Viruses and Worms

August 16, 2007

What a virus is

A virus is a self-replicating program that spreads by inserting copies of itself into programs or documents that already exist on a computer. The name comes from an analogy with biological viruses. These cannot reproduce by themselves but make use of the functions of infected cells to spread. Similarly, a computer virus makes use of the executable code in legitimate programs to carry out its purposes. A virus may be designed to be destructive to a system or to be a prank. In either case, the virus will rapidly reproduce itself until the system may be overwhelmed. Viruses spread to other systems when infected programs are copied to another machine. Documents with executable code like Word macros can also be vectors of infection. A very common method of spreading viruses is by attachments to email . Today a variant of a virus known as a worm is more often used.

What a worm is

Viruses and worms are often lumped together in the single category of virus but there is technical distinction. A worm differs from a virus in that it contains all the code it needs to carry out its purposes and does not depend on using other programs. Most recent instances of malware have been worms, spread primarily by email. Worms are designed to replicate rapidly and to use the Internet or other networks to spread with great facility. They may contain code to damage or erase files or may carry other malicious payloads. On a number of occasions, large numbers of computer systems have been brought down by worms. In addition to the damage from whatever payload they carry, the sheer number of worm copies can bring systems to a halt.

A very common method of spreading is by use of any email addresses on an infected computer. The worm searches address books, temporary Internet caches and other possible sources of email addresses. The worm then mails out random infected fake messages. It may use the addresses it finds not only as recipients but also may spoof mail to show them as senders. It may also combine random pieces of addresses into new fake addresses. All the messages will contain an attachment that is infected. None of this activity may be known by the owner of the infected machine and may go on for weeks or months. A single infected machine can send out thousands of worm-carrying messages.

Anti-virus programs

Most people know that anti-virus software is a necessity and most computers come with some form of anti-virus program already installed. (Note that anti-virus is a catchall term that refers to a variety of malware.) All the major programs check email as well as scanning your system. However, new viruses appear every day and anti-virus programs are only as good as their database or definitions of viruses. A program can’t recognize a new virus unless it has been kept up to date. Anti-virus programs contain update features and these are automatic in the newer major programs. However, the big vendors like Symantec and McAfee no longer give unlimited free updates but start to charge after some initial period ranging from 3 months to 1 year. Very often people do not subscribe to the new updates and let their protection lapse. This leaves the computer open to any new virus that comes along. Actually, it may be better to periodically buy a whole new version of whatever anti-virus program you use. I have often found rebate offers that make the new program cheaper than the update subscription.

Personally, I find both the Norton and McAfee programs to be very heavy users of system resources. An alternative is one of the free programs like Grisoft AVG. In the past, Symantec’s Norton has always seemed to get much better reviews for efficacy against infection than the freebies but a recent review by the magazine PC World indicates that there are several free programs that now provide acceptable levels of protection. Tech Support Alert gives a critique of the various free programs and describes an effective computer defense that uses free programs.

What is a Trojan horse?

The term Trojan horse is applied to malware that masquerades as a legitimate program but is in reality a malicious application. It may simply pretend to be a useful program or it may actually contain a useful function as cover for a destructive one. Screen savers are often used as a carrier. Trojan horses do not replicate themselves as do viruses and worms. However, a Trojan horse can be part of the payload of a worm and can be spread to many machines as part of a worm infestation. Many Trojan horses have been sent out as email attachments.

One favorite use of Trojan horses is to allow a malicious hacker ( more properly called a “cracker”) to use systems of unsuspecting owners for attacking other machines or as zombies. Another use is for relaying spam or pornography. Yet another use is to steal account passwords and then relay them back to someone for fraudulent use. Trojans can also be destructive and wipe out files or create other damage. Recently, phishing scams have been making use of Trojans.

Sometimes social engineering is used to induce people to click on a link. Here’s one that enticed people to try to download some photos:

Osama Bin Ladin was found hanged by two CNN journalists early Wednesday evening. As evidence they took several photos, some of which I have included here. As yet, this information has not hit the headlines due to Bush wanting confirmation of his identity but the journalists have released some early photos over the internet.

Instead of photos what they got was a Trojan.

Defenses

Many Trojans are recognized by the major anti-virus programs. However, not all Trojans have characteristics that trigger anti-virus programs so additional software is recommended. The spyware programs discussed on the next page should be considered as well as the references in the sidebar.

It is essential in the present conditions to have a firewall. The Internet is a two-way street. Unless your computer is properly protected, it is all too easy for unwanted visitors to gain access to your computer while you are on-line. Once into your system, a cracker can plant a Trojan or worm or do other harm. Good firewall software can make your computer invisible to all except the most determined cracker. Further, most firewalls will warn you if programs on your computer try to connect to the Internet without telling you. That will help to warn you if you get an infection. Note, however, that some Trojans may hide by piggybacking on essential services like your email client.

Unless they had a broadband Internet connection, I used to tell people that they probably did not need a firewall. However, hacking has reached the point where everyone, even those with dial-up connections, needs a firewall. My firewall keeps a log of the attempts that are made to probe my computer and once in a while I check it out of curiosity. The attempts are unceasing and come from all over the world. (I know because I look up some of the IPs.) Even my wife’s dial-up AOL account is probed all the time. Many of these probes are not malicious but I see no reason to take chances on the good will of all these strangers.

The present version of Windows XP has half a firewall built in. Unfortunately, it monitors only incoming traffic and therefore is of no help in warning about programs on your computer that call up Internet sites without telling you. Also, note that that you have to specifically enable it. (Service Pack 2 turns it on by default.). I recommend a more robust program. If you want to, you can go for one of the commercial suites that include a firewall together with a variety of other programs. However, there are several very good free programs. The sidebar contains references.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: