ViruS ComPuTeR

Computer Worms and Viruses: What's the Difference?

We have all been infected with a virus at one time our lives, whether it was a common cold or something more severe such as the flu. In recent times, more of us are being plagued by another type of infection - the computer virus.

Just as a biological virus injects its own genetical makeup into a cell and interferes with the normal functions of the human body, a computer virus is written to interfere with the normal functions of an infected machine. It has the ability to damage various programs, overwrite and delete files, reformat hard drives and perform other harmful operations.

Common Characteristics

In order to be classified a computer virus, a program must meet two qualifications. First, it must be able to execute itself by inserting its malicious code in the execution path of another application. Secondly, it must be able to self replicate by replacing existing files with copies of files containing the viral code. Similar to how a biological virus needs to find a host cell, a computer virus must find an infected host file to propagate itself and further spread the infection.

Viruses have become very common in the world of computing, infecting millions of machines since their inception. However, the virus is not alone, as it has another destructive partner: the computer worm. A worm is very similar to a virus, yet quite distinctive as well. Unlike a virus, the computer worm does not require a host file in order to propagate itself. It is able to enter a computer through system vulnerabilities and uses those flaws to propagate.

The typical computer virus must be activated by way of user intervention. This may include double-clicking on a website link or opening the attachment of an email message. A worm bypasses user intervention by releasing a document containing the infected macro and distributing itself from computer to computer. A computer virus is generally the most harmful of the two, although worms have been known to cripple entire networks due to multiple infections.

Protecting against Viruses and Worms

While viruses and worms have become common, there are a few ways to avoid these nasty infections. You can begin by purchasing a reliable anti-virus program. This type of software features a scanner equipped with the technology required to detect and eradicate viruses, worms and other members of the malware family. Since new virus and worm programs are often written on a daily basis, these security solutions function best when regularly updated by the vendor's database. It is also recommended that you purchase an anti-virus program with real-time scanning capability to monitor your incoming emails. This will enable you to scan an attachment to make sure it's safe before opening.

Another solid option is a firewall. These components often come as features of anti-virus software or as stand-alone applications. A firewall application will keep unauthorized users from accessing your system and secretly installing malicious content. By implementing these two security solutions, you can stay one step ahead of the busy coders scripting viruses and worms.

Threat of RFID Viruses

Viruses pose a threat to more than the Windows operating system. They are becoming more common on systems that once seemed impervious to infection, along with other devices such as cell phones and MP3 players. The most alarming presence is found in common products using RFID technology.

What is RFID?

RFID (Radio Frequency Identification) is one of the latest trends in computer miniaturization. An RFID transponder is a tiny, high-powered computer with limited resources. It contains an RFID tag, which is inductively powered by an external reading device. Once activated, the RFID tag decodes incoming queries and generates an accurate response using the energy of incoming radio waves, which powers the chip just long enough to respond. In general, an RFID tag has a limited amount of processing power and capacity at 1024 bits of storage.

RFID is useful in many different applications, including those for automated payments, supply chain management, counterfeit prevention, airline luggage management, and physical access control. RFID tags are also commonly implanted in various consumer goods, such as toll collection devices, public transportation passes, passports and much more. This technology has even been approved by the Food and Drug Administration with a product known as Veriship, a device deployed commercially and in the medical field.

The Viruses Attacking RFID

While RFID has revolutionized the world of computers, several malicious individuals have taken an interest in this technology as well. Members of the hacker community have learned to take advantage of RFID, causing these tags to behave in questionable ways by inserting viral codes. Below we have composed an example of just how scary this exploit can be.

Several airports have been in discussion with plans to expedite luggage handling by attaching RFID-supported labels to bags as they are checked in. This will make labels much easier to read from a greater distance than the bar-coded labels currently in use. Now consider this - a shady airline traveler attaches a virus-inserted RFID tag to the luggage of a random victim just before they check in. When the airline's RFID reader scans the tag to determine where it should be routed, it responds with the virus, which infects the entire baggage database. From there, all subsequent passengers checking in their luggage may also be infected.

Just being infected is a mild example. An RFID virus may contain a payload that could completely wipe out a database, causing luggage to be re-routed and possibly aid the process of drug smuggling. What's even more troubling is the fact that many State Departments have began to distribute RFID-supported passports. Considering where this technology is being deployed, RFID becomes both a computer security and economic concern. So why are these vulnerabilities being so openly publicized? According to researchers, revealing the threat of RFID viruses and worms will eventually teach consumers antivirus efforst that will prevent them from spreading.

RFID infections seem inevitable as many computer systems are vulnerable to viruses. At the same time, we still use them regardless of the lingering threat which will is bound to be the case with RFID-supported items. Let's just hope that this new research will prompt the industry to enhance the security of readers, tags and back-end systems before RFID viruses evolve from theory to a dreadful reality.

