A “virus” in the computer world is a malicious program written to disrupt the operation of a computer or to damage its data. (Viruses do not infect hardware and generally do not damage hardware.) A second purpose is to propagate itself, and for many viruses this is its primary reason for being.
Viruses have discreet ways of invading your computer. File transfer - the copying of files from an infected computer to one that is not infected is one way a virus propagates. Boot disks in a PC set up to boot from the floppy disk first, an infected system disk may load a virus onto a PC when there is no protection in readiness. Email the transmission of infected files as attachments would be the most common way today.
If a computer has only legitimate, original software installed on it, and the user never receives data from an outside source, the computer will never have a virus. If a virus is present, but is never activated, the computer will behave as if it has no virus. A virus is activated by being “executed”, or “run” as it is a program. Viruses exist in any of the file formats that are executable like .exe, .com, .bat, .vbs, etc. They also exist as macros (programming code that is executed by other programs like MS Word and MS Excel).
While some viruses make their presence known immediately through visible actions on the screen, others lay in wait and simply propagate themselves through email.
Viruses may… ) display odd messages, like “Kiss your data goodbye!”
) prevent the running of other programs, or cause them to run in unusual ways
) prevent an out-dated anti-virus program from running or updating itself
) prevent a particular piece of hardware from functioning properly
) fill up hard drives with garbage files, to the point that a PC runs incredibly slow
) send out email containing the virus itself to all recipients in the sender’s address book
) send out information about the user to a destination chosen by the virus creator
Most viruses will do little damage to a PC or its operating state. It is as if the virus creator only wants to be known to the world like writing “Kilroy was here” or carving one’s initials in a public place. Other, more sinister, viruses may cause infected users to lose data, or to have to spend serious time restoring their computers to a working state. Perhaps the most serious kind of viruses cripple worldwide Internet access by filling up transmission channels and email systems with sheer volume of traffic.
Since Microsoft’s is the predominant software, Microsoft programs (like Outlook Express) are often the vehicle the virus creator chooses to propagate a virus. Microsoft is notorious for leaving itself open to the dark genious of virus creators and hackers. Many “barn doors” in Microsoft code have had to be closed “after the horses are gone”.
An anti-virus program seeks out known viruses by looking for signature code in the programs and data on a PC. Each virus, being a program, is comprised of programming code. The code is made up of numerical bytes. A string of bytes found in the code will be unique to the virus, and can be searched for in the strings of bytes found in all file types on a PC.
Think of the anti-virus program as a doctor, and the anti-virus signature codes (known as “definitions”) as the symptoms one might find in a medical book. When purchased, the anti-virus program and accompanying definitions are like a newly graduated doctor with current medical books. Such a doctor would be capable of finding any diease in a patient, in the same way that a new anti-virus program with updated definitions would be capable of finding any virus on a PC. Even an older anti-virus program with the latest definitions should find any virus on a PC, just like an older doctor with a new medical book should find any disease.
Anti-virus programs need be the earliest of programs loaded once an operating system starts, otherwise viruses loaded earlier in sequence may disable them, or otherwise prevent the anti-virus program from seeing a virus.
What viruses may do…
As to what viruses may do, here is a very recent example of a relatively serious virus.
12 May, 2003
A rather nasty mass-mailing worm, Fizzer, or W32.HLLW.Fizzer@mm has hit the Internet. Like many of its ilk, Fizzer only affects Windows-based systems, sending itself to all contacts in the Windows Address Book and containing a backdoor that uses mIRC (Internet Relay Chat) to communicate with a remote attacker. Fizzer also has a number of other dangerous features, including: having its own SMTP engine to get past email clients, updating itself by connecting to a GeoCities account for the latest update from the virus's author, and having a key-logger that keeps track of keystrokes on a user's system - ideal for credit card fraud and stealing passwords.
Fizzer also attempts to terminate the process of various anti-virus programs if they are found to be active. It can also make distributed denial-of-service (DDoS) attacks on other computers.
Symantec Security Response upgraded the virus to a level 3 on a scale of 1 to 5, with 5 being the most serious.
Visit the Symantec website (or McAfee’s) to learn about the latest viruses and what you can do about them.
Virus warnings and hoaxes…
Perhaps you have received something like this in your email...
Subject: Fw: Virus warnings - important
>> ----- Original Message -----
>> From: <Shellmil@aol.com>
>> To: "Brenda Mahlstrom" <firstname.lastname@example.org>; "Scott WAhl" email@example.com>; <VinceAS@aol.com>;
>> <Vin.Bodnar@gecapital.com>; <firstname.lastname@example.org>; <Aimer@aol.com>; <GRANDHESS@csa.com>;
>> <P1Pess@cs.com>; "Kim Killen" <email@example.com>; <firstname.lastname@example.org>; <email@example.com>;
>> <Moser@erol.com>; <Moser@jiny.com>; <RBaglady@aol.com>; Jens10497@aol.com>
>> Sent: Wednesday, March 15, 2000 7:25 PM
>>Subject: Virus warnings - important
>> Three Serious WARNINGS
>> WARNING No. 1 If you receive any CELCOM Screen Saver. Please! do not install it!!!!!! This screensaver is very cool.
