Computer Viruses, Trojans and Worms
What is a Computer Virus?
To be defined as a virus, a program must:
- Replicate itself in order to carry out a mission.
- Be dependent on a "host" to carry out the mission.
- Create damage to the computer system "infected".
"A computer virus is an exact cybernetic analogy to its biological reference"
- A virus is a program which reproduces itself, hides in other computer code without permission and does nasty or undesirable things, not intended by its victim.
- Trivial, simply reproduces or displays messages.
- Minor, alters or deletes infected files.
- Moderate, wipes out entire disk drive.
- Major, slowly corrupts data with pattern, making restoration difficult.
- Severe, slowly corrupts data without pattern, making restoration impossible.
- Unlimited, virus which discovers system administrator's password and mails it to one or more users, tempting them to use it for illegal purposes.
- The Replication mechanisim
- allows virus to copy itself
- The Protection mechanism
- Hides virus from detection
- The Trigger
- Mechanism which will set off the payload
Viruses are classified by the portion of the system they affect. There are six main types:
- Infect the boot block on a floppy or hard disk.
- Usually replaces the boot block with all or part of a virus program.
- Most have trigger dates, when booted on that day severe damage will be done.
- Virus loads into memory and infects other disks.
- Example is Michaelangelo - on March 6 (Michelangelo's birthday) garbage is written through entire drive.
- Infect .EXE or .COM files.
- Usually append the virus code to the file, new versions hide the virus.
- Damage is done when program is run and the virus will attach to other files.
- Example is Friday the 13th - if the date matches Friday the 13th when the virus is executed, all .EXE files are deleted.
- Infect both boot blocks and executable files.
- Combine the capabilities of boot viruses and file viruses.
- Example is Tequila - will display graphics and text rather than running programs.
- Can infect the boot sector, files or both.
- Is self-modifying, changes each time it infects a file or disk.
- Very difficult to detect and remove.
- Example is tremor which triggers 3 months after infection and displays "-M
OMENT-OF-TERROR-IS-THE-BEGINNING-OF-LIFE-" with every warm boot.
- First viruses to infect data files and to work on multiple platforms.
- Carried in data files for Microsoft Word and AmiPro documents
- Example is Concept - which will infect the global template and all files loaded from then on. Was distributed by Microsoft on a CD-ROM called Microsoft Windows 95 Software Compatibility Test.
- Never use a "foreign" disk or CD-ROM without scanning it for viruses.
- Always scan files downloaded from the internet or bulletin boards.
- Never boot your PC from a floppy unless you are certain it is virus free.
- Write protect your disks to prevent viruses from reproducing onto your disks.
- Use licensed software from a reputable dealer.
- Password protect your PC to prevent copying of files in your absence.
- Make regular backup copies of all your work and system configurations.
- Install and use anti-virus software regularly.
- Update your anti-virus software regularly so it can detect new viruses.
Information on Viruses
Dr. Solomon's War on Viruses
Computer Viruses and Security
Computer Trojans are simply malicious computer programs disguised as something useful. The major difference between viruses and Trojans is that viruses reproduce, while a Trojan is just a one time program which executes its payload as soon as the Trojan is executed. Trojans are the most common way of bringing a virus into a system. A current example of a Trojan is a program called pkz300b.exe which disguises itself as an archiving utility, but when run it will delete your entire hard drive.
Computer Worms are reproducing programs that run independantly and travel across network connections. The main difference between viruses and worms is the method in which they reproduce and spread. A virus is dependant upon a host file or boot sector, and the transfer of files between machines to spread, while a worm can run completely independently and spread of its own will through network connections. An example of a worm is the famous
of 1988: Overnight the worm copied itself across the internet, infecting every Sun-3 and VAX system with so many copies of itself that the systems were unusable. Eventually several sites disconnected themselves from the internet to avoid reinfection.
This page was written by