Guide to Malicious Code —
The Invisible Enemy
You can't see it and you may not necessarily know when it
has
struck--until it's too late. They are the many types of
malicious
code--more commonly known as viruses and worms. They
can
cripple your computer and wreak havoc on your personal
files.
They have many names, and we'll look at the most common
in
this guide. At last count there were more than 53,000 virus
threats
on the loose. They are looking for you, so be sure to find
them
first!
What is a
Virus?
A virus is a program that infects systems by rewriting files, or
by
inserting or attaching a copy of itself to a file (including
email
files). When an infected file is opened, the embedded virus
is
executed. Often, users don't realize that this is happening in
the
background. It may replicate itself within one computer, but
to
infect other machines, it must be passed on in a program,
email
file or attachment, infected diskette or other "removable
media,"
although it can't spread itself from computer to computer
without
help.
What a Virus Can
Do
A virus can do as minimal damage as copying itself and
then
allowing programs to run normally. Most, however, do far
more
damage, by delivering a "payload." For example, they
could
display a certain message on the machine's monitor, perform
a
deletion or modification to a certain file or files, delete entire
files,
or even reformat your hard drive.
Mobile
Code
Mobile code is actually programming that specifies
how
applications exchange information. It was created by and for
Web
developers who use it to write applications that Web browsers
can
automatically download and execute. However, it can also
be
used as a weapon in computer warfare. Once downloaded
onto
your system, hackers can transmit data from your computer
back
to their computers without your knowledge. They can steal
your
passwords or credit card information, erase or transfer
important
files, and even render your system inoperable.
Common Forms of Mobile
Code
Java applets are auto-executable programs written in the
Java
programming language (originally developed by
Sun
Microsystems). Java applets can perform any number of
tasks,
and can be embedded in Web pages or sent as
email
attachments. Since most Web browsers are set to
automatically
run Java applets, applets which are malicious in nature can be
a
serious threat. It is possible to change the settings of your
Web
browser to alert you before executing any Java applet.
ActiveX controls, sometimes similar to Java applets but
based
upon a technology originally developed by Microsoft, have
total
access to the Windows operating system, which makes
them
very potent and sometimes more dangerous than even
Java
applets.
Macros are languages that, when embedded in files,
can
automatically execute software commands without
user
knowledge. Once downloaded or executed, the macros have
total
access to the user's files, and can perform system
modifications
specified by the code writer. Many Windows-based macros
are
written in Visual Basic.
Similar in many ways to Netscape's JavaScript, VBScript is
a
Microsoft scripting language that makes it possible to
embed
interactive elements in HTML documents.
A worm is a program that can actually propagate itself
without
requiring user interaction. A worm is not technically a
"virus"
because it can reproduce itself independently. A good example
of
this was the ILOVEYOU email worm, which automatically
emailed
itself to everyone in the recipient's address book. A worm
can
spread itself to hundreds of thousands of machines very
quickly
via the local networks and the Internet.
The term "zombie" has come to mean a computer
secretly
implanted with a dormant program to be awakened later to aid in
a
collective attack on another system. Zombies are a
relative
newcomer to the playing field.
A Trojan horse is a malicious program that pretends to be
a
benign program, such as a screen saver, game or other type
of
utility. It does not replicate itself like a virus, does not
make
copies of itself like a worm and is usually spread by email or
Web
downloads.
Hoaxes
There are new viruses being discovered all the time, but at
the
same time, there are many rumors of viruses and other types
of
malicious code that do not actually exist. There are enough
of
these, however, that we keep track of them and provide a
resource
for you to double-check your information against the facts.
To
keep up on the latest threats to your system, real or
imagined,
check the Symantec AntiVirus Research Center on a
regular
basis. We will provide you with the latest information on
real
viruses as well as hoaxes, and give you immediate
anti-virus
updates to protect your computer against any new threats.
How Does Malicious Code Infect Your
Computer?
Now that you've learned of the different types of code to watch
out
for, how does it actually get to your machine? Dangerous
code
can get onto your system and wreak havoc through a number
of
different channels. Mobile code can travel by itself; it just
needs
an open pipeline - which is why broadband connections so
often
fall prey to it. Other types of viruses though, are stowaways.
The
two best avenues for this type of virus or infected code to travel
are
through downloads from Web sites, via email or in
email
attachments.
Virus
Prevention
Never open email from people who you don't recognize,
and
download only from sources with which you are familiar. Scan
all
email attachments and downloads before opening them.
And,
since new viruses are created daily, update your virus
definitions
frequently.
Source: