ABOUT ME // PHOTOGRAPHY

Computer Viruses: Sneaking in Worms, Trojans, Adware, and Malware
          Computer viruses are becoming a large problem as technology advances; however, the larger problem is the abundance of uneducated users. Most users simply think of a program that can “mess up” their computer when they hear the term computer virus. Although many users feel that a virus is just a virus, there are actually several subcategories of viruses. The most common types of new viruses are worms, trojans, adware, and malware. Before a virus can be classified as one of the recent sub-categories, the program must first fit the definition of a computer virus.

          A computer virus, by definition, is a “self-duplicating computer program that interferes with a computer's hardware or operating system.” (1) This definition is a broad example of what has been used to describe what computer viruses are for the past several years. However, the definition of computer viruses is constantly changing because virus writers are becoming more creative and efficient in their methods.

          Worms are a unique type of computer virus that attempt to copy themselves to as many locations or computers as possible via networks, disks, and or email. (2) There have been several worms released within the past several months, the most notable being Blaster, Welchia, and MyDoom. Worms are becoming so popular and dangerous that mass media forms such as radio, television, and newspapers are starting to comment about their existence and payload.

          Almost every new worm has several payloads, or affects, but not all of them are considered “negative.” Negative worms such as Blaster perform DoS attacks against popular or infamous websites such as Microsoft’s Windows Update or SCO. A DoS attack is a method of taking a website offline by sending a massive amount of traffic, generally generated by numerous workstations that have been infected with a virus, until the web server is overloaded and forced offline. The Blaster worm was unique in the fact that it did not require a user’s interaction to execute itself on a remote computer. This worm used a flaw in Microsoft Windows NT, 2000, XP, and 2003 to remotely execute and install itself.

          While some viruses attempt to harm, other viruses are written to patch vulnerabilities and circumvent other viruses. One such example of a “good virus” is Welchia. Welchia was a worm, written to use the same vulnerability as Blaster to infect, patch, and then remove Blaster. Welchia also removed itself after January 1st, 2004 to prevent itself from spreading more than required. Although Welchia had a good cause, the worm itself was still viewed as a very negative program by Network and System Administrators because it sent heavy loads of traffic across computer networks and the internet. The Blaster and Welchia worms were credited with bringing the internet to an incredibly slower pace during their peaks.

          Although worms are not generally used for file deletion purposes, a variant of MyDoom, called MyDoom.F, proved that it could be done. The MyDoom.F virus searches drives A through Z for Word, Excel, and other file types and deletes them at random. It then used its’ own SMTP engine, Simple Mail Transfer Protocol or email server, to spread itself to all email addresses it can locate on the infected computer. This virus caused major damage on several workstations and network servers due to drive mappings, or drive letters that pointed to a folder available on a remote server.

          Another type of harmful virus is a Trojan. Trojans do not generally delete, replicate, or attack files yet they allow an attacker remote access to the infected computer or server. Trojans generally do not replicate themselves; an attacker will normally send a trojan to a specific user via Instant Message, Email, or file share. (3) One of the best known Trojans was NetBus. NetBus was a pioneer for Trojan viruses. Several Trojans such as SNID and Sub7 appeared after NetBus. Each of the new Trojans had new and unique features such as “Matrix Mode” and improved remote desktop functionality. This virus type is being used less frequently due to the growing number of people with routers which block all unassigned ports, or addresses for the Trojan to listen and connect with. Trojans are being used in many newer viruses to form complex worms. These complex worms then use the infected computers as drones.





          Sometimes a virus author will create a hybrid worm-trojan that listens for a specific port request sequence before it will execute a command. This can be used to execute a large scale attack or DoS. The method of listening for a specific series of port requests is referred to as port knocking and is commonly used for security. (4)

          Adware is another type of file which is slowing being classified as a virus. Since Adware does not generally make an attempt to replicate itself or allow an attacker unauthorized access to a system, it can not be classified as a virus in the classic sense. However, adware is causing adverse effects on thousands of workstations per day. Adware will generally generate popups, advertisements that are randomly generated without any required action by the user, and often send data back to the original author or a third party company about a user’s browsing habits. Some adware applications can almost be classified as a virus because it will modify system files or change a users Internet preferences. (5)

          There are several companies that have been created simply to fight adware, two of which are Lavasoft and SpyBot. These companies generally offer adware scans and updates to prevent your workstation from being “infected.” This is such a growing market that several anti-virus providers such as Symantec and McAfee have slowly started providing adware protection.

          Malware is yet another type or term for vicious programming. Malware is actually a term loosely used to define all applications or scripts that have undesired results. It is a shortened term for Malicious Software. (6) Many users have heard, and possibly used, this term inappropriately due to software bugs or operating system problems. Although Malware is not used to describe a bug or software problem, it can be used to describe any “virus” that can not be categorized.

          Generally users can prevent any virus by following simple safety guidelines. Virtual life is much like real life when in terms of protection. One of the most suggested guidelines is to avoid that which looks suspicious. Computer viruses generally arrive as email attachments, similar to that of mail bombs. If a user receives a suspicious “package” in their mailbox that they were not expecting, it may be best for the user to not open the mail; much like most people would not open a random package from an unknown source. Almost every virus type including worms, trojans, adware, and malware require that the user first open the attachment. The growing problem of viruses will slowly decrease as user knowledge and prevention increases; until then, viruses will continue to cripple networks, inboxes, and the internet as a whole.


Sources:
1. http://encarta.msn.com/encyclopedia_761569261/Computer_Virus.html

2. http://securityresponse.symantec.com/avcenter/refa.html#worm

3. http://securityresponse.symantec.com/avcenter/refa.html#worm

4. http://www.portknocking.org

5. http://www.lavasoftusa.com/

6. http://www.webopedia.com/TERM/M/malware.html



- Download a Printable Microsoft Word Version
- Return to CS Project Part A