Information Technology Reference
In-Depth Information
Fig. 12.4. A screenshot of the BRAIN
virus in 1984; it was one of the first
PC viruses.
After the example of the Brain virus, hackers developed many thousands of
new viruses, often using clever new techniques to help them spread. One of the
most striking was produced in Germany in 1987. It was called the Cascade virus
because it made the characters on the screen appear to fall to the bottom. This
virus also introduced a new level of sophistication by using
encryption
techniques,
which convert messages into secret code, to hide the details of its internal work-
ings. We will discuss encryption later in this chapter. It was this explosion of
computer viruses in the 1990s that led to the creation of a whole new industry -
with antivirus companies now providing software to combat malware.
As a footnote, the term
computer virus
was probably first used by Len Adleman,
a professor at the University of Southern California, well known for his contribu-
tions to cryptography. His student Fred Cohen was studying computer infections
and defined a virus as “a computer program that can affect other computer pro-
grams by modifying them in such a way as to include a (possibly evolved) copy of
itself.”
2
In November 1983, Cohen demonstrated a computer virus that infected
the Unix file directory program. After some other experiments with program
infections, Cohen examined the theoretical difficulty of detecting computer
viruses. His PhD thesis in 1986 showed that there is no way of definitively detect-
ing a virus. The best we can do is to assemble a collection of tricks and informal
techniques, sometimes known as
heuristics
, to supplement our guesswork.
The Brain virus was one of the first to use
cloaking
techniques to hide
the program from common system administrator and diagnostic utilities. In
Unix, the traditional name for the most privileged account is
root
, and soft-
ware designed to give a user root privileges is sometimes known as a
rootkit
.
The term
rootkit
is now applied more generally to types of malware that use
cloaking techniques to make themselves invisible to antivirus software and
standard system tools. Rootkits came to prominence in 2005 when the Sony
BMG music group installed overaggressive copy protection measures on twenty
million music CDs. When the CD was used, it secretly installed software that
actually modified the operating system to prevent CD copying. Moreover, the
software was very difficult to remove and used the same rootkit cloaking tech-
niques as conventional malware to hide its presence. The scandal came to light
when security researcher Mark Russinovich (
B.12.2
) posted a detailed technical
B.12.2. Mark Russinovich was
a security researcher at his
Winternals company when he
became a victim of Sony BMG's
CD rootkit. His subsequent blog
post on the technical aspects of
the rootkit showed how it installed
itself and modified the operating
system of an unsuspecting user.
Russinovich is now a Technical
Fellow at Microsoft and the author
of the novels
Zero Day
and
Trojan
Horse
.
Search WWH ::
Custom Search