Good Computer Viruses: The Future?

Even with all the damage viruses have inflicted over the years, a handful of experts believe that computer viruses could actually be used for good one day. How is this possible? Similar to the ethical worm, these viruses would mainly be used to distribute network patches to repair vulnerabilities. Here is a bit more on the theory.

The Function of a "Good" Computer Virus

First of all, the virus would have to exclude the primary function of a typical virus, which is running on a victimized machine without authorization. The propagation would be similar to the one used for malicious purposes, but instead deliver a good payload, opposed to one that is destructive. Because of this, experts believe that anyone found guilty of distributing a good virus should be charged with the same offense as someone distributing malicious code, though with reduced penalties, as the damage is liable to be not as severe.

However, this supposed good virus would not only spread and execute itself without permission, but also consume bandwidth, disk space, memory and processor cycles. All of these factors could possibly result in the denial of the those resources to system administrators, a condition more commonly termed as a DoS (denial-of-service) attack.

Good vs. Malicious Viruses

Another problem would be distinguishing the good virus from malicious programs. While identifying a known virus is fairly easy with the right technology, separating it from the unknown good code may be difficult. Since a good number of legitimate programs have been known to damage and mistakenly remove files, this ability alone isn't enough to truly identify malware. Perhaps this good virus would be limited to removing programs, as it can combine its code with an individual program. However, this would certainly be an inconvenience for those developing self-extracting archive software. Assuming this as the major obstacle, how would a good virus distinguish another from a malicious program? Both would behave similarly with the tendency to damage or destroy other files. One would only hope that creators of these viruses carefully script their codes to identify other good variants, a task that seems difficult or next to impossible when considering polymorphism.

Good viruses would have to be written to near perfection for a number of reasons. If they happen to mistakenly delete software and operating system patches, they would essentially be just as much trouble as malicious viruses. There is also the strong possibly of unscrupulous characters mutating the good virus with evil strains. These new strains are likely to be identified as good viruses, even though they contain a destructive payload, one capable of destroying all other identifiable good viruses.

With so much still in the air, we may find ourselves reflecting on the day when good viruses first invaded our systems, strengthening the malicious epidemic. If these viruses of the future aren't written properly, they could inevitably improve the breed of destructive programs just before being wiped out by variants of their own code. While this is certainly a hot topic, many security experts believe that spreading good viruses could eventually end up causing more harm than good.

How to Run a Virus Scan

You simply can't put a price on security these days. Any computer with an online connection must be shielded from the many threats lurking on the internet. Just imagine a malicious program slithering into your system, executing itself and offsetting a wave of destruction within a matter of minutes. The impact of an infection may range from subtle to devastating; slowing down the performance of your computer or deleting all of your important files and rendering your applications inoperable. Without implementing the proper security measures, all of the above could be your reality.

When malicious items such a virus, worm or Trojan enters your system, it may be days or even weeks before you're aware of the problem. The best way to learn if your computer has been infected is to run a virus scan on all system files and directories. A scan is a basic function performed by anti-virus software. This component thoroughly combs the hard drive of your computer in search of harmful or unwanted items. If questionable items are detected, the scanner displays a description of the file and the nature of the infection.

Simple Steps for Long-Term Protection

Running a virus scan is a simple yet essential step towards protecting your computer. As internet threats continue to evolve into huge problems, technology has enabled security experts to fight back with advanced solutions. There are now many available options for running a virus scan on your computer. You may begin by signing online and performing a scan over the internet. In this case, the scanner typically searches and detects infections but requires you to buy the full version of a particular program to the eradicate the threat. You also have totally free software such as products by ClamWin and AVG. These programs run a complete scan of your system, are thorough at detecting threats and removing them as well. The most reliable protection is much more expensive yet well worth it when considering the level of security implementation. Programs developed by leading brand name vendors such as McAfee, Symantec and Kaspersky offer all-in-one solutions capable of detecting viruses, spyware and more complex types of malware. They are often coupled with firewall components to keep intruders out of your system and also receive daily updates to keep you protected against the latest threats roaming the web.

Start with a Virus Scanner

By installing a virus scanner, you're essentially activating 24/7 protection for your computer. The scan engine can be easily configured to run on a predetermined schedule or right at your command. It may also function continuously in the background as you knockout important everyday tasks, an automated process that keeps you productive and safe at the same time.

With a virus scanner on deck, the chances of contracting a nasty infection are drastically reduced. This allows you to surf the web in confidence, tend to all of your emails and download important files without being concerned with malicious threats. More importantly, it brings a piece of mind by knowing your computer will perform like a champ over a significant period of time.

