A computer virus is a piece of programming code that alters the way your ...
Computer viruses can be transmitted via a number of ways like attachments to an
e-.
Learn About Viruses
Learn About Viruses
Page 1 of 9
Contents Page A. What is a Computer Virus? B. What is a Virus Hoax? C. Best Practices to Avoid Virus Affection.
Learn About Viruses
Page 2 of 9
A. What is a Computer Virus?
1. A computer virus is a piece of programming code that alters the way your computer works without your knowledge or permission. They are often designed to replicate and spread quickly to other computer users. Computer viruses can be transmitted via a number of ways like attachments to an email note, downloads, diskettes or CD. Computer Viruses do not generate by itself. They must be written by someone and with a specific purpose. 2. Generally, there are three main classes of viruses: File infectors, also known as parasitic viruses. These viruses usually attach themselves to selected program files like .COM or .EXE files. They are invoked whenever the infected program is run. Boot-record infectors. A portion of disk is always set by computer operating systems for code to boot the computer. Boot sector viruses infect these system areas on the disk. It can be DOS boot sector on diskettes or the Master Boot Record (MBR) on hard disks. They hide on the first sector of a disk and are loaded into memory before system files are loaded. This allows it to gain control of DOS interrupts to cause damage. Once the MBR or boot sector of the hard drive is infected, the virus will attempt to infect the boot sector of every floppy disk that is inserted into the computer and accessed. Macro viruses. These are viruses that infect macro utilities in applications like Microsoft Word or Excel. They are the most common type of virus at present. Macro viruses are application-specific, meaning a Word macro virus cannot infect an Excel document and vice versa. They are however not specific to operating systems. When searching for a virus name, you should be aware of the naming conventions used by Symantec/Norton AntiVirus. Virus names consist of a Prefix, a Name, and often a Suffix. • • •
The Prefix denotes the platform on which the virus replicates or the type of virus. A DOS virus usually does not contain a Prefix. The Name is the family name of the virus. The Suffix may not always exist. Suffixes distinguish among variants of the same family and are usually numbers denoting the size of the virus or letters.
These are formatted as Prefix.Name.Suffix. For example, WM.Cap.A would be the A variant of the Cap family. The WM means the virus is a Word macro virus. The following prefixes should help you when searching for viruses.
Learn About Viruses
Page 3 of 9
3. PREFIXES A2KM A97M AM AOL BAT Backdoor Bloodhound DDos
DoS HLLC HLLO HLLP HLLW
HTML IRC JS Java Linux O2KM O97M OM PWSTEAL Palm Trojan/Troj
UNIX VBS W2KM W32 W95
Learn About Viruses
Access macro viruses that are native to Access 2000. Access macro viruses that are native to Access 97. Access macro viruses that are native to Access 95. Trojan horses that are specific to America Online environments and usually steal AOL password information Batch file threats. Threats may allow unauthorized users to access your computer across the Internet. Bloodhound is the name of the Norton AntiVirus heuristic scanning technology for detecting new and unknown viruses Distributed Denial of Service threats. Distributed Denial of Service involves using zombie computers in an attempt to flood an Internet site with traffic. Denial of Service threats. Not to be confused with DOS viruses, which are named without prefixes. High Level Language Companion viruses. These are usually DOS viruses that create an additional file (the companion) to spread. High Level Language Overwriting viruses. These are usually DOS viruses that overwrite host files with viral code. High Level Language Parasitic viruses. These are usually DOS viruses that attach themselves to host files. A worm that is compiled using a High Level Language. (NOTE: This modifier is not always a prefix, it is only a prefix in the case of a DOS High Level Language Worm. If the Worm is a Win32 file, the proper name would be W32.HLLW.) Threats that target HTML files. Threats that target IRC applications. Threats that are written using the JavaScript programming language. Viruses that are written using the Java programming language. Threats that target the Linux operating system. Office 2000 macro viruses. May infect across different types of Office 2000 documents. Office 97 macro viruses. May infect across different types of Office 97 documents. Office macro viruses. May infect across different types of Office documents. Trojan horses that steal passwords. Threats that are designed to run specifically on the Palm OS. These files are not viruses, but Trojan horses. Trojan horses are files that masquerade as helpful programs, but are actually malicious code. Trojan horses do not replicate. Threats that run under any UNIX-based operating system. Viruses that are written using the Visual Basic Script programming language. Word 2000 macro viruses. These are native to Word 2000 and replicate under Word 2000 only. 32-bit Windows viruses that can infect under all 32-bit Windows platforms. Windows 95 viruses that infect files under the Windows 95 operating system. Windows 95 viruses often work in Windows 98 also.
