ViruS ComPuTeR

Benevolent Worms

Various software developers are looking for ways to better distribute useful pieces of information to their users. This information would mainly consist of software updates and patches for known vulnerabilities. Instead of being downloaded from a central server, these updates would be distributed similar to malicious codes and function just like a computer worm.

Computer worms spread themselves by self-replication. Unlike a virus, a worm does not require action on part of the victim to be executed. After one computer is infected, they probe a network in search of a new host, which is basically their primary function. Worms tend to more harmless than viruses, although some have inflicted a considerable amount of damage.

Why Benevolent Worms are Enticing

The widespread use of benevolent worms is a tempting idea for many reasons. One can view it as a way of fighting off the malicious coders with their own weapons. It could also possibly solve all of those vulnerabilities made visible by the internet, automatically securing the end-user's system. This could prove to be very useful as today's patching-system isn't effective as it should be. The fact is that several people, especially home users, simply do not make use of them. In all honesty, efficient all-around patching involves a lot of time and labor, something many of us wouldn't find much enjoyment in.

How Benevolent Worms Can Enhance Your Security...or Not

A good worm could be something that turns a security problem into a challenging experience. It would certainly make an interesting project for developers looking to get all the kinks out of the code and properly distribute it. Users would no longer have to worry about the technical details involved with installing updates and patches. However, these same benefits are just what could make the benevolent worm a bad move.

Although it would probably help considerably, patching a user's machine without consent isn't a good practice. The worm has been dealt a bad rep for much more than its payload. The propagation techniques of a viral strain aren't necessarily harmful, yet distributing a beneficial payload may not be the best route. When considering how it functions, it's hard to image the worm as tool that could be used without stirring up some controversy.

In order to be truly beneficial, a benevolent worm would have meet the following criteria:

-The end-user can choose to have it installed

-Installation is specifically adapted to the machine its running on

-The installation can be cancelled

-Tt's easy to locate on the system

-The program can be easily removed

The main task would be altering the worm's behavior, as they are designed to run without user intervention or consent. After settling in, it begins to propagate and spread until being fully eradicated. These characteristics are not very compatible and do not leave much room for error. If a worm were able to give users more of an option with installation flexibility and easy uninstallation functions, propagating would be much harder, essentially making it uneffective.

While there are several hopeful in one day using the worm for good, many more critics stand firm in their disapproval and view it as a bad way to distribute software.

Two of the Latest Types of Computer Worms

With malicious programs like spyware and Trojan horses on the steady incline, others tend to fall out of discussion while remaining prominent and quite dangerous. Just like viruses, computer worms are still around, raising just as much havoc as before.
Recent Types of Worms
Panda Security announced the discovery of two new infections in January of 2008: Valentin E and Nuwar OL. These worms employ social engineering techniques using the topic of Valentine's Day to trick users into opening an infectious email attachment. While these attempts seem to be made year after year around the same time, it also indicates that malicious coders are still getting users to fall into their trap.
Nuwar OL Worm
Nuwar OL is delivered to a user's inbox with subjects like "You Are In My Dreams," "I Love You So Much," "Inside My Heart Is You," etc. The contents of the message contains a website link, which downloads the malicious code when accessed. To disguises its activity, the worm redirects you to simple web page with the theme of a romantic greeting card. Once the computer is infected, the infection spreads by sending messages to names in the user's contact folder. The most severe impact of the Nuwar OL is slowing down the performance of a single computer or a network. Once detected, it is generally easy to remove.
Valentin E Worm
Similar to the Nuware Worm, Valentin E is distributed via email. It contains subjects like "True Love," "Searching for True Love," and "Love Of My Life." The worm also includes an attached file titled "FRIENDS4U." When the targeted user opens the attachment, a copy of the worm is downloaded onto their computer. Its malicious code is installed onto the machine as a file with an SCR extension. If the user runs the file, Valentin E. displays a new desktop background to distract them, all while it propagates itself on the host machine. It then distributes email messages with copies of itself attached to further spread the infection to other computers.
Both Nuware and Valentin E are basically employing the same techniques used in may forms of malware, particularly worms and viruses. They send emails with attractive subjects, colorful Valentine's Day e-Cards, romantic desktop themes and more. This is all done to bait the user into running the attachment and unknowingly launching malware onto their systems.
Preventing Worm Infections
In order prevent the infection of worms, viruses and other malicious programs, we strongly suggest the following the tips below:
- Avoid opening emails originating from unknown senders. Beware of emails containing holiday themes, relating to money or any of your accounts.
- Never click on links in an email message, even if they appear to come from a reliable source. Your best bet would be to copy and paste them into your address bar.
- Never open email attachments from unknown senders.
- Be careful of the sites you visit online as many of them are designed to deliver malware
- Install a firewall application to prevent intruders from loading malicious content on your computer.
- Defend you computer with security software with the ability to detect known and evolving strains of malware.

