Computer Viruses, Worms, and Trojan Horses Explained

OverviewComputer viruses, worms, and Trojan horses are malicious pieces of software that can cause considerable damage to your computer hardware, software, and information stored in it. They can also slow down your PC, making it virtually unusable. This type of software falls into the category of malware (short for malicious software) since it isdesigned to harm or secretly access a computer system without the owner's informed consent. Computer virus hoaxes are also quite common, but harmless in nature.An often asked question, particularly from people relatively new to computers, is "Where do computer viruses come from?" The answer is simple. People write computer viruses. A person writes the code, tests it to ensure that it will spread properly, decides what the virus will do, and releases it. There are many psychological reasons why someone would do this, and these virus authors are often compared to vandals or arsonists.The Creeper Virus is generally accepted as the first computer virus. It was first detected on ARPANET, the forerunner of the Internet, in the early 1970's, infecting DEC PDP-10 computers running the TENEX operating system. Creeper gained access via the ARPANET and copied itself to the remote system where the message, "I'm the creeper, catch me if you can!" was displayed.Computer viruses, as we know them today, were first widely seen in the late 1980s, and they came into existence because of several factors. The first factor was the spread of personal computers (PCs). During the 1980s, the IBM PC (released in 1982) and the Apple Macintosh (released in 1984) became very popular, with widespread use in businesses, homes and college campuses.The second factor was the use of computer bulletin boards. Using a modem, people could dial up a bulletin board and download programs of all types. Games were extremely popular, and so were simple word processors, spreadsheets and other productivity software. Bulletin boards led to the precursor of the virus known as the Trojan horse.The third factor that led to the creation of viruses was the floppy disk. In the 1980s, programs were small, and you could fit the entire operating system (usually MS-DOS), a few programs and other files onto a floppy disk or two. Many computers did not have hard disks, so when you turned on your machine it would load the operating system andeverything else from the floppy disk. Virus authors took advantage of this to create the first self-replicating programs. Quite often these floppy disks were shared among computer users, allowing the virus to spread from one computer to another.VirusesA computer virus is a small piece of software that, like a human virus, is capable of replicating itself and spreading. In order to do this, a virus must be permitted to execute code and write to memory. For this reason, many viruses attach themselves to executable files (real programs), such as your favourite text editor program or other utility. If you launch the text editor program, the virus' code may be executed simultaneously, allowing it to replicate itself, and attachto other programs.An e-mail virus travels as an attachment to e-mail messages, and usually replicates itself by automatically mailing itself to dozens of people in your e-mail address book. Some e-mail viruses don't even require a double-click -- they launch when you view the infected message in the preview pane of your e-mail software. Being a computer professional with over 30 years experience in the software industry, I have seen a lot of bogus e-mail, so receiving the following message recently was not a surprise.Dear customer.The parcel was send your home address.And it will arrice within 7 bussness day.More information and the tracking number are attached in document below.Thank you.2011 DHL International GmbH. All rights reserverd.Of course, the e-mail also contained an attachment in the form of a ZIP file. Not only is the spelling bad, but the grammar is bad as well. And they claim to be DHL, a reputable company! My curiosity didn't get the better of me -- I decided not to open the attachment.One of the more famous e-mail viruses appeared in March, 1999 and was known as the Melissa Virus. Anti-virus software vendors refer to this virus as the Melissa macro or W97M_Melissa virus. It propagated itself in the form of an e-mail message containing an infected Microsoft Word 97 or Word 2000 document as an attachment. It was so powerful that it forced a number of large companies, including Microsoft, to completely turn off their e-mail systems until the virus could be contained.Virus HoaxesA computer virus hoax is a message warning the recipient of a non-existent computer virus threat. The message is usually a chain e-mail that tells the recipient to forward itto everyone they know.Most hoaxes are sensational in nature and easily identified by the fact that they indicate that the virus will do nearly impossible things, such as blow up the recipient's computer and set it on fire, or less sensationally, delete everything on the user's computer. Quite often the e-mail message claims to originate from a reputable company, such as Microsoft, giving the hoax more credibility.Virus hoaxes are usually harmless and accomplish nothing more than annoying people who identify it as a hoax and waste the time of people who forward the message. Nevertheless, a number of hoaxes have warned users that vital system files are viruses and encourage the user to delete the file, possibly damaging the system. Examples of this type include the jdbgmgr.exe virus hoax and the SULFNBK.EXE hoax.Some consider virus hoaxes to be a computer worm in and of themselves. They replicate by social engineering -- exploiting users' concern, ignorance, and reluctance to investigate before acting.The gullibility of novice computer users (my parents come to mind) convinced to delete files on the basis of hoaxes has been parodied in several popular jokes and songs. "Weird Al" Yankovic wrote a song called "Virus Alert" that makes fun of the exaggerated claims that are made in virus hoaxes, such as legally changing your name. Another parody is the honor system virus, which has been circulated under several different names including the Amish Computer Virus, the Blond Computer Virus, the Newfie Virus, and the Unix Computer Virus, is joke email claiming to be authored by the Amish who have no computers, programming skills or electricity to create viruses and thus ask you to delete your own hard drive contents manually after forwarding the message to your friends.The Tuxissa Virus is another parody of the virus hoax, based on the concept of the Melissa virus, but with its intent of installing Linux on the victim's computer without the owner's permission. The story says that it was spread via e-mail, contained in a message titled "Important Message About Windows Security". It was supposed to first spread the virus to other computers, then download a stripped-down version of Slackware and uncompress it onto the hard disk. The Windows Registry is finally deleted and the boot options changed. Then the