In a few words or less, a virus is a computer program file capable of attaching
to disks or other files and replicating itself repeatedly, typically without
user knowledge or permission. Some viruses display symptoms, and some
viruses damage files and computer systems, but neither symptoms nor damage
is essential in the definition of a virus; a non-damaging virus is still a
virus.
These programmers, who write these viruses, usually do so in hope of
gaining some future worldwide recognition. Unfortunately, we must deal
with these type of malicious software coders, understand how these programs
spread, and learn how to avoid getting infected by one.
There are many forms of virus programs (i.e., Worms, Trojan Horses, Macro
Viruses, Mail Bombs, Stealth, Polymorphic, etc.), and they are all undesirable.
Over 50,000 viruses and variant viruses exist and a few hundred are created
monthly. In the past years, some of these unsuspecting viruses
have been responsible for many technical support issues with ManageMore.
Sudden unusual program behavior is usually a sign of possible virus infection
(e.g. random lock-ups, extreme slowdown, and sporadic data corruption, to
name a few).
Fortunately, few software viruses reach wide-spread exposure and simple
prevention techniques can dramatically minimize the chances of receiving them.
But don't let your guard down. Chances are... you will come in contact
with a virus at least once a year. If you are not prepared, your business
may be in jeopardy! Continue reading to learn more about anti-virus
applications and the steps needed to properly combat viruses.
Many products exist on the market today to detect and remove viruses from
your computer system. They are referred to as anti-virus applications.
Intellisoft strongly urges that your business take software viruses seriously
and put in place a plan for safeguarding your computer or network from a possible
virus attack. In some cases, it is not unusual to even own more than
one anti-virus application because anti-virus vendors don't share their findings
and may detect different virus signatures.
The following links are Intellisoft's recommended Anti-Virus applications:
Besides the use of anti-virus software, one must still
practice safe computing. It is still quite possible for you to be
infected by a virus that your current anti-virus software is unaware of.
The following should be followed:
Do not open any files attached to an email from an unknown,
suspicious or untrustworthy source.
Do not open any files attached to an email unless you know
what it is, even if it appears to come from a dear friend or someone
you know. Some viruses can replicate themselves and spread through email.
Better be safe than sorry and confirm that they really sent it.
Do not open any files attached to an email if the subject
line is questionable or unexpected. If the need to do so is there always
save the file to your hard drive before doing so.
Delete chain emails and junk email. Do not forward or reply
to any to them. These types of email are considered spam, which is unsolicited,
intrusive mail that clogs up the network.
Exercise caution when downloading files from the Internet.
Ensure that the source is a legitimate and reputable one. Verify that
an anti-virus program checks the files on the download site. If you're
uncertain, don't download the file at all or download the file to a floppy
and test it with your own anti-virus software.
Update your anti-virus software regularly. Over 500 viruses
are discovered each month, so you'll want to be protected. These updates
should be at the least the products virus signature files. You may also
need to update the product's scanning engine as well.
Back up your files on a regular basis. If a virus destroys
your files, at least you can replace them with your back-up copy. You
should store your backup copy in a separate location from your work files,
one that is preferably not on your computer.
When in doubt, always err on the side of caution and do not
open, download, or execute any files or email attachments. Not executing
is the more important of these caveats. Check with your product vendors
for updates which include those for your operating system web browser,
and email. One example is the security site section of Microsoft located
at http://www.microsoft.com/security.
Consider disabling floppy drives and CD-Drives from workstations
on a computer network. This measure will prevent employees from
bringing possible infected applications from home to the workplace.
Assign one individual or computer administrator with access to a computer
or server that has the only floppy drive or CD-Drive in the office.
Other Tips for Protecting your Computer
In general, organizations must acknowledge that a simple company wide
policy regarding safe computer practices is rarely going to do the trick.
You must strongly consider arming your business with various additional
software products (beyond anti-virus software) to truly protect your business
from all forms of computer attack.
Please consider the following additional measures:
With the advent of new viruses that can be spread by merely viewing
a web site or opening attachments directly from a web-based email server
(e.g., hotmail, Yahoo mail, etc.), consider the purchase of web and
email filtering products like
SuperScout from SurfControl.
While surfing the internet on any computer, you are susceptible to
hackers gaining access to your computer or network if proper safeguards
are not in place. Firewall software can protect you from various
computer port hack attacks. We recommend Sygate's Personal Firewall
at www.sygate.com.
Use of simple mail browser programs (like Outlook Express) are not
truly meant for business use. Most simple mail browsers lack the
rigid mail delivery standards necessary for a business to safely send/receive
email. ManageMore's Email Pro Mail browser features address many
email related security issues and more with an enterprise strength mailbox
system for an entire organization.
ActiveX controls are software modules based on Microsoft's
Component Object Model (COM) architecture. They add functionality to software
applications by seamlessly incorporating pre-made modules with the basic
software package. Modules can be interchanged but still appear as parts
of the original software.
On the Internet, ActiveX controls can be linked to Web pages and downloaded
by an ActiveX-compliant browser. ActiveX controls turn Web pages into software
pages that perform like any other program launched from a server.
ActiveX controls can have full system access. In most instances this
access is legitimate, but one should be cautious of malicious ActiveX applications.
Anti-virus Software
Anti-virus software scans a computer's memory and disk
drives for viruses. If it finds a virus, the application informs the user
and may clean, delete or quarantine any files, directories or disks affected
by the malicious code.
Applet
Any miniature application transported over the Internet,
especially as an enhancement to a Web page. Authors often embed applets
within the HTML page as a foreign program type.
Java applets are usually only allowed to access certain areas of the
user's system. Computer programmers often refer to this area as the sandbox.
Attack
An attempt to subvert or bypass a system's security. Attacks
may be passive or active. Active attacks attempt to alter or destroy data.
Passive attacks try to intercept or read data without changing it. See
Also: Brute Force Attack, Denial of Service, Hijacking, Password Attacks,
Password Sniffing
A feature programmers often build into programs to allow
special privileges normally denied to users of the program. Often programmers
build back doors so they can fix bugs. If hackers or others learn about
a back door, the feature may pose a security risk. Also: Trapdoor.
Back Orifice
Back Orifice is a program developed and released by The
Cult of the Dead Cow (cDc). It is not a virus; it is a remote administration
tool with potential for malicious misuse. If installed by a hacker, it
has the ability to give a remote attacker full system administrator privileges
to your system. It can also 'sniff' passwords and confidential data and
quietly email them to a remote site. Back Orifice is an extensible program--programmers
can change and "enhance" it over time. See Also: Password Sniffing
Background Scanning
A feature in some anti-virus software to automatically
scan files and documents as they are created, opened, closed or executed.
Background Task
A task executed by the system but generally remain invisible
to the user. The system usually assigns background tasks a lower priority
than foreground tasks. Some malicious software is executed by a system
as a background task so the user does not realize unwanted actions are
occurring.
BIOS
Basic Input/Output System. The part of the operating system
that identifies the set of programs used to boot the computer before locating
the system disk.
The BIOS is located in the ROM (Read Only Memory) area of system and
is usually stored permanently.
Boot
To start (a cold boot) or reset (warm boot) the computer
so it is ready to run programs for the user. Booting the computer executes
various programs to check and prepare the computer for use. See Also: Cold
Boot, Warm Boot
Boot Record
The program recorded in the boot sector. This record contains
information on the characteristics and contents of the disk and information
needed to boot the computer. If a user boots a PC with a floppy disk, the
system reads the boot record from that disk. See Also: Boot Sector
Boot Sector
An area located on the first track of floppy disks and
logical disks that contain the boot record. Boot sector usually refers
to this specific sector of a floppy disk, whereas the term Master Boot
Sector usually refers to the same section of a hard disk. See Also: Master
Boot Record
Brute Force Attack
An attack in which each possible key or password is attempted
until the correct one is found. See Also: Attack
adj. A computer, file or disk that is free of viruses.
v. To remove a virus or other malicious software from a computer, file
or disk. Also: Disinfection.
Cluster Virus
Cluster viruses modify the directory table entries so
the virus starts before any other program. The virus code only exists in
one location, but running any program runs the virus as well. Because they
modify the directory, cluster viruses may appear to infect every program
on a disk. Also: File System Virus
Cold Boot
To start the computer by cycling the power. A cold boot
using a rescue disk (a clean floppy disk with boot instructions and virus
scanning capabilities) is often necessary to clean or remove boot sector
infectors. See Also: Boot, Warm Boot
COM File
A type of executable file limited to 64 kb. These simple
files are often used for utility programs and small routines. Because COM
files are executable, viruses can infect them. This file type has the extension
COM.