>> It shows a NOKIA handphone, with time messages. After it is activated, the PC cannot boot up at all. It goes very slow.
>> It destroys your hard disk. The filename is CELLSAVER.EXE.
>> WARNING No. 2 Beware! if someone named <SandMan> asks you to check out his page. DO NOT! It is at
>> www.geocities.com/vienna/6318. This page hacks into your C:\drive. DO NOT GO THERE... FOWARD THIS MAIL
>> TO EVERYONE YOU KNOW. Warning No. 3 SEND THIS TO EVERYONE IN YOUR CONTACT LIST! THIS IS NO
>> JOKE,OK? WARNING: If you get an E-mail titled : "Win A Holiday" DO NOT open it. Delete it immediately. Microsoft
>> just announced yesterday. It is a malicious virus that WILL ERASE YOUR HARD DRIVE . At this time there is no remedy.
>> Forward this to everyone IMMEDIATELY!! PLEASE PASS THIS ALONG TO ALL YOUR FRIENDS AND PEOPLE IN
>> YOUR MAILBOXES. AOL HAS SAID THIS IS A VERY DANGEROUS VIRUS AND THERE IS NO REMEDY FOR
>> THIS YET. FORWARD IT TO ALL YOUR ON-LINE FRIENDS A.S.A.P.!
It's pretty hard to take stuff like this seriously with so many warnings written through it. Putting text in caps, using exclamation points, using phrases like " THIS IS NO JOKE, OK?" Where's the rationality? What's to say that this email doesn't contain a virus, and here you have been asked to pass it along immediately to all your friends...
Whether the sender was well-intentioned or ill-advised, you are best to ignore messages like these totally, and do not pass them on.
Some virus warnings may have elaborate instructions as to how to prevent or remove a purported virus. Do not follow these instructions, as you may be the agent of your own destruction.
If you want to know if the message is valid, go to the Symantec hoax page (or McAfee’s) and see.
Preventing virus damage…
Removing viruses can be a complicated and expensive task prevention is the key. If a decent anti-virus program is correctly installed, a PC should remain virus-free. (Only a virus in its first day or so of release could cause trouble this being the short time before the major anti-virus program companies identify it, and create definitions for it.)
Anti-virus software developers also make removal tools - short programs that can restore a PC to its state prior to the damage caused by a virus. Many of these work very well.
Personal data your own information on your PC needs to be backed up at all times. While a PC can be restored to a pre-attack state, personal data may be lost. Without a backup, this data may be unrecoverable.
Your best defense...
1) back up your data regularly (hourly, daily, weekly or monthly - depending on how important the data is, how often you edit it, and on how hard it would be to re-create it).
2) have all the (legal) disks you need on hand for setting up all the hardware and software you have.
3) have a decent anti-virus program on your machine, have it set up properly, learn how to use it properly, and update its definitions regularly (once a month) via the Internet or an FTP connection.
4) Keep a virus-free system disk (floppy) on hand that will allow you to boot your machine with CD capability. (This is not something the average user knows how to do, so you should have someone show you how to make you one. WIN98 also has some help screens on this. Look under "formatting".)
5) Don't give out your email address lightly. You may start receiving all kinds of unsolicited junk if you do. Get free alternative addresses from Yahoo or MSN (hotmail) to give out to infrequent contacts who request an address. If you begin to get garbage, get a new alternative address. This preserves your provider account address for secure contacts only.
6) If you don't recognize the sender, ignore their emails.
7) Beware of "free" stuff. Downloading little games and such may cause you more grief than its worth.
8) Beware of .EXE, .COM, .BAT, .DLL and other executable files from any source. If you receive something like this unexpectedly, email the sender and ask them what the file is supposed to do. Don't just run it to find out. What the file does when run may be irreversible.
9) Mail that appears to be coming from someone you know may not have been sent intentionally. Viruses that may be affecting the sender's machine could be sending mail to you without that person's knowledge. If the email is in any way suspicious, check the legitimacy first.
10) Pay attention to the news. Many new damaging viruses that you might receive are regularly reported there. Instructions for identifying them and avoiding their damage are usually included in the news report.
Viruses cannot hurt hardware. As long as you can recreate your machine's software setup and restore any data you may have had, a virus can only set you back a little time (which means money if you are unable to fix the problem yourself). Viruses must be invoked to harm you - macroless text and data files cannot harm you. Keep this last point in mind before you casually "run" or "open" something you receive in your email.
© Products of Concord North Ltd. Home