Viruses

Over the last few years  I have been receiving quite a number of viruses.  Fortunately I have Norton Anti-Virus installed and so the virus is usually deleted before it can get into my system.  Most viruses are easy to spot - they rely on your curiousity and let YOU open the door to your computer.  

Most recently the most common is the worm virus NETSKY  and W32/Netsky-AC is a mass mailing worm. - it invades your hard drive - copies itself to the Windows folder.

It then harvests email addresses from your computer and sends out emails - marrying one email address to another - all from YOUR computer.  It will send out an email to "Joebloggs" from "Another"  That is how the virus replicates itself!   Unfortunately "Another" gets the blame for the virus!!  That is how I keep receiving viruses which have to be destroyed!  Sometimes my email address is on your computer so I get the blame for the virus!!

So please!  Use Anti-Virus software! And be sure to keep it up to date - at least once per week.

• What is Malware?
  Malware ? short for malicious software ? refers to any malicious or unexpected program or code such as viruses, Trojans, and droppers. Not all malicious programs or codes are viruses. Viruses, however, occupy a majority of all known malware to date including worms. The other major types of malware are Trojans, droppers, and kits.

  Due to the many facets of malicious code or a malicious program, referring to it as malware helps to avoid confusion. For example, a virus that also has Trojan-like capabilities can be called malware.

  What is a Trojan?
  A Trojan is malware that performs unexpected or unauthorized, often malicious, actions. The main difference between a Trojan and a virus is the inability to replicate. Trojans cause damage, unexpected system behavior, and compromise the security of systems, but do not replicate. If it replicates, then it should be classified as a virus.

  A Trojan, coined from Greek mythology's Trojan horse, typically comes in good packaging but has some hidden malicious intent within its code. When a Trojan is executed users will likely experience unwanted system problems in operation, and sometimes loss of valuable data.

  What is a Virus?
  A computer virus is a program ? a piece of executable code ? that has the unique ability to replicate. Like biological viruses, computer viruses can spread quickly and are often difficult to eradicate. They can attach themselves to just about any type of file and are spread as files that are copied and sent from individual to individual.
  
  A virus must meet two criteria:

  • It must execute itself. It will often place its own code in the path of execution of another program.

  • It must replicate itself. For example, it may replace other executable files with a copy of the virus infected file. Viruses can infect desktop computers and network servers alike.

  In addition to replication, some computer viruses share another commonality: a damage routine that delivers the virus payload. While payloads may only display messages or images, they can also destroy files, reformat your hard drive, or cause other damage. If the virus does not contain a damage routine, it can cause trouble by consuming storage space and memory, and degrading the overall performance of your computer.

  Several years ago most viruses spread primarily via floppy disk, but the Internet has introduced new virus distribution mechanisms. With email now used as an essential business communication tool, viruses are spreading faster than ever. Viruses attached to email messages can infect an entire enterprise in a matter of minutes, costing companies millions of dollars annually in lost productivity and clean-up expenses.

  Viruses won't go away anytime soon: More than 60,000 have been identified, and 400 new ones are created every month, according to the International Computer Security Association (ICSA). With numbers like this, it's safe to say that most organizations will regularly encounter virus outbreaks. No one who uses computers is immune to viruses.

  Life Cycle of a Virus
  The life cycle of a virus begins when it is created and ends when it is completely eradicated. The following outline describes each stage:

  Creation
  Until recently, creating a virus required knowledge of a computer programming language. Today anyone with basic programming knowledge can create a virus. Typically, individuals who wish to cause widespread, random damage to computers create viruses.

  Replication
  Viruses typically replicate for a long period of time before they activate, allowing plenty of time to spread.

  Activation
  Viruses with damage routines will activate when certain conditions are met, for example, on a certain date or when the infected user performs a particular action. Viruses without damage routines do not activate, instead causing damage by stealing storage space.

  Discovery
  This phase does not always follow activation, but typically does. When a virus is detected and isolated, it is sent to the ICSA in Washington, D.C., to be documented and distributed to antivirus software developers. Discovery normally takes place at least one year before the virus might have become a threat to the computing community.

  Assimilation
  At this point, antivirus software developers modify their software so that it can detect the new virus. This can take anywhere from one day to six months, depending on the developer and the virus type.

  Eradication
  If enough users install up-to-date virus protection software, any virus can be wiped out. So far no viruses have disappeared completely, but some have long ceased to be a major threat.

