Virus, Worms and other Hostile Programs

   This is another threat which is hard to control and also responsible for the most breathless headlines that makes the technology news these days. People are on the look out for outbreaks of viruses and worms, often prompted by press releases from companies that sell software intended to fight those hostile programs. In recent years, a handful of new viruses and worms have caused massive amounts of damage to the computers they infected and have disrupted the flow of information on the Internet. Sadly, Windows users who pay attention to the threat of viruses only when a new outbreak occurs are most likely to become victims of a new attack.

  It is important to understand how viruses and worms work are essential to keep them out of the computer and network. Some basic definitions of virus are given below.

  • A virus is a piece of code that replicates by attaching itself to another object. A virus doesn't have to be a self-contained program; in fact, many outbreaks of seemingly new viruses actually involve rewritten and repackaged versions of older virus code. When a virus infects a computer running Windows, it can attack the registry, replace system files, and take over e-mail programs in its attempt to replicate itself. The virus payload is the destructive portion of the code. Depending on the malicious intent and skill of the virus writer, the virus can destroy or corrupt data files, wipe out installed programs, or damage the operating system itself.
  • Worms are independent programs that replicate by copying themselves from one computer to another, usually over a network or through e-mail attachments. Many modern worms also contain virus code that can damage data or consume so many system resources that they render the operating system unusable.

    •   Computer viruses date back to the 1980s, when they were most commonly transmitted through infected floppy disks. In recent years, though, virus outbreaks have become faster and more destructive, thanks to the ubiquitous nature of the Windows platform and popular e-mail programs such as Microsoft Outlook and Outlook Express, coupled with the soaring popularity of the Internet. Virus writers have become more sophisticated, too, adding smart setup routines, sophisticated encryption, downloadable plug-ins, and automatic Web-based updates to their dangerous wares. Polymorphic viruses can mutate as they infect new host files, making discovery and disinfection difficult because no two instances of the virus "look" the same to virus scanners. A new class of so-called stealth viruses can disguise themselves so that installed antivirus software can't detect them.

       Many viruses and worms spread by attaching themselves to e-mail messages and then transmitting themselves to every address they can find on the victim's computer. When the victim opens the attachment, the animated file plays in its own window, disguising the virus activity. Other viruses hidden in e-mail attachments try to cloak their true identity by appending an additional file name extension to the infected attachment. This strategy relies on the intended victim using the default settings of Windows Explorer, which hide extensions for known file types. For example the SirCam virus, infects a randomly selected file and adds an extension that makes it executable.

       Although most viruses and worms arrive as e-mail attachments, that's not the only method of transmission. Malicious code can also be transmitted to unprotected machines via network shares, through ActiveX controls and scripts, and by HTML-based e-mail messages or Web pages. The infamous Code Red and Nimda worms represent particularly virulent examples of "blended threats" that replicate using multiple vectors.

       There are steps to stop viruses and worms before they cause damage to your computer or network. Four general guidelines to follow are given below.

  • Learn how to spot the warning signs of viruses. This is especially important in the first few hours or days after a new virus or worm appears on the scene, before antivirus software makers have developed updates that can detect the new strain. Unexpected e-mail attachments, even from familiar correspondents, should always be treated with extreme caution.
  • When in doubt, delete suspicious files. When a new virus outbreak occurs, articles in the mainstream press often advise users to avoid opening attachments from strangers. That advice is dangerously incomplete. It's equally important to avoid opening attachments from friends and colleagues. A favorite tactic of virus writers who target Windows computers is to program the virus so that it sends copies of itself via e-mail to everyone in the victim's address book or Windows Messenger list. The infected attachment might be a real file, plucked from the victim's My Documents folder. If you receive an unexpected attachment from anyone, especially someone you know, don't open it until you can verify that it's safe. When in doubt, hit the Delete key.
  • Install antivirus software and keep it up to date. A good antivirus program monitors downloads and e-mail attachments in real time instead of relying on after-the-fact scans to identify infected files. Be sure to update the virus definitions regularly. Out-of-date antivirus software is worse than none at all because it promotes a false sense of security without offering any protection against recent strains.
  • Train other network users on how to avoid viruses. Make sure that people you share a network with develop a healthy suspicion of file attachments and questionable Web pages. Impress on them how important it is to have antivirus software running at all times.
  • Build additional barriers to prevent viruses from attacking computers. The best protection against viruses and worms is to keep them from ever reaching the user. Some third-party firewall programs offer extra layers of protection that block malicious code. Recent versions of Outlook and Outlook Express also include features that can disable potentially dangerous attachments. On a corporate network that includes an e-mail server, e-mail gateways can quarantine dangerous mail before it has a chance to reach users.

    •  
     
    Best viewed with 1024 x 768 px Resolution
    Developed in association with K K Webtech P Ltd.