The term “Computer Virus” is sometimes used as a catch-all phrase to include all types of malware, including viruses. The expression, Malware is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software or program code. Malware, short for malicious software, is software designed to infiltrate a computer system without the owner’s informed consent. Malware includes Computer Viruses, Worms, Trojan Horses, Spyware, Rootkits and other malicious and unwanted software. The term “Virus” is also commonly but erroneously used to refer to other types of malware.
On March 29, 2010, Symantec Corporation, producer of Norton Security Products, named Shaoxing, China as the World’s Malware capital.
Viruses are sometimes confused with worms and Trojan horses, which are technically different. A worm can exploit security vulnerabilities to spread itself automatically to other computers through networks, while a Trojan horse is a program that appears harmless but hides malicious functions. Worms and Trojan horses, like viruses, may harm a computer system’s data or performance. Viruses can increase their chances of spreading to other computers by infecting files on a network file system or a file system that is accessed by another computer.
A brief history of Virus
Traditional computer viruses were first widely seen in the late 1980s, and they came about because of several factors. The first factor was the spread of personal computers (PCs). Prior to the 1980s, home computers were nearly non-existent or they were toys. Real computers were rare, and they were locked away for use by “experts.” During the 1980s, real computers started to spread to businesses and homes because of the popularity of the IBM PC (released in 1982) and the Apple Macintosh (released in 1984). By the late 1980s, PCs were widespread in businesses, homes and college campuses. The second factor was the use of computer bulletin boards. People could dial up a bulletin board with a modem and download programs of all types. Games were extremely popular, and so were simple word processors, spread sheets and other productivity software. Bulletin boards led to the precursor of the virus known as the Trojan horse.
When we run the program, however, it does something unethical like erasing the disk. Trojan horses only hit a small number of people because they are quickly discovered, the infected programs are removed and word of the danger spreads among users. The third factor that led to the creation of viruses was the floppy disk. In the 1980s, programs were small, and we could fit the entire operating system, a few programs and some documents onto a floppy disk or two. Many computers did not have hard disks, so when we turned on our machine it would load the operating system and everything else from the floppy disk. Virus authors took advantage of this to create the first self-replicating programs.
Early viruses were pieces of code attached to a common program like a popular game or a popular word processor. A person might download an infected game from a bulletin board and run it. A virus like this is a small piece of code embedded in a larger, legitimate program. When the user runs the legitimate program, the virus loads itself into memory¬ and looks around to see if it can find any other programs on the disk. If it can find one, it modifies the program to add the virus’s code into the program. Then the virus launches the “real program.” The user really has no way to know that the virus ever ran. Unfortunately, the virus has now reproduced itself, so two programs are infected. The next time the user launches either of those programs, they infect other programs, and the cycle continues.
Types of Malwares
A Trojan horse, or Trojan, is malware that appears to perform a desirable function for the user prior to run or install but instead facilitates unauthorized access of the user’s computer system. “It is a harmful piece of software that looks legitimate. Users are typically tricked into loading and executing it on their systems”, as Cisco describes. The term is derived from the Trojan Horse story in Greek mythology. Trojan horses may allow a hacker remote access to a target computer system. Once a Trojan horse has been installed on a target computer system, a hacker may have access to the computer remotely and perform various operations, limited by user privileges on the target computer system and the design of the Trojan horse. Operations that could be performed by a hacker on a target computer system include: •Use of the machine as part of a botnet (e.g. to perform automated spamming or to distribute Denial-of-service attacks) •Data theft (e.g. retrieving passwords or credit card information) •Installation of software, including third-party malware
•Downloading or uploading of files on the user’s computer •Modification or deletion of files
•Watching the user’s screen
•Wasting the computer’s storage space
•Crashing the computer
Trojan horses in this way require interaction with a hacker to fulfil their purpose, though the hacker need not be the individual responsible for distributing the Trojan horse. It is possible for individual hackers to scan computers on a network using a port scanner in the hope of finding one with a malicious Trojan horse installed, with which the hacker can then use to control the target computer. A Trojan horse may itself be a computer virus, either by asking other users on a network, such as a instant-messaging network, to install the said software, or by spreading itself through the use of application exploits.
