You are the System Administrator for a large organisation for the manufacture of gadgets for the gadgets industry. In order to make your task easier, you are to write a Bash shell script called “accounts”, which creates and maintains user accounts on a Linux system.
The Linux system has 10 user groups for users that work within the following areas:
finance, purchasing, manufacture, test, shipping, hr, sales, repair, research, development. Occasionally, you get a composite file from HR that lists new members of staff but also you receive a composite file that lists staff that has been made
redundant. The script should adhere to the following guidelines:
· The script must be a single script, i.e. it must not be multiple scripts that call one another. Comments where necessary must be included to explain operation.
· Place your Name and DCU ID at the top of the script.
· You must test your script on a computer in S212 that has SUSE 10.x installed. DO NOT assume that if it runs on Cygwin that it will run on Linux!
· The Bash shell should be the default user shell.
· New UIDs start at 5000 and new GIDs start at 1000
· A check must be done to avoid duplication of; usernames, UID, groups, GID.
· Usernames are created in lowercase, with max 8 characters. The username is created using a combination of the last name characters followed by the 1st character from first name, e.g. Joe Goldsmith would be goldsmij.
· User home directories, with permissions drwx–x–x, are set up within the home/groupname directories, e.g. /home/research, /home/finance, etc.
· Entries in the /etc/aliases file should be made to allow “Human Readable” email addresses, e.g. joe.goldsmith:goldsmij.
· A user’s public_html directory, with permissions drwxr-xr-x , should be created in each user’s home directory.
· Password aging should be applied with a time value of 50 days.
· Users should be forced to change their passwords at there first login.
· The passwdkey binary is used to generate the 13 character encrypted password entry for the /etc/shadow file. It takes one argument, the password in plain text, and returns the encrypted password.
· The script file must manipulate the various system files directly without calling the system utilities like; useradd, userdel, etc.
· At beginning of your script, set the following variables to allow your script to
be portable to any system:
1) etcdir=$HOME/assign2/etc
2) homedir=$HOME/assign2/home
3) keygen=$HOME/assign2/passwdkey
4) hrfile=$HOME/assign2/hrfile
· Because your script will be run by you as a standard user, then obviously the chown and newaliases utilities, when called upon, will fail to run. However, you must still include the code to call these utilities at the appropriate location within the script so that user root can run the full script. This can be done by examining the variable $USER and if it returns root, then these utilities may be run, otherwise they are skipped over and a warning “Must be root to run the chown or newaliases utilities” is displayed.
· When your script is run, a menu should be presented on screen as follows:
Please select option that you require:
1) Create new user group
2) Create new user account
3) Delete user account
4) Create multiple user accounts from formatted file
5) Delete multiple user accounts from formatted file
6) Suspend user account
7) Re-Instate user account
8) Make user a member also of another group
9) Show home directory space usage for all users
10) Exit
· When a new user group is formed, a subdirectory with that name must also be
created within the home directory.
· Selecting a menu item should, where appropriate, lead to other submenus.
o For 2 or 8 it would be appropriate to show groups that users can join.
o For 3 it would be appropriate to show users on system.
o For 6 or 8 it would be appropriate to show non-suspended users on system
o For 7 it would be appropriate to show suspended users on system
Accounts File
#!/bin/bash #Sameer Kumar #53129300 #DME4 #Assignment 2 - Account Managment Script #EE438 #05/4/2007 #initialise variables etcdir=$HOME/assign2/etc homedir=$HOME/assign2/home keygen=$HOME/assign2/passwdkey hrfile=$HOME/assign2 #interface echo ” “ echo “Welcome to the Account Management Program” echo ” “ echo “Please select the option that you require (1 -10) and press enter” echo ” “ echo “1. Create a new user group” echo ” “ echo “2. Create a new user account” echo ” “ echo “3. Delete a user account” echo ” “ echo “4. Create multiple user accounts from formatted file” echo ” “ echo “5. Delete multiple user accounts from formatted file” echo ” “ echo “6. Suspend a user account” echo ” “ echo “7. Re-instate user account” echo ” “ echo “8. Make a user a member also of another group” echo ” “ echo “9. Show home directory space usage for all users” echo ” “ echo “10. Exit” echo ” “ read reply; echo ” “ ################################################################################################# #1. create new user group if [ "$reply" = 1 ]; then clear echo “Currently there are the following user groups :” #list characters, find, read, ls -l $homedir|grep “^d”|cut -c 50-80 echo “Enter the name for the new user group :” read groupselection groupselection=`echo$groupselection|tr[:upper:][:lower:]` val=1 while[ "$val" = 1 ]; do #if the user group is in the group file if[ `grep -w $groupselection $etcdir/group|cut -d":" -f1` ]; then echo “Sorry that is a duplicate user group” echo “Please choose a different name or press z to go back to the main menu” read answer #make them lowercase answer=`echo $answer|tr[:upper:][:lower:]` if[ "$answer" = z ];then #return to the main menu ./accounts else groupselection=$answer fi val=1 else val=0 fi done #if there is the existing line, take last id from the end of the group file, cast string to integer if[ `tail /$etcdir/group --lines=1|cut -d":" -f3` ]; then lastgroupid=`tail/$etcdir/group –lines=1|cut -d”:” -f3` declare -i lastgroupid else #if there is not a line, set to 999 lastgroupid=999 fi #if =<999 if[ $lastgroupid -le 999 ]; then usergroupid=1000 else #add 1 to last id lastgroupid=$lastgroupid+1 #make new id usergroupid=$lastgroupid fi mkdir $homedir/$groupselection echo “The New User Group has been created” #add the new line to group file echo $groupselection:x:$usergroupid:>> /$etcdir/group fi esac echo “Would you like to go back to the main menu (y/n) ?” read reply if [ "$reply" = y ] echo “Back to the main menu…” ./accounts val=0 fi ############################################################################################# #Create new user account# if [ "$reply" = 2 ]; then clear echo “Please enter new users full name and press enter:” read f_name #1st letter of first name name1=`echo $f_name|cut -c0-1` #last 7 letters of last name name2=`echo $f_name|cut -d” ” -f2|cut -c1-7` #create username from last 7 letters of last name, 1st letter of first name username=`echo $name2$name1 | tr [:upper:] [:lower:]` num=1 name3=2 #to avoid creating the same usernames while [ "$num" = 1 ]; do if [ `grep -w $username $etcdir/passwd |cut -d":" -f1` ]; then #take the 1st letter if the same name exists name1=`echo $f_name|cut -c0-1` #last 6 characters of last name name2=`echo $f_name|cut -d” ” -f2|cut -c1-6` declare -i name3 #add 1 to the end of username name3=$name3+1 #create username username=`echo $name2$name1″$name3″ | tr [:upper:] [:lower:]` num=1 else username=$username num=0 fi done echo “The new username is: $username…” #if line present in file use last existing id from passwd file, cast string to integer if [ `tail /$etcdir/passwd --lines=1|cut -d":" -f3` ]; then lastid=`tail /$etcdir/passwd –lines=1|cut -d”:” -f3` declare -i lastid else lastid=4999 fi #if =<4999 if [ "$lastid" -le 4999 ]; then #set first id to 5000 userid=5000 else #add 1 to lastid lastid=$lastid+1 #create new id userid=$lastid echo “The new user ID is $userid…” #to create email addresses, insert a dot in the space between names aliasfield=`echo $f_name|sed -e ’s/ /./’` #add to aliases file `echo $aliasfield:$username >> /$etcdir/aliases` echo “Enter password :” read pass #encrypt the password encrypt=$pass echo “Current user groups :” #display the current user groups ls -l $homedir|grep “^d”|cut -c 50-80 #prompt user echo “Enter the group name you want to add the user to :” #password file entry read groupselection #lower case letters for group groupselection=`echo $groupselection | tr [:upper:] [:lower:]` num=1 while [ "$num" = 1 ]; do #if the group is in the group file if [ `grep -w $groupselection $etcdir/group |cut -d":" -f1` ]; then echo “The ‘$groupselection’ group has been successfully entered…” num=0 else echo “The inputted group $groupselection does not exist, please try again or press Z to go back to the main menu…” read groupselection num=1 elif[ "$groupselection" = z ] then #return to the main menu ./accounts fi done #get group id from file groupid=`grep $groupselection /$etcdir/group|cut -d”:” -f3` echo “The group id is $groupid” #find the line that the group in question is on adduserline=`grep $groupid /$etcdir/group` #add username to end of groupline sed -e “s/$adduserline/$adduserline, $username/g” $etcdir/group > $etcdir/grouptemp #delete occurances of “:,” sed -e “s/:, /:/g” $etcdir/grouptemp > $etcdir/group #remove the temporary file rm $etcdir/grouptemp echo “Creating $username directory…” #set permissions drwx–x–x mkdir $homedir/$groupselection/$username -m 711 echo “Creating $username’s public_html directory…” #set permissions drwxr-xr-x mkdir $homedir/$groupselection/$username/public_html -m 755 #output this entry to the passwd file, this allows it to be called later `echo $username:x:$userid:$groupid:$f_name:$homedir/$groupselection/$username:/bin/bash >> /$etcdir/passwd` #output this entry to the shadow file `echo $username:$encrypt:0:0:50:7:-1:: >> /$etcdir/shadow` #only root can use utilities chown and newaliases if [ "$USER" = "root" ]; then #set owner of directory chown -R $username $homedir/$groupselection/$username/ newaliases else echo “WARNING - MUST BE ROOT TO RUN THE CHOWN OR NEWALIASES UTILITIES” fi fi fi esac echo “Would you like to go back to the main menu (y/n) ?” read reply if [ "$reply" = y ] echo “Back to the main menu…” ./accounts val=0 fi ################################################################################################## #Delete user account# if [ $reply = 3 ]; then clear echo “The list of all the current system users :” cat $etcdir/passwd|cut -d”:” -f1 echo “Choose the username and press enter to delete their account :” read del_user echo “Do you wish to continue to delete $del_user? (y/n)” read answer #read the upper and lower case characters answer=`echo $answer | tr [:upper:] [:lower:]` if [ "$answer" = y ]; then echo “Currently deleting $del_user from aliases file…” cp $etcdir/aliases $etcdir/aliasestemp sed -e /:$del_user/d $etcdir/aliasestemp > $etcdir/aliases #delete from aliases file rm $etcdir/aliasestemp echo “Currently deleting $del_user from passwd file…” cp $etcdir/passwd $etcdir/passwdtemp sed -e /$del_user:/d $etcdir/passwdtemp > $etcdir/passwd #delete from passwd file rm $etcdir/passwdtemp echo “Currently deleting $del_user from shadow file…” cp $etcdir/shadow $etcdir/shadowtemp sed -e /$del_user:/d $etcdir/shadowtemp > $etcdir/shadow #delete user from shadow file rm $etcdir/shadowtemp echo “Currently deleting $del_user’s name from his group…” mv $homedir/$groupselection/$del_user $etcdir/grouptemp rm $etcdir/grouptemp #delete from group file echo “Currently deleting $del_user from group file…” cp $etcdir/group $etcdir/grouptemp sed -e “s/, $del_user//g” $etcdir/grouptemp > $etcdir/group cp $etcdir/group $etcdir/grouptemp sed -e “s/$del_user, //g” $etcdir/grouptemp > $etcdir/group cp $etcdir/group $etcdir/grouptemp sed -e “s/$del_user//g” $etcdir/grouptemp > $etcdir/group rm $etcdir/grouptemp echo “Currently deleting $del_user’s directory…” #delete users directory groupselection=`grep $del_user $etcdir/group|cut -d”:” -f1` echo “$del_user has been entirely deleted from the system.” else #return to the main menu ./accounts fi fi esac #################################################################################################### #Create Multiple user accounts from formatted file# if [ $reply = 4 ]; then clear echo “In order to create any users from a formatted file - it must be named ‘HRfile’ and be placed in the ‘assign2′ directory” echo “The following are the contents of this file :” #show hrfile cat $hrfile echo “Do you wish to continue adding new users? (y/n)” read response response=`echo $response | tr [:upper:] [:lower:]` if [ "$response" = n ]; then echo “Returing to main menu…” #return to the main menu ./accounts else echo “Currently adding the new users…” #copy hrfile to temporary location, edit this file cp $hrfile $assign2/hrfiletemp #keep the firstline line firstline=`head -n 1 $assign2/hrfiletemp` #take this from the file sed -e /”$firstline”/d $assign2/hrfiletemp > $assign2/hrfiletemp2 cp $assign2/hrfiletemp2 $assign2/hrfiletemp #get the number of lines lines=`grep “:” $assign2/hrfiletemp -c` int=0 while [ $lines -gt $int ]; do #store a new firstline line firstline=`head -n 1 $assign2/hrfiletemp` #get fullname f_name=`echo $firstline|cut -d”:” -f1` f_name=`echo $f_name | tr [:upper:] [:lower:]` #1st letter of first name name1=`echo $f_name|cut -c0-1` #last 7 letters of last name name2=`echo $f_name|cut -d” ” -f2|cut -c1-7` #create username from last 7 letters of last name, 1st letter of first name username=`echo $name2$name1 | tr [:upper:] [:lower:]` #to avoid creating the same usernames num=1 name3=2 while [ "$num" = 1 ]; do if [ `grep -w $username $etcdir/passwd |cut -d":" -f1` ]; then #take the 1st letter if the same name exists name1=`echo $f_name|cut -c0-1` #last 6 characters of last name name2=`echo $f_name|cut -d” ” -f2|cut -c1-6` declare -i name3 #add integer to end of username name3=$name3+1 #create the username username=`echo $name2$name1″$name3″ | tr [:upper:] [:lower:]` num=1 else username=$username num=0 fi done #output end