eCan of Worms | This Is It

From the huge building sized machines of the yester years, computers have shrunk in size to as small as a mobile phone or smaller. While the size has decreased, the processing power has increased with each passing year. The pocket-sized computer of today in fact boasts of being faster and more powerful than the super and mini computers of the past. Computers today come in different configurations to suit varying needs but the most common type would probably be the household PC, usually a desktop. The PC has become such an important part of our lives, that we spend more time before the monitor than on anything else, including family. Whether it be the dabba of our government offices or 'Neo,' as a friend affectionately calls her laptop, there cannot be enough words to describe the functionality of a PC and the extent to which it has settled into being a part of our daily life.

Not denying the fact that PCs have revolutionised modern life, there still are moments when you are left scratching your head in frustration as your workhorse seems to attain a will of its own – programs crash, processing time is longer, files disappear or even worse, your PC refuses to work. What can be the cause? There might be many reasons for it but the most common can be the presence of a virus.

A virus in very simple terms is a malicious program that is designed to spread itself by infecting program files or the system areas of hard and floppy disks and then making copies of itself. As many people still feel, a computer virus is not an animate object but a piece of code, and thus does not spread through the air. The most common medium of infection in the present context is the Internet, through emails, downloads, etc.

Now that we know what a virus is, it's on to the next question – is your computer infected with a virus? A very simple way of finding out is to install an anti-virus program (AV) on your computer. You can always buy one or you can even use free ones like AVG. While we say that installing an AV can help you detect virus infections, we would like to add that some viruses do not allow the AV to be installed or to function properly. The best bet thus, is to have one installed as soon as you buy your PC and have it enabled all the time. AVs not only detect virus infections, they also do not allow viruses to infect your PC in the first place. It is also important to regularly update your virus definitions as new virus get created each day and they may just slip through your AV, if the definitions are not updated. A definition is a file that informs your AV about virus characteristics and their behaviour.

A virus as said earlier spreads through floppies, emails, etc. In other words, whenever there is transfer of data, there is a risk of infection. The transfer of data for general users mostly takes place in form of files and thus the most common medium of a virus infection is a file. But, all files are not susceptible to viruses. Since some code needs to be executed for a virus to take effect, pure data files, including graphics and sound, like .gif, .wav, etc. are safe. The files that are executable like .exe, .com, etc., and the files that contain executables (macros, javascripts) like Word, Excel or HTML files are at risk. When you open an infected file, the code gets executed and then the virus is at play – it will do what it has been programmed to do, replicate and try and spread to other computers, the same way as it reached yours.

Different viruses work in different ways – some may just display a message on your screen on a particular day while others may damage files and interfere with your PC's operations. The former type may appear harmless, but they too in the process of spreading can cause damage to files and can even bring down networks by hogging the traffic. The actions of a virus are however limited to software or programs. A virus cannot damage your hardware.

While talking of viruses, we would also like to shed some light on Trojan Horses, which akin to the horse in Greek mythology, is a program that pretends to be something else. It is basically a disguise: for example, you download what you think is a new game but when you run it, it extracts data from your PC and sends it to some specified address.

Emails are a favourite means of sending virus and Trojan Horses so, your have to be very wary of the ones with attachments. Reading a plain text email does not infect your PC but the ones with embedded executable code (Javascript in HTML emails) can possibly infect your PC. As a precaution, treat any file attachments and HTML emails with care. Scan the email before you open it.

Viruses are the scourges of this world fuelled by information. Every time you go online, send a file or receive one, you are vulnerable to an attack. You can never tell when you will be under siege. The only way to fight the menace is to be prepared; we hope you build up your defences after reading our bit on computer viruses.

General tips on avoiding virus infections:

• Have anti-virus software installed when you buy your PC. Keep the software enabled at all times and update the definitions regularly.
• Scan your disks on a regular basis. Also scan your all incoming and outgoing emails.
• Scan any new program that you plan to install on your computer. You should also scan program CDs that you intend to use in your PC.
• Disable the auto-open and auto-execute features on your email client.
• Be wary of downloads and other files that may contain executables. Trojan Horses often slip through anti-virus programs.
• Do not accept program and other files during chat sessions.
• Regularly backup the data in your computer.

