Viruses and other forms of malicious software
The term "computer virus" is commonly used to refer to any piece of malicious software, or "malware" whose purpose is at best to make some type of personal statement by the author (e.g., "I did it!") and at worst to destroy computer-based information, to shut down networks by creating enormous amounts of network traffic and to cost organizations potentially millions of dollars in clean-up costs.Computer viruses are not the only type of malware. Aside from two distinct types of computer viruses, malware also includes worms, spyware and adware. This section describes the major types of malware and how to prevent becoming a victim.
Beginning in the 1980's, early computer viruses actually modified programs on each infected computer. The replication process would proceed as follows:
- An infected version of an otherwise valid program was executed on a computer. The infected portion of the program code would take control immediately upon execution.
- The infected code would search the memory, hard drives and diskette units installed on the host system and any network-based drives to which the host had access, looking for programs it could update.
- The infected code would then copy itself into a number of the updatable programs it found. Additionally, traditional viruses often infected a special program, called the "boot sector," which executes every time the computer is powered on or restarted. Each of those programs, when later executed, would be able to repeat this process, spreading the virus further.
- The infected code could then potentially execute destructive commands, such as those to erase the contents of the hard drive, or might merely display a seemingly innocent message.
- If the infected code did not shut down the computer, many viruses then would turn over control to the valid portion of the originally executed program which would display its normal startup messages and panels as if nothing had happened.
Hundreds of thousands of viruses have been created using this technique. The constant redistribution of these viruses, augmented by new viruses created every day, place every computer that does not have anti-virus software installed at significant risk.
Beginning with the "Melissa" virus in 1999, e-mail viruses have overtaken the traditional approach described above as the virus writers' method of choice, since they are far easier to develop. E-mail viruses exploit the ability of having scripts or macros embedded in word processing documents, spreadsheets, HTML pages, etc. that can be set to run when the document is opened. E-mail viruses usually replicate as follows:
- An infected program or document is opened.
- The program or document executes code to open the e-mail directory and to send a copy of itself as an e-mail attachment to a predetermined number of addresses. Note - each address could be an individual or a group.
- As the recipients open the attachment in the infected e-mail, the process repeats itself.
Note - the original program or document does not need to enter the system via e-mail. It could originate from any outside source, e.g., a USB key, a CD, a DVD, any other removable medium, a network drive, a web page.
Worms spread by exploiting unaddressed system vulnerabilities in computers that share a network with the infected device. These vulnerabilities can be found in operating systems, network software, Web server software, database software, applications, etc. Worms replicate in the following manner:
- An infected program or document is opened.
- The program or document executes code that scans available services on network devices to detect any unaddressed system vulnerabilities.
- If a vulnerability is found, the worm infects vulnerable service on the target device. Typically, the worm uses a "buffer overflow" technique to spread the infection. In a nutshell, the area of computer memory into which a piece of software receives its input messages ("message buffer") is usually surrounded by valid computer instructions. If there is no mechanism in the software that prevents an incoming message from exceeding the size of the message buffer, the excess data would continue to fill the area of computer memory beyond the buffer, possibly replacing valid computer instructions with malicious ones.
- Whenever the program attempts to perform any function that includes the corrupted instructions, it will activate the virus instead.
Spyware and adware
Spyware and adware are programs that can be secretly installed on your computer when you access the websites on the Internet that distribute them. The stated intent of these programs is often to determine your interests so that Internet sites can tailor their advertising to those interests. This typically involves capturing the names (or URLs) of the websites that you visit and storing that information either on an Internet-based computer or on your own computer in small files known as "cookies".
While just knowing an individual's web surfing preferences is already an invasion of privacy, unfortunately these programs can do much worse. They can install software that intentionally or unintentionally degrades the performance of your system, uncovers confidential data on your system, captures passwords, destroys data, and more.
Typically, these programs are installed through your browser when you visit questionable websites, i.e., websites of unknown individuals or little known organizational entities. Often, the purveyors of these sites receive payment for letting spyware/adware sources use their site as a host. As soon as you open a web page that hosts spyware/adware, the site will download the program and install it on your system - assuming that the security level of your web browser software is not restrictive. Most computer users do not configure their browsers with restrictive security because such settings can disable many legitimate sites. Thus, the success of the spyware/adware advocates is assured.