of file if [ `tail /$etcdir/passwd --lines=1|cut -d":" -f3` ]; then #take last existing id from passwd file lastid=`tail /$etcdir/passwd –lines=1|cut -d”:” -f3` #cast string to int declare -i lastid else lastid=4999 fi #if <=4999 if [ "$lastid" -le 4999 ]; then #set first id to 5000 lastid=5000 else #add 1 to lastid lastid=$lastid+1 #create new id userid=$lastid fi #to create email addresses, insert a dot in the space between names aliasfield=`echo $f_name|sed -e ’s/ /./’` #add to aliases file `echo $aliasfield:$username >> /$etcdir/aliases` #get the password pass=`echo $firstline|cut -d”:” -f2` #translate the password pass=`echo $pass | tr [:upper:] [:lower:]` #encrypt the password encrypt=$pass #get group groupselection=`echo $firstline|cut -d”:” -f3` groupselection=`echo $groupselection | tr [:upper:] [:lower:]` num=1 while [ "$num" = 1 ]; do #if the group is in the group file if [ `grep -w $groupselection $etcdir/group |cut -d":" -f1` ]; then num=0 else echo “The inputted group $groupselection does not exist, please re-enter group name…” read groupselection num=1 fi done #get group id from file groupid=`grep $groupselection /$etcdir/group|cut -d”:” -f3` echo “The group id is $groupid” adduserline=`grep $groupid /$etcdir/group` #find the line that the group in question is on sed -e “s/$adduserline/$adduserline, $username/g” $etcdir/group > $etcdir/grouptemp sed -e “s/:, /:/g” $etcdir/grouptemp > $etcdir/group rm $etcdir/grouptemp echo “Creating $username directory…..” #set permissions drwx–x–x mkdir $homedir/$groupselection/$username -m 711 echo “Creating $username’s public_html directory……” #set permissions drwxr-xr-x mkdir $homedir/$groupselection/$username/public_html -m 755 #output entry for new user to passwd file create an entry in the passwd file `echo $username:x:$userid:$groupid:$f_name:$homedir/$groupselection/$username:/bin/bash >> /$etcdir/passwd` #output entry for new user to shadow file `echo $username:$encrypt:0:0:50:7:-1:: >> /$etcdir/shadow` #limit use of utilities to user root if [ "$USER" = "root" ]; then chown -R $username $homedir/$groupselection/$username/ newaliases else echo “WARNING - USER MUST BE ROOT TO USE CHOWN OR NEWALIASES UTILITIES” fi sed -e /”$firstline”/d $assign2/hrfiletemp > $assign2/hrfiletemp2 cp $assign2/hrfiletemp2 $assign2/hrfiletemp declare -i int int=$int+1 done rm $assign2/hrfiletemp2 rm $assign2/hrfiletemp fi fi esac echo “Would you like to go back to the main menu (y/n) ?” read reply if [ "$reply" = y ] echo “Back to the main menu…” ./accounts val=0 fi ############################################################################### #Delete multiple user accounts from formatted file# if [ $reply = 5 ]; then clear echo “To Delete users from file - The file ‘HRfile’ must exist in the ‘assign2′ directory” echo “The contents of this file are shown below:” #show cat $hrfile echo “Proceed with deleting these users? y/n” read response response=`echo $response | tr [:upper:] [:lower:]` if [ "$response" = n ]; then echo “Returing to main menu…” ./accounts else echo “Deleting users…” cp $hrfile $assign2/hrfiletemp firstline=`head -n 1 $assign2/hrfiletemp` sed -e /”$firstline”/d $assign2/hrfiletemp > $assign2/hrfiletemp2 cp $assign2/hrfiletemp2 $assign2/hrfiletemp #get line count lines=`grep “:” $assign2/hrfiletemp -c` int=0 while [ $lines -gt $int ]; do firstline=`head -n 1 $assign2/hrfiletemp` #get full name f_name=`echo $firstline|cut -d”:” -f1` f_name=`echo $f_name | tr [:upper:] [:lower:]` #enter username in aliases file, passwd file, group file, shadow file #take first letter of first name name1=`echo $f_name|cut -c0-1` #take last 7 letters of last name name2=`echo $f_name|cut -d” ” -f2|cut -c1-7` #create username from the above username=`echo $name2$name1 | tr [:upper:] [:lower:]` echo “Deleting user $username from aliases file…” cp $etcdir/aliases $etcdir/aliasestemp sed -e /:$username/d $etcdir/aliasestemp > $etcdir/aliases #Remove user from aliases file rm $etcdir/aliasestemp #remove user from aliases file echo “Deleting user $username from passwd file…” cp $etcdir/passwd $etcdir/passwdtemp sed -e /$username:/d $etcdir/passwdtemp > $etcdir/passwd #remove user from passwd file rm $etcdir/passwdtemp #remove user from passwd file echo “Deleting user $username from shadow file…” cp $etcdir/shadow $etcdir/shadowtemp sed -e /$username:/d $etcdir/shadowtemp > $etcdir/shadow #remove user from shadow file rm $etcdir/shadowtemp #remove username from shadow file echo “Deleting user $username’s directory” groupselection=`echo $firstline|cut -d”:” -f3` groupselection=`echo $groupselection | tr [:upper:] [:lower:]` rm -r $homedir/$groupselection/$username #remove username’s directory echo “Deleting user $username from group file…” cp $etcdir/group $etcdir/grouptemp #Remove user from group file sed -e “s/, $username//g” $etcdir/grouptemp > $etcdir/group cp $etcdir/group $etcdir/grouptemp sed -e “s/$username, //g” $etcdir/grouptemp > $etcdir/group cp $etcdir/group $etcdir/grouptemp sed -e “s/$username//g” $etcdir/grouptemp > $etcdir/group rm $etcdir/grouptemp echo “User $username’s account has been removed from the system.” sed -e /”$firstline”/d $assign2/hrfiletemp > $assign2/hrfiletemp2 cp $assign2/hrfiletemp2 $assign2/hrfiletemp declare -i int int=$int+1 done rm $assign2/hrfiletemp2 rm $assign2/hrfiletemp fi fi esac echo “Would you like to go back to the main menu (y/n) ?” read reply if [ "$reply" = y ] echo “Back to the main menu…” ./accounts val=0 fi ######################################################################################### #Suspend user account# if [ $reply = 6 ]; then clear echo “The list of the non-suspended system users :” #add star to the front of password in shadow file grep -v ‘*’ $etcdir/shadow|cut -d”:” -f1 echo “Enter the username to suspend the account :” read username username=`echo $username | tr [:upper:] [:lower:]` #Search passwd file for this username num=1 while [ "$num" = 1 ]; do #if you search and find it if [ `grep -w $username $etcdir/passwd |cut -d":" -f1` ]; then echo “Do you wish to continue to suspend $username’s account (y/n)?” read reply reply=`echo $reply | tr [:upper:] [:lower:]` if [ "$reply" = n ]; then #return to the main menu ./accounts else num=0 fi else echo “‘$username’ does not exist, please re-enter username or Z to go back to the main menu :” read username username=$username username=`echo $username | tr [:upper:] [:lower:]` if [ "$username" = z ]; then #return to the main menu ./accounts else username=$username fi fi fi done #search for username, store password thepass=`grep -w $username /$etcdir/shadow|cut -d”:” -f2` #use first letter of password firstletter=`echo $thepass|cut -c 0-1` #Check if this user is already suspended if the first letter is a * if [ "$firstletter" = "*" ]; then echo “The $username account is already suspended…” echo “Returning to main menu…” ./accounts else #use 2nd field cp $etcdir/shadow $etcdir/shadowtemp #get the password thepass=`grep -w $username /$etcdir/shadowtemp|cut -d”:” -f2` #sed