Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Standard view
Full view
of .
Save to My Library
Look up keyword
Like this
0 of .
Results for:
No results containing your search query
P. 1
Types of Virus

Types of Virus

Ratings: (0)|Views: 14|Likes:
Published by chepimanca

More info:

Published by: chepimanca on Apr 11, 2010
Copyright:Attribution Non-commercial


Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less





echnological old timers – that is tosay, those of us who were comput-ing before the advent of the Internet– remember when getting your sys-tem infected by malicious software, or “mal-ware,” was actually relatively difficult. Back then,you’d most often get a virus by booting yourmachine from an infected floppy disk or bydownloading and running programs from acomputer bulletin board system (BBS). For better or worse, those days are gone for-ever. Now that connectivity is cheap and e-mail is ubiquitous, the Internet has become the pri-mary means by which malware spreads. Onecareless click can wipe out valuable files, clogyour company’s servers, render your computerunable to boot, or broadcast material of ques-tionable taste to friends, relatives, and businesscontacts – with your name on the From line.When malware interf eres with your work,damages or disables your system, or does any-thing other than propagate itself, this nasty behav-iour is called a payload. Sometimes, as in thecase of the Michelangelo and Chernobyl virus-es, the payload is not released immediately buton a pre-programmed date in the future. This gives the malware time to propagate beforemaking its presence known and before disablingthe host.To avoid these hazards, you’ll need to under-stand how to detect and disarm malware andspot the telltale signs of hoaxes. The sectionsthat follow describe the most common types of malware and how to avoid each.
Malware is usually classified according to two traits: where it hides and how it spreads. Becausethe terminology was created before the age othe Internet, though, malware doesn’t always fitcleanly into any one classification within thesetwo categories (hence David Smith’s embeddedmessage in Melissa, the virus he authore d:Worm?Macro Virus?Word 97 Virus?Word 2000 Virus? You Decide!...it’s a new age!”). Nonethe-less, understanding the traditional categories of malicious software is useful.
Beore the Internet was open to the general pub- lic, booting from an infected floppy disk wasthe most common way to introduce a virus intoyour machine. This would unleash a boot sec-tor virus – malicious code contained in the flop-py disk’s boot sector (the area that stores theinstructions that tell the computer how to loadthe operating system). The virus would copyitself to the hard drive’s boot sector, then to everywrite-enabled floppy disk inserted into themachine. A few boot sector viruses have somewhat dra-matic payloads. The MS-DOS virus Cascade, forexample, makes the characters on your displayappear to fall to the bottom in a heap. Others,such as the Stoned virus, systematically degradeperf ormance. Still others have no obvious pay- load and seem to exist only to propagate. Some boot sector viruses are also file infec-tors (though not all file infectors are boot sectorviruses). File infectors modify the programs youuse, inserting code that runs when you executethe altered programs. Other files on your harddrive can then become infected, as can floppydisk boot sectors and files. File infectors can leapacross a network to manipulate shared files andcan deliver a payload. To avoid arousing suspi-cion and, as a result, enjoy more opportunitiesto propagate, such viruses generally permitinfected files to run.To avoid both boot sector viruses and file infec-tors, run a commercial antivirus program. Near-ly all do an excellent job of detecting and pre-venting the spread of such viruses. You shouldalso enable any antiviral feature in your systemsbios that prevents programs from writing to bootsectors. Some file infectors can propagate in thesame way as worms and Trojan horses (whichwe cover below), so taking the measures rec-ommended for these categories also pays.
June 2001
w w w .
.c o .a e
w w w .
-m id e a st.
 Viruses can send annoying emails to your friends or wipe out your sy stem. Know i n gm o re about the enemy may spare hours of lost time and the hea rt a che of losing dat a .H e re we show you how you can protect yourself and keep your PC virus- f re e .
Tutor.JUNE.NEW 14/05/01 8:21 PM Page 2
