Viruses have been around for more than 15 years. According to Symantec's Antivirus Research Center, there was one known virus in 1986; six in 1989 and 80 by 1990. Today, there are over 42,000 known virus and worm threats in existence.
Viruses usually work by infecting a file - such as a document, spreadsheet or picture file - and then work stealthily in the background. Sometimes viruses lie dormant for a long time until "activated" by a user function such as opening a program or attachment. Other viruses launch themselves immediately upon entering the target computer and can do their damage almost instantly.
Traditionally, viruses spread by diskette; someone would give a file to another person without knowing that a virus was on the disk, and the virus would spread slowly as the file was shared between co-workers, departments and companies. Today, viruses spread far more commonly via email and networks as diskettes become less useful with today's larger file sizes. As more and more people get always-on internet connections such as DSL, the threat of contracting a virus becomes a 24-hour possibility.
Why do viruses exist?
Viruses are created by different people for different reasons. Humorous harmless viruses are created by people who want to "spread their joke" to a wide body of people. Sometimes, these types of viruses are just "hoaxes" in that they cause more panic than real harm to people's computers. On the other hand, the more destructive viruses are created by unscrupulous individuals who act as common criminals. Like someone who enters your office and simply takes a sledgehammer to your computer, such people create viruses for a variety of reasons, usually none of them good. It has even been suggested that viruses are purposely created as forms of "corporate or government espionage" because they can target competitors or unfriendly nations and try to bring their computing systems to a halt. Whatever the reasons viruses exist, their nature is evidence enough that they are malicious.
A virus or worm attack on a computer can occur in a variety of ways. Viruses have both "trigger" events and "attack methods" that define how they do damage to computers and files.
Trigger Events
What causes a virus to "go off?" The most common way a virus is triggered is by the user : When someone receives an attachment in an email, they open it unsuspectingly, and the virus is triggered. The damage is done almost immediately and sometimes even shutting down the computer cannot stop the attack from continuing when the computer is restarted.
Some viruses infect computer files and lay dormant until a certain set of conditions occur, such as a special date (the Michelangelo virus waited until the 500th anniversary of Michelangelo's birthday) or a certain file is used again since the infection occurred.
Additionally, the newest viruses can be triggered without any user activity or special conditions - but simply by reading an email or a visiting a web site. These viruses may be embedded in graphics, multimedia files or other downloaded components that happen simply by "receiving" or "loading" the files onto your email or browser software.
Attack methods
What do viruses do when they attack a computer? Viruses can perform many different attacks on a computer and its files. While most viruses cannot harm computer hardware such as a monitor or keyboard, they can harm memory chips and flash memory, especially those viruses that attack Palm Pilots or similar products that store their files in memory and not on a hard disk.
The most common viruses attack stored files on your hard disk. Macro viruses not only attack files and make them unusable, but they then mutate themselves before spreading, making detection even harder for the antivirus software or technician. The type of damage these viruses perform is usually file deletion or corruption , making documents, spreadsheets or graphic files useless.
File infector viruses attack programs rather than data. They can alter the nature of executable (.exe) files or your system's operating software (such as damaging registry files) so that the user is unable to launch programs such as their word processor or web browser. These program are particularly pernicious because the virus prevent the user from running programs or getting onto the web to disinfect their system!
Boot sector viruses attack the start-up area of your computer. This type of virus simply makes it impossible to load your operating system and start your computer. Variations of this virus allow the user to start their computer, but because the virus resides in memory, it can replicate itself to other disks on the network or diskettes and zip disks the user may use and give to other people.
Retro Viruses are actually viruses that attack antivirus software! These viruses will disable your antivirus software or cause the protection files to become corrupt so that the user becomes vulnerable to the most common viruses or attacks.
Can a virus be stored on a backup media?
Yes! A virus that has infected a file or program will be backed up with that file onto tape or zip disk. When a user gets a virus, they will proceed to disinfect the system and repair the damage. However, if they restore files from their backup media, they may unknowingly be restoring the virus with it - and the cycle will start again. It is important to make sure your system is virus free before making a backup to avoid this conundrum!