for 2nd field in file and replace with *2nd field sed -e “s/$thepass/*$thepass/g” $etcdir/shadowtemp > $etcdir/shadow rm $etcdir/shadowtemp #change the user home directory permission t userhome=`grep $username /$etcdir/passwd| cut -d”:” -f6` #no permissions chmod 000 $userhome echo “$username’s account is suspended” fi echo “Would you like to go back to the main menu (y/n) ?” read reply if [ "$reply" = y ] echo “Back to the main menu…” ./accounts num=0 fi ################################################################################### #Re-Instate user account# if [ $reply = 7 ]; then clear echo “The list of the currently suspended users on the system :” #search shadow file for entries beginning with * grep ‘*’ $etcdir/shadow|cut -d”:” -f1 echo “Enter the username to re-instate the account :” read username username=`echo $username | tr [:upper:] [:lower:]` #search passwd file for this username num=1 while [ "$num" = 1 ]; do #if you search and find it if [ `grep -w $username $etcdir/passwd |cut -d":" -f1` ]; then echo “Do you wish to continue to re-instate $username’s account (y/n)?” read reply reply=`echo $reply | tr [:upper:] [:lower:]` if [ "$reply" = n ]; then echo “Back to the main menu…” ./accounts else num=0 fi else echo “‘$username’ does not exist, please try again or Z to go back to the main menu :” read username username=`echo $username | tr [:upper:] [:lower:]` username=$username if [ "$username" = z ]; then echo “Back to the main menu…” ./accounts else username=$username fi fi fi done #Check if this user is already suspended if the first letter is a * thepass=`grep -w $username /$etcdir/shadow|cut -d”:” -f2` firstletter=`echo $thepass|cut -c 0-1` if [ "$firstletter" = "*" ]; then #use 2nd field cp $etcdir/shadow $etcdir/shadowtemp thepass=`grep -w $username /$etcdir/shadowtemp|cut -d”:” -f2` thenewpass=`echo $thepass|cut -c 2-` #sed for *2nd field in file and replace with 2nd field sed -e “s/$thepass/$thenewpass/g” $etcdir/shadowtemp > $etcdir/shadow rm $etcdir/shadowtemp #revert back to the original home directory permissions userhome=`grep $username /$etcdir/passwd| cut -d”:” -f6` #set permissions drwx–x–x chmod 711 $userhome echo “$username’s account has been re-instated” else echo “$username’s account is already active…” fi esac echo “Would you like to go back to the main menu (y/n) ?” read reply if [ "$reply" = y ] echo “Back to the main menu…” ./accounts val=0 fi ################################################################################### #Make user a member of another group# if [ $reply = 8 ]; then clear echo “Please enter the username of the user :” read username #read the username from upper and lowercase letters username=`echo $username | tr [:upper:] [:lower:]` #search the passwd file for the username num=1 while [ "$num" = 1 ]; do if [ `grep -w $username $etcdir/passwd |cut -d":" -f1` ]; then num=0 else echo “Username ‘$username’ does not exist, please try again or Z to go back to the main menu :” read username username=$username if [ "$username" = z ]; then #return to the main menu ./accounts else username=$username fi fi fi done echo “The list of the existing groups are :” #display all existing groups ls -l $homedir|grep “^d”|cut -c 50-80 echo “Enter groupname to add user to” read groupselection #search the group file for the groupname num=1 while [ "$num" = 1 ]; do if [ `grep -w $groupselection $etcdir/group |cut -d":" -f1` ]; then num=0 else echo “Group does not exist, please re-enter groupname or Z to go back to the main menu :” read groupselection groupselection=$groupselection if [ "$groupselection" = z ]; then #return to the main menu ./accounts else groupselection=$groupselection fi fi done #if the user already exists and the group already exists groupline=`grep -w $groupselection $etcdir/group | cut -d”:” -f4` if [ `echo $groupline|grep $username | cut -d"," -f1` ]; then echo “This user has already joined this group” else echo “Adding user ‘$username’ to the group ‘$groupselection’” adduserline=`grep $groupselection /$etcdir/group` sed -e “s/$adduserline/$adduserline, $username/g” $etcdir/group > $etcdir/grouptemp sed -e “s/:, /:/g” $etcdir/grouptemp > $etcdir/group fi esac echo “Would you like to go back to the main menu (y/n) ?” read reply if [ "$reply" = y ] echo “Back to the main menu…” ./accounts num=0 fi ################################################################################## #show home directory space usage for all users# if [ $reply = 9 ]; then clear #show overall disk space usage t_disk_sp=`du -h| tail -n 1| cut -c1-3` echo “Total disk space usage for all users is : $t_disk_sp” echo “View individual disk space consumed by each user? (y/n)” read individual individual=`echo $individual | tr [:upper:] [:lower:]` if [ "$individual" = y ]; then echo “Would you like to display all the users on the system? (y/n)” read sys_usr sys_usr=`echo $sys_usr | tr [:upper:] [:lower:]` if [ "$sys_usr" = y ]; then echo “The list of all the system users :” #show users cat $etcdir/passwd| cut -d”:” -f1 fi echo “Select the username to view disk space usage :” read username #get user home directory from passwd file userhome=`grep $username /$etcdir/passwd| cut -d”:” -f6` u_disk_sp=`du -h $userhome|tail -n 1|cut -d”/” -f1` echo “Total disk space usage for user ‘$username’ is : $u_disk_sp” else echo “Back to the main menu…” ./accounts fi fi esac ##################################################################################### #exit gracefully if [ "$reply" = 10 ]; then clear; echo “Goodbye and Have a Nice Day :)!!!” fi esac ##################################################################################### #if the user does not enter a number in the range [1-10] if [ "$reply" = * ]; then clear echo “That request cannot be processed!!!” #return to the main menu ./accounts fi esac ##################################################################################### esac exit 0
1. Introduction to Malware
Malicious Software, Malware, is one of the biggest scourges plaguing the internet today. It can be hardware, software, or firmware that is intentionally included or inserted in a system for a harmful purpose. [19] This ranges from the loss of data, damage to computers, servers or networks, security breaches or extraction of sensitive information. As broadband capacity and network coverage increases, the spread of such applications is swift in comparison to the past when it relied on disks. This form has passed away due to the evolution of computers and widespread use of the internet.
In the beginning, Malware was formed simply to see how far a program could spread or multiply across various interconnected computers. They mutated into programs that could cause damage. In recent times, Malware has become a profitable business. Information about the user, advertising or redirecting users to particular websites create financial windfalls for the author. Some cyber criminals have been known to store incriminating evidence on infected machines, thus evading prosecution.
