MATTU UNIVESITY

Collage of engineering and technology

Department of computer science
Group assignment of computer Security
Group name……………………..ID
1. Daniel Getachew………………..RU0779/14
2. Gadisa Chimdesa……………….RU1165/14
3. Katama Gelata…………………..RU1574/14
4. Kalab Worku……………………RU1514/14
5. Fayine Tibabu…………………..RU1111/14

Sub.to Mr Tekalign B(MSc).

Sub. In 11/4/2024

I
 Table of Content
1 The history of computer security.............................................................1
1.1 Initial Concerns and Military Origins (1950s-1960s).....................1
1.2 The Birth of ARPANET and Multics (1960s-1970s).....................1
1.3 The Orange Book and Formalization of Security Standards
(1970s-1980s).......................................................................................2
1.4 Rise of Hacker Culture and Public Awareness (1980s).................2
1.5 Emergence of Viruses and Worms (Late 1980s)............................2
1.6 Legal and Organizational Responses (1990s)................................3
1.7 Modern Developments in Cybersecurity (2000s to Present)..........3
2. Real cases of malware attacks................................................................3
2.1 Spyware ........................................................................................3
2.2 Trojan Horse..................................................................................4
2.3 computer worm ............................................................................6
2.4 Rootkit malware ...........................................................................7
2.5 The ILOVEYOU malware...........................................................10
3. famous cyber security problems...........................................................10
4. Most known and infamous ransomware programs...............................12
3. most common types of computer viruses.............................................13
Conclusion................................................................................................15
Reference..................................................................................................17

I
1 The history of computer security

Computer security, also known as cybersecurity, is the practice of

protecting computer systems, networks, and data from theft, damage,
unauthorized access, and interruption. It involves a variety of methods
and protocols to ensure the confidentiality, integrity, and availability of
digital information

1.1 Initial Concerns and Military Origins (1950s-1960s)

The foundation of computer security can be traced back to the late 1950s
and early 1960s, primarily driven by military and research needs. As
computers evolved into tools for storing and processing sensitive data,
particularly within the U.S. Department of Defense, there was a growing
recognition of the need for robust security measures. Early mainframes
required mechanisms to control access and protect data from
unauthorized users.

1.2 The Birth of ARPANET and Multics (1960s-1970s)

A significant milestone in the development of computer security was the

creation of ARPANET in the late 1960s, which eventually evolved into
the modern internet. Developed by the Advanced Research Projects
Agency (ARPA) of the U.S. Department of Defense, ARPANET
connected multiple computers, highlighting the importance of secure data
communication. Concurrently, the Multics (Multiplexed Information and
Computing Service) project, launched in 1964 by MIT, Bell Labs, and
General Electric, incorporated security features such as access control and
resource isolation. These initiatives laid the groundwork for modern
operating system security.
1
1.3 The Orange Book and Formalization of Security Standards
(1970s-1980s)

In 1972, the U.S. Department of Defense took a significant step by

publishing the “Information Security Capabilities Requirements,”
commonly known as the "Orange Book" or Trusted Computer System
Evaluation Criteria (TCSEC). This document was pivotal in standardizing
computer security measures and establishing criteria for evaluating
computer system security. Dr. Roger R. Schell was a key contributor to
the development of these guidelines, which became instrumental in
shaping the field of computer security.

1.4 Rise of Hacker Culture and Public Awareness (1980s)

The 1980s witnessed the rise of hacker culture, which brought both
challenges and advancements in computer security. The release of the
movie "WarGames" in 1983 brought the issue of hacking into the public
spotlight, highlighting the potential dangers of computer security
breaches. Notable figures such as Kevin Mitnick demonstrated the
vulnerabilities within computer systems, prompting the technology
community to develop more robust security practices and solutions.

