Internet Safety Tutorial

Lesson #4 - Viruses, Worms, And Trojans 

We've all heard the term virus used frequently over the past few years.  With the rapid growth of the internet, viruses have become more commonplace then ever before.  From Melissa to Chernobyl, we've all heard the stories of viruses plaguing our on-line existence.  But what is a virus, and where do they come from?

First off, you must realize that worms and Trojan Horses are viruses.  The use of these different terms grew out of the intent of the virus maker.  Where viruses are mostly benign, worms and Trojans tend to be more malicious, and more frequently cause damage to systems.  Also, the way the files are transferred determines whether the file is a virus, a worm, or a Trojan.  For our purposes, we're going to assume all three are the same, as they should be treated with the same amount of respect.

The first viruses emerged in the mid-1980's.  They were simple script files passed between unsuspecting computer users, and did little or no real damage.  In the early 1990's, there were still less than 150 viruses.  Today it is estimated that there may be more than 45,000 viruses.  One thing to remember is that for every 10 virus files you hear about, there are 10,000 that you haven't.  Believe it or not, this is simply do to the ability of the hacker to get his file to you.

Take for example the I Love You virus from the middle of 2000.  The file itself was a university test, written by a student attempting to gain a grade in a programming class.  He had no intentions of unleashing this file, and it would have remained "In the zoo" (A term for viruses that are never released) had it not been for several of his friends releasing the file.  It turned out to be one of the most expensive viruses ever, clogging up servers and destroying files globally.

A virus on a computer is simply a program meant to execute at a specific trigger.  Some viruses simply replicate themselves until they fill hard drives, while others attempt to destroy files.  Any program that does this is considered a virus.  Viruses generally reproduce without the user's knowledge or permission. Viruses are written with the intent of damaging other computers or annoying other users. Generally, virus programmers simply want to cause harm in order to bring recognition to themselves in the hacker community. 

There are two specific phases of a virus.  Most viruses only use one of these phases, but the most damaging of them use both.  These phases are the infection phase and the active phase.

During the infection phase, the virus does nothing more then attempt to make copies of itself where ever it can.  Some use e-mail to spread, while some attempt to transfer through files sent back and forth during downloads and uploads.  However they spread, a virus's primary goal is to keep growing, and to attach itself to as many computers as it can find.

During the active phase, the virus is attempting to do several things.  First off, viruses that have an active phase generally try to cover where they came from, although lately the trend has been to do less covering up and more damage.  Secondly, the virus attempts to manipulate files.  It can do this by changing file extensions (.com, .bat, .mp3, etc.) or changing the way the computer looks at a file by telling the computer it has already erased this file.  By making the computer think the file is deleted, it makes the file unusable and can make the computer unstable.  Lastly, the active phase of a virus sometimes involves viewable changes in your computer's operation.  Letters on the screen may suddenly change, images may suddenly appear, and you may get errors in your programs that force you in re-booting.  

The attack phase has a wide range of severity. Although all viruses take up space and use system resources, some do little more damage.  Some viruses display messages but then others can crash your hard drive completely. They can even corrupt your backup files if you're not careful.

It is important to remember that less then 15% of all viruses have an active phase.  That means at any time you could have a virus on your computer and not even know about it.  The common symptoms of a virus are system slow-down and sudden losses of available hard drive space.

"Diagram: 

Viruses, trojans, and worms are all terms that refer to potentially harmful computer programs that can get into a computer or a network system.  Worms are often classified as a virus yet have very distinguishing characteristics from other types of viruses.  Trojans are not the same thing as a virus or a worm.  To complicate things a bit, trojans can be carried to the computer via a virus or worm.

 

From ThinkQuest.org's File Library, 2000.

Antivirus Software

The easiest defense against a virus is anti-virus software.  All viruses contain scripts, or bits of programming, that is different from normal programming.  By scanning for these bits of programming, an anti-virus program can find and eradicate viruses before they even pose a threat.  The other way anti-virus software works is to monitor system resources and hard drive usage to look for changes in the computer system after it's been infected.  Both these methods can stop a virus from damaging your system, and every computer hooked up to the internet today SHOULD have anti-virus software installed.

The list of the types of programming that distinguish a virus from normal programming are called virus definitions.  The virus definition file inside the anti-virus program is what allows it to know the difference between a good program and a bad program.  As new viruses are released "into the wild" (A term for viruses that make it into the mainstream), anti-virus software is quickly updated to scan for the new changes these viruses may make.  Therefore, it is imperative that you update your virus definition file often.  Most anti-virus software will do this automatically, but it doesn't hurt to check to make sure that you are protected.

If you aren't using an anti-virus program right now or are using an older version of one, we suggest you go to the McAfee Clinic immediately.  They can scan your computer for viruses while you are on-line, and since their virus definition file is kept on their website, you know you have the most up-to-date protection.  

In Conclusion...

It is estimated that less then 50% of the personal computers on the internet are secured by up-to-date anti-virus software.  This means that half of the people on the internet either have viruses, or are a prime target for one.  Only you can protect your computer, so take the time to install anti-virus software and keep your virus definition file up to date.

Back To The Internet Safety Tutorials