Virus Hoaxes

揥arning!,?the email screams. 揟here抯 a new virus going around, and Microsoft says it抯 the worst one yet!? After this amazing bit of hype, the email continues with 揙nce this virus infects your system, it will delete all the files on your hard drive, reset your computer clock, and make your screen only show green and black!?

Anyone who has made it this far is then asked to 揻orward this virus warning to everyone you know!?and 揇elete any emails you get with the title 揌ave a nice day!?

This email has all the signs of a virus hoax.

First, viruses are not magical or all-powerful. Yes, they can damage your data. Viruses have been known to erase hard drives, delete documents, even forward classified documents to random email addresses. But, to date, only one virus (CIH, or Chernobyl) has actually been able to damage hardware. CIH found a way to overwrite the BIOS, or read-only memory

Second, viruses are identified by their programming, and not by the title of the email they抮e attached to. Once word got out to delete every email with that title, the virus programmer would just change the subject, and everyone would have to send out another virus warning, for a whole new virus, that looks exactly like the old one except for the subject line of the email.

Third, if Microsoft (or any other big-name company, for that matter) wanted to get the word out about a new virus, they would post it on their website, and not ask everyone to forward emails. Forwarded emails are very inefficient, because some people only check their email once a week. By the time they got the warning, the virus would have triggered and destroyed their computer!

The best advice about virus hoax warnings is 揹on抰 pass them along.? The huge flood of useless emails do as much damage as the viruses they warn about.

This post was made using the Auto Blogging Software from WebMagnates.org This line will not appear when posts are made after activating the software to full version.

Virus Overview

Computer Viruses are one of the biggest "bogeyman" of the Internet, and with attacks by Melissa, ILoveYou, Nimda, and Michelangelo, there are damage estimates and virus warnings all over the Internet. But what are they really?

A virus is a program that spreads to other computers. Like all forms of malware, it both runs without the user's knowledge or permission and it can interfere with other programs that are trying to run on the same computer. Some viruses also carry a payload, like ticking time bombs. On a given date, or after a certain time after the computer is infected, the virus will "trigger." This trigger can damage files, erase drives, or attack other systems over the Internet.

Viruses have two major goals. First, they need to be run and installed on the infected computer, and two, they need to spread to other computers. And they need to meet these two goals without alerting the owner of the computer.

There are a wide variety of ways for a virus to infect a system. Many early viruses used the "boot sector" of a floppy disk as their infection point. If the user powered on the computer with an infected floppy disk in the drive, the computer would try to boot from the floppy. The virus would infect the system, but make it look like the computer had tried to boot from a blank floppy disk. The virus met both goals at the same time, because every time a new disk was inserted into the drive, the virus would put another copy of itself into the boot sector. Today, floppy disks are far less common, and boot sector viruses have all but disappeared.

One of the most common infection routes today is by email attachment. Many viruses today will even search the address book and send out emails without the owner's knowledge.

This post was made using the Auto Blogging Software from WebMagnates.org This line will not appear when posts are made after activating the software to full version.

Virus History ?2001 to Present

After the flurry of viruses that haunted 2001, 2002 was amazingly quiet. Unfortunately, 2003 took off again.

January saw the SQL Slammer worm infect over 75,000 systems in about ten minutes. It attacked a flaw in Microsoft抯 SQL Server, and basically slowed down the entire Internet.

The Blaster worm attacked in August. It was meant to cause a Denial of Service attack against the Windows Update website, by causing all infected systems to flood the site on August 15th. The programmer was convicted because investigators actually found his name in the virus code.

Only a few days later, SoBig attacked. This was another emailing virus. After infection, it searched the files on the hard drive for email addresses and sent itself to any it found.

October saw the release of the Sober emailing virus. Sober was notable in that it would shut off antivirus programs after infection.

The fastest-spreading virus to date was MyDoom, which struck in January 2004. At one point, MyDoom was responsible for 1 out of every 10 emails on the Internet.

2004 also saw the Witty, Sasser, and Santy virus outbreaks, and in 2005, Zotob and Samy.

In 2006, the first Mac OS/X virus was announced, as well as the first MySpace attack, 揕ordoftheNoose,? This program changed the names of MySpace profiles, and locked out users to keep the names it set. At one point, as many as 70% of all MySpace profiles were infected.

So far in 2007, another MySpace virus has erupted, and the Peacomm Virus attacked. Peacomm was an email that claimed to be a video clip.

Historically, most viruses have used very similar attack routes. Either they carried an attachment which the user had to open, or they took advantage of a known flaw in the system which had not yet been fixed. The moral of the story is this: Keep your updates current, and be wary of unusual attachments.

This post was made using the Auto Blogging Software from WebMagnates.org This line will not appear when posts are made after activating the software to full version.

