|
The most common blunder people make when the topic of a computer virus arises is to refer
to a worm or
Trojan horse as
a virus. While the
words Trojan, worm and virus are often used interchangeably, they are not
the same. Viruses, worms and Trojan Horses are all malicious
programs that can
cause damage to your
computer, but there are differences among the three, and knowing those
differences can help you to better protect your computer from their often
damaging effects.
A computer virus
attaches itself to a program or file so it can spread from one computer to
another, leaving infections as it travels. Much like human viruses, computer
viruses can range in severity: Some viruses cause only mildly annoying effects
while others can damage your
hardware,
software or
files. Almost all
viruses are attached to an
executable file,
which means the virus may exist on your computer but it cannot infect your
computer unless you run or open the malicious program. It is important to note
that a virus cannot be spread without a human action, (such as running an
infected program) to keep it going. People continue the spread of a computer
virus, mostly unknowingly, by sharing infecting files or sending
e-mails with viruses
as attachments in the e-mail.
A worm is
similar to a virus by its design, and is considered to be a sub-class of a
virus. Worms spread from computer to computer, but unlike a virus, it has the
capability to travel without any help from a person. A worm takes advantage of file
or information transport features on your system, which allows it to travel unaided.
The biggest danger with a worm is its capability to replicate itself on your system, so rather than your computer sending out a single worm, it could send out
hundreds or thousands of copies of itself, creating a huge devastating effect. One
example would be for a worm to send a copy of itself to everyone listed in your
e-mail address book. Then, the worm replicates and sends itself out to everyone
listed in each of the receiver's address book, and the manifest continues on
down the line. Due to the copying nature of a worm
and its capability to travel across networks the end result in most cases is that
the worm consumes too much
system memory (or
network bandwidth), causing Web
servers, network
servers and individual computers to stop responding. In more recent worm
attacks such as the much-talked-about .Blaster Worm., the worm has been designed
to tunnel into your system and allow malicious users to control your computer
remotely.
|
Key Terms To
Understanding Computer Viruses:
virus
A program or piece of code that is loaded onto your computer without
your knowledge and runs against your wishes.
Trojan Horse
A destructive program that masquerades as a benign application.
Unlike viruses, Trojan horses do not replicate themselves
worm
A program or algorithm that replicates itself over a computer
network and usually performs malicious actions
blended threat
Blended threats combine the characteristics of viruses, worms,
Trojan Horses, and malicious code with server and Internet
vulnerabilities
.
antivirus program
A utility that searches a hard disk for viruses and removes any that
are found. |
A Trojan
Horse is full of as much trickery as the mythological Trojan Horse it
was named after. The Trojan Horse, at first glance will appear to be useful
software but will actually do damage once installed or run on your computer. Those on the receiving end of a Trojan
Horse are usually tricked into opening them because they appear to be receiving legitimate
software or files from a legitimate source. When a Trojan is activated on
your computer, the results can vary. Some Trojans are designed to be more
annoying than malicious (like changing your desktop, adding silly active desktop
icons) or they can cause serious damage by deleting files and destroying
information on your system. Trojans are also known to create a
backdoor on your
computer that gives malicious users access to your system, possibly allowing
confidential or personal information to be compromised.
Unlike viruses and worms, Trojans do not reproduce by infecting other files nor
do they self-replicate.
Added into the mix, we also have what is
called a blended threat. A blended threat is a
sophisticated attack that bundles some of the worst aspects of viruses,
worms, Trojan horses and malicious code into one threat. Blended threats
use server and Internet vulnerabilities to initiate, transmit and spread an
attack. This combination of method and techniques means blended threats can
spread quickly and cause widespread damage. Characteristics of blended
threats include: causes harm, propagates by multiple methods, attacks from
multiple points and exploits vulnerabilities.
To be considered a blended thread, the attack
would normally serve to transport multiple attacks in one payload. For
examplem it wouldn't just launch a DoS attack — it would also install a
backdoor and damage a local system in one shot. Additionally, blended threats
are designed to use multiple modes of transport. For example, a worm may
travel through e-mail, but a single blended threat could use multiple routes
such as e-mail, IRC and file-sharing sharing networks. The actual attack
itself is also not limited to a specific act. For example, rather than a
specific attack on predetermined .exe files, a blended thread could modify
exe files, HTML files and registry keys at the same time — basically it can
cause damage within several areas of your network at one time.