The Nimda Worm

Nimda is another one of many worms to infect the vulnerable Windows operating system. Its method of propagation is rather unique, as it can be distributed via email or a malware infected website. Nimda also seeks out vulnerable web servers to upload malicious code, giving it the ability to infect an entire network. What makes it more complex is the fact that it is the first worm to behave like a virus by infecting other files. The normal behavior of a worm is to only replicate itself and propagate throughout a hard drive or to other machines via email. Nimda is able to spread quickly inserting it's code into EXE. (executable) files on local drives.

How Nimda Works

Nimda's tendency to seek out exploitable servers is something that could possibly create network traffic jam on the internet, similar to the infamous SQL Slammer worm. In some cases, the results of this worm causes a server to completely fail, a condition more commonly known as DoS (denial-of-service) attack. Every computer infected by Nimda increases network traffic all while seeking other systems to infect.

Similar to most worms, Nimda's most common method of distribution is email, usually targeting the Outlook and Outlook Express applications. It arrives in a user's inbox with a file attachment named "README.EXE" which holds the infection, though it can also be contracted just by viewing the preview pane. In older versions of Microsoft Internet Explorer, this worm has the ability to spread the infection simply by reading the message. Although these vulnerabilities were resolved by Microsoft some time ago, several users have still not applied the necessary patches, enabling Nimda to keep spreading.

The Nimda worm mainly targets the Outlook programs, but other email clients have been infected as well. The major difference is that users have to open the attachments for the malicious code to be executed. Sadly, it is a fact that some recipients cannot resist the urge to open these tempting files, thus powering the epidemic of malware. Once infected with Nimda, it will dig into the email addresses in your contact list and recruit others to participate in a DoS attack.

Misconceptions about Nimda

Misconception #1: "Nimda does not infect PC users running Windows 95, 98 or ME." This is not true. The worm can infect any 32-bit system, including Windows 95, 98, ME, 2000 and NT.

Misconception #2: "Nimda is not distributed through mail clients such Eudora and Netscape Mail." This is not true either. An infected email can still be sent to those mail servers. If the attachment is opened, the worm will be executed.

Misconception #3: "Anti-virus software will catch all strains of Nimda." This is partly true, yet many vendors were unable to detect it when first released. It is likely that variants of this worm will be continuously developed, meaning your anti-virus program should be updated on a daily basis.

Prevention

Anti-virus software is always essential when it comes to fighting off worms. More importantly, you should keep your system updated with the latest patches by downloading them from the Microsoft website. Remaining weary of emails is important, as well as cautiously surfing the web. While malware like the Nimda worm are often complex, a few preventive measures will help you elude the best of them.

The History of Worms


Malware with self-replicating capability has been an issue in the world of computing for several years, dating back to the first self-replicating code created by Ken Thompson in 1984. Over the past few years, both worms and viruses have become major problems, mainly due to widespread use of the internet. This wide open platform enables these infections to spread rapidly with no geographic restrictions. Worms in particular are becoming more sophisticated as malicious coders have learned from their mistakes and successes as well.
In this article, we will take brief glance at the history of computer worms and how they have impacted the current state of computing.
Early Infections
Self-replicating applications date back to the early days of the Unix operating system. Ken Thompson's code was essentially a compiler modification that manipulated login procedures and the compiler itself. The conventional virus became a common plague in the era of the Apple II system. This infection moved rather slowly, yet provided the means of distributing some of the most known viruses, such as Chernobyl and Michelangelo.
The first Internet infection that required no human intervention to propagate was the Morris Worm, discovered in 1988 and released by Robert Morris. It spread very quickly, infecting a number of vulnerable computers in a matter of hours. The Morris Worm infected various machines and also used multiple exploits including buffer overflows, debugging routines in mail components, password sniffing, and other streams of execution to improve its ability to attack other computers.
Although released on accident, the benign concept doesn't really apply to the Morris Worm, as it had a significant amount of impact because of the bug in its code. When reinfecting a computer, there remained the possibility that the new infection would be persistent, allowing other worms to run and terribly impact system performance. However, this caused the worm to be noticed instantly, and therefore, quickly contained.
Modern Worms
Active computer worms have returned to prominence in recent times. The first one to cause an eruption was Code Red. This infection proved how quickly a simple self-replicating program could spread via the internet's current infrastructure. Code Red exploited a buffer flow condition in the Microsoft IIS (Internet Information Server). It was able to propagate quickly because of the "always on" nature of IIS and many versions of the Windows operating system. Code Red was also equipped with scanning capabilities that improved its throughput and gave it the ability to elude numerous IP address security features.
Once a system has been compromised by a worm, there is actually little that can be done to mitigate the damage aside from removing it as quickly as possible. Just as everyone should devise a continency plan in case of a fire, one should also create a strategy to elude worm exploits. While there is no perfect solution, there are many steps that can be taken to prevent damage and reduce the spread of infection. Anti-virus software and firewalls are a must these days, two powerful weapons that will keep you one step ahead of a worm outbreak. It is also critical to conduct routine backups of your data as these infections can easily corrupt or completely overwrite existing files. When it comes to the disruption of worms and other malware, it's much better to be safe than sorry.

Lupper Worm 101

Malicious coders are very persistent these days. Windows is no longer alone in being attacked, as they have recently learned to exploit systems such as the Mac OS X and Linux, platforms known for their high-level of security. Many of them have been virus programs that take advantage of vulnerabilities in XML-RPC for PHP, a widely used open-source component found in many web-based applications.

