mini MHA
health informatics

Links to Information about Viruses and Trojan Horses



What is a virus?

A virus is an unwanted software program (application) that unknowingly attaches itself to your computer. It attempts to reproduce itself under specific circumstances. For example, each time a specific day of the month is encountered, the virus is activated. This is referred to as the "payload". Some viruses do nothing but reproduce themselves. Some perform trivial extras like beeping the keyboard, or forcing the file to be saved in a specific format. Some are more destructive and attempt to rename or erase files or destroy the hard drive. There are many varieties of viruses, but the most common are the macro virus and the boot sector virus.

Macro viruses are programming code, created by hackers or unethical programmers, which is either annoying, prankish or harmful. The macros are written to attach themselves to the default document of a software package such as Word or Excel. When an unsuspecting user opens a document containing a macro virus, the virus attaches itself to the default document. Each time a document is created or edited from this time forward, the virus attaches itself to that document. The problem escalates as the document is passed on to other computers by file sharing or e-mail. The virus continues to spread until it is removed.

Boot sector viruses attach themselves to the part of the disk that is read by the computer when it starts up. The boot sector contains important information about the disk. In most cases, the virus relocates this information to another location and displays its own code. A boot sector virus can be present on a diskette or a hard drive. It is spread by placing a clean diskette in to an infected computerís diskette drive,. The virus is copied to the boot sector of the diskette, and the diskette becomes infected. The diskette is then moved to another computer, and the cycle continues until the virus is removed.

You can find more information at Catch and Cure That Virus!.


What is a Trojan Horse?

A Trojan Horse is a malicious, security-breaking program that is disguised as something benign, such as a directory lister, archiver, game, or (in one notorious 1990 case on the Mac) a program to find and destroy viruses! When these programs are executed, the embedded virus is executed too, thus propagating the `infection'. This normally happens invisibly to the user.

This is unlike a worm, a virus that cannot infect other computers without assistance. It is propagated by vectors such as humans trading programs with their friends. The virus may do nothing but propagate itself and then allow the program to run normally. Usually, however, after propagating silently for a while, it starts doing things like writing cute messages on the terminal or playing strange tricks with the display (some viruses include nice display hacks). Many nasty viruses, written by particularly perversely minded crackers, do irreversible damage, like nuking all the user's files.


How do I Avoid a Computer Virus?

A computer virus is a program and not a microorganism, but it is infectious and can be highly complex. Viruses implant instructions in other programs or storage devices that can attack, scramble, or erase computer data. The following activities are among the most common ways of getting computer viruses. Minimizing the frequency of these activities will reduce your risk of getting a computer virus:
Freely sharing computer programs and system disks
Downloading executable software from public-access bulletin boards
Using floppy disks, etc. with public computers that are used by more than one person.

It is usually the unwary who get computer viruses. The following is a list of some recommendations for safe computing:
1.Install virus detection software on your computer.
2.Back up your files.
3.If you must insert one of your "floppies" into an unknown machine, lock (write protect) it first, and unlock your application disk only after verifying that the machine is "clean".
4.Obtain public-domain software from reputable sources. Check new software with virus detection software before you copy it to a hard disk.
5.Quarantine infected systems. If you discover a system is infected with a virus, immediately isolate it from other systems.

More about viruses from Peter Tippett including information such as:

The Virus Problem is Exceedingly Costly: Despite the fact that viruses don't often cause the kinds of damage we originally feared, they are indeed a very expensive and productivity-draining problem which is only getting worse. NCSA's "Computer Virus Cost Analysis" shows the average computer site (with 1000 PCs) will spend more than $300,000 on computer virus clean-up this year! As a group, computer viruses have conservatively cost US computer users over a billion dollars in the past two years!

The Data Super Highway Could Make Things Considerably Worse: Unless we address the right problems, not the misconceived virus, security and system management issues, the increased connectivity that a nationwide data path will provide will inevitably spell total chaos--not only with regard to computer viruses, but also from other computer security, management and ethical issues. Since computers, televisions, radio, telephone, libraries, money, credit, and a host of other things that we think of today as separate entities will soon all converge into the same or co-existing digital systems, the chaos may potentially extend to society-crippling proportions.

The Misconceptions:If the virus issue has generated anything, it has generated misconceptions. Sadly, even most technical computer users and analysts still adhere to many of these. The fact that most organizations who experience computer virus problems will not talk about them for fear of hurting their public image furthers the problem. The result is that most approaches we collectively take to combat the virus problem are based on premises which simply are not true.

