Malware
is a general name for all programs that are harmful;
viruses, trojan, worms and all other similar programs.
Viruses
A computer virus is a program, a
block of executable code, which attach itself to,
overwrite or otherwise replace another program in order
to reproduce itself without a knowledge of a PC user.
There are a couple of different
types of computer viruses: boot sector viruses,
parasitic viruses, multi-partite viruses, companion
viruses, link viruses and macro viruses. These
classifications take into account the different ways in
which the virus can infect different parts of a system.
The manner in which each of these types operates has one
thing in common: any virus has to be executed in order
to operate.
Most viruses are pretty
harmless. The user might not even notice the virus for
years. Sometimes viruses might cause random damage to
data files and over a long period they might destroy
files and disks. Even benign viruses cause damage by
occupying disk space and main memory, by using up CPU
processing time. There is also the time and expense
wasted in detecting and removing viruses.
Trojan
A Trojan Horse is a program that
does something else that the user thought it would do.
It is mostly done to someone on purpose. The Trojan
Horses are usually masked so that they look interesting,
for example a saxophone.wav file that interests a person
collecting sound samples of instruments. A Trojan Horse
differs from a destructive virus in that it doesn't
reproduce. There has been a password trojan out in AOL
land (the American On Line). Password30 and Pasword50
which some people thought were wav. files, but they were
disguised and people did not know that they had the
trojan in their systems until they tried to change their
passwords.
According to an administrator
of AOL, the Trojan steals passwords and sends an E-mail
to the hackers fake name and then the hacker has your
account in his hands.
Worms
A worm is a program which spreads
usually over network connections. Unlike a virus which
attach itself to a host program, worms always need a
host program to spread. In practice, worms are not
normally associated with one person computer systems.
They are mostly found in multi-user systems such as Unix
environments.
Macro virus
Macro viruses
spread from applications which use macros. The macro
viruses which are receiving attention currently are
specific to Word 6, WordBasic and Excel. However, many
applications, not all of them Windows applications, have
potentially damaging and infective macro capabilities
too.
A CAP macro virus,
now widespread, infects macros attached to Word 6.0 for
Windows, Word 6.0.1 for Macintosh, Word 6.0 for Windows
NT, and Word for Windows 95 documents.
What makes such a
virus possible is that the macros are created by
WordBASIC and even allows DOS commands to be run.
WordBASIC in a program language which links features
used in Word to macros.
A virus, named
"Concept," has no destructive payload; it merely
spreads, after a document containing the virus is
opened. Concept copies itself to other documents when
they are saved, without affecting the contents of
documents. Since then, however, other macro viruses have
been discovered, and some of them contain destructive
routines.
Microsoft suggests
opening files without macros to prevent macro viruses
from spreading, unless the user can verify that the
macros contained in the document will not cause damage.
This does NOT work for all macro viruses.
Why are macro
viruses so successful? Today people share so much data,
email documents and use the Internet to get programs and
documents. Macros are also very easy to write. The
problem is also that Word for Windows corrupts macros
inadvertently creating new macro viruses.
Corruption's also
creates "remnant" macros which are not infectious, but
look like viruses and cause false alarms. Known macro
virus can get together and create wholly new viruses
There have been
viruses since 1986 and macro viruses since 1995. Now
about 15 percent of virus are macro viruses. There are about 2.000 macro viruses
and about 11.000 DOS viruses, but the problem is that
macro viruses spreads so fast. New macro viruses are
created in the work-place, on a daily basis, on typical
end-user machines, not in a virus lab. New macro virus
creation is due to corruption, mating, and conversion.
Traditional anti-virus programs are also not good at
detecting new macro viruses.
Almost all virus
detected in the Helsinki University of Technology have
been macro viruses, according to Tapio Keihänen, the
virus specialist in HUT.
Before macro
viruses it was more easy to detect and repair virus
infections with anti-virus programs. But now when there
are new macro viruses, it is harder to detect macro
viruses and people are more in contact with their
anti-virus vendor to detect an repair unknown macro
viruses, because new macro viruses spread faster than
new anti-virus program updates come up.
Virus
sources
Viruses don not
just appear, there is always somebody that has made it
and they have own reason to so. Viruses are written
everywhere in the world. Now when the information flow
in the net and Internet grows, it does not matter where
the virus is made.
Most of the
writers are young men. There are also few university
students, professors, computer store managers, writers
and even a doctor has written a virus. One thing is
common to these writers, all of them are men, women do
not waste their time writing viruses. Women are either
smarter or they are just so good that never get caught.
What are the
signs of viruses
Almost anything
odd a computer may do, can blamed on a computer "virus,"
especially if no other explanation can readily be found.
Many operating systems and programs also do strange
things, therefore there is no reason to immediately
blame a virus. In most cases, when an anti-virus
program is then run, no virus can be found.
A computer virus
can cause unusual screen displays, or messages - but
most don't do that. A virus may slow the operation of
the computer - but many times that doesn't happen.
Even longer disk activity, or strange hardware behavior
can be caused by legitimate software, harmless "prank"
programs, or by hardware faults. A virus may cause a
drive to be accessed unexpectedly and the drive light to
go on but legitimate programs can do that also.
One usually
reliable indicator of a virus infection is a change in
the length of executable (*.com/*.exe) files, a change
in their content, or a change in their file date/time in
the Directory listing. But some viruses don't infect
files, and some of those which do can avoid showing
changes they've made to files, especially if they're
active in RAM.
Another common
indication of a virus infection is a change to the
reassignment of system resources. Unaccounted use of
memory or a reduction in the amount normally shown for
the system may be significant.
In short,
observing "something funny" and blaming it on a computer
virus is less productive than scanning regularly for
potential viruses, and not scanning, because "everything
is running OK" is equally inadvisable.
What to do
when you find viruses
First thing what
you should do when you find virus is count to ten and
stay cool. You should keep notes on what you do and
write down what your virus programs and you computer
tells you. If you are not sure what to do, you should
call the administrator for future action. In some cases
it is not good to start you computer from hard disk,
because the virus may active and then do some harm.
Second,make sure
that you should get sure that it is virus and what virus
it is. It is important to know what kind of virus we are
dealing with. Companies that make anti-virus programs
knows what different viruses does and you can ether call
them and ask about that viruses or you can go to their
web pages and read about the virus you have.
When you start
your computer you should do it from a clean
(non-infected) floppy diskette and after that run the
virus program. The boot diskette should be write
protected so that virus can not infect the boot diskette
too.
It is good to take
a backup of the file that was infected. Virus program
could do some damage to the file and that is why it is
good to have a backup.
It is good to let
you administrator to know about the virus, so viruses
would not spread around so much. In TKK PC classes are
protected by anti-virus program and that virus program
reports to a person, responsible for virus protection.
