Home Network Security Simplified

The term computer virus tends to get used for any malicious code created with the intention of harming a computer or slowing network traffic, but a virus is actually a specific type of program. The next few sections give a brief overview of the different kinds of malicious software often lumped into the term virus, including a real-world example of each.

Very Important

You might notice that throughout this book (or any of our books) that we do not name specific viruses, worms, Trojan horses, adware, spyware, and so on. The reason is that one motivation for people who create such programs is the notoriety and publicity that they can create. So, we just choose not to add fuel to that fire.

Viruses

The definition of a computer virus is a program that attaches itself to (or really within) another program (the host) so that it can replicate itself when the host program is run or executed. That's it. You might be surprised that this definition says nothing about removing data, crashing a computer, or any other nasty effects. This is because a virus is defined by its replication behavior, not its effect on the host computer. That said, many viruses do harm data and computers (either intentionally or unintentionally), and any program activity that occurs on your computer or network without your knowledge or consent is a hostile attack against you and your property.

Here is an example. You receive an e-mail like the one in Figure 3-1 from either an unknown person or possibly addressed from someone you do know.

Figure 3-1. Virus E-Mail

You might think it is okay because it is from a friend or seems harmless because you did share pictures recently, so you double-click the attachment, installing a virus on your computer. The virus then searches through your Microsoft Outlook Express address book and e-mails a copy of itself to all your friends and family.

Some viruses are designed to remove or replace data or corrupt computer systems. These types of viruses tend to be an exception, because they are extremely difficult to create. Just as worrisome are the viruses created by people who are not skilled programmers, because their programs tend to be unpredictable. In the off chance that a virus created by an unskilled programmer does replicate in the "wild" (on the Internet), there is really no telling what the program will do.

Worms

Worms are similar to viruses in that their defining characteristic is self replication. Unlike viruses, however, a worm's primary function is not to do damage to a computer, but just to keep replicating, and replicating, and replicating.

Worms also differ from viruses in that they do not require an executable file. Worms exploit security holes in computer systems or software programs. You might be thinking that simple replication without harming or removing files is not so bad, but replication can be so explosive that your computer performance slows to a crawl, your broadband connection gets clogged, and if enough computers become infected, the entire Internet can experience problems.

Figure 3-2 shows an example of how a worm attack and replication occurs. It starts by a hacker (or whomever) creating a new type of worm and launching it to infect others and start the replication.

Figure 3-2. Virus/Worm Infection Example

The worm may show up at your computer in any number of ways, most commonly via e-mail or downloading "free" software from the Internet. In this example, the worm (a virus would behave in a similar way) shows up in the form of an e-mail pretending to be pictures from a recent party. The user unknowingly double-clicks the e-mail attachment, and the worm starts executing.

When triggered, it searches your computer for e-mail addresses of your friends and family (and business associates) by dipping into your e-mail program's contacts list. The worm then e-mails itself to everyone in your list, and the replication continues.

Another type of worm requires no action by a human to spread. It simply exploits a weakness or bug in the operating system software and spreads like wildfire directly from PC to PC. Imagine this process starting out on a few hundred computers, each e-mailing 20 or 100 others, and soon enough hundreds of thousands of computers across the globe are infected. One of the most well-known worms infected more than 350,000 computers within 13 hours of release. At the peak of the spread, more than 2000 new computers were being infected every minute.

Whereas computer virus outbreaks used to be measured in days, worm outbreaks are now measured in minutes or seconds because of the speed of the Internet and ubiquitous availability of e-mail.

It is worth noting that many people (including those in the media) lump all these types of files into the virus category when many are in fact worms.

Trojan Horses

Trojan horses are probably the most unknown type of malicious program but are potentially the most devastating to those who get infected by them. Similar to viruses and worms, Trojan horses typically arrive at your computer in an e-mail attachment or as a hidden gift within a "free" software program you downloaded. Just like the horse from Homer's epic, a nasty surprise is waiting inside this gift. Trojan horses are programs that give a hacker access to your computer. After the "gift" file is opened, the hacker's program is also opened and that's when the trouble starts. Some of the more common programs are keystroke loggers and remote control programs:

  • Key stroke loggers collect everything you type on your keyboard (including passwords, usernames, and credit card numbers). After a certain amount of data is collected, the information is sent to the hacker (without your knowledge, of course).

  • Remote-control programs enable hackers to take over your machine, allowing them to go through your files and data or use your machine to attack another computer.

Figure 3-3 shows an example of how a Trojan horse attack occurs. It starts by a hacker (or whomever) creating a new type of Trojan horse and launching it to infect others.

Figure 3-3. Trojan Horse Infection Example

When triggered, the Trojan horse deposits a program onto your computer and reports back to the author, handing over the keys to access your computer.

They might now use your computer as an anonymous launching point to conduct illegal activity, such as hacking others or enlisting thousands of computers to attack a corporate website. (See the discussion about bot armies in Chapter 1, "Tip 1: Use Firewalls.")

Imagine your embarrassment when the FBI knocks on our door to tell you your computer was used in an attempt to shut down a corporate or government network.

Категории