Applications vulnerable to the newer viral strains are b2evolution, Drupal, PHPGroupWare, PostNuke, Tiki Wiki, WordPress and Xoops. While most of these applications have been updated to address the vulnerabilities, un-patched Linux systems remain vulnerable to Linux.Plupii, more commonly termed as the Lupper worm.

How the Worm Functions

The Lupper worm spreads by exploiting Apache web servers using PHP/CGI scripts, a programming language known to be more vulnerable than others. This infection is said to be a variant of the Linux Slapper and BSD Scalper worms due to similar propagation techniques. It attacks a web server by transmitting malicious HTTP (Hypertext Transfer Protocol) requests to open ports. The worm downloads and executes itself when the targeted server is running vulnerable scripts at a particular URL. This is enabled by configurations that permit remote file downloads in PHP/CGI and external shell commands. It's most alarming function involves creating a backdoor on the compromised server. The worm then generates URLs, which initiates a scan to seek out other machines for infection. Additionally, the Lupper worm has the ability to harvest email addresses as well.

Protecting against the Lupper Worm

Lupper was spotted rather quickly and doesn't seem to be spreading at the rate of the Slapper worm. Being that worm exploits on the Linux system are rare in comparison to the Windows environment, security experts suggest that this malicious program is worth keeping an eye on. Representatives from McAfee state that Lupper's intent of infection is to form a global network of compromised machines based on the peer-to-peer communication principle. This creates a robust network capable of distributing DDoS (distributed denial-of-service) attacks and other exploits because of its remote command. The security vendor also fears that the worms ability to extract email addresses may lead to new methods of infection.

The good thing is that most large corporations aren't running applications scripted in PHP/CGI. What may pose a continuous threat are unofficial sites established from within an or outside of an organization and web hosting companies that use a variety of different scripts. Since the Lupper worm seems to use an IP-based method of propagation, it is less likely that it will locate servers using vulnerable scripts, limiting the chance of infection. This worm would be much more difficult to contain if it was distributed via infected hosts found in the results of a search engine, a common trait of Windows-based malware.

Security experts have recommended many ways to deal with this infection; one is to only grant trusted users access to an FTP server. Symantec Corporation reports the Lupper worm as having a medium level of damage and distribution rate. McAfee labeled it as a low-risk threat for both home and corporate users.

The Slapper Worm

Unknown to some, Linux is one of the most reliable operating systems on the market. This platform is built with numerous security features, making the threat of malware insignificant to many users. Even though Linux hasn't been as prone to infection as Windows, the system has had seen its share of worms and viruses.
Staog was the first virus written for Linux, trailed a few years later by Bliss. While they raised a bit of concern in the industry, these two infections were far from devastating and quickly resolved with patches and user intervention. Worm infections, on the other hand, posed a significant threat to personal users and network administrators alike. One of the most notorious of was was the Slapper worm.
The Dangers of the Slapper Worm
The Slapper worm was first discovered in September 2002 on Friday the 13th. It employed a source code propagating method used in the infamous Morris Worm, the first computer infection to be labeled as a "blended threat." This program spread so quickly that it infected thousands of servers throughout the world within a matter of days. The Slapper worm took advantage of vulnerabilities in older versions of Apache web servers using peer-to-peer protocol.
Aside from propagating to other machines, the worm has the ability to act as a backdoor on the host computer. This enables a potential intruder to run system commands and launch multiple attacks against other computers, practically giving them complete control of the system. Once created, the backdoor accepts a large number of commands, which may include flooding remote systems with various network packets, downloading binary from a remote system and executing it, sending emails, and reporting data on the compromised machine.
Patching Linux Security
Over the weekend of September 13th, F-Secure's anti-virus lab found a way to reverse engineer the protocol the Slapper worm used to exploit the Linux system. This allowed F-Secure to access the Slapper network attack by posing as an infected Apache server. The false server gave them the ability to specify the exact amount of infected computers, along with their IP addresses.
F-Secure worked in conjunction with 14 CERT organizations in the process of warning administrators about their infected servers. This approach was received well by many companies, enabling the industry to rebound quickly and contain the worm.
The Slapper worm that once posed a significant threat to the Linux operating has since been neutralized by specialists at F-Secure. In what is said to the first move of this kind by any anti-virus company, F-Secure successfully located the root of the problem and warned the industry in just enough time. The company followed up their efforts by offering a free version of their anti-virus software so that Linux users could remove the infection from their systems.
Linux remains as one of the safest systems on the market. However, the Slapper worm is an example that this reliable system can indeed be infected by malicious software. While not recommended by all, a Linux system can achieve a greater level of security with anti-virus software.

Computer Worms and Viruses: What's the Difference?

We have all been infected with a virus at one time our lives, whether it was a common cold or something more severe such as the flu. In recent times, more of us are being plagued by another type of infection - the computer virus.

Just as a biological virus injects its own genetical makeup into a cell and interferes with the normal functions of the human body, a computer virus is written to interfere with the normal functions of an infected machine. It has the ability to damage various programs, overwrite and delete files, reformat hard drives and perform other harmful operations.