Misconception #1: Computer bulletin board software should be avoided because BBSs are a leading source of computer viruses. The fact is that the most common viruses (the boot track type) could not possibly be either loaded to or downloaded from a bulletin board by any normal or accidental means. Of the computer viruses which could move this way, most simply do not. Bulletin board operators and users are actually a very conscientious lot. This means that any policy against using modems, bulletin boards, public-domain software, or shareware will have no significant benefit in reducing an organization's virus problem.

Misconception #2: Software piracy is the leading cause of virus spread. Viruses travel more with program diskettes than with data-only diskettes. The fact is that bootlegged software does contribute to the virus problem, but the much more significant contributor is diskettes which contain only data (or even no data, like blank formatted diskettes). Although it is true that computer viruses cannot infect data per se and survive to reproduce, the most common viruses can and do infect the diskettes carrying only data. And when those diskettes are used, the virus can infect the next computer's hard drive or files.

Misconception #3: Most viruses intentionally cause damage by erasing files, formatting disks, etc. The fact is that most viruses do not intentionally cause any explicit damage. And even the viruses which are programmed to trigger a damaging activity almost never cause harm by this programmed activity. This is because most virus instances are discovered before the programmed "trigger date." Once discovered, the real costs of computer viruses come into play--the work in trying to find all instances of them in your computer and at your site, and in trying to remove them and de-contaminate the computers, disks, and programs that the viruses have infected.

Misconception #4: There are good viruses and bad ones. This is a very common misconception. Those who write and distribute computer viruses commonly claim that theirs is a "benign" virus because it has no malicious trigger event and does no intentional harm. They are duped by the same set of misconceptions that have duped the rest of us--that the problems computer viruses cause are mainly due to the trigger events. In fact, because all viruses replicate without the computer user's or owner's knowledge or consent (by definition), the very act of replicating is an act of contamination and is itself harmful. It is much like cancer. The cancer cells themselves are normally not harmful or poisonous, but the fact that they keep growing and cannot be easily discerned or separated from the non-cancer cells makes finding and getting rid of the invasion particularly difficult.

Misconception #5: The virus problem waxes and wanes every few years. Despite the fact that the news about computer viruses comes in waves (mainly the Friday the 13th--Columbus day wave in October 1989, and the Michelangelo wave in February/March 1992), the computer virus problem has grown rather steadily and predictably since it began. During the Michelangelo "crisis", 95 percent of problems that users experienced from computer viruses were actually (and predictably) caused by virus strains other than Michelangelo!

Misconception #6: Computer security is effective against computer viruses. One would think that the reason we have so many computer viruses is that our computers are not "secure". In fact, traditional computer security--that is, computer secrecy including access controls and encryptio--have almost no effect on computer viruses. During Desert Shield, a significant part of our own command and control network (a quite "secure" network, as you might imagine) was, in fact, infected by the then most common computer virus. The virus, called Jerusalem, works quite well in a system where everything is encrypted--it too becomes encrypted, and only becomes unencrypted when it needs to infect something.

Misconception #7: Another common misconception is that the computer hardware manufacturers or the computer operating software vendors ought to provide us with systems which cannot become infected. The fact is that computer viruses are just computer programs. Computers are designed to run computer programs. And there is nothing universal about computer viruses that would allow them to be distinguished in advance from any other program. Then we arrive at the unfortunate truth that--computers are made to run computer viruses! Although it is possible to make it more challenging for computer virus creators, it is not possible to make a virus-proof computer (unless we do not let that computer run any new programs).


Some sample virus information:
EXEBug
Rainbow Virus
Yankee Virus
The Stoned Virus
The Russian New Year Virus


General Information
PC Virus Information
Crypt Newsletter
Virus Bulletin
Woody's Office Virus Page
Terminology
Do Not Call Registry

Myths, Hoaxes, and Urban Legends
Computer Virus Myths
McAffee Hoax Index

Virus Descriptions
McAfee Information Library
Ten Most Common Viruses
Virus Information Index
Word viruses
Cheyenne's Virus Descriptions
CIAC Department of Energy Bulletin

Origins
Who Writes this Stuff?
Interview with The Virus Writer
Interview with The Virus Writer -- continued
Inside the Mind of the Dark Avenger
Trends in Virus Writing

Product Certification
Internet Computer Security Association

Anti-virus packages are quite similar.
Whichever you select, the key is to install it, use it, and
KEEP UPDATED your virus patterns updated.
However, know your products so you don't ask,
I'm Protected. Right?

Products
McAfee VirusScan
Norton Anti-Virus
F-PROT
Thunder Byte Anti-virus
Command Software Systems
Dr. Solomon's


| Go to the Agenda | Go to Dr. Sauter's home page |


Page Owner: Professor Sauter (Vicki.Sauter@umsl.edu)

© Vicki L. Sauter. All rights Reserved.