Let’s start with a sobering thought—all computer
viruses are man-made. Simply stated, a computer
virus is a man-made computer program designed to reproduce, or make endless
copies of itself. Whether the program is or isn’t designed to damage your
computer system, it’s the replication process that makes it a virus. The main
goal of a virus is to spread inside your system and to other systems without
your knowledge or permission. Even a simple virus is unsafe because it can
quickly use all available memory, bringing the computer system to a halt.
Viruses capable of transmitting themselves across networks and bypassing
security systems are even more dangerous. Whatever the goal of the virus, it
should be completely eliminated.
The
term Trojan horse comes from Greek mythology.Used
in a war between the Greeks and the people of Troy, the Trojan horse was a
large, hollow wooden horse that concealed warriors inside. In this case the horse
appeared to be a peace offering, when actually it was an elaborate, cleverly
designed weapon.
Other Electronic Threats
In addition to viruses,
other malicious programs exist. While sometimes incorrectly referred to as
viruses, they’re a different kind of threat altogether. One such threat is
called a Trojan horse. As the name
implies, the main purpose of the program is to “falsely appear” to be for one
purpose, but it’s really meant to do quite another. While usually not designed
to reproduce itself, the purpose of a Trojan horse is to delete or corrupt
files or even reformat your hard drive. A Trojan horse could be a legitimate
program that has been illegally altered by inserting unauthorized code within
it. The altered program then performs functions unknown (and most likely
unwanted) by the user.
Algorithm—A
procedure for solving a mathematical problem in a fixed number of steps that
normally involves repetition of an operation.
Yet another malicious program is called a worm. A worm is a program or algorithm that
reproduces itself throughout a computer network. Its purpose is usually to
perform malicious actions such as overwhelming computer resources or shutting
down the entire system.
In addition to threats from real viruses, virus hoaxes
create their own problems. Computer users, fearful of damage, innocently spread
misinformation to all their contacts, who in turn notify all their contacts.
It’s easy to see how easily e-mail systems can be burdened or even overloaded.
Before notifying anyone about a potential threat, ensure that the threat is
valid, and that you’re not contributing to the problem by also spreading a
virus.
Spyware
Spyware is in the same category as
backdoor Santas, adware, media plugins, Trojans, or any other software that
potentially forwards personal information about the user’s software, browsing,
and purchasing habits to the spyware installer’s own data collection facilities.
These types of software have become collectively known as spyware
The purpose of spyware
is to record your every online action without your explicit permission.
While this activity may help companies survive in a very competitive
environment, the manner in which they gather the information is done without
your knowledge or consent.
While these programs may only report general demographics
and not collect specific information about you (i.e., your name, credit card,
or other personal information), they do have the capability to do so. The bits
and pieces of personal information gathered by various companies may be
sold and combined with other databases. Profiles of individual Internet users
are then created for direct-marketing purposes.
Stealware
Imagine this situation: you’re a Web site developer
creating a site that generates revenue from cost
per action (CPA) referrals, or affiliate
referrals, to other sites. Your goal is to get visitors to the site to go
to the links you specify and to ultimately make purchases. Based on the traffic
and purchases, you receive a referral fee. But what if someone else resets the
tracking codes to his or her own to skim off revenue that’s rightfully yours?
Stealware consists
of products that modify affiliate-tracking codes in order to change the person
to which the payment is due. As you might imagine, the loss of revenue to the
rightful people will ultimately put them out of business.
More about Malware
In this section, we’ll discuss in detail the inner
workings of a computer virus, worm, and Trojan horse to get a better
understanding of how this malware works.
Computer Viruses
You’ve already learned what a computer virus is. But
how do they accomplish their task? How do they replicate themselves? What
different types of viruses are there? Just to give you an idea of the magnitude
of the problem, for the Windows operating systems, there are in excess of
100,000 known viruses. The actual timing of when a virus migrates between
stages is completely at random.
The Life Cycle of a Computer Virus
Let’s look at the complete life cycle of a computer
virus. Keep in mind that these stages represent a typical virus life cycle.
Creation. Until just recently, only
a person having computer programming language skills could create a computer
virus. But now, anyone with just basic programming knowledge can create a
virus.
Replication. Typically, the person who creates a virus designs
it to reproduce itself for a long period before it activates itself. This
allows the virus plenty of time to spread to many computer systems undetected.
