Virus Overview

Computer Viruses are one of the biggest "bogeyman" of the Internet, and with attacks by Melissa, ILoveYou, Nimda, and Michelangelo, there are damage estimates and virus warnings all over the Internet. But what are they really?

A virus is a program that spreads to other computers. Like all forms of malware, it both runs without the user's knowledge or permission and it can interfere with other programs that are trying to run on the same computer. Some viruses also carry a payload, like ticking time bombs. On a given date, or after a certain time after the computer is infected, the virus will "trigger." This trigger can damage files, erase drives, or attack other systems over the Internet.

Viruses have two major goals. First, they need to be run and installed on the infected computer, and two, they need to spread to other computers. And they need to meet these two goals without alerting the owner of the computer.

There are a wide variety of ways for a virus to infect a system. Many early viruses used the "boot sector" of a floppy disk as their infection point. If the user powered on the computer with an infected floppy disk in the drive, the computer would try to boot from the floppy. The virus would infect the system, but make it look like the computer had tried to boot from a blank floppy disk. The virus met both goals at the same time, because every time a new disk was inserted into the drive, the virus would put another copy of itself into the boot sector. Today, floppy disks are far less common, and boot sector viruses have all but disappeared.

One of the most common infection routes today is by email attachment. Many viruses today will even search the address book and send out emails without the owner's knowledge.

This post was made using the Auto Blogging Software from WebMagnates.org This line will not appear when posts are made after activating the software to full version.

Robert Tappan Morris and the Internet Worm

Robert Tappan Morris claims he only wanted to measure the size of the Internet, but he didn抰 count on the speed and power of his program.

He wrote a virus program that would spread to other computers. He made the program smart; before it infected a new system, it would actually check and see if there was already an active copy running there.

Unfortunately, at the same time, he made it stupid. It would be really easy to prevent the spread of the program just by telling all of the computers on the network to always answer 搚es?when the virus checked. So, Morris programmed it to install another copy of itself fourteen percent of the time.

The main part of the program was designed to hack into known Unix weaknesses, like the Finger bug and Sendmail.

On November 2, 1998, Morris released his creation from a computer at MIT (to hide the fact that the virus was created at Cornell). Within hours, the Internet had slowed to a crawl.

Morris hadn抰 counted on the speed of the program. Fourteen percent is a small number in human terms, but a huge number in microseconds. Infected computers were spending every available bit of power into hunting for more computers to infect. Some estimates say that the worm hit over six thousand computers, and the government claims damages of at least ten million dollars.

The Internet Worm was quite probably the first computer virus to spread across the Internet, and the first one noticed by the mainstream. It forced many computer experts to rethink computer security and the nature of the Internet, and we抮e still learning the same lessons today.

Robert Tappan Morris was sentenced to probation and a fine, and today he is an associate professor at MIT, the college he released the Internet Worm from.

This post was made using the Auto Blogging Software from WebMagnates.org This line will not appear when posts are made after activating the software to full version.

Malware Overview

Do you know what goes on under the hood of your car? Do you know the solution for a warning light on the dash? Do you know what's wrong with the car if it starts making strange noises or loses power?

Those same questions can be asked about your computer.

Computers can have many of the same problems as cars. Engine problems can cause cars to lose power, just like a large program can take up too much of the computer for anything else to run. Where an engine could "throw a rod" or "break a timing chain," computers can mysteriously reboot or die with the dreaded "Blue Screen of Death."

We expect that our car will bog down sometimes. You can't expect a car to perform as well when pulling a two-ton trailer up a five degree hill. Likewise, when a computer gets bogged down with a big project, you would expect it to respond a little slower.

What you don't expect is for either the car or the computer to bog down or die when we're not pushing so hard.

One of the things that "Malware" can do is exactly that. It forces the computer to work harder, taking power away from our programs. It would be like sneaking a dozen cinderblocks into the back of the family car right before the trip.