1.5 Emergence of Viruses and Worms (Late 1980s)

A major turning point came in 1988 with the release of the Morris Worm,
created by Robert Tappan Morris, a graduate student at Cornell
University. The worm spread across ARPANET, causing significant
disruption and underscoring the need for better security measures. This
incident catalyzed the creation of antivirus software and network
monitoring tools, marking a significant advancement in the field of
computer security.
2
1.6 Legal and Organizational Responses (1990s)

In the 1990s, the rapid integration of the internet into daily life prompted
significant legislative and organizational responses. The United States
passed the Information Infrastructure Protection Act in 1996, one of the
first laws to address cybercrimes comprehensively. This period also saw
the establishment of dedicated cybersecurity organizations, such as the
Computer Emergency Response Team (CERT) at Carnegie Mellon
University, which was founded in 1988 in response to the Morris Worm
incident.

1.7 Modern Developments in Cybersecurity (2000s to Present)

Entering the 2000s, the proliferation of internet and digital technologies

brought new security challenges. The USA PATRIOT Act of 2001
enhanced the powers of law enforcement agencies to combat cyber
terrorism and cybercrime. Organizations around the world began
investing heavily in advanced security technologies, such as encryption,
intrusion detection systems, and multifactor authentication, to protect
their digital assets. Prominent figures like Bruce Schneier, known for his
contributions to cryptography and security analysis, and Eugene
Kaspersky, founder of Kaspersky Lab

2. Real cases of malware attacks

2.1 Spyware

is a type of malware that covertly infects a computer or mobile device

and collects sensitive information like passwords, personal
identification numbers (PINs), and payment information. The

3
information is then sent to advertisers, data collection firms, or
malicious third parties for a profit.
Spyware is one of the most common threats on the internet. It was
more commonly installed in Windows desktop browsers, but has
evolved to operate on Apple computers and mobile phones as well.
Mobile spyware attacks have become much more common and
advanced as people rely on their phones to conduct banking activities
and access other sensitive information. However, not all software that
tracks online activity is malicious. For example, some website
tracking cookies can serve as a legitimate function to customize a
user’s website experience by remembering login information.

2.2 Trojan Horse

(Trojan) is a type of malware that disguises itself as legitimate code or

software. Once inside the network, attackers are able to carry out any
action that a legitimate user could perform, such as exporting files,
modifying data, deleting files or otherwise altering the contents of the
device. Trojans may be packaged in downloads for games, tools, apps or
even software patches. Many Trojan attacks also leverage social
engineering tactics, as well as spoofing and phishing, to prompt the
desired action in the user.

2.2.1 Types of Trojan Malware

Trojans are a very common and versatile attack vehicle for

cybercriminals. Here we explore 10 examples of Trojans and how they
work:

4
 Exploit Trojan: As the name implies, these Trojans identify and
exploit vulnerabilities within software applications in order to gain
access to the system.
 Downloader Trojan: This type of malware typically targets
infected devices and installs a new version of a malicious program
onto the device.
 Ransom Trojan: Like general ransomware, this Trojan malware
extorts users in order to restore an infected device and its contents.
 Backdoor Trojan: The attacker uses the malware to set up access
points to the network.
 Distributed Denial of Service (DDoS) attack Trojan: Backdoor
Trojans can be deployed to multiple devices in order to create a
botnet, or zombie network, that can then be used to carry out
a DDoS attack. In this type of attack, infected devices can access
wireless routers, which can then be used to redirect traffic or flood
a network.
 Fake AV Trojan: Disguised as antivirus software, this Trojan is
actually ransomware that requires users to pay fees to detect or
remove threats. Like the software itself, the issues this program
claims to have found are usually fake.
 Rootkit Trojan: This program attempts to hide or obscure an
object on the infected computer or device in order to extend the
amount of time the program can run undetected on an infected
system.
 SMS Trojan: A mobile device attack, this Trojan malware can
send and intercept text messages. It can also be used to generate
revenue by sending SMS messages to premium-rate numbers.
 Banking Trojan or Trojan Banker: This type of Trojan
specifically targets financial accounts. It is designed to steal data
5
 related to bank accounts, credit or debit cards or other electronic
payment platforms.
 Trojan GameThief: This program specifically targets online
gamers and attempts to access their gaming account credentials.