Common Characteristics

In order to be classified a computer virus, a program must meet two qualifications. First, it must be able to execute itself by inserting its malicious code in the execution path of another application. Secondly, it must be able to self replicate by replacing existing files with copies of files containing the viral code. Similar to how a biological virus needs to find a host cell, a computer virus must find an infected host file to propagate itself and further spread the infection.

Viruses have become very common in the world of computing, infecting millions of machines since their inception. However, the virus is not alone, as it has another destructive partner: the computer worm. A worm is very similar to a virus, yet quite distinctive as well. Unlike a virus, the computer worm does not require a host file in order to propagate itself. It is able to enter a computer through system vulnerabilities and uses those flaws to propagate.

The typical computer virus must be activated by way of user intervention. This may include double-clicking on a website link or opening the attachment of an email message. A worm bypasses user intervention by releasing a document containing the infected macro and distributing itself from computer to computer. A computer virus is generally the most harmful of the two, although worms have been known to cripple entire networks due to multiple infections.

Protecting against Viruses and Worms

While viruses and worms have become common, there are a few ways to avoid these nasty infections. You can begin by purchasing a reliable anti-virus program. This type of software features a scanner equipped with the technology required to detect and eradicate viruses, worms and other members of the malware family. Since new virus and worm programs are often written on a daily basis, these security solutions function best when regularly updated by the vendor's database. It is also recommended that you purchase an anti-virus program with real-time scanning capability to monitor your incoming emails. This will enable you to scan an attachment to make sure it's safe before opening.

Another solid option is a firewall. These components often come as features of anti-virus software or as stand-alone applications. A firewall application will keep unauthorized users from accessing your system and secretly installing malicious content. By implementing these two security solutions, you can stay one step ahead of the busy coders scripting viruses and worms.

Linux and Viruses

You are sure to hear much fuss about the threat of viruses these days. Computer viruses come in many different forms, from infections that are programmed to attack programs and files to those designed to the corrupt the critical sectors of your hard drive. What you seldom hear is what platforms these infections target. Microsoft Windows, the most popular operating system, is the number one target for most virus writers.

Linux is perhaps the biggest rival of the Windows operating system. While it isn't as widely used, Linux has established a reputation for being much more reliable and secure. This is true for several reasons, most of which experienced Linux users are already familiar with. For those of you new to the system, this article detail how Linux stacks the deck against a typical computer virus.

How Viruses Attack Linux Systems

In order for a virus to infect binary executables on a Linux system, those files must be written by the user attempting to execute the infection. This situation in itself is very unlikely. In most cases, these programs are controlled by the root user and being run from a non-privileged account. In a Linux environment, a user with the least experience is less likely to control an executable program. Because of this, the users with little knowledge about viruses are less likely to have home directories susceptible to infection.

Most Linux networking programs are specifically designed without the high-level macros which have allowed many Windows-based viruses to spread at such a rapid rate. This is not an inherent feature, but simply a reflection of the major differences between the two system,s as well as differences in the products aimed at those platforms.

Linux Bliss

Although Linux has been known for its high level of security, there have been a few notable outbreaks. One such threat was Bliss, the second virus written for the Linux platform. Like most viruses, Bliss attempted to attach itself to executables, files regular users typically do not have access. It has been speculated that this infection was scripted simply to prove that Linux could be compromised. However, the Bliss virus doesn't have the ability to propagate with efficiency due to the complex structure of the user privilege system. Though it is one of the only Linux viruses to be seen in the wild, Bliss never reached widespread popularity.

Upon being released, many anti-virus companies distributed a number of reports stating that Linux users should implement anti-virus software due to the Bliss outbreak. This practice never caught on, as Bliss never caused any major damage.

Experts believe that the reason we haven't witnessed a true Linux virus outbreak is because an infection cannot reach its full potential in the system's hostile environment. At the same time, there is always the possibility that the virus coders will get it right one day. It does, however, speak highly of the system's well-crafted design, indicating that a virus must be rather sophisticated to thrive on the Linux platform.