Page 4 of 9
W97M W98 WM
WNT Win X2KM X97M XF XM
Word 97 macro viruses. These are native to Word 97 and replicate under Word 97 only. Windows 98 threats that infect files under the Windows 98 operating system. Will only work in Windows 98. Word macro viruses that replicate under Word 6.0 and Word 95 (Word 7.0). They may also replicate under Word 97 (Word 8.0), but are not native to Word 97. 32-bit Windows viruses that can infect under the Windows NT operating system. Windows 3.x viruses that infect files under the Windows 3.x operating system. Excel macro viruses that are native to Excel 2000. Excel macro viruses that are native to Excel 97. These viruses may replicate under Excel 5.0 and Excel 95 as well. Excel formula viruses are viruses using old Excel 4.0 embedded sheets within newer Excel documents. Excel macro viruses that are native to Excel 5.0 and Excel 95. These viruses may replicate in Excel 97 as well.
SUFFIXES @m
@mm dam
dr Family Gen Int Worm
Learn About Viruses
Signifies the virus or worm is a mailer. An example is Happy99 (W32.Ska), which only sends itself by email when you (the user) send mail. Signifies the virus or worm is a mass-mailer. An example is Melissa, which sends messages to every email address in your mailbox. Indicates a detection for files that have been corrupted by a threat, or that may contain inactive remnants of a threat, causing the files to no longer be able to execute properly or produce reliable results. Indicates that the detected file is a dropper for another threat. Indicates a generic detection for threats that belong to a particular threat family based on viral characteristics. Indicates a generic detection for threats that belong to a particular threat type based on viral characteristics. Indicates an intended threat. Threats that are intended to spread, but don't due to bugs or errors in the viral code. Indicates a worm, not a virus. Worms make copies of themselves that they send across a network or using email, or another transport mechanism.
Page 5 of 9
B. What is a Virus Hoax?
1. A virus hoax is a false warning about a computer virus. They are usually spread through emails. Virus hoax does not cause any harm or damage to computers, however when spread in large volumes, it will cause mail servers to slow down.
2. The University community has received a number of virus alerts from various individuals which had turned out to be hoaxes originating from perpetrators of chain mails. The intention of our staff members who send out such virus alerts are well meaning. However, as some of these virus alerts are mere hoaxes, we would advise anyone who receive such messages to check its authenticity before propagating them. 3. Hoax Categories Malicious Code (Virus and Trojan ) Warnings Warnings about Trojans, viruses, and other malicious code that has no basis in fact. The Good Times and other similar warnings are here. Urban Myths Warnings and stories about bad things happening to people and animals that never really happened. These are the poodle in the microwave and needles in movie theater seats variety. Give Aways Stories about give aways by large companies. If you only send this on, some big company will send you a lot of money, clothes, a free vacation, etc., etc. Expect to wait a long time for any of these to pay off. Inconsequential Warnings Out of date warnings and warnings about real things that are not really much of a problem.. Sympathy Letters and Requests to Help Someone Requests for help or sympathy for someone who has had a problem or accident. Traditional Chain Letters Traditional chain letters that threaten bad luck if you do not send them on or that request you to send money to the top n people on the list before sending it on.. Threat Chains Mail that threatens to hurt you, your computer, or someone else if you do not pass on the message. Scam Chains Mail messages that appear to be from a legitimate company but that are scams and cons. Scare Chains Mail messages that warn you about terrible things that happen to people (especially women).