Worms are a special kind of malignant file that replicates itself from computer to computer, instead of just from file to file like viruses. So while a virus can spread across all of the files on one user's computer, a worm can transmit itself to other computers via a user's network or email system!
How do Worms work?
Worms are generally embedded in programs or attachments to email messages. When the user opens the file, the work begins a two-part attack on the system. First, the worm performs its damage, such as destroying files, corrupting programs or damaging the operating system. Then, the virus uses a process known as replication to transmit itself to everyone in the infected user's email address book. If the computer is not on the internet at the time, then the transmission could be stopped; however, with the increasing number of users who have 'always-on' connections via DSL or cable-modems, the worm is usually able to transmit itself to thousands of unsuspecting recipients in a flash!
A popular worm virus was the Melissa Virus, which came via an email that said "IMPORTANT MESSAGE FORM (user)" in the subject line. When it was opened, Melissa tried to send itself out to 50 people in the user's address book. Other viruses, like the HAPPY99 virus did the same thing, except they modified the user's operating system registry making programs unstable at the same time. The I love you virus deleted all of the user's .jpg files first, then replicated itself to the user's address book recipients. The list goes on and on...
The Scariest thing about
The scariest part of worm attacks is that they are usually invisible to the infected user. Worms work silently in the background, and if they do not actually damage obvious files in the user's computer, they go undetected for a long time while they continue to transmit themselves to recipients via email.
How can you protect your computer and network from virus attacks? With everyday $50 software! It is remarkable to me how many computer users either do not own - or do not use - their anti virus software but surf the internet and use email all day long! All it takes is a few dollars and a few minutes to protect themselves - and their unsuspecting friends in their address book - from virus and worm attacks. In fact, half of all calls to our company's TECH HOTLINE regarding virus attacks came from users who did not even own antivirus software; while the other half who did own it were not properly using it or had not updated their inoculations since they installed it.
First, buy some software!
Don't download "free" antivirus software - because the level of protection will be equivalent to what you paid for: nothing! Purchase quality software such as Symantec's Norton Antivirus or McAfee's Virus Scan . These programs are designed and updated by professionals who monitor virus threats every day and have the research and distribution systems users need to stay ahead of virus attacks.
Second, install it properly! Too many users of antivirus software have improperly installed the program. The most common mis-intallation involves loading the software but not configuring it to "actively" scan all incoming and outgoing files. Active scanning means that the software setups a filtering process that checks every incoming email message as it arrives and monitors each outgoing message as it is transmitted. Additionally, active scans monitor files that are loaded from a network user or via diskette or zip disk. If active scanning is not running, then protection relies upon the user to remember to launch their antivirus software periodically. Need we say more? Clearly, busy users are not going to check their systems daily - so in effect, they are not protecting themselves at all.
Third, make sure your software is up to date!
A common misconception of many antivirus software owners is that they are all set once they purchase and install the software. Wrong! Installation is only the first step - frequently updating the inoculation list is a daily or weekly event! Think of updating antivirus software as getting a "booster" shot from your doctor. You need to "boost" or update the list of antivirus detections and repair tools frequently, because new viruses are coming out all of the time. Nobody gets last year's cold - and most people don't get last year's computer virus: The threats come from the latest viruses that are newer than the inoculations that came with the software when it was first purchased. Most antivirus software can be setup to remind you daily or weekly to updated their files. Usually, all it takes is a few clicks to download the latest protections from the internet. Most programs come with a few months of free updates and then require a yearly subscription fee to continue receiving updates. The fee is minimal compared to the massive expense of repairing the damage done by just one virus attack - so be sure to sign up and update frequently.
What happens when the antivirus software detects a virus?