The First Linux Virus


From the outside looking in, one would believe that viruses were an equal threat to all computer users. While this is true in a sense, some users are much more vulnerable than others. For years, Linux has been known as the more secure option for an operating system. Although the Windows platform is designed with many useful features, Linux was designed with security in mind, making the system superior in the minds of its users.
Even though Linux isn't a prime target for malicious coders, it has been successfully exploited by a few computer infections. Staog was the first virus ever scripted for the Linux operating system. It was initially detected in the fall of 1996, with the exploited vulnerabilities being discovered shortly thereafter. Considering the system's strong design, experts in the software security industry were stunned.
Staog was able to exploit Linux despite the system's design which calls for users and applications to login before any questionable operations can occur. The virus functioned by exploiting vulnerabilities in the kernel, which enabled it to stay resident in the memory. From there, it infected executable binary files. Because it mainly relied on bugs, software upgrades made the system immune to the virus. This factor, along with its weak method of distributing itself, made Staog fairly easy to manage.
Staog was written by VLAD, a well known group from the hacking community. This Australian-based group is also responsible for scripting Boza, the first virus written for Windows 95. The first Linux virus has not been listed in the wild since the initial outbreak. Despite that brief threat of Staog, viruses typically have limited ability to change or severely impact the system.
The Truth about Linux Viruses
One the biggest vulnerabilities of the Linux system are the users who have the misconception that it cannot be infected by computer viruses. Several people believe that any non-Windows system is secure and doesn't need the aid of additional software to ward off viruses. This is far from the truth and a major reason why more viruses are being written for the system.
Many security experts believe that the growth in Linux malware is the result of its evolution and popularity, particularly as a desktop system. Shane Coursen, a senior technical consultant for Kasperky Lab, believes that more users are turning to Linux because of the interest in learning how to write malware for the system.
Most viruses written for Linux pose a potential, yet minimal threat to the system. If a virus infected binary file is run, the entire system could be infected. The distribution of the infection depends on which particular user with what level of privileges executed the binary. A binary run under the systems root account would have the ability to infect the entire system.
There are many other solutions for protecting Linux other than anti-virus software. For instance, software repositories greatly reduces the chance of viruses and other malware. These repositories are throughly checked before distribution to ensure that they are malware free.
Just like with any system, the best protection against common threats is prevention. This includes carefully surfing the web and handling emails on your Linux computer.

Mac OS X: The First Virus

Throughout time, Windows has been known as the most virus-prone of all operating systems. Vulnerabilities in the Microsoft Windows Explorer web browser and the Windows system itself exposes this platform to a wide range of threats from viruses and worms to spyware. For this reason, more users have turned to other systems for an infection-free computing environment.

Up until recently, Windows was thought to be the only system capable of contracting viruses and other malware. However, Linux has also been infected and Apple's Mac OS X is the latest victim of the infamous malicious code.

The Virus Discovery

On February 16, 2006, SophosLabs announced the detection of the very first virus written for the Mac OS X platform. OSXLeap-A, often referred to as OSX/Oompa-A, is an infection that spreads via the Macintosh iChat instant messaging system. It operates by forwarding itself as a "LATESTPICS.TGZ" file to the contacts on the buddy list of an infected user. When the archived file is opened, its contents are disguised with a graphic icon in JPEG format, which attempts to trick the recipient into believing it is a harmless file. The virus uses the "OOMPA" text as a marker in the forks of the infected program which prevents it from compromising the same files.

Is it a Virus or Trojan?

Following word of the infection, several members of the Macintosh community stated that Leap was actually a Trojan horse and not a virus. Their reason being was that the infection required user intervention, which is receiving the file in iChat, choosing to manually open it and executing the payload. However, this is not how a Trojan functions. A Trojan is a seemingly useful program purposely designed to damage a computer or install other malicious applications. Additionally, a Trojan does not self replicate and includes no mechanisms that enables it to spread itself. In most cases, it is deliberately incorporated onto a website, accidently distributed by another user or sent via spam email. Aside from that, the malicious code of Trojan contains nothing that will allow it to be automatically distributed to other victims.

OSXLeap-A is specifically designed to use the iChat messaging system to propagate itself to other users. It also requires action by the user in order to be executed and further spread the infection, therefore it is aptly termed as a computer virus.

Staying Smart

While several Macintosh computer users once had the belief that their system was incapable of harboring viruses, Leap proves that the threat of malware on this platform is real. Security experts suggest that the Mac users can no longer live worry free, as caution must now be practiced at all times, just as if you were running a Windows operating system.

Experts also advise all Mac OS X computer users to practice safe computing by cautiously surfing the web and keeping their anti-virus software updated with the latest virus definitions.

Anti-Virus Solutions for the Mac OS X

- Norton Internet Security for Macintosh

- McAfee Virus Scan for Mac

- Sophos Anti-virus

- Intego Virus Barrier

- ClamXav

Threat of RFID Viruses

Viruses pose a threat to more than the Windows operating system. They are becoming more common on systems that once seemed impervious to infection, along with other devices such as cell phones and MP3 players. The most alarming presence is found in common products using RFID technology.

What is RFID?

RFID (Radio Frequency Identification) is one of the latest trends in computer miniaturization. An RFID transponder is a tiny, high-powered computer with limited resources. It contains an RFID tag, which is inductively powered by an external reading device. Once activated, the RFID tag decodes incoming queries and generates an accurate response using the energy of incoming radio waves, which powers the chip just long enough to respond. In general, an RFID tag has a limited amount of processing power and capacity at 1024 bits of storage.

RFID is useful in many different applications, including those for automated payments, supply chain management, counterfeit prevention, airline luggage management, and physical access control. RFID tags are also commonly implanted in various consumer goods, such as toll collection devices, public transportation passes, passports and much more. This technology has even been approved by the Food and Drug Administration with a product known as Veriship, a device deployed commercially and in the medical field.

The Viruses Attacking RFID

While RFID has revolutionized the world of computers, several malicious individuals have taken an interest in this technology as well. Members of the hacker community have learned to take advantage of RFID, causing these tags to behave in questionable ways by inserting viral codes. Below we have composed an example of just how scary this exploit can be.