Blended threats are considered to be the
worst risk to security since the inception of viruses, as most blended threats
require no human intervention to propagate.
Combating Viruses, Worms and Trojan
Horses The first steps to
protecting your computer are to ensure your
operating system
(OS) is up-to-date. This is essential if you are running a Microsoft Windows OS.
Secondly, you should have
anti-virus software installed on your system and ensure you
download updates
frequently to ensure your software has the latest fixes for new viruses, worms,
and Trojan horses. Additionally, you want to make sure your anti-virus program
has the capability to scan e-mail and files as they are downloaded from the
Internet. This will help prevent malicious programs from even reaching your
computer. You should also install a
firewall as well.
A firewall is a system that prevents unauthorized
use and access to your computer. A firewall can be either hardware or software.
Hardware firewalls provide a strong degree of protection from most forms of
attack coming from the outside world and can be purchased as a
stand-alone product or in broadband
routers. Unfortunately, when battling viruses,
worms and Trojans, a hardware firewall may be less effective than a software
firewall, as it could possibly ignore embedded worms in out going e-mails and
see this as regular network traffic. For individual home users, the most popular firewall
choice is a software firewall. A good
software firewall will protect your computer from outside attempts to control or gain
access your computer, and usually provides additional protection against the most common Trojan programs or e-mail
worms. The downside to software firewalls is that they will only
protect the computer they are installed on, not a network.
It is important to remember that on its own a
firewall is not going to rid you of your computer virus problems, but
when used in conjunction with regular operating system updates and a good anti-virus
scanning software, it will add some extra security and protection for your computer
or network.
|
Did You Know...
CodeRed, a blended threat, launched DoS attacks, defaced Web
servers, and its variant, CodeRed II, left Trojan horses behind
for later execution. CodeRed was processed in memory — not on a
hard disk — allowing it to slip past some anti-virus products.
Computer Economics has estimated the worldwide cost of CodeRed
at $2.62 billion dollars. [Source:
Symantec Web
site] |
Want more PC security?
Be sure to
read the article,
"Did You Know...
The Differences and Features of
Hardware & Software Firewalls".
Vangie 'Aurora' Beal
Writer, www.Webopedia.com
Last updated: June 30, 2006
Microsoft's Protect
Your PC Web site
At home or at work, Microsoft's Protect Your PC Web site offers an excellent
array of information regarding Internet firewalls, updating your Windows PC, and
anti-virus software.
Symantec
Security Response - Latest Virus Threats Page
The Symantec
Antivirus Research Center offers a wealth of information on viruses. It begins
with a list of hot topics (new virus and virus products), and also provides
links to virus alerts, an information database, references, submit virus
samples, Macintosh viruses, and Symantec virus product information.
Webopedia's The Differences and Features of Hardware & Software Firewalls
Firewalls can be either hardware or software. The ideal firewall configuration
will consist of both. In addition to limiting access to you computer and
network, a firewall is also useful for allowing remote access to a private
network through secure authentication certificates and logins.
Webopedia's Did You Know... All About Phishing
An e-mail scam is a fraudulent e-mail that appears to be from a legitimate
Internet address with a justifiable request . usually to verify your personal
information or account details.
Smarter 'Blended Threats'
Replacing Simple Viruses
And blended threats are wreaking havoc. According to the Symantec report,
blended infections were responsible for some of the most significant security
events of 2003, including last August's assault on the Internet by three new
Category 4 worms in just 12 days.
Home PC
Firewall Guide
The purpose of the Home PC Firewall Guide is to provide easy access to basic
information about, and independent, third-party reviews of Internet security and
privacy products for home, telecommuter and SOHO (small office, home office)
end-users.
Security Threats Coming from all Sides: Can Your Small Business Protect Its
Network?
Today's customers are
becoming very security conscious. In our electronic age, information is the
foundation for success. Whether you're a wholesaler, manufacturer, doctor, or
realtor, or operate any type of Internet-connect knowledge-based small
business you could suffer major losses in profits or credibility if a virus
violates one of your computers. While threats vary, it pays to be wary of new
blended security threats.
Sobig's
Birthday -- Tracking Most Damaging Virus Ever
A year to the day after the virulent Sobig virus hit the wild, spawning a family
of malicious attacks that would span the next nine months, anti-virus experts
are on daily watch for the next vicious attack. |
