Abstract :
Computer viruses
are called viruses because they share some of the traits of biological viruses. A computer virus passes
from computer
to computer like a
biological virus passes from person to person.
There are similarities
at a deeper level, as well. A biological virus is not a living thing. A virus is
a fragment of DNA inside a protective jacket. Unlike a cell, a virus has no way
to do anything or to reproduce by itself -- it is not alive. Instead, a biological
virus must inject its DNA into a cell. The viral DNA then uses the cell's existing
machinery to reproduce itself. In some cases, the cell fills with new viral particles
until it bursts, releasing the virus. In other cases, the new virus particles bud
off the cell one at a time, and the cell remains alive.
A computer
virus shares some of these traits. A computer virus must piggyback
on top of some other program or document in order to get executed. Once it is running,
it is then able to infect other programs or documents. Obviously, the analogy between
computer and biological viruses stretches things a bit, but there are enough similarities
that the name sticks.
When you listen
to the news, you hear about many different forms of electronic infection. The most
common are:
Viruses - A virus is a small piece of
software that piggybacks on real programs. For example, a virus might attach itself
to a program such as a spreadsheet program. Each time the spreadsheet program runs,
the virus runs, too, and it has the chance to reproduce (by attaching to other
programs) or wreak havoc.
E-mail viruses - An e-mail virus moves
around in e-mail messages,
and usually replicates itself by automatically mailing itself to dozensof
people in the victim's e-mail address book.
The latest thing
in the world of computer viruses is the e-mail virus, and the Melissa virus in
March 1999 was spectacular. Melissa spread in Microsoft Word documents sent via e-mail, and
it worked like this:
Someone created
the virus as a Word document uploaded to an Internet newsgroup. Anyone
who downloaded the document and opened it would trigger the virus. The virus would
then send the document (and therefore itself) in an e-mail message to the first
50 people in the person's address book. The e-mail message contained a friendly
note that included
the person's name,
so the recipient would open the document
thinking it was harmless. The virus would then create 50 new messages from the
recipient's machine. As a result, the Melissa virus was the fastest-spreading
virus ever seen! As mentioned earlier, it forced a number of large companies to
shut down their e- mail systems.
The ILOVEYOU
virus, which appeared on May 4, 2000, was even simpler. It contained a piece of
code as an attachment. People who double clicked on the attachment allowed the code
to execute. The code sent copies of itself to everyone in the victim's address book
and then started corrupting files on the victim's machine. This is as simple as
a virus can get. It is really more of a Trojan horse distributed by e-mail than
it is a virus.
The Melissa
virus took advantage of the programming language built into Microsoft Word called
VBA, or Visual Basic for Applications. It is a complete programming language and
it can be programmed to do things like modify files and send e-mail messages. It
also has a useful but dangerous auto-execute feature. A programmer can insert a
program into a document that runs instantly whenever the document is opened.
This is how the Melissa virus was programmed. Anyone who opened a document
infected with
Melissa would immediately activate the virus. It would send the 50 e- mails, and
then infect a central file called NORMAL.DOT so that any file saved later would
also contain the virus! It created a huge mess.
Microsoft applications
have a feature called Macro Virus Protection built into them to prevent this
sort of thing. With Macro Virus Protection turned on (the default option is ON),
the auto-execute feature is disabled. So when a document tries to auto- execute
viral code, a dialog pops up warning the user. Unfortunately, many people don't
know what macros or macro viruses are, and when they see the dialog they ignore
it, so the virus runs anyway. Many other people turn off the protection mechanism.
So the Melissa virus spread despite the safeguards in place to prevent it.
In the case
of the ILOVEYOU virus, the whole thing was human-powered. If a person double-clicked
on the program that came as an attachment, then the
program ran
and did its thing. What fueled this virus was the human willingness to double-click
on the executable.
Worms - A worm is
a small piece
of software that uses
computer networks and
security holes to replicate itself. A copy of the worm scans the network for another
machine that has a specific security hole. It copies itself to the new machine
using the security hole, and then starts replicating from there, as well.
A worm is a
computer program that has the ability to copy itself from machine to machine. Worms
normally move around and infect other machines through computer networks. Using
a network, a worm can expand from a single copy incredibly quickly. For example,
the Code Red worm replicated itself over 250,000 times in approximately nine hours
on July 19, 2001. A worm usually exploits some sort of security hole in a piece
of software or the operating system. For example, the Slammer worm (which
caused mayhem in January 2003) exploited a hole in Microsoft's SQL server. This article offers
a fascinating look inside Slammer's tiny (376 byte) program. Worms use up
computer time and network bandwidth when they are replicating, and they often have
some sort of evil intent.
Download :
Download :