Several airports have been in discussion with plans to expedite luggage handling by attaching RFID-supported labels to bags as they are checked in. This will make labels much easier to read from a greater distance than the bar-coded labels currently in use. Now consider this - a shady airline traveler attaches a virus-inserted RFID tag to the luggage of a random victim just before they check in. When the airline's RFID reader scans the tag to determine where it should be routed, it responds with the virus, which infects the entire baggage database. From there, all subsequent passengers checking in their luggage may also be infected.

Just being infected is a mild example. An RFID virus may contain a payload that could completely wipe out a database, causing luggage to be re-routed and possibly aid the process of drug smuggling. What's even more troubling is the fact that many State Departments have began to distribute RFID-supported passports. Considering where this technology is being deployed, RFID becomes both a computer security and economic concern. So why are these vulnerabilities being so openly publicized? According to researchers, revealing the threat of RFID viruses and worms will eventually teach consumers antivirus efforst that will prevent them from spreading.

RFID infections seem inevitable as many computer systems are vulnerable to viruses. At the same time, we still use them regardless of the lingering threat which will is bound to be the case with RFID-supported items. Let's just hope that this new research will prompt the industry to enhance the security of readers, tags and back-end systems before RFID viruses evolve from theory to a dreadful reality.

Recovering from a Worm or Virus Infection

How do you know if your network has been infected by a malicious program such as a worm or virus? Unfortunately, there are no identifying standards, but there are a number of telling symptoms. You may have noticed performance issues with your computer. Perhaps your web browser keeps crashing. Maybe some of your files or programs will not open. When these conditions occur, it's time to investigate and trace the route of the problem.

More often than not, worms and viruses have some type of impact on your computer, whether it's subtly impacting the normal functions or completely erasing files. The best way to learn if you've truly been infected is to run an anti-virus scanner, which will alert you of malicious codes. If harmful items are detected, you need to take immediate action to minimize the damage, get on the road to recovery and stay protected.

What You Should Do to Recover from an Infection

If the infection occurs in a network setting, you should instantly contact the IT department or system administrators. The sooner the investigation begins, the sooner your computer and other machines in the network can be restored. If the infection occurs at home, immediately disconnect your laptop or desktop computer from the internet. This will prevent viruses and intruders from accessing data and making changes to the system, essentially giving you a bit of control.

After taking the first step, you must work on ridding the system of infection. If an anti-virus program is installed on your computer, you should manually perform a full-system scan. In some cases, a worm or virus can have such an impact that it renders anti-virus software useless.

If the program cannot detect or remove the infection, you may need to completely reinstall the operating system, a move that is liable to erase every file and program on your computer. After reinstalling the operating system, be sure to implement another anti-virus program along with patches for all known system vulnerabilities. Furthermore, your anti-virus solution should be kept current with the latest updates in order to protect the latest threats.

Limiting the Chance of Another Infection

Dealing with the recovery efforts caused by a worm or virus can be very frustrating. These troublesome infections can cost your business a lot of time, money and sensitive data. The following precautions can be taken to protect yourself against future infections:

Change all passwords - Regardless if you lost any sensitive data or not, your original passwords may have been compromised during the time of infection. For this reason, you should immediately change every system password including those corresponding to web sites.

Put up a firewall - A firewall will help to prevent many infections by restricting access from malicious traffic. When installing a program, be sure that your firewall is always turned "ON."

Use anti-spyware program - Your anti-virus program may protect you from worms and viruses, but what about other threats? Since malicious programs such as spyware have the ability to download viruses and other infections, it's wise to implement additional technology.

Last but not least, you can take extra precautions by backing up sensitive data on an external storage medium. This will enable you to rebound quickly if worms or viruses happen to strike again.

Good Computer Viruses: The Future?

Even with all the damage viruses have inflicted over the years, a handful of experts believe that computer viruses could actually be used for good one day. How is this possible? Similar to the ethical worm, these viruses would mainly be used to distribute network patches to repair vulnerabilities. Here is a bit more on the theory.

The Function of a "Good" Computer Virus

First of all, the virus would have to exclude the primary function of a typical virus, which is running on a victimized machine without authorization. The propagation would be similar to the one used for malicious purposes, but instead deliver a good payload, opposed to one that is destructive. Because of this, experts believe that anyone found guilty of distributing a good virus should be charged with the same offense as someone distributing malicious code, though with reduced penalties, as the damage is liable to be not as severe.

However, this supposed good virus would not only spread and execute itself without permission, but also consume bandwidth, disk space, memory and processor cycles. All of these factors could possibly result in the denial of the those resources to system administrators, a condition more commonly termed as a DoS (denial-of-service) attack.

Good vs. Malicious Viruses

Another problem would be distinguishing the good virus from malicious programs. While identifying a known virus is fairly easy with the right technology, separating it from the unknown good code may be difficult. Since a good number of legitimate programs have been known to damage and mistakenly remove files, this ability alone isn't enough to truly identify malware. Perhaps this good virus would be limited to removing programs, as it can combine its code with an individual program. However, this would certainly be an inconvenience for those developing self-extracting archive software. Assuming this as the major obstacle, how would a good virus distinguish another from a malicious program? Both would behave similarly with the tendency to damage or destroy other files. One would only hope that creators of these viruses carefully script their codes to identify other good variants, a task that seems difficult or next to impossible when considering polymorphism.