Documents created by many productivity appli-cations can contain programs called macros thatstart when a document is opened, when they areselected from a menu, or when a combinationof keys is pressed. A macro virus is a file infec-tor that hides inside such documents. Microsot Word files are the most frequent carriers, butExcel spreadsheets and other document typesare also targets. Microsoft has taken a few mea-sures, in recent versions of its Office suite, tomake such viruses harder to write. But millionsof people still use older, unprotected versions,and virus writers have taken on the challengeof bypassing newer safeguards with gusto.To avoid macro viruses, set whatever securi-ty features the application has to High, or dis-able macros altogether. Be wary of openingdocuments that arrive unexpectedly – even if they appear to come from someone you know.(Many macro viruses, including Melissa, spreadlike Trojan horses or worms, mailing themselvesto everyone in a victim’s address book withoutthat person’s knowledge.) Again, use and reg-ularly update antivirus software. Finally, ask your ISP or company network administratorwhether incoming email messages can bescanned for potentially dangerous attachmentsbeore hitting your mailbox.
Like the wooden horse that figured so promi-nently in Homer’s Iliad, a Trojan horse program masquerades as something it is not, to persuadea user to let it into the system. In the BBS era, such programs often impersonated new ver-sions of commonly used programs, such as thePKZIP file compression utility. A more recent example: the Anna Kournikova Tro j a nhorse / worm program, which arrived in users’ electronic mailboxes appearing to be a picture of the attractive Russian tennis star.Although some malware can propagate with-out user intervention, most of the malware towhich Internet and email users are likely to beexposed takes the form of a Trojan horse in atleast one phase of its life cycle. Note that Tro- jan horses can’t do their dirty work unless acti-vated by the user. It is thereore vitally impor- tant that you know exactly what you are run-ning, launching or opening – especially whenit comes as an attachment to email.In many cases, a Trojan horse will attempt toconceal its true nature by arriving as a file withmultiple extensions – for example,AnnaKournikova.jpg.vbs. This type of filename exploits the fact that Windows, like many Win-dows email programs, uses the last extension atthe end of the filename to choose an icon torepresent the file. The name is then displayed,minus the final extension and the period thatprecedes it, next to the icon.Such a multiple-extension exploit is a deadgiveaway that an attachment is malicious.Recipients of the Anna Kournikova program who use Outlook or Outlook Express see theattached file containing the worm as an iconwith a scroll in it. Next to the icon is the nameAnnaKournikova.jpg. The script icon, which contains an image of a scroll, looks at firstglance as if it might represent some type of photographic film, and the displayed namemakes the file appear to be a jpeg image. So,many users clicked on the icon expecting to seea picture.To avoid Trojan horses, users must take greatcare to avoid running a program that can work its will on their machines. This means scrutin-ising all email attachments and downloadingprograms from trusted sources only. Antivirussotware can identify well known or wide- spread Trojan horses, but versions of malwarethat are modified in only minor ways can oftenslip through. What’s more, antivirus vendorscan be slow to provide patterns for the latestTrojan horses, sometimes taking up to ten daysto make new pattern files available for down-load. So it is extremely useful to install heuris-tic filters (that is, filters that identify and quar-antine suspicious email according to a set of rules) on ones mail server. (If you rely on yourISP’s mail server, encourage your provider todo this.) Such filters require some technical expertise to set up and should be installed bya network administrator.
A worm is malware that propagates fro mmachine to machine without human interven-tion. The most famous program of this ilk wasunleashed by Robert Tappan Morris, Jr., the sonof a noted computer security expert, in 1988.Taking advantage of known security holes incommonly used software, it used the comput-ing power of each infected machine to breainto others, spreading like wildfire between sys-tems made by Digital Equipment and Sun.While the “Morris worm” didn’t intentionallypack a harmful payload, it had a bug in the partof code that was supposed to limit its repro-ductive zeal. As a result, its overeager attemptsto spread itself consumed most of an infectedmachine’s resources, crippling a substantial frac- tion of the computers on the Internet. (Surpris-
w w w .
.c o .a e
w w w .
-m id e a st.
June 2001
types of virus
know what you’re up against
Tutor.JUNE.NEW 14/05/01 8:21 PM Page 3

You're Reading a Free Preview

/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->