"Malware" is software that works without the user's knowledge and consent. Sometimes called "badware," it covers a wide range of programs, including computer viruses, spyware, adware, and more. Adware can bog down the computer, because it contacts websites to download fresh ads. Spyware collects data on you and the websites you visit and returns all of that data to the host website. And viruses just want to find a way to spread to other computers.

But most importantly, malware runs "under the hoood" and behind your back, so that you don't even know that it's there.

This post was made using the Auto Blogging Software from WebMagnates.org This line will not appear when posts are made after activating the software to full version.

Denial of Service Attack

Imagine a group of junior high school kids who decide to play a prank on their least favorite teacher. They agree that they will all call the teacher抯 phone, as quickly as they can dial, non-stop, until he unplugs the phone in frustration.

When this happens using the Internet rather than telephones, it抯 called a Denial of Service attack. Such attacks are designed to either keep the target system so busy handling the attack that it can抰 get anything else done, or to overwhelm it into shutting down completely.

Why should anyone but a system administrator worry about denial of service attacks? Users need to be aware of something called a BotNet.

The MyDoom virus was one of the first viruses to attempt two levels of attack. First, the virus would try to spread. On infection, though, it would insert a second program into the system. Basically, on MyDoom抯 trigger date (February 1st, 2004), any infected system would launch a denial of service attack against MyDoom抯 real target.

The virus tried to establish a collection of computers that would all launch attacks on the same day. This collection is a botnet, and in the years since MyDoom pioneered the concept, literally dozens of programs have expanded on the idea.

A popular program in use today is Stacheldraht. Stacheldraht is the master program, and it manages a collection of 揾andler?computers. Each of these handlers can control up to a thousand 搝ombie?computers around the world. The hacker with the Stacheldraht master says 揳ttack this server,?the handlers pass the word along, and thousands of systems instantly change from peaceful home computers into remote-controlled computer attackers..

Sure, it sounds like a line from a bad horror movie, but it抯 true. Users need to keep their systems from becoming one of Stacheldraht抯 zombies.

This post was made using the Auto Blogging Software from WebMagnates.org This line will not appear when posts are made after activating the software to full version.

Virus History ?2001 to Present

After the flurry of viruses that haunted 2001, 2002 was amazingly quiet. Unfortunately, 2003 took off again.

January saw the SQL Slammer worm infect over 75,000 systems in about ten minutes. It attacked a flaw in Microsoft抯 SQL Server, and basically slowed down the entire Internet.

The Blaster worm attacked in August. It was meant to cause a Denial of Service attack against the Windows Update website, by causing all infected systems to flood the site on August 15th. The programmer was convicted because investigators actually found his name in the virus code.

Only a few days later, SoBig attacked. This was another emailing virus. After infection, it searched the files on the hard drive for email addresses and sent itself to any it found.

October saw the release of the Sober emailing virus. Sober was notable in that it would shut off antivirus programs after infection.

The fastest-spreading virus to date was MyDoom, which struck in January 2004. At one point, MyDoom was responsible for 1 out of every 10 emails on the Internet.

2004 also saw the Witty, Sasser, and Santy virus outbreaks, and in 2005, Zotob and Samy.

In 2006, the first Mac OS/X virus was announced, as well as the first MySpace attack, 揕ordoftheNoose,? This program changed the names of MySpace profiles, and locked out users to keep the names it set. At one point, as many as 70% of all MySpace profiles were infected.

So far in 2007, another MySpace virus has erupted, and the Peacomm Virus attacked. Peacomm was an email that claimed to be a video clip.

Historically, most viruses have used very similar attack routes. Either they carried an attachment which the user had to open, or they took advantage of a known flaw in the system which had not yet been fixed. The moral of the story is this: Keep your updates current, and be wary of unusual attachments.

This post was made using the Auto Blogging Software from WebMagnates.org This line will not appear when posts are made after activating the software to full version.