Activation. Viruses that are created
to cause damage to a computer system usually activate after specific conditions
are met; i.e., on a specific date or as soon as the infected system performs a
particular action. Nondestructive viruses
(those designed not to damage a computer system) don’t get activated;
instead they degrade the system by stealing storage or memory space.
Discovery. After a virus is discovered and segregated from
other systems, it’s sent to the International Computer Security Association
(ICSA) in Washington, D.C. The ICSA documents and then forwards the virus to
antivirus software developers.
Eradication. While any virus can be
beat, this will happen only when enough users have up-to-date virus protection
software installed on their computer systems. Needless to say, no viruses have
been completely eliminated.
How Viruses Work
A virus is a
small bit of computer code that can attach itself to, or infect, a legitimate program. Every time that program file is
executed, it runs the virus program. This can be a word processing macro, an
e-mail attachment, or any system file.
Master boot or boot sector viruses tell
the operating system to load the virus when the computer boots up and is
therefore running whenever the computer is on. Some viruses stay in
memory and keep running as a terminate-and-stay-resident
(TSR) program. Even if you physically delete all the files or restore files
from backup disks, a TSR rebuilds itself by infecting new files until a system
reboot. Some viruses can redirect calls between RAM and the hard drive,
bypassing antivirus software; this process is called tunneling. Others run as a stealth
virus, redirecting you to the legitimate section of code when you try to
locate the virus.
Viruses duplicate themselves, send themselves to others on
your network and people in your e-mail address book, instruct your system to
perform operations without your knowledge, and hog system resources. They can
also destroy key information, change file associations, rename all files of a
given type, and erase the registry and system files to totally crash your
operating system. Among well-known viruses of the past:
•
W32/Bugbear: Win32/Bugbear is a family of mass-mailing network worms that targets computers running certain versions of Microsoft Windows.
•
CodeRed: Code Red was a computer worm observed on the Internet on July 15, 2001. It attacked computers running Microsoft's IIS web server.
•
Bagle: (also known as Beagle) is a mass-mailing computer worm affecting all versions of Microsoft Windows.
Trojan Horses
Trojan horses,
as mentioned earlier, are files that pretend to be legitimate, either by
hiding inside an authorized file or setting up a shell structure to name its
associated files. They may appear as screensavers. Trojans can set up dummy
accounts, create backdoors, and initiate contact with your local network or
Internet. Trojans can also allow hackers to control your PC remotely, setting
it up like a separate server, even allowing them to use the microphone and
listen to your conversations. Two well-known Trojan horses were Back Orifice
and Netbus.
Worms
A worm is a self-contained program that replicates itself throughout
the PC and your network. It can delete files or send selected files via e-mail,
bypassing the normal system
security. Sometimes a worm sets up backdoors to
create “zombies” that cloak its true IP address when sending spam or initiating
a denial-of-service attack. Denial of
service (DOS) occurs when a Web site gets hit with so many requests for
service and information that the site temporarily shuts down—or, in this case,
is shut down with bogus Web traffic. Three well-known worms have been MyDoom,
Sobig, and Blaster.
Malware Preventive Measures
You can protect your computer system against malware in
many different ways. Here are just a few:
•
First and foremost, it’s critical that you install on
the computer system a powerful antivirus product, and keep it up-to-date with
the latest virus definition files.
•
Install the best firewall possible to prevent
unauthorized access to your computer system and data files.
Install programs that locate, identify,
quarantine, and remove Trojan horses, spyware, adware, key loggers, and many
other unauthorized system degrading applications.
•
Avoid Web sites that make your system more vulnerable to
attack.
•
Carefully scrutinize all e-mail messages before you
open them. Any unknown e-mail that has an attachment should be treated as a
threat.
Never open any files or
macros attached to e-mail from an anonymous, unfamiliar, suspicious, or
unreliable source. Delete these messages without opening them, and then empty
your Trash folder. Be aware that because e-mail viruses sometimes counterfeit
the sender’s address, even e-mails from familiar
parties should be viewed with caution.
•
Always scan any removable storage media such as a
CD,DVD or flash drive for viruses regardless of the source.
•
Educate and elevate the awareness of all computer
users to the threat.
No comments:
Post a Comment