1.1 Types of Malware
The types of Malware fall into one of the following categories: Virus, Worm, Trojan, Spyware, Adware, Dialers or Hijackers.
1.1.1 Viruses:
Viruses were named as such as their characteristics match biological viruses. They pass from computer to computer in the same way as the human strain envelopes people. They operate by latching onto real applications or by email by sending itself to the entire contents of the address book. In the 1980’s, they spread via floppy disks while in the 1990’s by bulletin boards. They needed the user to explicitly execute it. The first virus was written in 1982 as a joke which targeted the Apple DOS 3.3 and was known as the “Elk Cloner”. In 1986, the first boot sector virus (c)Brain was created by two brothers in Pakistan to prevent against privacy. [20]
1.1.2 Worms:
Worms replicate by copying itself from one system to another generally over a network. They act by exploiting vulnerabilities in all types of software. Data can be damaged directly and/or the system may become unstable. They tend to largely affect networks by consuming bandwidth or causing packet-loss. A single worm can propagate on multiple machines simultaneously. The first implementation of a worm was in 1988 by researchers at Xerox Parc in order to improve the CPU cycle use efficiency across an entire network. The first worm to attract notoriety was the Morris Worm released the same year causing havoc and massive disruption. [21]
1.1.3 Trojans:
Trojans are true to its original story, it is not as it seems as in it claims to do one thing but does something else, a “serpent beneath the rose” – Shakespeare. Possible consequences after execution include hard disk format or concealing processes, files and system data. Spyware comes in the form of a Trojan as it is always hidden in the application. They may install a rookit on the system which is a set of tools an intruder can use, one of them being the ability to mask the Malware process from the user. In 2005, Sony created a storm after being caught installing a rookit on their audio CD’s. they took this step in order to stop piracy but this was counter productive.
1.1.4 Spyware:
Spyware is any software that aids in gathering information about a person or organization without their explicit permission or knowledge. It does not spread like viruses or worms but from a visited website. It has the ability to modify code or redirect traffic to a particular page, or retrieve information such as passwords, credit cards, about the user. Identity theft is a possible consequence of Spyware. It does not affect a computer in the style of a worm or virus but does affect the speed of the OS.
1.1.5 Adware:
Adware is any software application in which advertising banners or pop ups are displayed while the program is running. Many applications that are free have Adware running as a source of revenue which is covered in the License Agreement. It is generally accompanied by spyware and records the clients selections in order to display relevant advertisements. Some adware programs are known to reinstall after the user has deleted them.
1.1.6 Dialers:
Dialers infect by taking control of the modem to connect to a premium rate telephone number, thus creating a profit for the number’s owner. This connection would be live for long time slots with victims not realizing until receiving their phone bill. Due to this problem, Eircom blocked such foreign premium lines in specific countries. They put in place a verification process. [22]
1.1.7 Hijackers:
Hijackers manipulate different elements of your web browser, search bar, search pages or home page. They may redirect or guide you to certain sites, or to their own search engine if you attempt a search. Should you mistype an address or attempt to go to a site they would rather you not, such as an anti-malware page, you will not complete your request. Hijackers almost exclusively target Internet Explorer. [22] Hijackers would be considered a form of Spyware, but its motivation is specific.
1.2 Introduction to the Malware component on which the case study is based
I have chosen the Code Red Worm as my case study. There were 2 worms, Code Red I, released on July 13th 2001 and Code Red II on August 4th, 2001. These worms are also known as CodeRed.v3, CodeRed.C, W32.Bady.CCodeRed.F and CodeRed III. This phenomenal program replicated itself over 250,000 times in approximately nine hours on July 19, 2001. At its peak, CodeRed I infected 2,000 machines every minute, and infected 359,000 machines and cost $1.2 billion, according to the BBC. [9]
2. Case Study Detail
2.1 Propagation
All systems on the internet are searched for un-patched Windows NT or 2000 servers running Microsoft’s IIS web server. This section shall deal with the human contributions and the exploitation of system weaknesses.
2.1.1 Human contribution
Microsoft had already released a security patch for IIS that fixed the security hole on June 18, 2001. However not everyone had patched their servers, including Microsoft themselves. [23] This lack of action allowed the worm to spread rapidly. It is plausible that the author only became aware of the security hole after Microsoft’s patch release.
2.1.2 Exploit of computer and system weaknesses
CodeRed I was released 3 weeks after the announcement and corresponding release of the patch for the security hole, Microsoft Security Bulletin MS01-033. CodeRed operates over 3 cycles – scanning, flooding and dormancy. During the first phase, all systems on the internet are searched for Windows NT or 2000 servers running Microsoft’s IIS web server. This consumes a great deal of bandwidth and in some cases causing a total shutdown of the network. In the flooding phase, un-patched servers were exploited by the program copying itself to that server. After infection, the new program then targets other servers. The worm also sent copies of itself to the e-mail addresses in an infected computer, deleted files and directories, filled up space on the hard drive and sent out files to the Internet. This period lasted for 20 days. For the next 8 days, in its dormancy, it launches its attack on the White House. [13]
Microsoft’s IIS web server contains a .dll file. idq.dll contains an error in the code which reveals an unchecked buffer which deals with input URL’s. Susceptible servers containing this file are subjected to a buffer overflow attack once the worm makes a connection. This attack initiates prior to any indexing functionality. idq.dll operates in the %SYSTEMROOT% giving the worm total command when it takes advantage of this weakness. The consequences of this result in the extra data which is created overwriting adjacent memory bits. For example this data may contain variables, application data or other buffers.
CodeRed II exploits the same weaknesses but there are subtle differences which are outlined later.
2.2 Source code analyses
The infected machine executes CodeRed I from memory. Before the worm begins its path, it verifies whether the date falls between the 1st and 19th of the month. If this is the case, a random list of IP addresses is generated. The worm scans each address on the list searching for vulnerable machines. It endeavors to reproduce countless times by sending HTTP queries. The first CodeRed utilizes a static seed in its random number generator. The seed is the point where the worm starts its random number generator. This results in each infected machine producing identical lists of IP addresses. This ensured that the first version of the worm spread slowly as all machines on the list were either secure or contaminated.
Once the date reaches the 20th of the month, the worm is programmed to stop spreading. It begins its Denial-of-Service attack from 20th – 28th persecuting www1.whitehouse.gov.
In CodeRed II, the worm searches for the GetProcAddress function in the kernel32.dll\\\’s export table in the IIS server and then finds the addresses needed for further infection.
LoadLibraryA
CreateThread
….
….
GetSystemTime [13]
Another bug exists in Microsoft Windows, the “relative shell path”. The worm writes a shell program, “explorer.exe” in the SYSTEM context directory. This bug loads the “new” file instead of the original explorer.exe. Part of the worms application is deposited in the explorer.exe file giving the author remote access capabilities. This is known as a VirtualRoot and would be considered the Trojan element of the worm.