When a user opens an infected file or receives an infected email, properly configured and updated antivirus software will automatically catch it and stop the user with a big warning screen. The virus will be identified and options for dealing with the virus will be offered, including:
A common misconception of many antivirus software owners is that they are all set once they purchase and install the software. Wrong! Installation is only the first step - frequently updating the inoculation list is a daily or weekly event! Think of updating antivirus software as getting a "booster" shot from your doctor. You need to "boost" or update the list of antivirus detections and repair tools frequently, because new viruses are coming out all of the time. Nobody gets last year's cold - and most people don't get last year's computer virus: The threats come from the latest viruses that are newer than the inoculations that came with the software when it was first purchased.
Most antivirus software can be setup to remind you daily or weekly to updated their files. Usually, all it takes is a few clicks to download the latest protections from the internet. Most programs come with a few months of free updates and then require a yearly subscription fee to continue receiving updates. The fee is minimal compared to the massive expense of repairing the damage done by just one virus attack - so be sure to sign up and update frequently.
What happens when the antivirus software detects a virus?
When a user opens an infected file or receives an infected email, properly configured and updated antivirus software will automatically catch it and stop the user with a big warning screen. The virus will be identified and options for dealing with the virus will be offered, including:
1. Delete the file. Usually, this is the best option, since repairing the file usually results in file corruption anyway, so the data will probably be useless. It may not be worth the risk of repairing damaged files and potentially risking further infection or stealth viruses being released on your system. We almost always recommend users simply delete the infected file and try to get another copy from their backup or from the email sender.
2. Repair the file. Certain simple viruses such as macro viruses attached to word processing files or spreadsheets may be removed completely by your antivirus software. Users should have high confidence when choosing the repair option, as well as a recent backup, in case of partial repair and further damage by a mutated virus.
3. Quarantine the file. Most antivirus programs have a special mode that can detect "virus-like" file activity even if they does not detect an actual virus by name or activity. This type of "heuristic logic" is employed to use virus models as a filter against the "latest" viruses that spread faster than the inoculations can be developed. So if a virus threat is detected and the user is not sure how to deal with it, the infected file can be quarantined in a safe are of their system. Then, the user can actually submit the file to their antivirus software vendor for analysis and potential repair. In fact, this is a common way that these companies are alerted to new threats, by users who are the first to contract them and send them in for analysis. Users should be careful when choosing this method of dealing with viruses because it is possible for the virus still to be activated, spread and do its damage, even from quarantine!
No! Viruses can be distributed in a variety of common and ultra-high-tech ways including:
1. Diskette or zip disk. This used to be the most common way to spread a virus, although it is decreasing with the increase in internet use and high-speed internet access. However, many users still carry disks with data files or zip disks with large graphic or presentation files on them either as backups or to transfer from an office computer to a home computer. Even if a virus has not infected the files on the disk, boot sector viruses can infect the disk itself. These viruses will be released when the disk is inserted in the computer, even if just to look at the file contents!
2. Attachments are certainly the most common way of becoming infected from emails at this time. Viruses can inhabit any file type - document, picture or program file - so users need to be careful when opening attachments from unknown senders or chain emails or files they did not request. Many attachment viruses are worms so users should be aware of the names of the common attachment threats by simply reading or watching the daily tech news.
3. Via web site.
4. PDA or other handheld and wireless devices. The latest strain of viruses are aimed at the popular handhelds (like the Palm Pilots) or web-enabled phones that can receive email, view special web content or receive files from other users via infrared transmission. These devices are also synchronized with a laptop or desktop computer each night, to update information. So the methods of attacking a PDA or WAP phone are many. Viruses on the computer can be synchronized into the PDA during an update. WAP phones that receive an email can get a memory-resident virus that attacks their files. And users who swap electronic business cards or other data via the infra-red port (known as "beaming") can transmit viruses to each other much like worms replicate via email. Since many users have their IR ports set to "autoreceive" it is actually possible for a strong IR transmitting source to "broadcast" malicious code to a wide group of users in an open space like a train, airport or hotel lobby!