Computer Viruses

Viruses are one of the biggest threats to the security of your computer files. In 1981, there was one known computer virus. Today, the count exceeds 100, 000. Between 900 and 1, 300 new viruses appear every month.

A computer virus is a set of program instructions that attaches itself to a file, reproduces itself, and spreads to other files. The term “computer virus” is often used to refer to any malicious code or software that invades a computer system. The term malicious code (sometimes called “malware”) refers to a program or set of program instructions designed to surreptitiously enter a computer and disrupt its normal work. Many types of malicious code, including viruses, worms, and Trojan horses, are created and unleashed by individuals referred to as “hackers” or “crackers”.

Viruses spread when people distribute infected files by exchanging disks and CDs, sending e-mail attachments, exchanging music on file-sharing networks, and downloading software from the Web. Many computer viruses infectfiles executed by your computer – files with extensions such as.exe,.com. or.vbs. When your computer executes an infected program, it also executes the attached virus instructions.

A virus can be classified as a file virus, boot sector virus, or macro virus. A file virus infects application programs, such as games. A boot sector virus infects the system files your computer uses every time you turn it on. These viruses can cause widespread damage to your computer files and recurring problems. A macro virus infects a set of instructions called a “macro” – a miniature program that usually contains legitimate instructions to automate document and worksheet production. When you view a document containing an infectedmacro, the macro virus duplicates itself into the general macro pool, where it is picked up by other documents. In addition to replicating itself, a virus might deliver a payload, which could be as harmless as displaying an annoying message or as devastating as corrupting the data on your computer’s hard disk. A trigger event, such as a specific date, can unleash some viruses. For example, the Michelangelo virus triggers on March 6, the birthday of artist Michelangelo.

A Trojan horse (sometimes simply called a “Trojan”) is a computer program that seems to perform one function while actually doing something else. Trojan horses are notorious for stealing passwords using a keylogger – a type of program that records your key-stroke.

Any software that can automate a task or autonomously execute a task when commanded to do so is called an intelligent agent. Because an intelligent agent behaves somewhat like a robot, it is often called a bot. Like a spider in its web, the person who controls many bot-infested computers can link them together into a network called a botnet. Botnets as large as 400, 000 computers have been discovered by security experts.

Malicious Code Trends

Date	Threats	Trends
	Cloner	The first known virus begins to spread. Cloner infects files on disks formatted for Apple II computers. The prevalence of disk-borne viruses continues well into the1990s with Jerusalem (1987), Michelangelo (1992), and others.
	Internet Worm	The first major worm attack over the Internet sets the stage for today's prolific crop of mass-mailing worms.
	Back Orifice	First Trojan horse designed to allow a remote hacker to gain unauthorized access to a computer.
	Melissa	Macro viruses, such as Melissa and l.aroux, are prevalent for several years and cause trouble by infecting Microsoft Word and Excel files.
	Love Letter	One of the fastest spreading mass-mailing worms. Followed by Sobig, Blaster, and MyDoom (2004).
	Code Red	Worms designed for Denial of Service attacks gather steam. Code Red, which targeted the White House, is followed by Blaster (2001) and Slammer (2003).
	Klez	Klez is a mass-mailing worm that is particularly difficult to eradicate. Because the “From” address is spoofed, it is almost impossible to locate infectedcomputers.
20Most notebook computers are equipped with several USB ports. 03	Mimail	Social engineering takes center stage and users are confused by fake e-mails from seemingly legitimate companies, such as PayPal, Microsoft, and Wells Fargo.
	Sasser Netsky Xombe MyDoom, Zafi Bagle	Worms, such as Sasser, begin to emerge that infect computers without user interaction, such as opening an infectede-mail attachment. Mass-mailing worms are still most prevalent. Worms that spread over instant messaging and handheld devices begin to emerge.
	Mytob Zotob Rbot	Bots become one of the biggest security problems. Arriving as e-mail attachments, links embedded in e-mail messages, or from infected banner ads, bots install themselves on unprotected computers, which can then be controlled by unauthorized hackers and commandeered into botnets that launch spam and Denial of Service attacks.

 

These are the top three steps you can take to prevent your computer from becoming infected:

- Use antivirus software on every computing device you own.

- Keep software patches and operating system service packs up to date.

- Do not open suspicious e-mail attachments.

Antivirus software is a type of utility software that can look for and eradicate viruses, Trojan horses, bots, and worms. This essential software is available for handheld computers, personal computers, and servers. Popular antivirus software for personal computers includes McAfee VirusScan, Norton AntiVirus, and F-Secure Anti-Virus.

Antivirus software uses several techniques to find viruses. As you know, some viruses attach themselves to an existing program. The presence of such a virus often increases the length of the original program. The earliest antivirus software simply examined the programs on a computer and recorded their length. A change in the length of a program from one computing session to the next indicated the possible presence of a virus.

To counter early antivirus software, hackers became more cunning. They created viruses that insert themselves into unused portions of a program file without changing its length. Antivirus software developers fought back. They designed software that examines the bytes in an uninfected application program and calculates a checksum. A checksum is a number calculated by combining the binary values of all bytes in a file. Each time you run an application program, antivirus software calculates the checksum and compares it with the previous checksum. If any byte in the application program has changed, the checksum will be different, and the antivirus software assumes that a virus is present.

Today’s viruses, Trojan horses, bots, and worms are not limited to infecting program files, so modern antivirus software attempts to locate them by searching your computer’s files and memory for virus signatures. A virus signature is a section of program code, such as a unique series of instructions, that can be used to identify a known malicious program, much as a fingerprint is used to identify an individual.

 

Comprehension check. Choose the ending for each sentence from the two versions given.

1. Worm named Code Red was targeted	a) White House; b) Bank of Scotland.
2. Any program designed to enter a computer and disrupt its normal operations is called	a) malicious code; b) utility.
3. Many types of malicious codes are created by	a) the computer itself; b) individuals referred to as “hackers”.
4. A boot sector virus infects the system files your computer uses	a) every time you turn it on; b) when you are connected to the Internet.
5. A change in the length of a program from one computing session to the next	a) indicated the possible presence of a virus; b) is a result of operation system work.
6. A checksum is	a) a number calculated by combining the binary values of all bytes in a file; b) the cost of an antivirus program.