This changes the HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ SFCDisable registry key, halting all file system security. This allows the hacker to remotely access the C: and D: through a web browser. The Trojan adds read/write rights using the HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ W3SVC \ Parameters \Virtual Roots registry key. [12]
WS2_32.dll is loaded by the worm. This file contains the functions socket, closesocket and WSAGetLastError. Using the ExitWindowsEx from user32.dll, the worm reboots the system.
The worms searches for two different markers.
- “29A,” deals with the installation of the Trojan, VirtualRoot.
2. A semaphore, “CodeRedII.” If this exists, the worm sets off into an infinite slumber. [12]
The worm checks for the default language on the machine. If this reveals any form of the Chinese Language, it creates 600 new threads compared to the 300 for all other languages. Resulting from these threads are the random IP addresses of target web servers. During these operations, the main thread copies cmd.exe from the Windows NT system folder to the following locations:
C: \ Inetpub \ Scripts \ root.exe
D: \ Inetpub \ Scripts \ root.exe
C: \ Program Files \ Common Files \ System \ msadc \ root.exe
D: \ Program Files \ Common Files \ System \ msadc \ root.exe [12]
The worm is dormant for 24 on non-Chinese systems and 48 hours on other systems.
The computer boots up after sleeping. Additionally, if the time of year is October or if it is 2002, the computer restarts and executes the virus again. [13]
CodeRed II is similar to CodeRed I with a few exceptions. It is considered a variant as it uses the same buffer overflow technique. It does not launch a Denial-of-Service attack or deface web pages in the same manner. Only some top level hosts were infected with “Hacked by Chinese!”. It does not use a static seed but rather a random one. Its main threat is the installation of the back door which allows any program to be executed making the system prone to further exploits. [11]
It applies a mask to the random generated IP addresses to produce its list of potential carriers. While CodeRed I infected systems randomly, the second version infected machines belonging to the same subnet. This worm has the means to control root-level access remotely making this a much deadlier version than its predecessor.
CodeRed II generates a random IP address and then applies a mask to produce the IP address to probe. The CodeRed II worm is much more dangerous than CodeRed because CodeRed II installs a mechanism for remote, root-level access to the infected machine.
Where the original worm tried to infect other computers at random, Code Red II tried to infect machines on the same subnet as the infected machine.
2.3 Payload analyses
Both programs always searched for other IIS servers to infect.
CodeRed I ruined the affected page to declare:
“HELLO! Welcome to http://www.worm.com! Hacked By Chinese!”
Some hosts were defaced with this signature in CodeRed II.
During its sleeping period, the worm launches denial of service attacks on several fixed IP addresses.
While in its scanning phase, the worm did no form of testing to see if the targeted server was running a vulnerable version of IIS or even running IIS at all. Apache access logs diplayed log files of the character N repeated 224 times. [8] The typical signature of CodeRed II is the same with X instead of N. [23]
For CodeRed II, on Chinese systems, it creates 600 threads and spreads for 48hours. On a non-Chinese system it creates 300 threads and spreads for 24 hours.
Due to the magnitude of the countless probes sent to infiltrate new addresses and the mass of infected systems, the traffic created a larger blow to the worldwide network. Some modems, routers, switches and even printers were not left unscathed. These devices could not be infected but ultimately had to reboot or crash when the worm was sent to them.
2.4 Containment of this Malware component
The capabilities of a hacker to connect remotely from an infected machine to other machines depends on the explicit compostion of the network. It is recommended that the design of the network considers the intrinsic high risk danger that that machines are exposed to on the internet. This can be drastically minimised by using procedures such as a Perimeter Network, utilizing minimal services and isolating interaction with internal networks. [44]
If the script mappings for Internet Data Administration (.ida) and Internet Data Query (.idq) files do not exist, the bug cannot be exercised.
The compiler or the programmer can prevent buffer overflows by sufficient bounds checking.
Today, the majority of servers operating MS Windows run the 2003 server edition, impregnable against this type of attack. MS Windows 2000 systems are currently being phased out with support already discontinued for MS Windows 95 and 98.
To manually remove CodeRed I, apply the security patch and follow the steps:
Delete the files
C: \ inetpub \ scripts \ root.exe,
C: \ program files \ common files \ system\ msadc \ root.exe,
D: \ inetpub \ scripts\ root.exe,
D: \ program files \ common files \ system \ msadc \ root.exe.
Restart the computer to completely remove the worm. [12]
Manually removing CodeRed II is a more arduous task. The security patch should be applied and the following steps taken:
1. In the running processes, close the current process associated with the dropped Trojan. Norton detects this as Trojan.VirtualRoot.
2. Delete the recently created explorer.exe files including hidden and system files.
3. Delete the 4 files mentioned for removal of CodeRed I if they are present.
4. Using the Computer Manager on the web server, remove the open shares.
Registry Files:
- Find the key:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\W3SVC\Parameters\Virtual Roots CodeRed II created 2 of these values which must be erased.
- Select and Delete: /C & /D
- Select:
/MSADC & /Scripts
- From the current value data, remove 217 and substitute with the value 201. After the system reboots, the proper values are formed.
- Choose from:
- MS Windows 2000 system, proceed to step 6.
- Not a MS Windows 2000 system, skip to step 9.
6. Find the key:
HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ WinLogon
7. Select:
SFCDisable
8. Substitute the integer 0 for the value currently assigned.
9. Exit.
10. Reboot the system to ensure that CodeRed II has been completely erased.
[24]
2.5 Reason why this Malware was unleashed
This author of CodeRed I chose the Whitehouse in order to attack the American Government. In CodeRed II, he punished general society with Chinese systems receiving a greater penalty.
2.6 Profile of the author of this Malware
Many presumed after CodeRed I that the author was Chinese as he left “Hacked By Chinese!” as his signature. However CodeRed II targets Chinese machines vigorously. This would suggest to me that the author is neither Chinese nor American.
2.7 Prosecution against Malware author
The author of Code Red I has never been found and hence has evaded prosecution.
3. Global Economic Consequences as a result of Malware
According to the digital risk management firm, mi2g, the cost of Malware increased to $166bn in 2004. [26] No figures were available for more recent years.
Many corporations, large and small may lose network connections during an infection period. Software would require upgrades, especially if it has been reformatted after an attack. The recovery of data is an expensive process requiring a specialist company. Most forms of Malware consume a portion of bandwidth causing congestion. All time lost must be reallocated resulting in overtime payments or outsourcing. The helpdesk of any organisation would be under tremendous pressure to provide a speedy resolution. From my personal experience during Intra, I was part of the Network Administration Team. Although we were never attacked by a particularly potent form of Malware, the Helpdesk was in charge of the first line of defence against such an attack. All these factors combine to create a loss of productivity and business.
