Thursday, 30 April 2009

All About Computer Viruses

Just what exactly is a virus? What kind is in your computer? How did
it get there? How is it spreading and wreaking such havoc? And why is
it bothering with your computer anyway?

Viruses are pieces of programming code that make copies of themselves,
or replicate, inside your computer without asking your explicit
written permission to do so. Forget getting your permission down on
paper. Viruses don't bother to seek your permission at all! Very
invasive.

In comparison, there are pieces of code that might replicate inside
your computer, say something your IT guy thinks you need. But the code
spreads, perhaps throughout your office network, with your consent (or
at least your IT guy's consent). These types of replicating code are
called agents, said Jimmy Kuo, a research fellow with McAfee AVERT, a
research arm of anti-virus software-maker McAfee Inc.

In this article, though, we're not talking about the good guys, or the
agents. We'll be talking about the bad guys, the viruses.

A long, long time ago in computer years, like five, most viruses were
comprised of a similar breed. They entered your computer perhaps
through an email attachment or a floppy disk (remember those?). Then
they attached themselves to one of your files, say your Microsoft Word
program.

When you opened your Microsoft Word program, the virus replicated and
attached itself to other files. These could be other random files on
your hard drive, the files furthest away from your Microsoft Word
program, or other files, depending on how the virus writer wanted the
virus to behave.

This virus code could contain hundreds or thousands of instructions.
When it replicates it inserts those instructions, into the files it
infects, said Carey Nachenberg, Chief Architect at Symantec Research
Labs, an arm of anti-virus software-maker Symantec. Corp.

Because so many other types of viruses exist now, the kind just
described is called a classic virus. Classic viruses still exist but
they're not quite as prevalent as they used to be. (Perhaps we could
put classic viruses on the shelf with Hemingway and Dickens.)

These days, in the modern era, viruses are known to spread through
vulnerabilities in web browsers, files shared over the internet,
emails themselves, and computer networks.

As far as web browsers are concerned, Microsoft's Internet Explorer
takes most of the heat for spreading viruses because it's used by more
people for web surfing than any other browser.

Nevertheless, "Any web browser potentially has vulnerabilities,"
Nachenberg said.

For instance, let's say you go to a website in IE you have every
reason to think is safe, Nachenberg said.

But unfortunately it isn't. It has virus code hidden in its background
that IE isn't protecting you from. While you're looking at the site,
the virus is downloaded onto your computer, he said. That's one way of
catching a nasty virus.

During the past two years, another prevalent way to catch a virus has
been through downloads computer users share with one another, mostly
on music sharing sites, Kuo said. On Limewire or Kazaa, for instance,
teenagers or other music enthusiasts might think they're downloading
that latest Justin Timberlake song, when in reality they're
downloading a virus straight into their computer. It's easy for a
virus writer to put a download with a virus on one of these sites
because everyone's sharing with everyone else anyway.

Here's one you might not have thought of. If you use Outlook or
Outlook Express to send and receive email, do you have a preview pane
below your list of emails that shows the contents of the email you
have highlighted? If so, you may be putting yourself at risk.

Some viruses, though a small percentage according to Nachenberg, are
inserted straight into emails themselves.

Forget opening the attachment. All you have to do is view the email to
potentially get a virus, Kuo added. For instance, have you ever opened
or viewed an email that states it's "loading"? Well, once everything
is "loaded," a virus in the email might just load onto your computer.

So if I were you, I'd click on View on the toolbar in your Outlook or
Outlook Express and close the preview pane. (You have to click on View
and then Layout in Outlook Express.)

On a network at work? You could get a virus that way. Worms are
viruses that come into your computer via networks, Kuo said. They
travel from machine to machine and, unlike, the classic viruses, they
attack the machine itself rather than individual files.

Worms sit in your working memory, or RAM, Nachenberg said.

OK, so we've talked about how the viruses get into a computer. How do
they cause so much damage once they're there?

Let's say you've caught a classic virus, one that replicates and
attacks various files on your computer. Let's go back to the example
of the virus that initially infects your Microsoft Word program.

Well, it might eventually cause that program to crash, Nachenberg
said. It also might cause damage to your computer as it looks for new
targets to infect.

This process of infecting targets and looking for new ones could
eventually use up your computer's ability to function, he said.

Often the destruction a virus causes is pegged to a certain event or
date and time, called a trigger. For instance, a virus could be
programmed to lay dormant until January 28. When that date rolls
around, though, it may be programmed to do something as innocuous but
annoying as splash popups on your screen, or something as severe as
reformat your computer's hard drive, Nachenberg said.

There are other potential reasons, though, for a virus to cause your
computer to be acting slow or in weird ways. And that leads us to a
new segment – the reason virus writers would want to waste their time
creating viruses in the first place.

The majority of viruses are still written by teenagers looking for
some notoriety, Nachenberg said. But a growing segment of the
virus-writing population has other intentions in mind.

For these other intentions, we first need to explain the "backdoor" concept.

The sole purpose of some viruses is to create a vulnerability in your
computer. Once it creates this hole of sorts, or backdoor, it signals
home to mama or dada virus writer (kind of like in E.T.). Once the
virus writer receives the signal, they can use and abuse your computer
to their own likings.

Trojans are sometimes used to open backdoors. In fact that is usually
their sole purpose, Kuo said.

Trojans are pieces of code you might download onto your computer, say,
from a newsgroup. As in the Trojan War they are named after, they are
usually disguised as innocuous pieces of code. But Trojans aren't
considered viruses because they don't replicate.

Now back to the real viruses. Let's say we have Joe Shmo virus writer.
He sends out a virus that ends up infecting a thousand machines. But
he doesn't want the feds on his case. So he instructs the viruses on
the various machines to send their signals, not of course to his
computer, but to a place that can't be traced. Hotmail email happens
to be an example of one such place, Kuo said.

OK, so the virus writers now control these computers. What will they
use them for?

One use is to send spam. Once that backdoor is open, they bounce spam
off of those computers and send it to other machines, Nachenberg said.

That's right. Some spam you have in your email right now may have been
originally sent to other innocent computers before it came to yours so
that it could remain in disguise. If the authorities could track down
the original senders of spam, they could crack down on spam itself.
Spam senders don't want that.

Ever heard of phishing emails? Those are the ones that purport to be
from your internet service provider or bank. They typically request
some information from you, like your credit card number. The problem
is, they're NOT from your internet service provider or your bank.
They're from evil people after your credit card number! Well, these
emails are often sent the same way spam is sent, by sending them via
innocent computers.

Of course makers of anti-virus software use a variety of methods to
combat the onslaught of viruses. Norton, for instance, uses signature
scanning, Nachenberg said.

Signature scanning is similar to the process of looking for DNA
fingerprints, he said. Norton examines programming code to find what
viruses are made of. It adds those bad instructions it finds to its
large database of other bad code. Then it uses this vast database to
seek out and match the code in it with similar code in your computer.
When it finds such virus code, it lets you know!

No comments:

Post a Comment