TECHBEAT Computer Worms and Viruses: December 2002 IBEW Journal As the world becomes more dependent on technology, systems become more prone to techno-glitches. Some threats, such as software bugs, are unintentional, but many are specifically created to weaken or destroy systems. "Cracking" is the term for infiltrating computer systems with malicious intent. In the early days, crackers broke into systems simply to prove that it could be done; now they often have profit-based motivescracking to get free goods or services, including stealing credit card information. Presently, we are seeing a proliferation of politically motivated crackers, such as the attack on Afghanistans official Web site in September of last year, which resulted in the sites removal from the Internet. Most breaches are caused by malicious software. Malware Malicious software, or "malware," are programs that have been created to do harm. All malware currently falls into one of three categories: viruses, worms or Trojan Horses. However, as technology becomes more advanced, new forms of malware are emerging. Sometimes, different forms of malware are merged to create blended threats. 1. Viruses First seen in 1981, viruses are the oldest type of malware that changes how a computer functions. It self-executes and self-replicates. There are approximately 30,000 active viruses. However, only a small number of these viruses have the potential to cause significant damage; most only survive in the computer laboratory in which they were created. A file infector spreads by attaching to program files and, when the program is running, self-installing and then infecting the next software application. File infectors are not prolific because they tend to crash the operating system (OS) and they cannot adapt to a new OS, which makes them the least resilient of the viruses. A boot sector virus attaches to the boot record of hard disks and floppy disks. When the computer is booted, this virus loads itself into the computer memory. These viruses can infect all hard disks and diskettes of the infected computer. However, boot-sector viruses are no longer a significant threat since few people boot from a floppy disk. Unlike file infectors and boot-sector viruses, a macro virus infects data files instead of program files. Since people exchange data more frequently than programs, this is the easiest virus to spread and is most often disseminated through e-mail attachments. 2. Worms A worm is a self-replicating program. that can copy itself from one disk drive to another or use a transportation mechanism, such as e-mail or Internet Relay Chat (IRC). Worms generally damage the integrity of a computer. One of the most prolific and well-known worms was the ILOVEYOU. On May 3, 2000, this worm was sent out from Manila, Philippines. Within five hours it had spread through North America, Europe and Asia via e-mail and caused tens of millions of dollars in damage. Within hours of receiving the worm, many of the major anti-virus software companies had developed patches against this worm and dispatched them to registered users. Worms can also affect computers in other ways such as preventing Web site access. This is called distributed denial-of-service (DDoS). A DDoS plagued the White House Web site on July 19, 2001. First the Code Red worm was sent out to vulnerable computers. More than 250,000 computers were infected allowing the Code Red worm to use the infected computers as zombies (see glossary). The zombies constantly sent requests to the White House Web site. This prevented other users from being able to connect to the site, because of the number of computers trying to access the site. However, the White House neutralized the attack by changing the Web sites address. An effective DDoS would have made the site process more slowly and could have caused the site to crash. 3. Trojan Horses Trojan horses, or "Trojans," get their name from Homers Iliad. After failing to breach the walls of the city of Troy, the Greeks presented Troy with a large wooden horse in which they had hidden their warriors. During the night the hidden warriors emerged and seized the city.
As the name implies, Trojans are presented as benevolent programs but have ulterior purposes, such as stealing passwords. The thief sends an e-mail with a file attached, usually a joke or screensaver program. After the user installs the software, it operates in the manner expected but carries out the hidden agenda by tracking passwords and then sending them back to the thief through a self-created Internet link. Trojan horses are also used to steal other valuable information, such as credit card data. Preventing or To prevent the damage caused by malware attacks, do not let malware reach your computer. Once your system is attacked, you might not be able to recover your files. Virus engineers can be quite ingenious at finding paths into your system. Anti-virus software stops viruses and other malware by scanning files entering your system through e-mail or disk drives. Then malware warnings and anti-virus updates are sent to registered users of the software when new malware is detected. Anti-virus software also detects damage caused by viruses, removes the virus, and allows the user to reinstall the program or file that has been damaged. But anti-virus software is often inadequately used. If the software is not set to automatically scan files or there are not regular updates to the software, it is not effective. In some cases, updates cannot be created and disseminated fast enough to prevent infection.
Another tool against malware intrusion is a firewall. A firewall is hardware or software that creates a defensive boundary between a private network and the public network or between different sections of a network. It filters both inbound and outbound traffic and checks for unauthorized files. An effective firewall can prevent malware from infiltrating a computer network, but many firewalls offer inadequate protection against intrusion. A firewall can be defeated in three ways: Going around the firewall is usually the easiest. As more office equipment requires network and Internet access, there are more avenues for attacks. Script kiddies (see glossary) will often choose to attack by going around the firewall, since they are able to use pre-configured scripts that can find vulnerable openings. Invading a network by slipping code through the firewall can be either very difficult or extremely easy, depending on the firewall. Once the seemingly legitimate information cloaking coding has slipped through the firewall, a connection is opened for the invader. The final way to defeat a firewall is by controlling the gatekeeper, the part of the firewall coding that determines the files that can enter the network. Control of the gatekeeper can defeat the firewall by giving entry to files that should not gain access and by denying legitimate interface. The best way to prevent all forms of intrusion is to have multiple firewalls throughout the network. Protecting computer systems from malware attacks is an omnipresent task in the 21st century; current information is the best defense. Current malware information is available at several sites on the Internet, such as:
|