Once a malicious program is installed on a system, it is essential that it stays concealed, to avoid detection and disinfection. The same is true when a human attacker breaks into a computer directly. Techniques known as rootkits allow this concealment, by modifying the hosts operating system so that the malware is hidden from the user. Rootkits can prevent a malicious process from being visible in the system’s list of processes, or keep its files from being read. Originally, a rootkit was a set of tools installed by a human attacker on a Unix system, allowing the attacker to gain administrator (root) access. Today, the term is used more generally for concealment routines in a malicious program. Similar techniques are used by some modern malware, wherein the malware starts a number of processes that monitor and restore one another as needed. Some malware programs use other techniques, such as naming the infected file similar to a legitimate or trust-able file (expl0rer.exe VS explorer.exe).
A backdoor is a method of bypassing normal authentication procedures. Once a system has been compromised (by one of the above methods, or in some other way), one or more backdoors may be installed in order to allow easier access in the future. Backdoors may also be installed prior to malicious software, to allow attackers entry. The idea has often been suggested that computer manufacturers preinstall backdoors on their systems to provide technical support for customers, but this has never been reliably verified. Crackers typically use backdoors to secure remote access to a computer, while attempting to remain hidden from casual inspection. To install backdoors crackers may use Trojan horses, worms, or other methods.
Spyware is a type of malware that is installed on computers and collects little bits of information at a time about users without their knowledge. The presence of spyware is typically hidden from the user, and can be difficult to detect. Typically, spyware is secretly installed on the user’s personal computer. Sometimes, however, spywares such as keyloggers are installed by the owner of a shared, corporate, or public computer on purpose in order to secretly monitor other users.
While the term spyware suggests that software that secretly monitors the user’s computing, the functions of spyware extend well beyond simple monitoring. Spyware programs can collect various types of personal information, such as Internet surfing habits and sites that have been visited, but can also interfere with user control of the computer in other ways, such as installing additional software and redirecting Web browser activity. Spyware is known to change computer settings, resulting in slow connection speeds, different home pages, and/or loss of Internet or functionality of other programs. In an attempt to increase the understanding of spyware, a more formal classification of its included software types is captured under the term privacy-invasive software.
A worm is a computer program that has the ability to copy itself from machine to machine. Worms use up the computer’s time and network bandwidth when they replicate, and carry payloads that do considerable damage. A worm called Code Red made huge headlines in 2001. Experts predicted that this worm could clog the Internet so effectively that things would completely grind to a halt. A worm usually exploits some sort of security hole in a piece of software or the operating system. For example, the Slammer worm (which caused mayhem in January 2003) exploited a hole in Microsoft’s SQL server. “Wired” magazine took a fascinating look inside Slammer’s tiny (376 byte) program. Worms normally move around and infect other machines through computer networks. Using a network, a worm can expand from a single copy incredibly quickly. The Code Red worm replicated itself more than 250,000 times in approximately nine hours on July 19, 2001
How to Protect our Computer from Viruses?
We can protect ourselves against viruses with a few simple steps: •If we are truly worried about traditional (as opposed to e-mail) viruses, we should be running a more secure operating system like LINUX. We never hear about viruses on these operating systems because the security features keep viruses (and unwanted human visitors) away from your hard disk. •If we are using an unsecured operating system, then buying virus protection software is a nice safeguard such as Norton and Kaspersky. •If we simply avoid programs from unknown sources (like the Internet), and instead stick with commercial software purchased on CDs, we eliminate almost all of the risk from traditional viruses. •We should make sure that Macro Virus Protection is enabled in all Microsoft applications, and we should NEVER run macros in a document unless we know what they do.
There is seldom a good reason to add macros to a document, so avoiding all macros is a great policy. •We should never double-click on an e-mail attachment that contains an executable. Attachments that come in as Word files (.DOC), spreadsheets (.XLS), images (.GIF), etc., are data files and they can do no damage (noting the macro virus problem in Word and Excel documents mentioned above). However, some viruses can now come in through .JPG graphic file attachments. A file with an extension like EXE, COM or VBS is an executable, and an executable can do any sort of damage it wants. Once we run it, we have given it permission to do anything on your machine. The only defence is never to run executable files that arrive via e-mail.