2.3 computer worm

It is a type of malware that can automatically propagate or self-

replicate without human interaction, enabling its spread to other
computers across a network. A worm often uses the victim
organization’s internet or a local area network (LAN) connection to
spread itself.
How does a computer worm work?
Worms target vulnerabilities in operating systems to install themselves
into networks. They may gain access in several ways:
through backdoors built into software, through unintentional software
vulnerabilities, or through flash drives. Once in place, cybercriminals
can use worms to perform a range of malicious actions, such as:

 Launching distributed denial of service (DDoS) attacks

 Conducting ransomware attacks
 Stealing sensitive data
 Dropping other malware
 Consuming bandwidth
 Deleting files
 Overloading networks

6
2.4 Rootkit malware

It is a collection of software designed to give malicious actors

control of a computer network or application. Once activated, the
malicious program sets up a backdoor exploit and may deliver
additional malware, such as ransomware,
bots, keyloggers or trojans. Rootkits may remain in place for years
because they are hard to detect, due in part to their ability to block
some antivirus software and malware scanner software.

Types of rootkits

Known rootkits can be classified into a few broad families, although

there are many hybrids as well. The main families are:

 Firmware rootkits

A firmware rootkit targets the software that runs particular hardware

components by storing themselves on the software that runs during the
boot process before the operating system starts up. They are especially
stealthy because they can persist through re-installation of the
operating system.

The use of firmware rootkits has grown as technology has moved

away from hard-coded BIOS software and toward BIOS software that
can be updated remotely. Cloud computing systems that place multiple
virtual machines on a single physical system are also vulnerable.

7
Examples of firmware rootkits include:

 UEFI rootkit
 Cloaker
 VGA rootkit

 Kernel mode rootkits

A kernel mode rootkit is a sophisticated piece of malware that can add

new code to the operating system or delete and edit operating system
code. They are complicated to create, and if a kernel rootkit is buggy,
it will heavily impact the target computer’s performance. On the bright
side, a buggy kernel rootkit will leave a trail of breadcrumbs that
antivirus solutions will detect.

Examples of kernel mode rootkits include:

 Spicy Hot Pot

 FU
 Knark

 Bootloader rootkits

Bootloader rootkits boot up concurrently with the operating system

and target the Master Boot Record (MBR), which is the first code
executed when starting up a computer, or the Volume Boot Record
(VBR), which contains the code needed to initiate the boot process or
the code for loading an operating system or application. By attaching
itself to one of these types of records, a bootloader rootkit will not
appear in a standard file system view and will be difficult for an
antivirus or rootkit remover to detect.

8
Examples of bootloader rootkits include:

 Stoned Bootkit
 Olmasco
 Rovnix

 Virtualized rootkits

Unlike kernel mode rootkits, which boot up at the same time the
targeted system boots up, a virtualized rootkit boots up before the
operating system boots up. Virtualized rootkits take hold deep in the
computer and are extremely difficult – or even impossible – to
remove.

 User Mode rootkits

User mode rootkits modify the behavior of application programming

interfaces. They can display false information to administrators,
intercept system calls, filter process output and take other actions to
hide their presence. However, because user mode rootkits target
applications rather than operating systems or other critical processes,
they do leave breadcrumbs that trigger antivirus and rootkit remover
alerts and they are not as hard to remove as some other types of rootkit
malware.

Examples of user mode rootkits include:

 Vanquish
 Hacker Defender
 Aphex

 Memory rootkits
9
Memory rootkits load into the RAM, so they persist only until the
RAM is cleared when the system is restarted. While active, their
malicious activities consume the targeted system’s resources and thus
reduce the performance of its RAM memory.

2.5 The ILOVEYOU malware

It is also known as the Love Bug or Loveletter, was a computer worm

that first appeared on May 4, 2000. It was created by Onel de Guzman, a
then-24-year-old computer science student from the Philippines
The worm spread through email with the subject line "ILOVEYOU" and
an attachment named "LOVE-LETTER-FOR-YOU.TXT.vbs. When
users opened the attachment, the worm would overwrite files on their
computer and send copies of itself to all contacts in the user's email
address book. This rapid spread caused significant disruption, infecting
millions of computers worldwide and causing an estimated $10-15 billion
in damages