Cookie
Cookies are blocks of text placed in a file on your computer's
hard disk. Web sites use cookies to identify users who revisit the site.
Cookies might contain login or registration information, "shopping cart"
information or user preferences. When a server receives a browser request
that includes a cookie, the server can use the information stored in the
cookie to customize the Web site for the user. Cookies can be used to gather
more information about a user than would be possible without them.
An attack specifically designed to prevent the normal
functioning of a system and thereby to prevent lawful access to the system
by authorized users. Hackers can cause denial of service attacks by destroying
or modifying data or by overloading the system's servers until service
to authorized users is delayed or prevented. See Also: Attack
Disinfection
Most anti-virus software carries out disinfection after
reporting the presence of a virus to the user. During disinfection, the
virus may be removed from the system and, whenever possible, any affected
data is recovered.
DOC File
A Microsoft Word Document File. In the past, these files
contained only document data, but with many newer versions of Microsoft
Word, DOC files also include small programs called macros. Many virus authors
use the macro programming language to associate macros with DOC files.
This file type has the extension DOC.
An encrypted virus's code begins with a decryption algorithm
and continues with scrambled or encrypted code for the remainder of the
virus. Each time it infects, it automatically encodes itself differently,
so its code is never the same. Through this method, the virus tries to
avoid detection by anti-virus software.
EXE file
An executable file; as contrasted with a document or data
file. Usually, executed by double-clicking its icon or a shortcut on the
desktop, or by entering the name of the program at a command prompt. Executable
files can also be executed from other programs, batch files or various
script files.
The vast majority of known viruses infect program files. However, real-world
infections by program-infecting viruses are much less common. Also: Program
File
File Allocation Table. The under MS-DOS, Windows 3.x,
9x, and NT (in some cases), the FAT is located in the boot sector of the
disk and stores the addresses of all the files contained on a disk. Viruses
and other malicious programs, as well and normal use and extended wear
and tear, can damage the FAT. If the FAT is damaged or corrupt, the operating
system may be unable to locate files on the disk.
File Viruses
File viruses usually replace or attach themselves to COM
and EXE files. They can also infect files with the extensions SYS, DRV,
BIN, OVL and OVY.
File viruses may be resident or non-resident, the most common being
resident or TSR (terminate-and-stay-resident) viruses. Many non-resident
viruses simply infect one or more files whenever an infected file runs.
Also: Parasitic Virus, File Infecting Virus
Firewall
A firewall prevents computers on a network from communicating
directly with external computer systems. A firewall typically consists
of a computer that acts as a barrier through which all information passing
between the networks and the external systems must travel. The firewall
software analyzes information passing between the two and rejects it if
it does not conform to pre-configured rules.
An attack whereby an active, established, session is intercepted
and used by the attacker. Hijacking can occur locally if, for example,
a legitimate user leaves a computer unprotected. Remote hijacking can occur
via the Internet.
Hole
Vulnerability in the design software and/or hardware that
allows circumvention of security measures.
Host
A term often used to describe the computer file to which
a virus attaches itself. Most viruses run when the computer or user tries
to execute the host file.
A logic bomb is a type of trojan horse that executes when
specific conditions occur. Triggers for logic bombs can include a change
in a file, by a particular series of keystrokes, or at a specific time
or date. See: Time Bomb
A macro is a series of instructions designed to simplify
repetitive tasks within a program such as Microsoft Word, Excel or Access.
Macros execute when a user opens the associated file. Microsoft's latest
macro programming language is simple to use, powerful, and not limited
to Word documents. Macros are in mini-programs and can be infected by viruses.
See Also: Macro Virus
Macro Virus
A macro virus is a malicious macro. Macro viruses are
written a macro programming language and attach to a document file (such
as Word or Excel). When a document or template containing the macro virus
is opened in the target application, the virus runs, does its damage and
copies itself into other documents. Continual use of the program results
in the spread of the virus.
Mailbomb
n. Excessively large email (typically many thousands of
messages) or one large message sent to a user's email account, for the
purpose of crashing the system, or preventing genuine messages from being
received.
v. To send a mailbomb.
