|
The content of this document is the opinion and/or statement of its author and its re-publication here does not signify any endorsement by StarLink-IRC.Org. |
Author: Unkown
It seems that they're coming more frequently and with greater malicious virulence than ever. Computer viruses have infected hundreds of millions of computers worldwide, from the computer you have at home, to the ones used every day by major corporations and governments. The recent attacks by Melissa and ExploreZip have caused entire computer networks to become infected, crippling the companies and government agencies who use them. It's not surprising that there's so much fear surrounding computer viruses. No one wants them, but fears of infection and urban legend have also caused unnecessary worry. In this article, we'll discuss what viruses are, what they can (and can't) do, and what you can do to protect yourself against infection.
First I'd like to pass along a couple authoritative sources for informa- tion regarding computer viruses. The National Institute of Standards & Technology (NIST) at: http://csrc.nist.gov/virus/ maintains a website dedicated to current information about viruses, virus hoaxes, and FAQs. They also provide links to other anti-virus sources including the CIAC (part of the U.S. Department of Energy) and other reference sites. A second source of information can be found at: http://dir.yahoo.com/Computers_and_Internet/Security_and_Encryption/Viruses/ Use these references often to get the latest word on viruses.
Exactly what is a virus? David Harley, author of the alt.comp.virus FAQ defines viruses and a their close cousins, Trojan horses, very succinctly below:
"A (computer) virus is a program (a block of executable code) which
"Most viruses are comparatively harmless, and may be present for
"A Trojan Horse is a program intended to perform some covert
"A dropper is a program which installs a virus or Trojan, often
Viruses exist in several forms: file viruses, boot sector/partition sector viruses, and multipartite viruses. There are also so-called Microsoft Macro viruses (which typically affect only Microsoft documents, such as Word, Excel, or PowerPoint documents). We'll discuss Macro viruses separately.
File viruses are typically contained in an infected application you might have received from a friend or you may have downloaded across the net. Regardless how you received the infected file, launching the application triggers the virus to infect your system. Typically such viruses attach themselves to key system files so that every time you start up the infected system on your hard drive, the virus is loaded into memory and waits to infect other applications as you open them. If one of your infected applications makes its way to someone else, the cycle begins again. This is how most viruses are spread via networks and on the internet.
Boot Sector/Partition Sector viruses live in the boot partition or the partition sector of a DOS-formatted disk, and alter the executable code that resides in the first sector (boot sector). The infector program executes its own code, typically infecting the boot sector or partition sector of the hard disk, so that every time the computer is booted, the virus is loaded into memory. Thereafter, any write-enabled disks or drives used on the infected system become infected themselves. When such infected disks are then inserted into a another system, they infect the new system, and the virus spreads. This means that the primary means of infection is by the physical transfer of write-enabled media, such as floppies, Zip disk, MO-disks, etc.
Perhaps the most widespread viruses are multipartite viruses. These have some of the features of both File viruses and Boot sector/Partition sector viruses. In most cases, the virus resides in an infected program that, when launched, triggers the virus to infect the hard disk's boot sector or partition sector, and then goes on to infect system files and other applications as they are launched on the computer. Then, if files are transferred to another recipient, or write-enabled media is inserted into the now-infected system, the virus is spread.
Over the past few years, we've seen the rapid emergence of yet another form of virus, the so-called Microsoft Macro virus. Unlike the previous virus forms, macro viruses typically imbed themselves in Microsoft documents that support the Microsoft macro language (i.e., Word, Excel, and PowerPoint files), and can change global variables of these applications to allow macros to automatically be inserted into working Microsoft documents. More recently, we've seen the introduction of macro viruses that have the ability to alter the Windows Registry and have used Microsoft Outlook to covertly send emails with infected attachments (as in the recent case of the Melissa virus). However, macro viruses cannot actually infect application files, Rather they change the global settings and templates of certain Microsoft programs so that any documents that are opened in these programs are infected with the macro virus. When the infected document is passed to another user who opens the document, the macro virus installs itself in the user's Microsoft application. Note, however, that macro viruses cannot infect the boot or partition sectors.
Then, there are Trojan horses. These are programs that are represented as being something other than they really are, secretly hiding their true (and frequently malicious) intent. Unlike viruses, true Trojan horses have historically not been self-replicating. Typically when they are launched, they do their damage and that's the end of it. However, there are new hybrid Trojan horses that also send copies of themselves via email, such as Happy99.exe. It appears as an attachment to an email from someone you know. When you run it, it will display some fireworks. Apart from the fireworks, however, it will also create two files SKA.EXE and SKA.DLL, and alters WSOCK32.DLL to put its code into that file; it keeps the original file as WSOCK32.SKA. The modified WSOCK32.DLL has routines to detect the email and newsgroup postings made by the user. It will send a copy of the SKA.EXE file renamed as happy99.exe to every mail recipient or newsgroup to whom the user sends an email. Each recipient will receive the email only once and the Trojan will not send again to the same email address. It will send a separate email retaining the subject of the first email sent by the user, but with the file as an attachment. The Trojan also maintains the file LISTE.SKA that contains the list of all email addresses and newsgroups to which this file has been sent. The unique feature of this Trojan is that it can spread on its own.
So what can you do to protect yourself against viruses?
Two things: Be informed about viruses and get yourself a good anti-virus software like Symantec's Norton Anti-Virus, McAfee Virus Scan, or one of the other anti-virus utilities. You'll have to get your own anti- virus software, but let's address some misconceptions about viruses:
Q: I recently received a warning from a friend that simply
A: This is really a two-part question. First of all, the "Good Times"
Notwithstanding that the names of the emails are different (i.e.,
Q: What do I do if I get an attachment in an email?
A: Use caution. Even though you may have received the attachment in an
Q: If I get a virus, what can happen?
A: Viruses may be benign, or they may trigger on specific dates or
Q: What do I do if I think a virus has infected my computer?
A: First, don't panic. More damage has been caused by panic than by the
A word to the wise: an ounce of prevention is worth a pound of cure.
Oh, and did I mention that backing up your data is a good thing? In
In closing, let me leave you with a couple of thoughts. Remember: don't panic. Be informed. It's your best weapon against viruses. The next best weapons are a current anti-virus software, and a little common sense.