Tugas Kelompok Sia

Kelompok 1
Angelina Wahyudi / 125150443
Shania Sulistio / 125190141
Berliana Putri / 125190144
Angelina Setiadi / 125190148
Jason Alejandro / 125190156

Buku Romney halaman 208 Problem 6.1 dan 6.7

6.1 A few years ago, news began circulating about a computer virus named Michelangelo that
was set to “ignite” on March 6, the birthday of the famous Italian artist. The virus attached
itself to the computer’s operating system boot sector. On the magical date, the virus would
release itself, destroying all of the computer’s data. When March 6 arrived, the virus did
minimal damage. Preventive techniques limited the damage to isolated personal and business
computers. Though the excitement surrounding the virus was largely illusory, Michelangelo
helped the compute-using public realize its systems’ vulnerability to outside attack.
a. What is a computer virus? Cite at least three reasons why no system is completely safe from a
computer virus.
A computer virus is a segment of executable code that attaches itself to an application program or
some other executable component. When the hidden program is triggered, it makes unauthorized
alterations in the way a system operates.
There are a number of reasons why no one is completely safe from a virus:

 Viruses are contagious and are easily spread from one system to another. A virus spreads
when users share programs or data files, download data from the Internet, or when they access
and use programs from external sources such as suppliers of free software.
 Viruses can spread very quickly. In a network environment, a virus can spread to thousands of
systems in a relatively short period. When the virus is confined to a single machine or to a
small network, it will soon run out of computers to infect.
 Many viruses lie dormant for extended period without doing any specific damage except
propagating itself. The hidden program leaves no external signs of infection while it is
reproducing itself.
 Many computer viruses have long loves because they can create copies of themselves faster
than the virus can be destroyed.
b. Why do viruses represent a serious threat to information systems? What damage can a virus
do to a computer system?
Viruses are a significant threat to information system because they make unauthorized alterations to
the way a system operates and cause widespread damage by destroying or altering data or programs.
If adequate backup is not maintained, viral damage may also mean permanent loss of important or
unique information, or time-consuming reentry of the lost information.
A virus can cause significant damage when it takes control of the computer, destroys the hard disk’s
file allocation table, and makes it impossible to boot (start) the system or to access data on a hard
drive. They can also intercept and change transmissions, print disruptive image or messages on the
screen, or cause the screen image to disappear. As the virus spreads, it takes up space, clogs
communications, and hinders system performance.
c. How does a virus resemble a Trojan horse?
A virus is like a Trojan horse in that it can lie dormant for extended periods, undetected until triggered
by an event or condition.
d.What steps can be taken to prevent the spread of a computer virus?
Focus 6-1 lists the following steps individuals can take to keep their computers virus free:
·Install reputable and reliable antivirus software that scans for, identifies, and destroys viruses. Only
use one antivirus program, as multiple programs conflict with each other.
• Do not fall for ads touting free anti-virus software, as much of it is fake and contains malware. Some
hackers create websites stuffed with content about breaking news so that the site appears on the first
page of search results. Anyone clicking on the link is confronted with a pop-up with a link to fake
anti-virus software.
• Do not fall for pop-up notices that warn of horrible threats and offer a free scan of your computer.
Although no scan actually takes place, the program reports dozens of dangerous infections and tells
you to purchase and download their fake anti-virus program to clean it up.
·Make sure that the latest versions of the antivirus programs are used. National City Bank in
Cleveland, Ohio, installed some new laptops. The manufacturer and the bank checked the laptops for
viruses but did not use the latest antivirus software. A virus spread from the laptop hard drives to 300
network servers and 12,000 workstations. It took the bank over two days to eradicate the virus from
all bank systems. ·Scan all incoming e-mail for viruses at the server level as well as when it hits users’
desktops.
• Do not download anything from an email that uses noticeably bad English, such as terrible grammar
and misspelled words. Real companies hire people to produce quality writing. Many viruses come
from overseas. English is obviously not their first language.
• All software should be certified as virus-free before loading it into the system. Be wary of software
from unknown sources, as they may be virus bait—especially if their prices or functionality sound too
good to be true.
·Deal with trusted software retailers.
·Some software suppliers use electronic techniques to make tampering evident. Ask if the software
you are purchasing has such protection.
·Check new software on an isolated machine with virus detection software. Software direct from the
publisher has been known to have viruses.
·Have two backups of all files. Data files should be backed up separately from programs to avoid
contaminating backup data.
·If you use flash drives, diskettes, or CDs, do not put them in strange machines as they may become
infected. Do not let others use those storage devices on your machine. Scan all new files with antiviral
software before any data or programs are copied to your machine.
6.7 Computer Fraud and Abuse Techniques.
Match the computer fraud and abuse technique in the left column with the scenario in
the right column. The scenarios on the right may be used once, more than once, or not at all.
1. Dictionary attack c. Capturing and decrypting passwords to gain access to a system

2. Hacking w. Gaining access to a computer system without permission

h. Attack occurring between the discovery of a software vulnerability and
the release of a patch to fix the problem

3. Logic bomb s. Software that sits idle until a specified circumstance or time triggers it

4. Malware u. Acting under false pretenses to gain confidential information

v. Observing or listening to users as they divulge personal information

5. Masquerading n. Pretending to be a legitimate user, thereby gaining access to a system and

all the rights and privileges of the legitimate user

6. Password cracking a. Special software used to bypass system controls

c. Capturing and decrypting passwords to gain access to a system
i. Entering a system using a back door that bypasses normal system controls
o. Special code or password that bypasses security features

7. Piggybacking e. Using a wireless network without permission

i. Entering a system using a back door that bypasses normal system controls

8. Posing x. Creating a seemingly legitimate business, collecting personal information

while making a sale, and never delivering the item sold

9. Pretexting r. Methods used to trick someone into divulging personal information

10. Rootkit q. Software that conceals processes, files, network connections, and system
data from the operating system and other programs

11. Shoulder surfing v. Observing or listening to users as they divulge personal information

12. Skimming f. Covertly swiping a credit card in a card reader that records the data for
later use

13. Social engineering u. Acting under false pretenses to gain confidential information

14. Software piracy p. Unauthorized copying or distribution of copyrighted software

15. Steganography g. Concealing data within a large MP3 file

16. Superzapping a. Special software used to bypass system controls

17. Trap door a. Special software used to bypass system controls

o. Special code or password that bypasses security features

18. Trojan horse q. Software that conceals processes, files, network connections, and system
data from the operating system and other programs
19. Virus b. A segment of executable code that attaches itself to software

20. Worm l. Software used to do harm

21. Zero-day attack h. Attack occurring between the discovery of a software vulnerability and
the release of a patch to fix the problem

Buku James Hall halaman 138

7. Fraud- motivating factors
Research has shown that situational pressures and opportunity are factors that contribute for
fraudulent behavior.
Required.
a. Identify two situational pressures in a public company that would increase the likelihood of
fraud.
This is an example of economic extortion▪️Frauds of this sort are difficult to detect because of
the absence of records. Management and auditors need to take a proactive approach to
uncover such activity.

b. Identify three opportune moments that would increase the likelihood of fraud
The following techniques may be used:
▪️. The Health Department should have a publicized policy against such abuses that are signed by the
inspectors.
▪️. An independent audit function should be in place that formally investigates any accusations of
extortion.
▪️. If auditors suspect that economic extortion may exist, hard evidence can be obtained through
“sting” operations.