Computer Virus
Combating infections and removing viruses is
now big business. Lesson one is 'knowing the enemy'.
THE ENEMY - Crackers and Hackers
Geeks make a distinction between crackers, who break into
systems to do damage, and hackers who enjoy taking programs
apart just to see how they tick. We'll stick with the more
common, though less accurate, term of hacker. (The term 'hacker'
originally meant 'someone who makes furniture' with an axe.
Crude, but effective - like most computer viruses.)
Viruses are actually a particular type of computer 'malware' - a
general term covering all types of malicious software. The most
common types are viruses, worms and Trojan horses.
VIRUSES
A virus is usually hidden inside another program such as an
installation program delivered via e-mail attachment.
(Biological viruses require a host organism to live and
reproduce, hence the name.) When the 'host' program is run, the
virus program also runs. Once it's in memory the virus is able
to do its dirty work, which usually includes infecting other
programs.
After the infection stage of the virus, there's a destructive
stage. The virus waits for a pre-determined trigger (such as a
specific date or a certain number of times the virus has
replicated itself) before delivering its 'payload'. Payloads
range from simple messages to file deletion commands to
destruction of the core operating system.
When first developed, computer viruses were commonly distributed
on floppy disks. With the growth of the Internet downloaded
files and e-mail are the preferred delivery mechanisms. E-mail
can contain attachments which can be any kind of computer file.
Any executable file can be infected with a virus, and shouldn't
be run unless you're confident they're virus free.
WORMS
Worms are similar to viruses in that they're self-replicating.
They reproduce themselves across networks without human
assistance, such as e-mail sending. A worm, though, doesn't need
another executable program to be distributed.
Worms usually affect networks more than individual computers on
the network. Their self-replicating behavior can overload
network resources, causing slowdowns in data transmission by
consuming massive bandwidth normally used to forward normal
traffic. Network systems that route Internet traffic are just
specialized computer hardware and software. They, too, can be
affected by malware.
Worms can also be designed to carry a payload, using a
'backdoor' installation program. A backdoor is a hidden access
point to a computer that bypasses the normal login procedure.
They're commonly used by spammers to distribute junk e-mail, for
example.
TROJAN HORSES
Trojan horses are the third common type of malware. A 'trojan'
is a program that pretends to do one thing but actually does
something different. (The term comes from the story of the
Greeks who built a large wooden horse in which to hide. Their
enemies, the Trojans persuaded they'd receive a gift, took the
horse inside their compound giving the Greeks easy access to
wreak havoc.) Unlike viruses or worms, a Trojan doesn't
replicate itself.
Trojans may be hidden in otherwise useful software. Once started
they can do almost anything including erasing data, corrupting
files, installing backdoors and logging keystrokes so that
hackers can steal information such as credit card numbers and
passwords.
FIGHTING MALWARE
Elsewhere in the series, we'll discuss what is and can be done
to combat the spread of malware. In the interim, just remember
not to be passive and expect the problem to be solved by others.
Fighting viruses requires active participation from vendors,
webmasters AND users. Click here for our anti-virus software
reviews.