Some organisations in the past have placed rewards for the capture of certain virus authors. In 2003, Microsoft launched a $5 million reward program for this purpose. [27]
According to estimates from Ferris Research, the global cost of spam was €38 billion in 2005, €13 billion alone for US companies. The cost per employee, in time spent checking it, is currently €3,500 per annum. More astonishing is that 98% of fraud scams and security problems originate from junk email. [26]
4. Legal Position on Malware
While the law varies greatly globally, the definition of Malware corresponds universally. The general consensus is that Malware is intrusive, intended to cause harm or is considered criminal activity. In defining these laws, the terminology is crucial.
4.1 Globally
In Asia, there is very little regulation to convict a virus author. Some countries like China and North Korea have censored the internet but this may seem to have exasperated the problem.
In the EU, Technology laws are purposely defined as “technology neutral” meaning it relies on very broad, general definitions. Specific rules would be easier to implement but would become obsolete quickly. If specific definitions were used, it would be easier for developers to side step the laws. [29]
In the USA, there are 3 pieces of legislation covering Spyware. In 2004, Securely Protect Yourself Against Cyber Trespass Act, SPY ACT [33], Software Principles Yielding Better Levels Of Consumer Knowledge Act, SPY BLOCK Act [28] and the Internet Spyware Prevention Act, I-SPY Act [31] were introduced. The principles of these legislations was to prevent the unauthorised transmission of sensitive information and unacknowledged installation of software and access without authorisation.
Regarding Spam, the CAN-SPAM Act and the SPAM Act were set up in the USA and Australia respectively in 2004. [30] The purpose of these bills include being honest and specific in the subject line, providing a valid email address and an unsubscribe option.
In the UK, the Computer Misuse Act, CMA, deals with all forms of Malware. This broad act considers hacking, viruses, unauthorized access to computer systems, materials and modifications to be criminal acts of law. [35]
4.2 Nationally (Ireland)
Ireland does not have any specific laws pertaining to Malware. Similar to the EU and British governments, our laws are broad and can be applied across many technologies. The laws that are relevant to Malware include the following:
The Criminal Damage Act, 1991 decrees that it is an offence to intentionally or recklessly damage computer data and programmes or to threaten or possess anything with the intention of doing so and to access data without authorisation. [36]
The Electronic Commerce Act, 2000 introduced a number of offences relating to the misuse of electronic signatures and such creation devices. [36]
The Criminal Justice Theft & Fraud Offences Act, 2001 declares it an offence to dishonestly operate or cause to be operated a computer with the intention of making a gain for oneself or for another, or of causing loss to another person. [36]
There however some loopholes in our law. Like CodeRed I launched a Denial-of- Service attack on the White House, such an attack is not outlawed here. It cannot be classified as either damage of data or unauthorised access to data as described in the Act. [36]
Adware laws are covered by Advertising laws and so can exploit the laws here.
4.3 Effectiveness of the Law in Malware prevention
As can be seen by the sheer magnitude of Malware protruding into our lives, the law is not very effective in its prevention.
Like CodeRed, very good authors tend to evade prosecution while amateur writers are captured. The authors of the Sasser worm, Blaster worm and Maxwell were all “script kiddies” who were caught. Marc Rogers of the University of Manitoba in Winnipeg, Canada, and a former cyber detective has identified 4 different types of hacker: the old school hackers interested in analysing code, the “Script-Kiddie” category, consisting mainly of young males who download prewritten, scripts intent on vandalising or disrupting systems, the professional criminals, “scammers”, who are like highly organised groups who make a living from breaking into computer systems and selling the information and the final category relates specifically to ‘Virus Writers’ and ‘Coders’ who write the code of the virus but tend not to use it themselves. [37]
From the point of Malware, we must be wary of the Script Kiddies who wish to become notorious. They look at scripting viruses as a creative hobby. They are increasing at a rapid rate.
5. Global anti-virus/worm market
5.1 Current Global Market Value and Future Growth/Annum
The global antivirus market is thriving. Total revenue reached €2.85 billion in 2004, up 36 percent from 2003, market researcher IDC said in December. They forecast this market will grow to nearly 100% more to €5.6 billion in 2009. [16]
For 2006, McAfee, an anti-virus provider filed profits of $35 million, down 9% on the previous year. [38] Total revenue reached $1.06 billion and share prices stand at $29.89. [39] For the same year, Symantec, a larger corporation, generated revenues of $4.14 billion and announced a 5 year revenue growth of 37.16%. However, profits were down 8.8% on the previous year. Share prices are at $17.95. [41] Checkpoint Technologies produced revenues of $575 million compared to $579 million for the year before. Share prices stand at $24.31. [42]
From these figures it can be seen that these companies are extremely profitable. However profits have dwindled since last year. Symantec announced some minor job losses as a result. All companies though, are expecting growths for the coming year. It would appear that the market has stabilized after many years of bumper growths.
5.2 Do you think an Anti-Malware corporation will ever go bankrupt?
None of the companies mentioned filed any debt for the previous year. I do not think that many Anti-Malware corporations will go bankrupt, with the obvious exceptions of bad management. Computers shall become more sophisticated and there shall always be bugs in software, and authors, in good practise release details of these bugs. Hackers exploit these bugs when known and Anti-Malware companies will always be needed to fix this situation. There will always be virus writers trying to gain notoriety.
Consider early January 1992. The media in a hysterical frenzy announced that a virus, Michaelango, was going to wreck havoc at any moment. John McAfee, inventor and CEO of McAfee Antivirus, told journalists that approximately 5 million computers would be affected by this virus, a deadly hard disk erasing strain. This prediction increased sales significantly. This virus did eventually strike only 10,000 computers. Many media members claimed this was due to their reporting.
PC coverage is becoming greater by the day. More systems increase the chances of infection. Most wireless networks are not protected. Currently Dublin City Council have plans to make the city centre a Wi-Fi zone. If not properly secured, the potential for Malware propagation is enormous. Whilst not a major threat presently, the potential of Mobile phone Malware is a threat. These are areas in which antivirus companies could extend into if the situation deteriorates.
The main competitor to antivirus companies is from the open source community which is dealt with in the next section.
5.3 Is non-free, e.g. Norton Internet Security, better than the free, e.g. AVG, anti-virus software and Zonelabs firewall combination?
As a regular user of AVG Free and Spybot for the last 3 years, I can confidently say that free is just as good as non-free for home use. That time has been Malware free. I have recently started using Zonelabs Firewall and can confirm this is an excellent free product. One detraction maybe that there is no support but this is only a minor matter for personal use. It is rumoured that the Norton and McAfee packages have been deconstructed many times by virus writers making them insecure. Open source packages tend to be of a high calibre due to the large amount of programmers, testers and debuggers that are ardent supporters of antivirus packages. All source code is available which allows anyone to edit. Any improvements are generally sent to the authors and which would be incorporated in future updates.
For the corporate sector where revenue depends on the data hosted, a commercial anti-virus is preferred. During my Intra Work Experience, Version 1, my employer choose Sophos due to its online technical support. If they were to choose an open source package, there is no service agreement covering the company in the event of data loss making this a high risk choice. No free anti-virus applications offer this. AVG is not available for commercial use and cannot be installed on servers. There are no free antivirus packages that offer comprehensive support to corporations.