Malicious Code
A piece of code designed to damage a system or the data
it contains, or to prevent the system from being used in its normal manner.
Master Boot Record
The 340-byte program located in the master boot sector.
This program reads the partition table, determines what partition to boot
and transfers control to the program stored in the first sector of that
partition. There is only one master boot record on each physical hard disk.
Also: MBR, Partition Table; See Also: Boot Record
Master Boot Sector
The first sector of a hard disk. This sector is located
at sector 1, head 0, track 0. The sector contains the master boot record.
See Also: Master Boot Record
Master Boot Sector Virus
Master boot sector viruses infect the master boot sector
of hard disks, though they spread through the boot record of floppy disks.
The virus stays in memory, waiting for DOS to access a floppy disk. It
then infects the boot record on each floppy disk DOS accesses. Also: Master
Boot Record Virus; See Also: Boot Record
Memory-resident Virus
A memory-resident virus stays in memory after it executes
and infects other files when certain conditions are met. In contrast, non-memory-resident
viruses are active only while an infected application runs.
Multipartite Virus
Multipartite viruses use a combination of techniques including
infecting documents, executables and boot sectors to infect computers.
Most multipartite viruses first become resident in memory and then infect
the boot sector of the hard drive. Once in memory, multipartite viruses
may infect the entire system.
Removing multipartite viruses requires cleaning both the boot sectors
and any infected files.
Mutant
See: Variant
Mutating Virus
A mutating virus changes, or mutates, as it progresses
through its host files making disinfection more difficult. The term usually
refers to viruses that intentionally mutate, though some experts also include
non-intentionally mutating viruses. See Also: Polymorphic Virus
The operating system is usually the underlying software
that enables you to interact with the computer. The operating system controls
the computer storage, communications and task management functions. Examples
of common operating stems include: MS-DOS, MacOS, Linux, Windows 98. Also:
OS, DOS
A password attack is an attempt to obtain or decrypt a
legitimate user's password. Hackers can use password dictionaries, cracking
programs, and password sniffers in password attacks. Defense against password
attacks is rather limited but usually consists of a password policy including
a minimum length, unrecognizable words, and frequent changes. See Also:
Password Sniffer
Password Sniffing
The use of a sniffer to capture passwords as they cross
a network. The network could be a local area network, or the Internet itself.
The sniffer can be hardware or software. Most sniffers are passive and
only log passwords. The attacker must then analyze the logs later. See
Also: Sniffer
Payload
Refers to the effects produced by a virus attack. Sometimes
refers to a virus associated with a dropper or Trojan horse.
Polymorphic Virus
Polymorphic viruses create varied (though fully functional)
copies of themselves as a way to avoid detection from anti-virus software.
Some polymorphic virus use different encryption schemes and requires different
decryption routines. Thus, the same virus may look completely different
on different systems or even within different files. Other polymorphic
viruses vary instruction sequences and use false commands in the attempt
to thwart anti-virus software. One of the most advanced polymorphic viruses
uses a mutation-engine and random-number generators to change the virus
code and its decryption routine. See Also: Mutating Virus
The process by which a virus makes copies of itself in
order to carry out subsequent infections. Replication is one of major criteria
separating viruses from other computer programs.
Resident Virus
A resident virus loads into memory and remains inactive
until a trigger event. When the event occurs the virus activates, either
infecting a file or disk, or causing other consequences. All boot viruses
are resident viruses and so are the most common file viruses.
Rogue Program
A term the media use to denote any program intended to
damage programs or data, or to breach a system's security. It includes
Trojan Horse programs, logic bombs, viruses, and more.
A virus detection program that searches for viruses.
Self-extracting Files
A self-extracting file decompresses part of itself into
one or more parts when executed. Software authors and others often use
this file type to transmit files and software via the Internet since the
compressed files conserve disk space and reduce download time. Some anti-virus
products may not search self-extracting file components. To scan these
components, you must first extract the files and then scan them.
Shareware
Software distributed for evaluation without cost, but
that requires payment to the author for full rights. If, after trying the
software, you do not intend to use it, you simply delete it. Using unregistered
shareware beyond the evaluation period is pirating.
Signature
A search pattern, often a simple string of characters
or bytes, expected to be found in every instance of a particular virus.