Good viruses would have to be written to near perfection for a number of reasons. If they happen to mistakenly delete software and operating system patches, they would essentially be just as much trouble as malicious viruses. There is also the strong possibly of unscrupulous characters mutating the good virus with evil strains. These new strains are likely to be identified as good viruses, even though they contain a destructive payload, one capable of destroying all other identifiable good viruses.

With so much still in the air, we may find ourselves reflecting on the day when good viruses first invaded our systems, strengthening the malicious epidemic. If these viruses of the future aren't written properly, they could inevitably improve the breed of destructive programs just before being wiped out by variants of their own code. While this is certainly a hot topic, many security experts believe that spreading good viruses could eventually end up causing more harm than good.

How to Run a Virus Scan

You simply can't put a price on security these days. Any computer with an online connection must be shielded from the many threats lurking on the internet. Just imagine a malicious program slithering into your system, executing itself and offsetting a wave of destruction within a matter of minutes. The impact of an infection may range from subtle to devastating; slowing down the performance of your computer or deleting all of your important files and rendering your applications inoperable. Without implementing the proper security measures, all of the above could be your reality.

When malicious items such a virus, worm or Trojan enters your system, it may be days or even weeks before you're aware of the problem. The best way to learn if your computer has been infected is to run a virus scan on all system files and directories. A scan is a basic function performed by anti-virus software. This component thoroughly combs the hard drive of your computer in search of harmful or unwanted items. If questionable items are detected, the scanner displays a description of the file and the nature of the infection.

Simple Steps for Long-Term Protection

Running a virus scan is a simple yet essential step towards protecting your computer. As internet threats continue to evolve into huge problems, technology has enabled security experts to fight back with advanced solutions. There are now many available options for running a virus scan on your computer. You may begin by signing online and performing a scan over the internet. In this case, the scanner typically searches and detects infections but requires you to buy the full version of a particular program to the eradicate the threat. You also have totally free software such as products by ClamWin and AVG. These programs run a complete scan of your system, are thorough at detecting threats and removing them as well. The most reliable protection is much more expensive yet well worth it when considering the level of security implementation. Programs developed by leading brand name vendors such as McAfee, Symantec and Kaspersky offer all-in-one solutions capable of detecting viruses, spyware and more complex types of malware. They are often coupled with firewall components to keep intruders out of your system and also receive daily updates to keep you protected against the latest threats roaming the web.

Start with a Virus Scanner

By installing a virus scanner, you're essentially activating 24/7 protection for your computer. The scan engine can be easily configured to run on a predetermined schedule or right at your command. It may also function continuously in the background as you knockout important everyday tasks, an automated process that keeps you productive and safe at the same time.

With a virus scanner on deck, the chances of contracting a nasty infection are drastically reduced. This allows you to surf the web in confidence, tend to all of your emails and download important files without being concerned with malicious threats. More importantly, it brings a piece of mind by knowing your computer will perform like a champ over a significant period of time.

How to Conduct Virus Repair

The internal files of your computer are very essential to its operation. From system memory to the registry, these areas are used to process the actions of the machine and all programs installed on it. Aside from hackers looking for passwords and access codes, a virus poses the biggest threat to your computer system.

A virus is a complex program that may contain one or several malicious codes. Just like a human virus, it has the ability to move from host to host, infecting various system files in the process. It is often attached to genuine files and then downloaded onto your computer. When the machine reboots, the file is executed and the madness begins. A virus can function in the background without you suspecting a thing. It can falter the performance of your computer, cripple your applications, completely destroy your files, deploy other infections and even leave you wide open to hacking attempts.

Quickly Begin the Repair Process

If you suspect that your machine has been infected, it is important to act fast and eliminate the problem with a virus repair solution. This can actually be performed in number of ways. The most affordable option calls for a free anti-virus program. Many are available online and can detect viruses and other threats rather efficiently. ClamWin and free editions of AVG are programs that have established a reputation for not only finding viruses, but deleting them as well.

Another option to consider is purchasing high-grade anti-virus software. Products from McAfee and Symantec provide all-in-one solutions that protect against malware, phishing scams, spam email and hacking attempts. These programs become more advanced and reliable with each new edition, practically automating the security process and reducing the user's workload.

Lastly, you can take the machine into a shop with an onsite certified virus repair technician and allow them to clear up the mess. If your computer is totally consumed with viruses, Trojans and spyware, completing erasing the hard drive may be the only option. While this may be a frustrating an ordeal if important data is lost, your computer will typically function like new with the installation of a fresh operating system. A good technician will clear your computer of all infections and supply it with a dependable anti-virus program. Even if it's security on a trial-basis, you'll be protected for the time being and know of what action to take to keep things that way.

Regardless what method of virus repair you choose, ridding your computer of infection is the most important aspect of all. By doing this you will optimize performance, free up space on the hard drive and greatly improve the overall health of your machine.

