed. It can load itself into memory immediately, and it is able to run whenever the computer is on. Boot sector viruses can infect the boot sector of any floppy disk inserted in the machine, and on college campuses where lots of people share machines they spread like wildfire.

In general, both executable and boot sector viruses are not very threatening any more. The first reason for the decline has been the huge size of today's programs. Nearly every program you buy today comes on a compact disc. Compact discs cannot be modified, and that makes viral infection of a CD impossible. The programs are so big that the only easy way to move them around is to buy the CD. People certainly can't carry applications around on a floppy disk like they did in the s, when floppies full of programs were traded like baseball cards.

Boot sector viruses have also declined because operating systems now protect the boot sector. Both boot sector viruses and executable viruses are still possible, but they are a lot harder now and they don't spread nearly as quickly as they once could. Call it "shrinking habitat," if you want to use a biological analogy.

The environment of floppy disks, small programs and weak operating systems made these viruses possible in the s, but huge executables, unchangeable CDs and better operating system safeguards have largely eliminated that environmental niche.

Of CE 11 M. Program viruses - These infect executable program files, such as those with extensions like. DRV driver and. SYS device driver. These programs are loaded in memory during execution, taking the virus with them. The virus becomes active in memory, making copies of it and infecting files on disk. They infect program files and when the infected program is executed, these viruses infect the boot record.

When you boot the computer next time the virus from the boot record loads in memory and then starts infecting other program files on disk. Examples: Invader, Flip, and Tequila Stealth viruses - These viruses use certain techniques to avoid detection. They may either redirect the disk head to read another sector instead of the one in which they reside or they may alter the reading of the infected files size shown in the directory listing.

For instance, the Whale virus adds bytes to an infected file; then the virus subtracts the same number of bytes from the size given in the directory. Examples: Frodo, Joshi, Whale Polymorphic viruses - A virus that can encrypt its code in different ways so that it appears differently in each infection.

These viruses are more difficult to detect. Examples: Involuntary, Stimulate, Cascade, Phoenix, Evil, Proud, Virus Macro Viruses - A macro virus is a new type of computer virus that infects the macros within a document or template. When you open a word processing or spreadsheet document, the macro virus is activated and it infects the Normal template Normal. Every document you open refers to the Normal template, and hence gets infected with the macro virus.

Since this virus attaches itself to documents, the infection can spread if such documents are opened on another computer. Active X - ActiveX and Java controls will soon be the scourge of computing. Most people do not know how to control there web browser to enable or disable the various functions like playing sound or video and so, by default, leave a nice big hole in the security by allowing applets free run into there machine. There has been a lot of commotion behind this and with the amount of power that JAVA imparts, things from the security angle seem a bit gloom.

Of CE 12 M. The article is based on lectures held by von Neumann at the University of Illinois about the "Theory and Organization of Complicated Automata" back in The Reaper program was later created to delete Creeper. The Wabbit. Animal asked a number of questions to the user in an attempt to guess the type of animal that the user was thinking of, while the related program PERVADE would create a copy of itself and ANIMAL in every directory to which the current user had access.

It spread across the multi-user UNIVACs when users with overlapping permissions discovered the game, and to other computers when tapes were shared. The program was carefully written to avoid damage to existing file or directory structures, and not to copy itself if permissions did not exist or if damage could result.

Though non-malicious, "Pervading Animal" represents the first Trojan "in the wild". Of CE 13 M. The novel "The Shockwave Rider" by John Brunner is published, that coins the use of the word "worm" to describe a program that propagates itself through a computer network. Apple II was seen as particularly vulnerable due to the storage of its operating system on floppy disk.

Elk Cloner's design combined with public ignorance about what malware was and how to protect against it led to Elk Cloner being responsible for the first largescale computer virus outbreak in history. The term 'virus' is coined by Frederick Cohen in describing selfreplicating computer programs. In Cohen uses the phrase "computer virus" as suggested by his teacher Leonard Adleman to describe the operation of such programs in terms of "infection".

He defines a 'virus' as "a program that can 'infect' other programs by modifying them to include a possibly evolved copy of itself. The program could install itself to, or infect, other system objects.

This was a very desirable feature because DOS didnt list the files in alphabetical order in Ken Thompson publishes his seminal paper, Reflections on Trusting Trust, in which he describes how he modified a C compiler so that when used to compile a specific version of the Unix operating system, it inserted a backdoor into the login command, and when used to compile itself, it inserted the backdoor insertion code, even if neither the backdoor nor the backdoor insertion code were present in the source code.