Usually, different viruses have different signatures. Anti-virus scanners
use signatures to locate specific viruses. Also: Virus Signatures
Sniffer
A software program that monitors network traffic. Hackers
use sniffers to capture data transmitted via a network.
Stealth Virus
Stealth viruses attempt to conceal their presence from
anti-virus software. Many stealth viruses intercept disk-access requests,
so when an anti-virus application tries to read files or boot sectors to
find the virus, the virus feeds the program a "clean" image of the requested
item. Other viruses hide the actual size of an infected file and display
the size of the file before infection.
Stealth viruses must be running to exhibit their stealth qualities.
Also: Interrupt Interceptors
Usually malicious action triggered at a specific date
or time. See Also: Logic Bomb
Triggered Event
An action built into a virus set off by a specific condition.
Examples include a message displayed on a specific date or reformatting
a hard drive after the 10th execution of a program.
Trojan Horse Program
A Trojan horse program is a malicious program that pretends
to be a benign application; a Trojan horse program purposefully does something
the user does not expect. Trojans are not viruses since they do not replicate,
but Trojan horse programs can be just as destructive.
Many people use the term to refer only to non-replicating malicious
programs, thus making a distinction between Trojans and viruses. Also:
Trojan
Tunneling
A virus technique designed to prevent anti-virus applications
from working correctly. Anti-virus programs work by intercepting the operating
system actions before the OS can execute a virus. Tunneling viruses try
to intercept the actions before the anti-virus software can detect the
malicious code. New anti-virus programs can recognize many viruses with
tunneling behavior.
A technique of some anti-virus programs to store information
about files in order to notify the user about file changes. Internal vaccines
store the information within the file itself, while external vaccines use
another file to verify the original for possible changes.
Variant
A modified version of a virus. Usually produced on purpose
by the virus author or another person amending the virus code. If changes
to the original are small, most anti-virus products will also detect variants.
However, if the changes are large, the variant may go undetected by anti-virus
software.
VBS
Visual Basic Script. Visual Basic Script is a programming
language that can invoke any system function--including starting, using
and shutting down other applications without--user knowledge. VBS programs
can be embedded in HTML files and provide active content via the Internet.
Since not all content is benign, users should be careful about changing
security settings without understanding the implications. This file type
has the extension VBS.
Virus
A computer program file capable of attaching to disks
or other files and replicating itself repeatedly, typically without user
knowledge or permission. Some viruses attach to files so when the infected
file executes, the virus also executes. Other viruses sit in a computer's
memory and infect files as the computer opens, modifies or creates the
files.
Some viruses display symptoms, and some viruses damage files and computer
systems, but neither symptoms nor damage is essential in the definition
of a virus; a non-damaging virus is still a virus.
There are computer viruses written for several operating systems including
DOS, Windows, Amiga, Macintosh, Atari, and UNIX, and others. There are
more than 50,000 viruses, Trojans, and other malicious software.
Virus Hoaxes
Hoaxes are not viruses, but are usually deliberate or
unintentional emessages warning people about a virus or other malicious
software program. Some hoaxes cause as much trouble as viruses by causing
massive amounts of unnecessary email.
Most hoaxes contain one or more of the following characteristics:
Warnings about alleged new viruses and its damaging consequences,
Demands the reader forward the warning to as many people as possible,
Pseudo-technical "information" describing the virus,
Bogus comments from officials: FBI, software companies, news agencies,
etc.
If you receive an email message about a virus, check with a reputable
source to ensure the warning is real.
Restarting a computer without first turning off the power.
Using CTL+ALT+DEL or the reset button on many computers can warm boot a
machine.
Windows Scripting
Windows Scripting Host (WSH) is a Microsoft integrated
module that lets programmers use any scripting language to automate operations
throughout the Windows desktop.
Worm
Worms are parasitic computer programs that replicate,
but unlike viruses, do not infect other computer program files. Worms can
create copies on the same computer, or can send the copies to other computers
via a network. Worms often spread via IRC (Internet Relay Chat).
ZIP Archive File. A ZIP archive contains compressed collections
of other files. ZIP files are popular on the Internet because users can
deliver multiple files in a single container; the compressed files also
save disk space and download time. A ZIP file can contain viruses if any
of the files packaged in it contain viruses, but the ZIP file itself is
not directly dangerous. Other archive files include RAR, and LHA files.
This file type has the extension ZIP.