virus removes itself when it reboots the computer at the end, with the user facing the Linux login prompt and all his Windows security problems solved for him.WormsA computer worm is a small piece of software that uses computer networks and security holes to replicate itself. Unlike computer viruses, worms do not need to attach themselves to programs, and don't require user intervention to spread. Worms are capable of replicating in great volumes, taking control of features on your computer that transport files or information. For instance, a worm called Code Red replicated itself more than 250,000 times in approximately nine hours on July 19, 2001, slowing down Internet traffic dramatically.The ILOVEYOU (also known as LoveLetter) worm successfully attacked millions of Windows computers in 2000 when it was sent as an attachment to an email message with the text "ILOVEYOU" in the subject line. The worm arrived in email in-boxes with the simple subject of "ILOVEYOU" and an attachment "LOVE-LETTER-FOR-YOU.TXT.vbs". The 'vbs' extension was hidden by default, leading unsuspecting users to think it was simply a text file (when in fact it was a Visual Basic script). Upon opening the attachment, the worm sent a copy of itself to everyone in the Windows Address Book and with the user's sender address. It also made a number of malicious changes to the user's system.Trojan HorsesA Trojan horse is a destructive computer program that masquerades as a valuable or entertaining tool. It claims to perform a desirable function, but in fact damages your computer system when it is run. A Trojan horse can be a virus or a remote control program. They are usually installed on a computer through an e-mail attachment.The term is derived from the Trojan Horse story in Greek mythology. In this story, the Greeks give a giant wooden horse to their enemy, the Trojans, apparently as a peace offering. But after the Trojans drag the horse inside their city walls, Greek soldiers sneak out of the horse's hollow belly and open the city gates, allowing their compatriots to pour in and capture Troy.Unlike viruses, Trojan horses do not replicate thdmselves but they can be just as destructive. One of the most crafty types of Trojan horse is a program that claims to rid a computer of viruses but instead introduces viruses onto the computer.Back Orifice is a famous example of a Trojan Horse, written to demonstrate the lack of security in Microsoft Windows 98. It was the brainchild of Sir Dystic, a member of the U.S. hacker organization CULT OF THE DEAD COW. It was designed for remote system administration, based on a client-server architecture, allowing a user to control a computer running Microsoft Windows from a remote location (much like Microsoft's Remote Desktop Connection software). This required two components to work -- a client application running on the attacker's computer and a server application running on the victim's computer. Once installed, the attacker can perform any number of tasks on the victim's computer, including transferring files to and from the victim's machine, crashing the computer, data theft, installation of software including malware, and keystroke logging for the purpose of acquiring user ids and passwords. Back Orifice 2000, the sequel to Back Orifice, was later released and could run on Windows NT machines.Another notable Trojan horse is called SubSeven. It was designed to attack computers running Microsoft Windows 95 and Windows 98. It is also similar in architecture to Back Orifice, but with a third component called a server editor (EditServer), which allowed the attacker to configure the infection. It provides many more options for attack than Back Orifice, however, allowing an attacker to issue virtually any command imaginable on a compromised system.Trojan horses are becoming more and more common. According to a survey conducted by BitDefender from January to June 2009, "Trojan-type malware is on the rise, accounting for 83-percent of the global malware detected in the world". This virus has a relationship with worms as it spreads with the help given by worms and travel across the Internet with them.Famous Computer Viruses And WormsThroughout history there have been a lot of computer viruses and worms created. Here is a list (in no particular order) of the most dangerous ones.Mellissa (1999) -- The Mellisa Virus caused damage estimated at between $300 and $600 million. This virus gained huge fame on March 26, 1999, with experts claiming that between 15 and 20 percent of all business PCs on the planet were infected.ILOVEYOU (2000) -- ILOVEYOU was first detected in the Philippines on May 4. In just one day it spread worldwide, with about 10 percent of all Internet users being affected by the worm, and caused $5.5 billion damage. When activated, the computer worm overwrote all files on the host, attaching a copy of itself to each file. In addition, the worm sent a copy of itself to everyone in the user's address book.Nimda (2001) -- Nimda used seemingly every possible method to spread, and was very effective at doing so. Nimda is notable for being one of the fastest spreading and most widespread viruses ever.Code Red (2001) -- Code Red targeted Internet Information Services (IIS) on Windows servers. It also launched denial of service (DoS) attacks.Creeper (1971) -- Creeper is generally accepted as the first ever computer virus.SQL Slammer (2003) -- This tiny virus infected servers running Microsoft's SQL Server Desktop Engine, and was very fast to spread.Elk Cloner (1982) -- Possibly the first personal computer virus, Elk Cloner infected the boot sector of Apple II floppies.The Morris Internet Worm (1988) -- The Morris worm infected Unix systems and is considered the grandfather of computer worms.Protecting Your ComputerYou can protect your computer from viruses with a few simple steps:Run a more secure operating system such as UNIX.If you are using an unsecured operated system, then purchase good anti-virus software that automatically scans e-mail attachments or other downloaded files. Make sure you scan for viruses at least once a week.You can eliminate almost all infection from traditional viruses by simply avoiding programs from unknown sources (such as the Internet). Download software from trusted sites only. Better yet, install only commercial software from a CD.Avoid opening attachments or clicking on links in e-mail from unknown senders. In particular, attachments that are executable files (i.e have an extension of EXE, COM,or VBS) can do all sorts of damage to your computer.Due to the destructive nature of viruses, it is important that you back up your data on a regular basis, particularly those files you can't afford to lose.Most up-to-date anti-virus programs, like McAfee VirusScan Plus, BitDefender, or CA Anti-Virus Plus, will guard against computer viruses and remove them should they be installed. Of course, they need to be updated with virus signature files to catch the latest variants that are released periodically. These signature files (sometimes called "definition files") can be obtained from the program vendor via the Internet.