3. famous cyber security problems

Cybersecurity problems refer to various challenges and threats that

compromise the security of information systems, networks, and data
 WannaCry Ransomware Attack (2017): This ransomware attack
affected over 200,000 computers across 150 countries. It exploited a
vulnerability in Windows operating systems, encrypting files and
demanding ransom payments in Bitcoin. The attack severely impacted
organizations like the UK's National Health Service, causing
widespread operational disruptions

10
 NotPetya (2017): Initially appearing as ransomware, NotPetya was
actually a wiper malware designed to destroy data. It spread rapidly
through a Ukrainian accounting software, affecting global companies
like Maersk and FedEx. The attack caused billions of dollars in
damages and highlighted the risks of supply chain vulnerabilities
 SolarWinds Attack (2020): This sophisticated cyber-espionage
campaign involved the compromise of the SolarWinds Orion
software, which was used by numerous government agencies and
Fortune 500 companies. The attackers inserted malicious code into a
software update, allowing them to spy on and steal data from affected
organizations
 Colonial Pipeline Ransomware Attack (2021): A ransomware
attack on Colonial Pipeline, a major US fuel pipeline operator, led to
a temporary shutdown of operations, causing fuel shortages and price
spikes. The attack was attributed to the DarkSide ransomware group,
which demanded a ransom in cryptocurrency
 Microsoft Exchange Server Hack (2021): This attack exploited
vulnerabilities in Microsoft Exchange Server, allowing hackers to
access email accounts and install malware. It affected tens of
thousands of organizations worldwide and was attributed to a state-
sponsored group from China
 Log4Shell Vulnerability (2021): A critical vulnerability in the
widely-used Log4j logging library was discovered, which allowed
attackers to execute arbitrary code on affected systems. This
vulnerability had a massive impact, as Log4j is used in countless
applications and services
 Ivanti VPN Breach (2024): A widespread compromise of Ivanti
VPNs impacted several U.S. government agencies. The breach

11
 highlighted the ongoing vulnerabilities in remote access solutions and
the need for robust security measures
 Change Healthcare Ransomware Attack (2024): This attack on
UnitedHealth-owned Change Healthcare caused massive disruption in
the U.S. healthcare system, preventing many pharmacies and
hospitals from processing claims and receiving payments. The
attackers demanded a $22 million ransom

4. Most known and infamous ransomware programs

Infamous ransomware refers to particularly notorious and widely

recognized ransomware programs that have caused significant damage
and disruption.
 WannaCry (2017): This ransomware attack affected over 200,000
computers across 150 countries. It exploited a vulnerability in
Windows operating systems, encrypting files and demanding ransom
payments in Bitcoin. The attack severely impacted organizations like
the UK's National Health Service, causing widespread operational
disruptions
 NotPetya (2017): Initially appearing as ransomware, NotPetya was
actually a wiper malware designed to destroy data. It spread rapidly
through a Ukrainian accounting software, affecting global companies
like Maersk and FedEx. The attack caused billions of dollars in
damages and highlighted the risks of supply chain vulnerabilities
 CryptoLocker (2013): One of the earliest and most notorious
ransomware, CryptoLocker spread through email attachments and
encrypted users' files, demanding a ransom for the decryption key. It
infected hundreds of thousands of computers and caused significant
financial losses

12
 Ryuk (2018): This ransomware targeted large organizations,
including hospitals and newspapers, by encrypting critical files and
demanding high ransom payments. Ryuk is known for its targeted
attacks and has caused millions of dollars in damages
 Cerber (2016): Cerber is a ransomware-as-a-service (RaaS) platform
that allowed cybercriminals to use its infrastructure to launch attacks.
It encrypted files with AES-256 and demanded ransom payments in
Bitcoin. Cerber was highly effective and generated significant
revenue for its creators
 Sodinokibi (REvil) (2019): This ransomware targeted businesses and
demanded large ransoms, often threatening to release stolen data if
the ransom was not paid. Sodinokibi was responsible for several high-
profile attacks, including the Kaseya VSA supply chain attack