January: The Brain boot sector virus aka Pakistani flu is released. The Virdem model represented the first programs that could replicate themselves via addition of their code to executable DOS files in COM format. Appearance of the Vienna virus, which was subsequently neutralizedthe first time this had happened on the IBM platform. Lehigh was stopped on campus before it spread to the wild, and has never been found elsewhere as a result. Prior to this, antivirus solutions developed at IBM were intended for staff use only.

October: The Jerusalem virus, part of the at that time unknown Suriv family, is detected in the city ofJerusalem.

The virus destroys all. Jerusalem caused a worldwide epidemic in November: The SCA virus, a boot sector virus for Amigas appears, immediately creating a pandemic virus-writer storm. December: Christmas Tree EXEC was the first widely disruptive replicating network program, which paralysed several international computer networks in December March 1: Ping-Pong virus is a boot sector virus. It was discovered at University of Turin in Italy. Mark Washburn working on an analysis of the Vienna and Cascade viruses with Ralf Burger develops the first family of polymorphic virus: the Chameleon family.

Chameleon series debuted with the release of Michelangelo was expected to create a digital apocalypse on March 6, with millions of computers having their information wiped according to mass media hysteria surrounding the virus.

Later assessments of the damage showed the aftermath to be minimal. John McAfee had been quoted by the media as saying that 5 million computers would be affected.

He later said that, pressed by the interviewer to come up with a number, he had estimated a range from 5 thousand to 5 million, but the media naturally went with just the higher number. The first Macro virus, called "Concept," is created. It attacked Microsoft Word documents. Jan The Happy99 worm first appeared.

It invisibly attaches itself to emails, displays fireworks to hide the changes being made, and wishes the user a happy New Year. December [15] Kak worm is a Javascript computer worm that spread itself by exploiting a bug in Outlook Express.

Written in VBScript, it infected millions of Windows. It is considered to be one of the most damaging worms ever. February The Anna Kournikova virus hits e-mail servers hard by sending e-mail to contacts in the Microsoft Outlook addressbook.

Its creator, Dutchman Jan de Wit, was sentenced to hours of community service. July: The Sircam worm is released, spreading through Microsoft systems via e-mail and unprotected network shares. September The Nimda worm is discovered and spreads through a variety of means including vulnerabilities in Microsoft Windows and backdoors left by Code Red II and Sadmind worm.

October The Klez worm is first identified. It is capable of infecting almost all versions of Windows. Written in Delphi and released first by its author Tataye in , its most current version was released October 3, March 7: Mylife computer worm is a computer worm that spread itself by sending malicious emails to all the contacts in Microsoft Outlook.

April 2: Graybird is a Trojan also known as Backdoor. August The Blaster worm, aka the Lovesan worm, rapidly spreads by exploiting a vulnerability in system services present on Windows computers. August The Welchia Nachi worm is discovered. The worm tries to remove the blaster worm and patch Windows. August The Sobig worm technically the Sobig.

F worm spreads rapidly through Microsoft systems via mail and network shares. October The Sober worm is first seen on Microsoft systems and maintains its presence until with many new variants. The simultaneous attacks on network weakpoints by the Blaster and Sobig worms cause massive damage. November Agobot is a computer worm that can spread itself by exploiting vulnerabilities on Microsoft Windows.

Some of the vulnerabilities are MS and MS January Bagle computer worm is a mass-mailing worm affecting all versions of Microsoft Windows. There were 2 variants of Bagle worm, they were Bagle. A and Bagle. B was discovered on February 17, Late January: MyDoom emerges, and currently holds the record for the fastest-spreading mass mailer worm. February The Netsky worm is discovered. The worm spreads by email and by copying itself to folders on the local hard drive as well as on mapped network drives if available.

Many variants of the Netsky worm appeared. March The Witty worm is a record-breaking worm in many regards. It was the fastest disclosure to worm, it was the first internet worm to carry a destructive payload and it spread rapidly using a pre-populated list of ground-zero hosts.

June Caribe or Cabir is a computer worm that is designed to infect mobile phones that run Symbian OS. It is the first computer worm that can infect mobile phones.

It spread itself through Bluetooth. More information can be found on and. August Vundo, or the Vundo Trojan also known as Virtumonde or Virtumondo and sometimes referred to as MS Juan is a trojan known to cause popups and advertising for rogue antispyware programs, and sporadically other misbehaviour including performance degradation and denial of service with some websites including Google and Facebook. October 12, Bifrost, also known as Bifrose, is a backdoor trojan which can infect Windows 95 throughVista.

Bifrost uses the typical server, server builder, and client backdoor program configuration to allow a remote attack. December: Santy, the first known "webworm" is launched. It exploited a vulnerability in phpBB and usedGoogle in order to find new targets.