Technology, Data Recovery, Cell Phones, Latest Gadgets, Game Reviews

I am never quite sure that I understand the point of computer viruses.
Perhaps I am not alone in that it is frequently presumed that hackers
hold virus writers in low regard due to the perceived lack of skills
that the latter have and the indiscriminate damage caused by viruses.
Perhaps the very raison d’être of viruses is where I miss the point:
presumably the attraction in writing and unleashing viruses is the very
fact that you (as the writer) can do it, and then sit back and watch the
trail of havoc you have created. Some such trails are very long indeed.
Research has shown (surprise, surprise) that the majority of virus
writers are intelligent males between 15 and 23 years old who are
probably bored, curious, intent on testing what can be done or simply
vindictive. The main psychological buzz that viruses bring to their
writers is either the intellectual satisfaction of completing the challenge
they have set themselves or the fact that they are fighting the ‘system’.
The word ‘virus’ has itself mutated into more of a generic term which
is now used to cover a multitude of computer vermin (also known as
malicious software).
A virus, per se, is a manmade, independent program or piece of code
that is loaded onto your computer or system without your knowledge,
and runs in the same manner. Viruses usually spread by ‘infected’ files
that are passed between computers. Five years ago the largest risk was
probably users inserting floppy disks that were infected into their PC.
Now the infinitely more critical risk is viruses originating via the
Internet. Viruses can reproduce themselves, attach themselves to other
programs, create copies of themselves. Viruses normally damage or
corrupt data, use available memory, clutter up disk space and bring
the system to an abrupt halt. The most dangerous types of virusestransmit across networks, exploiting security flaws. Running a antivirus
program that isn’t up to date is almost worse than useless; even
the best fully up-to-date anti-virus programs cannot protect against
all viruses. Somewhat ironically, there is also a thriving market in hoax
viruses, mostly through e-mails that claim to have latest information
and demand that you pass them on.
Then there are worms. The use of the word in this sense was originated
in a 1982 research paper by John Shoch and Jon Hupp of the Xerox
Palo Alto Research Center. However, this paper derived the term from
‘The Shockwave Rider’ by John Brunner, published in the early 1970s
and now promoted as ‘a cyberpunk story from the days before cyberpunk
was a concept’. Normally a worm propagates/replicates itself
across a computer network causing malicious damage such as using
up resources (storage, processing time) and shutting the system down.
The worm may copy itself from one disk drive to another or via email.
Worms appear to be the computer infection of choice, accounting
for approximately half of the computer infections in 2000. Whereas in
the past some technical knowledge would have been required to create
worms, now worm generators can be downloaded from the Internet.
A typical transmission mechanism for worms is an ‘interesting e-mail
attachment’; other worms need no human intervention and infect
computers with specific security flaws and then seek out other computers
that have the same flaw. Because of the power to replicate it is
now being argued that worms have in effect caused denial of service
attacks on the Internet because of the bandwidth consumed by them.
In the roll call of infamous worms are:

The Anna Kournikova virus – which was, in strict terms, not a
virus but a worm (2001).

The Christmas Tree virus – possibly the first worm on a worldwide
network that spread across BITNET in December 1987.

The Cornell Internet Worm – which exploited computer security
flaws in 1988 and infected about 5 per cent of those users
connected to the prototype Internet.
The key difference between a virus and a worm is the method by which
each replicates and spreads: a virus is dependent on a host file or
computer’s boot sector while a worm can run completely independently
and spread by itself through network connections.
Just like in Homer’s Iliad a Trojan horse is something that is apparently
harmless (or even beneficial) but once inside the gates turns outto be something else entirely. Trojan horses do not replicate like viruses
and worms, but can still be extremely destructive. Trojan horses rely
on users to install them, or they can be installed by intruders who
have gained unauthorized access by other means. Then, an intruder
attempting to subvert a system using a Trojan horse relies on other
users running the Trojan horse to be successful. Among various Trojan
horses that are common are anti-virus programs that actually install
viruses and software upgrades that are nothing of the kind, but when
loaded proceed to modify files and contact other remote systems.
A logic bomb will lay dormant in a system until triggered by some
event or specific system condition. When set off, the bomb will carry
out a malicious act, or set of acts such as changing random data or
making the disk unreadable, The trigger mechanism can be anything
– among favourites are a specific date, a specific event or the number
of times a certain thing is done (even the number of boot-ups). A logic
bomb does not replicate itself.
These various forms of malicious software are no joke: in September
2001 the Reuters news agency reported that the total global cost of
viruses was US $ 17.1 billion in 2000 and US $ 12.1 billion in 1999. The
main reasons for such phenomenal costs were:

The Code Red Worm, which by September 2001 had already cost
US $2.6 billion, comprising US $1.5 billion in lost productivity
costs and US $1.1 billion in cleaning up computer systems.