3. most common types of computer viruses

 Boot Sector Virus: This type of virus targets the master boot record
(MBR) of a computer. It is typically spread through infected USB
drives or other removable media. Boot sector viruses are notoriously
difficult to remove because they activate before the operating system
loads
 Polymorphic Virus: Polymorphic viruses can change their code or
signature patterns each time they infect a new system, making them
difficult to detect with traditional antivirus software. They use
encryption and decryption techniques to evade detection
 Resident Virus: These viruses embed themselves in a computer's
memory, allowing them to infect any file that is accessed by the

13
 system. Resident viruses can be particularly destructive because they
remain active even after the original source of infection is removed
 Multipartite Virus: This type of virus can infect multiple parts of a
system, such as the boot sector and executable files, simultaneously.
Multipartite viruses can spread quickly and are challenging to
eradicate because they attack different areas of the system
 Macro Virus: Macro viruses are written in the macro language of
applications like Microsoft Word or Excel. They are typically spread
through infected documents and can execute malicious actions when
the document is opened
 File Infector Virus: These viruses attach themselves to executable
files (.exe) and spread when the infected file is run. File infector
viruses can corrupt or delete files, making them a significant threat to
data integrity

 Spacefiller (Cavity) Virus: Spacefiller viruses attempt to fill the

empty spaces within a file's code, avoiding detection by not
increasing the file's size. This stealthy approach makes them harder to
detect and remove

14
Conclusion

The history of computer security, also known as cybersecurity, began in

the 1950s and 1960s, driven by military and research needs to protect
sensitive data. Significant milestones include the creation of ARPANET
and the Multics project in the 1960s and 1970s, which emphasized secure
data communication and operating system security. The formalization of
security standards in the 1970s and 1980s, such as the "Orange Book,"
established crucial criteria for evaluating computer system security. The
rise of hacker culture in the 1980s and incidents like the Morris Worm in
the late 1980s highlighted vulnerabilities and spurred advancements in
antivirus software and network monitoring tools. The 1990s brought
significant legislative and organizational responses to the growing
integration of the internet into daily life, with laws addressing
cybercrimes and the establishment of dedicated cybersecurity
organizations. From the 2000s to the present, cybersecurity has continued
to evolve, adapting to new threats and technological advancements.

Real cases of malware attacks illustrate the diverse methods and

significant impacts of malicious code. Notable examples include the
ILOVEYOU worm (2000), which caused billions in damages by
spreading through email; the WannaCry ransomware (2017), which
exploited a Windows vulnerability to encrypt files and demand ransom,
affecting over 200,000 computers globally; and Stuxnet (2010), a worm
that targeted Iran's nuclear facilities, causing physical damage to
centrifuges.

15
Famous cybersecurity problems and events include the 2011 Sony
PlayStation Network breach, which exposed the data of 77 million users;
the 2015 Ukraine power grid attack, which caused a blackout for over
230,000 residents; and the 2017 Equifax data breach, which compromised
the personal information of 147 million people.
Infamous ransomware programs have caused significant disruption and
financial loss. Examples include CryptoLocker (2013), which encrypted
files and demanded ransom for decryption keys; WannaCry (2017),
which spread rapidly and affected critical infrastructure; and NotPetya
(2017), which initially appeared as ransomware but was designed to wipe
data, causing widespread damage.

Common types of computer viruses include boot sector viruses, which

attack the master boot record; polymorphic viruses, which change their
code to avoid detection; and resident viruses, which embed themselves in
a computer's memory and are difficult to remove. Understanding these
types helps in developing effective strategies to protect against them.

16
Reference

https://cybermagazine.com/cyber-security/history-cybersecurity
https://link.springer.com/chapter/10.1007/978-1-4302-6383-8_2
https://www.csoonline.com/article/572911/11-infamous-malware-attacks-
the-first-and-the-worst.html
https://gatefy.com/blog/real-and-famous-cases-malware-attacks/
https://www.digitalguardian.com/blog/biggest-moments-cybersecurity-
history-past-10-years
https://nordvpn.com/blog/ransomware-examples/
https://www.csoonline.com/article/570361/the-worst-and-most-notable-
ransomware.html
https://wonderfulengineering.com/7-most-common-types-of-computer-
viruses/
https://www.csoonline.com/article/572901/9-types-of-computer-virus-
and-how-they-do-their-dirty-work.html

17