Beware of the Overwriting Virus

Computer viruses come in numerous forms with many different functions. Some are rather simplistic and can be detected by the average user while others are complex and go unseen for sometime. The most common viruses fall under the classification of file infectors, which operate by infecting executable files. They achieve this by inserting their malicious code into an area of the original file, allowing it to be executed whenever the file is accessed. Some of them are able to completely overwrite a file, rendering an entire program useless.

Considering their destructive nature, overwriting viruses have been identified as the most dangerous of them all. They have been known to exploit a wide range of operating systems including Linux, Macintosh, Windows and DOS platforms. Once a victim file has been infected, it is then overwritten with a malicious code from the virus. If a user does not spot the infection in time, an overwriting virus can inflict irreversible damage to numerous files. A system that has been compromised by this type of infection can easily become unstable and eventually inoperable. Files that have been corrupted by the overwriting virus cannot be disinfected. Instead they must be completely deleted and restored from a backup source.

Well-Known Overwriting Viruses

Grog.377 - Known as a non-memory resident virus, it interprets a random sector of a hard disk in search of special instructions. If instructions exist, it overwrites that part of the sector with a malicious code. When launched, the infection can inflict considerable damage on system BIOS and prevent a computer from booting up.

Grog.202/456 - Two of the most dangerous overwriting viruses. They seek out COM. files in the current directory, quickly deleting and replacing the content with malicious code. If no COM. files are found in that particular directory, the GROG virus dials a random phone number over the user's modem in search of interconnected network computers. Both of these infections are also considered to be non-memory overwriting viruses.

Loveletter - Perhaps the most complex overwriting virus. Like other variants, it's main intend is to seek out files and overwrite them with malicious code. What makes this virus different is that it acts as file infector, an email worm and a Trojan horse capable of downloading other types of malware.

Overwriting viruses were initially deployed because of their effectiveness; a way for the infection to infuse itself with an innocent file. This corrupts the original file in such a way that it can't be disinfected. Many of them are able to escape the scanner of an anti-virus program, making no alterations to the victim file so changes aren't detected.

While they were very effective, most malicious codes do not write this type of virus anymore. Many tend to focus on tempting users with genuine Trojan horses and distributing malware via email. At the same time, you must keep your computer protected from all probable threats at all times. Your best bet would be installing a quality anti-virus program and conducting frequent scans for suspicious activity.

Recognizing the Multipartite Virus

Being infected with a virus can be a real drag ... literally. A virus can tremendously falter the performance of your computer, overwrite important files and eventually make your programs unaccessible. The infection is liable to spread so widely that normal activity such as surfing the internet may become impossible.

Viruses are composed of many different classifications, often termed by the areas they corrupt as well as their method of infection. Most are placed into the categories of file infectors, boot infectors and system infectors; all known to inflict a great amount of damage. Also common are macro viruses, which tend to be less harmful than other types. They are known to infect word processing applications by inserting unwanted text or phrases. One of the most dangerous and complex infections threatening computer users is the multipartite virus, also referred to as the multi-part of the hybrid virus.

The multipartite virus combines the characteristics of more than one type which gives it the ability to infect boot system sectors as well as program files. It often infects the section on a hard drive that contains data which instructs the machine on how to boot up. Whenever the computer starts, the virus is automatically distributed throughout the system. This enables it to spread and infect program files, causing a user to unknowingly invoke the virus, resulting in more destructive payloads being delivered into the system.

Ghostball, the first multipartite virus, was discovered by a member of the Icelandic company, FRISK Software International Corporation. Later variants include the Emperor, Tequila and Anthrax.

Signs of the Virus

Although the effects of some infections are subtle and go unnoticed, a multipartite virus tends to work fast. Here is what you should look for:

• the controllers for your drives are no longer present in the "Device Manager"

• you receive constant messages stating that virtual memory is low

• the content on your screen looks as if it's melting

• the size of your applications and files keep changing

• your hard drive reformats itself

• the extensions of your word processing documents are modified from DOC. to DOT.

• your programs take much longer to load than before or will not open at all

Security Measures against the Multipartite Virus

A multipartite virus is often quite difficult to eliminate. If the infected boot sectors are disinfected but the corrupted files are not, those sectors will be re-infected within a matter of minutes. If the infected program files are cleaned but the virus remains present in the boot sectors, those files will eventually be infected again. Because of it's multi-infectious nature, it will repeatedly infect a host system if not completely eliminated. Because of this, many security experts have suggested that the best defense against this virus is prevention opposed to a cure. They also recommend that users practice various security measures by doing the following:

- install quality anti-virus software

- make sure virus definitions of the scanner are regularly updated

- never open an attachment from an unsolicited message

- taking caution when surfing the internet and downloading files from a questionable website