Learn About Viruses
Page 6 of 9
Jokes Warning messages that it's hard to imagine that anyone would believe. True Legends Real stories and messages that are not hoaxes but are still making the rounds of the Internet. Hacked History Real stories where the facts have been adjusted to fit someone's political agenda. Unknown Origins I created this section for stories that just don't ring true, but that I cannot prove one way or the other.
4. To check whether a virus alert is true, you can check with by going to the following links. http://www.antivirus.com/vinfo/hoaxes/hoax.asp http://www.symantec.com/avcenter/vinfodb.html
Learn About Viruses
Page 7 of 9
C. Best Practices to Avoid Virus Infection 1. Below are some good practices to prevent your computer from virus infection: • • • • • • •
Turn off automatic opening of email attachments, never open attachments from unknown sources or attachments you are not expecting. Always scan diskettes, CD's and any other removable media before using them. Always scan files downloaded from the Internet before using them Do not install any unapproved software on your computer. Ensure that your virus pattern files are updated. Ensure that your computer is patched with the latest security updates. Scan your computer on a regular basis
2. It is always good to perform regular backup of your data. That is the most convenient and secure way to recover your files should there be a virus attack.
3. How to: Avoid Computer Viruses
4. A virus can destroy dozens of computer files in the blink of an eye – and that’s the last thing you need around assignment time. While most campuses have virus protection software on their computer networks, machines in computer labs are still notorious for harbouring and spreading viruses. PC viruses have been around since 1986, when a ‘boot virus’ called the “Brain” was created in Pakistan. Since then hundreds of thousands of viruses have been unleased on the world’s computers.
5. Viruses spread from computer to computer by attaching themselves to another program – like a word
processing or spreadsheet program, or to the boot sector of a disk. When an infected file is opened or the computer is started from an infected disk, the virus is unleased.
6. Virus Lingo: Virus: A program or code that infects another program, boot sector or document by attaching itself to that medium. When an infected file is opened, the hidden virus is also executed, often in the background. Virus can’t move on to other computers by themselves. They must be passed on via infected email attachments, programs on disks or shared files. Trojan Horse: A program that damages or compromises the security of a computer. A Trojan Horse is often disguised as something harmless like a screen saver, game or even a program to find and destroy viruses. The function of a Trojan Horses varies, but they can steal passwords, infect your computer with a virus, or act as a tool for people to spy on your computer use and send it to a third party. Worm: A program that makes copies of itself – from one disk drive to another. Worms are not technically viruses because they can spread by themselves. Like a Trojan Horse, a worm may arrive as a harmless program. Hoax: Usually an email describing a devastating virus that gets send as a chain letter. Hoaxes are a problem because they increase e-mail traffic and cause people to panic. You can check the validity of these e-mails at http://securityresponse.symantec.com/avcenter/hoax.html
Learn About Viruses
Page 8 of 9
7.Avoiding Viruses: 1.
Always virus scan disks that you’ve used in computer labs BEFORE you open it on your own computer. 2. Regularly scan your hard drive with an anti-virus program. Even if you’ve been really careful with e-mail and disks your computer can still be infected by a virus. 3. Look for strange file extensions on e-mail attachments. If the subject line or the body of an e-mail says that the attachment is a certain type of file, check the file extension. Word documents should have .doc, Excel documents .xls etc… Watch out for extra extensions that have been disguised as ordinary documents – eg: .doc.exe 4. If the computers on campus are infected DON’T USE THEM – you’d be surprised how many people use infected PC’s. 5. Install anti-virus software and download virus updates regularly. 6. Don’t open attachments from people you don’t know, or attachments that look ‘strange’. Many viruses originate in countries where English is a second language, so watch out for subject lines that don’t make sense. 7. Disconnect your dial-up connection when you’re not online so people can’t access your computer. If you have an ADSL connection, make sure your anti-virus software is always up to date. 8. Back up your computer files on a regular basis. Keeping a back-up copy of your important files can save a lot of time and hassle if you get hit by a virus. Keep them on a floppy disk or burn them to CD. 9. Be careful when downloading files from the Internet. Make sure the site you are downloading from is trustworthy by checking for a security accreditation. It’s a good idea to download the Internet files to a floppy disk and scan it with anti-virus software before installing it.
Learn About Viruses
Page 9 of 9