When detecting a virus, be sure to precisely follow the instructions provided to you, whether its from the anti-virus program or a technician. If the scanner detects an infection but isn't equipped with the features required to eradicate it, the virus removal technician is probably your best option. By doing a bit of research in advance, you should come to trust their advice and ability to get your computer on the road to recovery.

Understanding the Resident Virus

Viruses are a tremendous threat to anyone with a connection to the internet. These nasty programs typically install and execute themselves without the victim's knowledge. The impact of a virus ranges widely from slowing down the performance of your computer to completely erasing all of your important files. In most cases, it will distribute itself to other machines you communicate with, giving it the ability to cripple an entire network. Regardless of how severe the consequence, a virus is something you do not want on your computer.

What is a Resident Virus?

A resident virus is one of the most common types of computer infections. It functions by installing malicious code into the memory of your computer, infecting current programs and any others you may install in the future. In order to achieve this, the resident virus needs to find a method to allocate memory for itself, meaning it must find somewhere to hide. Additionally, it must establish a process that activates the resident code to begin infecting other files.

A resident virus may use a number of different techniques to spread it's infection. One of the most overlooked methods involves the TSR (Terminate-Stay-Resident) interrupt function. While this method is the easiest to invoke infection, it is also easily detected by a virus scanner. A more desired technique involves the manipulation of MBCs (memory control blocks). Lastly, a virus needs to attach itself to specific interrupts in order to launch the resident code. For instance, if a virus is programmed to activate each time a program is run, it must be hooked to interrupt functions designated for loading and executing that particular application.

Structure of the Virus

The replication module within a resident virus is quite similar to that of a nonresident infection. The virus loads the replication module into computer memory when executing, ensuring that it is launched each time the operating system is requested to perform a particular function. For instance, the replication module may called upon a WPD. word file. In this scenario, the resident virus may eventually infect every program suited for the executable file on the computer.

Resident viruses are composed of two primary categories: fast infectors and slow infectors. Fast infectors are specifically designed to corrupt as many files it can as quickly as possible. In simpler terms, it has the ability to infect every host file accessed on the computer. This complex structure creates a significant problem for anti-virus programs as many of the scanners they employ are designed to check every host file when conducting a full-system scan. If the scan fails to detect that such a virus resides in the memory, the infection can then "piggy-back" on the scanner and infect any file it searches.

Slow infectors are designed to infrequently infect hosts. For example, they often only infect files that are copied. They are able to limit their activity in order to avoid the detection of a user. Slow infectors gradually falter the performance of your computer, giving little indication to the presence of a virus. Because of this, they aren't very effective and are easily detected by a virus scanner.

Methods of Detection

In many instances, a resident virus can be detected by the average computer user. This is done by referring to the map of your local hard drive. The recommended and more efficient method involves installing an anti-virus program with in-depth scanning capability

Beware of the Overwriting Virus

Computer viruses come in numerous forms with many different functions. Some are rather simplistic and can be detected by the average user while others are complex and go unseen for sometime. The most common viruses fall under the classification of file infectors, which operate by infecting executable files. They achieve this by inserting their malicious code into an area of the original file, allowing it to be executed whenever the file is accessed. Some of them are able to completely overwrite a file, rendering an entire program useless.

Considering their destructive nature, overwriting viruses have been identified as the most dangerous of them all. They have been known to exploit a wide range of operating systems including Linux, Macintosh, Windows and DOS platforms. Once a victim file has been infected, it is then overwritten with a malicious code from the virus. If a user does not spot the infection in time, an overwriting virus can inflict irreversible damage to numerous files. A system that has been compromised by this type of infection can easily become unstable and eventually inoperable. Files that have been corrupted by the overwriting virus cannot be disinfected. Instead they must be completely deleted and restored from a backup source.

Well-Known Overwriting Viruses

Grog.377 - Known as a non-memory resident virus, it interprets a random sector of a hard disk in search of special instructions. If instructions exist, it overwrites that part of the sector with a malicious code. When launched, the infection can inflict considerable damage on system BIOS and prevent a computer from booting up.

Grog.202/456 - Two of the most dangerous overwriting viruses. They seek out COM. files in the current directory, quickly deleting and replacing the content with malicious code. If no COM. files are found in that particular directory, the GROG virus dials a random phone number over the user's modem in search of interconnected network computers. Both of these infections are also considered to be non-memory overwriting viruses.

Loveletter - Perhaps the most complex overwriting virus. Like other variants, it's main intend is to seek out files and overwrite them with malicious code. What makes this virus different is that it acts as file infector, an email worm and a Trojan horse capable of downloading other types of malware.

Overwriting viruses were initially deployed because of their effectiveness; a way for the infection to infuse itself with an innocent file. This corrupts the original file in such a way that it can't be disinfected. Many of them are able to escape the scanner of an anti-virus program, making no alterations to the victim file so changes aren't detected.

While they were very effective, most malicious codes do not write this type of virus anymore. Many tend to focus on tempting users with genuine Trojan horses and distributing malware via email. At the same time, you must keep your computer protected from all probable threats at all times. Your best bet would be installing a quality anti-virus program and conducting frequent scans for suspicious activity.