  What can you do to Protect against Malware?
  There are many things you can do to protect against malware. At the top of the list is using a powerful antivirus product, and keeping it up-to-date with the latest pattern files. To learn more about Trend Micro's offerings, and find out which solution is right for you, please view the interactive Trend Micro Enterprise Solution diagram.

• Viruses infect other files;

• Worms make copies of themselves;

• Trojans perform malicious actions but do not spread;

• Malware is an all-encompassing term that describes any malicious software program or file operating without the users explicit consent.

There are five recognized types of viruses:

• File infector viruses: File infector viruses infect program files. These viruses normally infect executable code, such as .com and .exe files. The can infect other files when an infected program is run from floppy, hard drive, or from the network. Many of these viruses are memory resident. After memory becomes infected, any noninfected executable that runs becomes infected. Examples of known file infector viruses include Jerusalem and Cascade.
   

• Boot sector viruses: Boot sector viruses infect the system area of a disk--that is, the boot record on floppy disks and hard disks. All floppy disks and hard disks (including disks containing only data) contain a small program in the boot record that is run when the computer starts up. Boot sector viruses attach themselves to this part of the disk and activate when the user attempts to start up from the infected disk. These viruses are always memory resident in nature. Most were written for DOS, but, all PCs, regardless of the operating system, are potential targets of this type of virus. All that is required to become infected is to attempt to start up your computer with an infected floppy disk Thereafter, while the virus remains in memory, all floppy disks that are not write protected will become infected when the floppy disk is accessed. Examples of boot sector viruses are Form, Disk Killer, Michelangelo, and Stoned.
   

• Master boot record viruses: Master boot record viruses are memory resident viruses that infect disks in the same manner as boot sector viruses. The difference between these two virus types is where the viral code is located. Master boot record infectors normally save a legitimate copy of the master boot record in an different location. Windows NT computers that become infected by either boot sector viruses or master boot sector viruses will not boot. This is due to the difference in how the operating system accesses its boot information, as compared to Windows 95/98. If your Windows NT systems is formatted with FAT partitions you can usually remove the virus by booting to DOS and using antivirus software. If the boot partition is NTFS, the system must be recovered by using the three Windows NT Setup disks. Examples of master boot record infectors are NYB, AntiExe, and Unashamed.
   

• Multi-partite viruses: Multi-partite (also known as polypartite) viruses infect both boot records and program files. These are particularly difficult to repair. If the boot area is cleaned, but the files are not, the boot area will be reinfected. The same holds true for cleaning infected files. If the virus is not removed from the boot area, any files that you have cleaned will be reinfected. Examples of multi-partite viruses include One_Half, Emperor, Anthrax and Tequilla.
   

• Macro viruses: These types of viruses infect data files. They are the most common and have cost corporations the most money and time trying to repair. With the advent of Visual Basic in Microsoft's Office 97, a macro virus can be written that not only infects data files, but also can infect other files as well. Macro viruses infect Microsoft Office Word, Excel, PowerPoint and Access files. Newer strains are now turning up in other programs as well. All of these viruses use another program's internal programming language, which was created to allow users to automate certain tasks within that program. Because of the ease with which these viruses can be created, there are now thousands of them in circulation. Examples of macro viruses include W97M.Melissa, WM.NiceDay and W97M.Groov.

What is a virus hoax?
Virus hoaxes are messages, almost always sent by email, that amount to little more than chain letters. Some of the common phrases used in these hoaxes are:

• If you receive an email titled [email virus hoax name here], do not open it!

• Delete it immediately!

• It contains the [hoax name] virus.

• It will delete everything on your hard drive and [extreme and improbable danger specified here].

• This virus was announced today by [reputable organization name here].

• Forward this warning to everyone you know!

Most virus hoax warnings do not deviate far from this pattern. If you are unsure if a virus warning is legitimate or a hoax, additional information is available at:
http://www.symantec.com/avcenter/hoax.html

Malware

Malware is an even more appropriate term when one considers spyware, adware, and and browser hijacking techniques that may not fit in any of the aforementioned virus, worm, or Trojan classifications. Thus, malware can be defined as any program, file, or code that performs malicious actions on the target system without the user?s express consent. This is in contrast to Sneakyware, which can best be described as any program, file, or code that the user agrees to run or install without realizing the full implications of that choice. One of the best examples of Sneakyware was Friendly Greetings, a greeting-card trick that exploited users? willingness to say Yes without reading the licensing agreement. By doing so, they were blindly agreeing to allow the same email to be sent to all contacts listed in their address book.