Helpful Links
Anti Virus Reviews
<http://www.zdnet.com/pcmag/features/utilities98/antivirus/index.html>
<http://www.uta.fi/laitokset/virus/>
<http://agn-www.informatik.uni-hamburg.de/vtc/naveng.htm>

Virus Information
http://www.yahoo.com/Computers_and_Internet/Security_and_Encryption/Viruses/
http://www.macvirus.com

Virus Scams and Hoaxes
http://www.faqs.org/faqs/net-abuse-faq/scams/

Different Types of Anti-virus Software
There are many types of anti-virus software available, employing many different scanning techniques. The broad types of anti-virus software are signature scanners, heuristic scanners, integrity checkers, and activity blockers.

Signature Scanners
Signature scanners look through executable files looking for known series of bytes, also known as signatures, associated with known viruses. This is a reliable way of catching known viruses though new ones slip through.

Heuristic Scanners
Heuristic scanners function in a similar fashion like signature scanners, though in this case, instead of looking for specific signatures, heuristic scanners look for certain instructions within a program, most of which aren't found in typical application programs, like writing to the boot sector of the hard disk. This is helpful for catching unknown viruses, though a heuristic scanner can often come in the way of legitimate system programs.

Integrity Checker
An integrity checker works by checking the integrity, or state, or the system. It involves running the program across every file, both programs and data files, on the disk and storing checksums or reference data for future checks. When the integrity checker is run at a later date, a comparison is made, especially in case of executable files and the discrepancies reported.

Activity Blocker
An activity blocker intercepts a virus currently being run and prevents it from infecting another program or overwrite some data. Activity blockers are normally started when the computer is started and remain active till shutdown.

Recent Threats
Win32.Netsky.P
Also known as: ZIP.Netsky.P, Win32/Netsky.P.Worm, W32/Netsky.P@mm (F-Secure), W32/Netsky.p@MM (McAfee), I-Worm.Netsky.q (Kaspersky)

Netsky.P is a worm that spreads through e-mail and file sharing. It is distributed as a 29,568 byte Win32 executable, compressed with FSG, which drops a 26,624 byte DLL file. It also distributes itself inside ZIP archives.

Netsky.P sends itself through e-mail using its own SMTP engine. It spoofs the 'From' address of the message by either inserting one of the e-mail addresses that it harvested from the affected machine or using the address lola@sexnet.com. Netsky.P is capable of producing a large number of varying messages, by combining different subjects, bodies and attachment names like Re: Encrypted Mail, Re: Extended Mail, Re: Status, Re: Notify, etc.

Win32.Mydoom.O
Also known as: I-Worm.Mydoom.m (Kaspersky), ZIP.Mydoom.O, Win32/MyDoom.O.Worm, W32/Mydoom.O@mm (F-Secure) , W32/Mydoom.o@MM (McAfee)

Win32.Mydoom.O is a worm that spreads via e-mail and contains limited backdoor functionality. It has been distributed as a 28,832-byte, UPX-packed, Win32 executable.
Mydoom.O also creates a mutex to ensure only one copy of the worm runs at a time.

The worm searches all fixed drives for e-mail addresses in files. It also uses major search engines such as Lycos, Altavista, Yahoo and Google to collect e-mail addresses. The number of results to obtain is randomly selected from 20, 50 or 100. The worm selects a keyword from "contact", "reply", "mail", "mailto", "email" and "e-mail", and uses this with a web page name (the worm collects the name from the local disk when searching for e-mail addresses) as the search key. The worm then saves the result to a temp file and parses it for e-mail addresses using the same routine that it used for the files on the local affected machine.

Online Virus Scanner from eTrust
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx
Needs a fast line since in involves about 3 MB of downloads.

LINUX - a passion for many, and an uncharted realm for many others.

FREE, seemingly being the way of the future, LINUX may well be the computing platform of choice for the future.

Join Vikash as he explores the domain of Tux, the penguin.

LINUXlogue – coming soon!