Lesson #4 - Viruses,
Worms, And Trojans
We've all heard the term virus used frequently
over the past few years. With the rapid growth of the internet, viruses have become
more commonplace then ever before. From Melissa to Chernobyl, we've all heard the
stories of viruses plaguing our on-line existence. But what is a virus, and where do
they come from?
First off, you must realize that worms and Trojan Horses
are viruses. The use of these different terms grew out of the intent of the virus
maker. Where viruses are mostly benign, worms and Trojans tend to be more malicious,
and more frequently cause damage to systems. Also, the way the files are transferred
determines whether the file is a virus, a worm, or a Trojan. For our purposes, we're
going to assume all three are the same, as they should be treated with the same amount of
respect.
The first viruses emerged in the mid-1980's. They
were simple script files passed between unsuspecting computer users, and did little or no
real damage. In the early 1990's, there were still less than 150 viruses.
Today it is estimated that there may be more than 45,000 viruses. One thing
to remember is that for every 10 virus files you hear about, there are 10,000 that you
haven't. Believe it or not, this is simply do to the ability of the hacker to get
his file to you.
Take for example the I Love You virus from the middle of
2000. The file itself was a university test, written by a student attempting to gain
a grade in a programming class. He had no intentions of unleashing this file, and it
would have remained "In the zoo" (A term for viruses that are never released)
had it not been for several of his friends releasing the file. It turned out to be
one of the most expensive viruses ever, clogging up servers and destroying files globally.
A virus on a computer is simply a program meant to
execute at a specific trigger. Some viruses simply replicate themselves until they
fill hard drives, while others attempt to destroy files. Any program that does this
is considered a virus. Viruses generally reproduce without the user's knowledge or
permission. Viruses are written with the intent of damaging other computers or annoying
other users. Generally, virus programmers simply want to cause harm in order to bring
recognition to themselves in the hacker community.
There are two specific phases of a virus. Most
viruses only use one of these phases, but the most damaging of them use both. These
phases are the infection phase and the active phase.
During the infection phase, the virus does nothing
more then attempt to make copies of itself where ever it can. Some use e-mail to
spread, while some attempt to transfer through files sent back and forth during downloads
and uploads. However they spread, a virus's primary goal is to keep growing, and to
attach itself to as many computers as it can find.
During the active phase, the virus is attempting to
do several things. First off, viruses that have an active phase generally try to
cover where they came from, although lately the trend has been to do less covering up and
more damage. Secondly, the virus attempts to manipulate files. It can do this
by changing file extensions (.com, .bat, .mp3, etc.) or changing the way the computer
looks at a file by telling the computer it has already erased this file. By making
the computer think the file is deleted, it makes the file unusable and can make the
computer unstable. Lastly, the active phase of a virus sometimes involves viewable
changes in your computer's operation. Letters on the screen may suddenly change,
images may suddenly appear, and you may get errors in your programs that force you in
re-booting.
The attack phase has a wide range of
severity. Although all viruses take up space and use system resources, some do little more
damage. Some viruses display messages but then others can crash your hard drive
completely. They can even corrupt your backup files if you're not careful.
It is important to remember that less then 15% of all
viruses have an active phase. That means at any time you could have a virus on your
computer and not even know about it. The common symptoms of a virus are system
slow-down and sudden losses of available hard drive space.
"Diagram:
Viruses, trojans, and worms
are all terms that refer to potentially harmful computer programs that can get into a
computer or a network system. Worms are often classified as a virus yet have very
distinguishing characteristics from other types of viruses. Trojans are not the same
thing as a virus or a worm. To complicate things a bit, trojans can be carried to
the computer via a virus or worm.
|
From ThinkQuest.org's File Library,
2000.
Antivirus Software
The easiest defense against a virus is
anti-virus software. All viruses contain scripts, or bits of programming, that is
different from normal programming. By scanning for these bits of programming, an
anti-virus program can find and eradicate viruses before they even pose a threat.
The other way anti-virus software works is to monitor system resources and hard drive
usage to look for changes in the computer system after it's been infected. Both
these methods can stop a virus from damaging your system, and every computer hooked up to
the internet today SHOULD have anti-virus software installed.
The list of the types of programming that
distinguish a virus from normal programming are called virus definitions. The virus
definition file inside the anti-virus program is what allows it to know the difference
between a good program and a bad program. As new viruses are released "into the
wild" (A term for viruses that make it into the mainstream), anti-virus software is
quickly updated to scan for the new changes these viruses may make. Therefore, it is
imperative that you update your virus definition file often. Most anti-virus
software will do this automatically, but it doesn't hurt to check to make sure that you
are protected.
If you aren't using an anti-virus program
right now or are using an older version of one, we suggest you go to the McAfee
Clinic immediately. They can
scan your computer for viruses while you are on-line, and since their virus definition
file is kept on their website, you know you have the most up-to-date
protection.
In Conclusion...
It is estimated that less then 50% of the
personal computers on the internet are secured by up-to-date anti-virus software.
This means that half of the people on the internet either have viruses, or are a prime
target for one. Only you can protect your computer, so take the time to install
anti-virus software and keep your virus definition file up to date. |