6. Conclusions
This paper covers many aspects of Malware. It is a problem that we all can make a contribution against, even by writing letters highlighting this issue makes a difference.
6.1 Lessons learned
Before undertaking this project, I had a vague idea of the workings behind virus authors, antivirus companies and the laws presiding over such matters. Upon completion I have a much greater understanding of these topics which will endeavour me to be more careful against such Malware. Whilst researching on which virus I would base my study on, I was amazed at the sheer volume of malicious software on the internet. Having a suitable antivirus and firewall is the minimum of my protection needs. I would ensure that any network I am working on be secure against any threats.
Virus authors are extremely intelligent and governments should put incentives in place in which these authors could test their talents. Maybe an online community should be set up where many software problems are posed and these writers could test their skills.
6.2 Threats posed
By April 2006, there were 115,000 known viruses. This number is growing daily. These were all directed at Windows Systems. Any of these computers that are connected facilitate their spread. Using any sort of storage device carries a risk of infection. There are many viruses that are “in the wild” which have not been released. This is sombre message which is the reality of today.
Any device with a programmable operating system is susceptible to Malware. It is written for many reasons with money as the mitigating factor. In the future we can look forward to new forms of Malware, maybe even on our stereo systems!
6.3 Preventive measures you deem necessary to thwart future threats
Microsoft has 90% of the market share in consumer PC’s, Linux and Macintosh own the majority of the remaining 10%. Users of these operating systems experience little or no malware activity. Switching to either of these systems is another option.
When a new patch is released the user should install that patch immediately. All anti-malware applications should have their definition files up to date. This would greatly reduce future threats.
All anti-malware companies should continue in their research preventing future attacks. I feel that a committee should be set up monitoring anti-virus companies and virus writers. Although there is no evidence of collusion between the two, it is in anti-virus companies interests that these writers continue to thrive.
Jonathan Yarden’s article makes many excellent points. It should be noted that in his observations, 90% of people actually contribute to the spread of viruses through their ignorance. [15] Perhaps companies that depend on a virus free environment should offer training towards preventive measures of viruses.
Bibliography:
John Whelan, EE438 Secure Systems Administration and Internetwork Security Course Notes.
References:
1. Symantec, www.symantec.com,12/02/2007
2. McAffee, www.mcaffee.com,12/02/2007
3. CarnegieMellon Software Engineering Institute, www.cert.org,12/02/2007
4. 62nds, http://62nds.com/pg/e90.php,12/02/2007
5. TotallyGeek, http://www.totallygeek.com/vscdb/,12/02/2007
6. Zonelabs, http://www.zonelabs.com/store/content/company/products/trial_zaFamily/trial_zaFamily.jsp?lid=home_freedownloads,12/02/2007
7. Grisoft, http://free.grisoft.com/freeweb.php,12/02/2007
8. Symantec, http://www.symantec.com/home_homeoffice/products/category.jsp?pcid=is, 12/02/2007
9. Wikipedia, http://en.wikipedia.org/wiki/Code_Red_worm,12/02/2007
10. Microsoft, http://www.microsoft.com/technet/security/bulletin/MS01-033.mspx,12/02/2007
11. Caida, http://www.caida.org/analysis/security/code-red/coderedv2_analysis.xml,13/02/2007
12. Bullguard, http://www.bullguard.com/antivirus/vit_codered_f.aspx, 13/02/2007
13. Symantec, http://www.symantec.com/security_response/writeup.jsp?docid=2001-080421-3353-99&tabid=2,13/02/2007
14. Wikipedia, http://en.wikipedia.org/wiki/Anti-virus,13/02/2007
15. ZDNet Asia, http://www.zdnetasia.com/techguide/security/0,39044901,39290756,00.htm, 13/02/2007
16. ZDNet.co.uk, http://news.zdnet.com/2100-1009_22-6078249.html,13/02/2007
17. Usa Today, http://www.usatoday.com/tech/columnist/ericjsinrod/2005-02-16-sinrod_x.htm,13/02/2007
18. Apple, http://www.apple.com/getamac/viruses.html,13/02/2007
19. University of Oulu, http://www.ee.oulu.fi/research/ouspg/sage/glossary/, 18/02/2007
20. Wikipedia, http://en.wikipedia.org/wiki/Computer_virus, 18/02/2007
21. Wikipedia, http://en.wikipedia.org/wiki/Computer_worm, 18/02/2007
22. Ars Technica, http://arstechnica.com/articles/paedia/malware.ars, 18/02/2007
23. Wikipedia, http://en.wikipedia.org/wiki/Code_Red_II_%28computer_worm%29, 19/02/2007
24. Symantec, http://www.symantec.com/security_response/writeup.jsp?docid=2001-080421-3353-99&tabid=3, 19/02/2007
25. Vnunet.com, http://www.vnunet.com/articles/print/2126635, 19/02/2007
26. Nomasfraude.com, http://www.nomasfraude.com/com/did_you_know/datos/, 19/02/2007
27. CNN, http://money.cnn.com/2003/11/05/technology/microsoftbounty/index.htm?cnn=yes, 19/02/2007
28. PC World, http://www.pcworld.com/article/id,114999-page,1/article.html, 19/02/2007
29. ZDNet.co.uk, http://news.zdnet.co.uk/itmanagement/0,1000000308,39172719,00.htm, 19/02/2007
30. http://www.oic.org/z/EGS/AVCO/ACLACEC1.htm, 19/02/2007
31. Wilet Rein LLP, http://www.wileyrein.com/publication.cfm?publication_id=12478, 19/02/2007
32. GCN, http://www.gcn.com/online/vol1_no1/25237-1.html, 19/02/2007
33. The Standard, http://www.thestandard.com/internetnews/001318.php, 19/02/2007
34. CRM, http://searchcrm.techtarget.com/sDefinition/0,290660,sid11_gci948840,00.html, 19/02/2007
35. Lancaster University, http://www.lancs.ac.uk/iss/rules/cmisuse.htm, 19/02/2007
36. Kilroys Solicitors, http://www.kilroys.ie/news_ebusiness_archive.html#cybercrime, 19/02/2007
37. Honeynet, http://www.honeynet.ie/articles/PDF2004/2004.02.BlackhatPsychology.pdf, 19/02/2007
38. SeekingAlpha, http://software.seekingalpha.com/article/26524, 20/02/2007
39. Wikipedia, http://en.wikipedia.org/wiki/McAfee, 20/02/2007
40. Wikipedia, http://en.wikipedia.org/wiki/Symantec, 20/02/2007
41. Symantec, http://investor.symantec.com/phoenix.zhtml?c=89422&p=irol-fundSnapshot2, 20/02/2007
42. SeekingAlpha, http://seekingalpha.com/article/25006, 20/02/2007
43. ZDNet.co.uk, http://www.zdnet.com.au/news/security/soa/First_mobile_phone_virus_nears_2nd_birthday/0,130061744,139257470,00.htm, 20/02/2007
44. Wikipedia, http://en.wikipedia.org/wiki/Demilitarized_zone_(computing), 22/02/07