Viruses, Worms and Trojans

What are they, how did they come about, signs of infection and what can I do to protect myself?

The term virus for computers is also commonly used for other malware just like the human virus can be many different types.   This blog is just a broad view focusing on viruses, trojans and worms – the most common and destructive of the spread malicious software.  

What’s the difference between them?

Viruses

Computer viruses act much in the same way as human viruses – they need to be spread from a ‘host’ and can range from being annoying to very serious.   So basically they attach themselves to another object which can be a program, file etc.

A computer virus as a computer program written to alter the way a computers operates, without the permission or knowledge of a user. A true virus must replicate itself, and must execute itself.

Microsoft describes a virus as ‘software programs that are deliberately designed to interfere with computer operation, record, corrupt or delete data, or spread themselves to other computers and throughout the internet'.

Unlike like viruses worms do not need to be spread by a host file.   A worm is a piece of software that uses computer networks and security flaws to create copies of itself.  It’s an independent program that replicates itself by copying itself from   computer to computer.   Like real world worms internet worms replicate themselves.   Though unlike real world worm they spread quickly which can cause havoc by overloading a system resource like an email server for example.

Trojans

We all know the story from Greek history -the gift that looked like a horse but had other intentions.   Computer Trojans appear the same way.   A Trojan is an imposter file(s) that claim to be something desirable but, in fact, are malicious.

Trojans are unlike viruses in that they cannot replicate automatically. They need to be invited in.  

Trojans have two parts – server and client.   Once run the server infects the user’s computer while the client allows the hack to manipulate data on the infected pc.

When did they come about?

Different dates are cited  on when viruses were introduced.   The earliest found though was from 1982.   The virus called The Elk Cloner started as a joke and was made by Rich Skrenta.   It was spread by floppy disc and put on a game.   When the game was played for the 50th time instead of starting the game a blank screen appeared that read a poem about a virus name Elk Cloner.

The first worm that appeared was in 1988 created by a Cornell University student Robert Morris. It exploited a buffer overflow in the Unix Sendmail program. The worm spread quickly eating up resources and causing massive disruptions.

Trojans came a year after the first worm.   1989 introduced the AIDS Trojan.   This Trojan was famous for holding data hostage.    It was sent under the guise of an AIDS information program.   Once executed this Trojan encrypted the unsuspecting user’s hard drive preventing them from accessing it.   It even demanded payment for the decryption key or password!

How they are spread

As pc’s, networks and the internet have become more widespread so have ways of spreading viruses, worms and trojans.   They are no longer limited to how they originally spread. In fact new ways of spreading are appearing all the time.   As technology advances you can be sure ways of pc infection will not be far behind.

The most commons ways they are spread is through email attachments, web pages, website downloads, P2P and Bit Torrent networks, IRC, instant messaging, floppy discs and other portable media/storage devices like cd’s and flash drives.

Signs of Infection

Infections can come in many sizes and shapes.   Here is a list of signs to looks out for:

·          PC is running slow

·          CPU is always at 100%

·          A friend(s) tell you they received an email for you with an attachment that you didn’t send

·          Anti Virus program is disabled and can’t be restarted

·          Increase in files sizes

·          Strange popup’s or alerts

·          PC shuts down unexpectedly or reboots without warning

·          Icons appear on your desktop of programs you didn’t install

·          Files have been deleted from you hard drive mysteriously

Some from this list may not even be signs of infections – they can be signs of problems with your operating system or a buggy program for example.   But be paranoid and try and get to the root cause of the symptom(s).  

How to Protect Yourself

Each day new malicious software appears.   At time it’s seems you need more protection on your pc’s then you do for your house! PC security is just as essential as home security – you wouldn’t leave you home open to invaders so don’t leave the pc open to them either.

First and foremost you’ll need anti virus software installed that offers ‘real time’ protection. Antivirus software will try and identify, stop and eliminate viruses and other malicious software.  Real time protection or on access protection refers to the ability of the antivirus to scan files on the fly as they are either created/read (opened)/modified or executed (or some combination of).  Also important is keeping the virus definitions updated of the program you are using.   Most anti virus software have this set by default.   Most antivirus software also have the option to run scans on demand or they can be set to scan on a regular basis.   It’s a good idea to run these scans at least weekly.

Just as important is installing a firewall.  A firewall is hardware or software solution to enforce security policies. In the physical security analogy, a  firewall is equivalent to a door lock on a perimeter door or on a door to a room inside of the building - it permits only authorized users such as those with a key or access card to enter. A firewall has built-in filters that can disallow unauthorized or potentially dangerous material from entering the system. It also logs attempted intrusions. The firewall is your barrier against the potentially dangerous users and programs on the internet.

Keep up to date on all patches and updates for operating system.   Some of these updates are specifically for new security holes that have been found.   The updates and patches help close them.

If you receive an email with an attachment from an unknown sender don’t open it.   Chances are it’s not something good. Delete it even if your antivirus didn’t flag it as suspicious.   Even opening an attachment from someone you know may be harmful.   They may be infected.   If you weren’t expecting it confirm the attachment with the sender.

If you’re using a Windows operating system have it set to show the file extensions.    This will show you what the file really is.   What you may think is just a jpg could turn out to be .jpg.exe.   Developers of malicious software know some of the flaws, vulnerabilities and default settings of Windows and will try to disguise the file so that you are more apt to open it. Showing the file extensions helps take that mask away from them.

Even though most pc infections are spread thru email and the internet now don’t let your guard down on floppy discs, cd’s and portable storage devices.   Always scan them first before copying any files or running any programs from them.