Viruses & Other "Infections"

A virus is a small, self-contained piece of computer code hidden within another computer program. Like a real virus, it can reproduce, infect other computers, and then lie dormant for months or years before it strikes. A virus is only one of several types of "malicious logic" that can harm your computer or your entire network.

Of greatest concern, of course, are viruses and other devices that are deliberately malicious. They are intended to cause serious damage such as deleting files, provide access for an outsider to copy your files, or disrupting the operation of an entire computer network or organization.

From an information security point of view, one of the more dangerous types of malicious logic is a Trojan Horse that allows a remote user to access and control your computer without your knowledge whenever you are on the Internet. One of these Trojan Horses was originally developed as a means of playing pranks on friends. When installed on another person's computer, you can control that computer via the Internet. For example, you can make the CD-ROM tray on that person's computer pop out repeatedly for no discoverable reason, or reverse the functions of the left and right buttons on the person's mouse. However, you can also read, change, or copy all the person's files without his or her knowledge. This Trojan Horse can be inserted onto someone's computer by burying it in a game program or other executable script sent by e-mail. Fortunately, known versions of the program will be caught by a good virus checker.

The virus threat is increasing for several reasons:

• Creation of viruses is getting easier. The same technology that makes it easier to create legitimate software is also making it easier to create viruses, and virus construction kits are now available on the Internet. About 200 to 300 new viruses are being created each month, while the old ones continue to spread.1

• The increased use of portable computers, e-mail, remote link-ups to servers, and growing links within networks and between networks mean that any computer that has a virus is increasingly likely to communicate with -- and infect -- other computers and servers than would have been true a few years ago.

• As organizations increasingly use computers for critical functions, the costs of virus-induced downtime are increasing.

  A virus or other malicious logic can be transmitted by any software/data that enters your system. A study of major U.S. and Canadian computer users found that some form of removable storage media was responsible for transmitting most (87%) viruses. Forty-three percent of the storage media responsible for introducing a virus into corporate computers had been brought from home. Downloading software from an electronic bulletin board was responsible for 7% of the infections, while miscellaneous other sources accounted for 6%. 2

You can catch a virus by launching an infected application or starting up your computer from a disk that has infected system files. Once a virus is in memory, it usually infects any application you run, including network applications (if you have write access to network folders or disks). A properly configured network is less susceptible to viruses than a stand-alone computer.

  When you interact with another computer, the virus may automatically reproduce itself in the other computer. Once a virus infects a single networked computer, the average time required to infect another workstation in the same network is from 10 to 20 minutes, which means a virus can paralyze an entire organization in a few hours. 3

Not all viruses, worms, logic bombs, and Trojan Horses are transmitted through infected software brought in from outside the organization. Some of the most damaging are implanted by disaffected insiders. For example:

• A computer programmer at a Fort Worth, Texas, insurance firm was convicted of computer sabotage for planting malicious software code that wiped out 168,000 payroll records two days after he was fired.

• A computer programmer at defense contractor General Dynamics was arrested for planting a "logic bomb" set to go off several months after he resigned from the company. If the bomb had not been detected by another General Dynamics employee, it would have destroyed irreplaceable data on several defense contracts. 4

Malware, Adware, and Spyware

What do all of these “ware” terms mean? Malware is a generic term to cover adware, spyware, and any other program that has any malicious function. A common definition for “adware” is software that allows an external company to “track” your on-line behavior and to present advertisements (often in the form of pop-up windows) that might interest you. For example, you might see pop-up ads about great deals on new cars if the program “sees” you visiting automotive web sites.

Adware is sometimes included with a software package and is installed without the individual being fully aware of the installation. The person “agreed” to the installation of the adware software when they selected the “I accept these conditions” when installing the software. Most users will not read the “fine print” when given the option to approve the installation of the software. Other times the user might be asked separately to approve the installation of the adware.

Spyware is commonly viewed as software that takes tracking what you are doing to the next level. Where adware might watch what web sites you are viewing, a more invasive type of spyware could include a “keystroke grabber.” With a keystroke grabber the spyware could record your user ID and password when you go on-line to check your bank balance. Even if your bank has a secure website with 128 bit key encryption, this won't protect against spyware that runs on your own PC. It’s as if the hacker is standing right over your shoulder as you type in the information. A number of companies produce anti-spyware and anti-adware products.

Countermeasures

Your organization has policies and tools for countering the threat of viruses. In order to avoid security or system maintenance problems, many organizations require that all software be installed by a system administrator. Some organizations require that any removable storage media you bring into the building be tested for viruses before being used. Others do not. Consult your system administrator to learn the correct procedures in your organization.

Be sure you know how your virus detection software works. If it indicates your system has a virus problem, report it immediately to your system administrator and then to the person you believe may have passed the virus to you. It is important to remain calm. There are many virus hoaxes as well as real viruses, and a virus scare can cause as much delay and confusion as an actual virus outbreak. Before announcing the virus widely, make sure you verify its presence using a virus detection tool, if possible, with the assistance of technically competent personnel.

If you have a stand-alone computer or your organization has few controls on installing new programs or bringing in diskettes, the following procedures will help lower the risk of infection or amount of damage if the worst does happen.

• Don't be promiscuous. Most risk of infection by viruses can be eliminated if you are cautious about what programs are installed on your computer. If you are unaware of or unsure of the origin of a program, it is wise not to run it. Do not execute programs or reboot using old diskettes unless you have reformatted them, especially if the old diskettes have been used to bring software home from a trade show or another security-vulnerable place.

• Excellent virus-checking and security audit tools are available. Use them and, if possible, set them to run automatically and regularly. Update your virus checker regularly, as many new viruses are created each month.

• Notice the unusual. Be familiar with the way your system works. If there is an unexplainable change (for instance, files you believe should exist are gone, or strange new files are appearing and disk space is "vanishing"), you should check for the presence of viruses.

• Back up your files. If worst comes to worst, you can restore your system to its state before it was infected.

References
1. Ann Grimes, "Warning About New Computer Virus Is Issued after Attack on MCI Network, Wall Street Journal, Dec. 22, 1998, p. B6.
2. Computer Virus Market Survey conducted by Dataquest in October 1991 for the National Computer Security Association, as reported in "Computer Viruses -- An Executive Brief" on the Symantec site, www.symantec.com/avcenter/reference. Symantec is a manufacturer of antivirus software. The Symantec Antivirus Research Center web site has extensive information at www.symantec.com/avcenter.
3. D. L. Carter & A.J. Katz (1996). Trends and experiences in computer-related crime: Findings from a national study. Paper presented at the Annual Meeting of the Academy of Criminal Justice Sciences, Las Vegas, NV.
4. Lynn Fischer (1991). "The Threat to Automated Data Systems," Security Awareness Bulletin, No. 2-91. Richmond, VA: Department of Defense Security Institute.

HOME   |  COMPUTER VULNERABILITIES CONTENTS   |   TOP OF PAGE   |   HELP

INFORMATION | CONDUCT | THREATS | TECH VULNERABILITY | ASSISTANCE
SPY STORIES | TREASON 101