The Sircam virus, which cost US$1.04 billion in total including
US $575 million in lost productivity and US $460 in clean-up costs

The Love Bug virus, which still remains the most financially
damaging virus ever, costing US $8.7 billion in lost productivity
and clean-up costs.
The Code Red worm itself is a fascinating example as to how the digital
world, once again, is really a very small place: its major inherent risks
are ever present in its fundamental global interconnectivity. This worm
is not aimed at Windows 3.1, Windows 95, Windows 98 or Windows
ME systems but attacks Windows NT 4.0 and Windows 2000 computers
and Web sites that use that technology. The world of viruses holds
a certain academic interest combined with curiosity value to see what
fascinating damage can be caused – useless beauty indeed. Examples
include:

1) CIH or the Chernobyl virus. This was created by a student in
Taiwan in 1998 and struck up to a million PCs on April 26 1999
as well as cropping up at various times after that date until now.
This virus only attacks Windows 95 and 98 systems and is
triggered when the date is 26 April (or if you have a PC that shows
the wrong date it strikes when your system states it is this date).
The virus overwrites critical information on your hard disk, and
in some cases deletes information stored in the PC’s bios memory,
which then makes it impossible to boot the PC. Just to confuse
the situation some variants of this virus trigger on the 26th day
of other months.

2) The FunLove virus. To their embarrassment in April 2001 Microsoft
e-mailed their key support customers to inform them that
they may have been infected with the FunLove virus. The reason
for the infection? One of Microsoft’s Servers did not have antivirus
software installed – the server that provides updates and
bug fixes to Microsoft’s premier customers.

3) The Sircam worm. This can potentially create more damage than
wrecking your system by random mailings of documents on
the users’ hard drive. Sircam arrives by mass e-mailing using
Outlook Express to distribute itself. The e-mail arrives with a
fairly innocuous attachment, reading something along the lines
of ‘Hi how are you? I send you this file in order to have your
advice. See you later! Thanks’. This message is helpfully also
available in Spanish. Once the attachment is opened Sircam
gathers files from the user’s hard drive and all the e-mail
addresses in Windows address book. The virus then sends copies
of itself to all of the addresses it has obtained – together with a
randomly chosen file. Additionally Sircam computes a random
number that has a 1 in 33 chance of triggering the PC to fill up
all of the remaining space on the hard disk by adding text at each
start up to a system file that the worm has installed in the recycle
bin. The choice of Windows Recycle Bin for the location of this
file was interesting, as most virus checkers did not check the
Recycle Bin. Then the worm checks to see if the date is October
16; if it is and the PC is using the European date format the worm
will generate another random number – this time it has a 1 in 20
probability of success. Success being a relative term: as victory
for the worm will result in the machine deleting all of the files
on its hard drive.



The wonderful world of viruses is further complicated by hoax viruses
together with various e-mail security bulletins which purport to alert
the user to new viruses but in fact contain a virus themselves. One
such e-mail tells users that their PC contains a virus called sulfnbk.exe,
which should be deleted – the drawback being that this is a perfectly
legitimate file in Windows, which is a utility that restores long file
names. The Web site www.vmyths.com contains many more examples
of similar incidents.
The best response towards viruses is to adopt common sense policies
and procedures regarding the following key topics:

Don’t use illegal or counterfeit software, and never run an
unknown disk without virus checking it.

Always back up your files.

Delete e-mail attachments, specifically where the sender is
unknown to you.

Do not let others borrow program disks – if you do virus check
them before you use them again.

Always run an anti-virus program, and just as importantly make
sure that it is updated frequently.

If you download software from the Internet always do it to a
diskette, not directly to your hard drive (for further security you
can write protect your hard drive during this operation).

Disable Word Macros and ensure that, depending which version
of Word you are using, macro virus protection (if present) is
running.

Be aware of strange occurrences on your system (although most
systems appear to have such events on a daily basis without it
necessarily indicating that a virus is present!). Watch out for:
– your system slowing down;
– files that disappear (although by its very nature this is easier
said than done);
– attempts to access the hard disk to read or write when there
should be no such activity;
– strange display corruption and/or unusual visual occurrences;
– unusually large program file;
– decreases in memory or reduced disk space.

Educate users about computer viruses, what they do, how to
recognize them, how they can be prevented and what actions to
take immediately one is discovered