The Michelangelo Virus - Hype and Fizzle

The Michelangelo virus was the first real appearance of computer virus hype in the media. Various "experts" made claims about how widespread the virus was and how much damage it was going to do when it triggered.

Michelangelo first hit the news in late January, 1992. A customer noticed that computers from Leading Edge were arriving with the virus pre-installed. The next day, John McAfee is quoted as saying Michelangelo was the third most common virus in the world.

Two weeks later, McAfee was quoted again, and this time he estimated that as many as five million computers worldwide could be hurt by the virus. This was a big, impressive number, and journalists ran with it. All through February, readers were treated to an assortment of information that was either overblown or just wrong. For example, several experts reported that the virus came from bulletin board systems, which is not true--the virus was spread on infected floppy disks.

One expert advised not shutting computers down on March 5th, the day before the trigger day. The virus would only be triggered by actually booting the computer on the 6th, he said. If the computer was never turned off, the virus wouldn't have a chance to trigger.

In early March, Intel discovered it was sending the virus with one of their programs. Several journalists took the words of McAfee and others, especially the estimate of five million infected computers, and spun wilder and wilder predictions of damage.

When March 6th arrived, the world held it's breath, waiting for the reports of mass destruction of computers...that never came. Instead of millions of computers, the virus barely hit a few thousand. AT&T, with 250,000 computers, said the virus affected two systems.

Critics pointed out that the people making the huge claims stood to profit--because they were also selling anti-virus programs.

This post was made using the Auto Blogging Software from WebMagnates.org This line will not appear when posts are made after activating the software to full version.

The Nimda Virus

One of the most complex and dangerous viruses ever was the Nimda virus, in September 2001. Nimda became the most widespread virus in the world a mere 22 minutes after it was released.

Nimda was as powerful as it was because it knew so many different ways of infecting a system.

First, it spread itself through email, with a built-in SMTP routine. It would search the infected hard drive for email addresses and send itself to them. It used a bug in Microsoft Outlook that would cause the system to be infected just by viewing the email.

Second, it checked for shared network drives. Any time it found a drive that it could write itself to, it scattered copies of itself all across the drive. These files were often the first sign that a system on the network was infected.

Third, it would attempt to infect web servers through several different known bugs. Any server that wasn抰 completely up to date on patches was in danger of infection.

Fourth, once the server was infected, it would infect web sites. Any visitor to an infected site could be infected, depending on IE security settings. And, since it was attacking from the server, it could find it抯 way to corporate intranet sites, not just public internet sites.

And finally, it would attempt to infect any systems that had previously been attacked by either the Code Red II or the Sadmind viruses. Both viruses opened security holes on the systems they infected, and Nimda would try to use them.

Nimda set records for virus tactics. It sent emails that infected on viewing, and put copies of those emails on network drives in the hopes that someone would open them and infect their system. It infected via website, and it even infected servers. Nimda was an ingenious and vicious program that was difficult to destroy.

This post was made using the Auto Blogging Software from WebMagnates.org This line will not appear when posts are made after activating the software to full version.

The CIH Virus

On April 26, 1999, systems around the world began dying. Something was both damaging information on hard drives and damaging their BIOS chips. Investigation turned up the CIH Virus, later known as Chernobyl because it was released on the anniversary of the Chernobyl reactor explosion.

The CIH virus somehow found it抯 way onto a set of IBM Aptiva PC抯 sold to Activision in March of 1999. Every copy of their latest game, SIN, came bundled with a bonus copy of the CIH virus.

When it infects a system, the virus actually squeezes into empty spaces in operating system files. CIH was sometimes known as the Spacefiller virus for this ability.

When the virus triggered, the first thing it did was to overwrite the first megabyte of the hard drive with zeroes. That area of the hard drive is critical, because that抯 where the partition information is usually stored.

Once the hard drive was hit, the virus would then turn to the BIOS chip.

BIOS stands for Basic Input Output System. The BIOS chip is the ROM, or Read Only Memory, of the computer. Without the BIOS, the computer would forget how to 搕alk?to the other hardware in the computer, like the keyboard and hard drives.

Normally, the BIOS is read-only. But by 1999, BIOS manufacturers had switched to chips that could be 揻lashed,?or reprogrammed. The CIH virus tried to use this ability to erase the BIOS.

In effect, the virus would try to kill the computer, first by making the hard drive unreadable, and then by making sure the system wouldn抰 boot without a new BIOS chip. Fortunately, due to a bug, the program only knew how to erase one brand of chips.

CIH was still damaging computers in Asia a year after it first triggered, and several viruses have been released that try to infect systems with newer versions of CIH.

This post was made using the Auto Blogging Software from WebMagnates.org This line will not appear when posts are made after activating the software to full version.