Home   About Us   Services   Solutions   Support            
Power Protection
Importance of Security
Threats to Data
Who are the Enemies?
What can the Enemies do?
Penetration Test
Security Policies
Security Tools

Viruses are the most widely known security threats, because they often garner extensive press coverage. Computer viruses are defined as a set of instructions that attaches itself to other computer programs, usually in the computer’s operating system. Viruses are written by devious programmers and are designed to replicate themselves and infect computers when triggered by a specific event. In most cases, the corrupted programs continue to perform their intended functions, but surreptitiously execute the virus’ instructions as well.

A virus is usually designed to execute when it is loaded into the computer’s memory. Upon execution, the virus instructs its host program to copy the viral code into, or “infect,” any number of other programs and files stored in the computer. The infection can then transfer itself to files and code itself on other computers through magnetic disks or other memory-storage devices, computer networks, or online systems.

There are different types of viruses and their effects:

Boot Sector Viruses
Overwrite the original boot sector of the disk (which contains code that is executed when the system is booted) with its own code so that the virus is always loaded into memory before anything else. Every time you start your computer, the virus is run. Once in memory, the virus can make your startup disk unusable, or can spread to other disks.

Master Boot Sector Viruses
Overwrite the master boot sector of the disk (partition table). These viruses are difficult to detect because many disk examination tools do not let you see the partition sector, which is the first sector on a hard drive.

Macro Viruses
Written in the macro language of specific computer programs, such as a word processor or spreadsheet. Macro viruses infect files (not the boot sector or partition table), and can become memory resident when executed. They can be run when a program document is accessed, or triggered by user actions, such as certain keystrokes or menu choices. Macro viruses can be stored in files with any extension and are spread through file transfers, or email.

File Viruses
Attach themselves to (or replace) *.COM and *.EXE files, although in some cases, they can infect files with .SYS, .DRV, .BIN, .OVL and .OVY extensions. The most common file viruses are resident viruses, which reside in the memory of your computer at the time the first copy is run, and take clandestine control of the computer. Such viruses commonly infect additional programs as you run them. However, there are many non-resident viruses, too, which simply infect one or more files whenever an infected file is run. These viruses often change the file attribute information and the file size, time, and date information.

Multi-partite Viruses
Combine the characteristics of memory resident, file, and boot sector viruses.

Worm Viruses
Similar to viruses in that they make copies of themselves, but different, in that they do not need to attach to particular files or sectors at all. Once a worm is executed, it seeks other systems, rather than parts of systems, to infect, then copies its code to them.

Stealth Viruses
Hides the modifications it has made in the file or boot record. Usually by monitoring the system functions used by programs to read files or physical blocks from storage media, and forging the results of such system functions so that programs which try to read these areas see the original uninfected form of the file instead of the actual infected form. However, in order to do this, the virus must be resident in memory when the antivirus program is executed.

Polymorphic Viruses
Produces varied (yet fully operational) copies of itself, in the hope that virus scanners will not be able to detect all instances of the virus.

Trojan Horse
A program that performs some unexpected or unauthorized, (usually malicious) actions, such as
displaying messages, erasing files, or formatting a disk. A Trojan horse doesn’t infect other host files.

Script Viruses (VBScript, JavaScript, HTML)
Written in script programming languages, such as VBScript and JavaScript. VBScript (Visual Basic Script) and JavaScript viruses make use of Microsoft’s Windows Scripting Host (WHS) to activate themselves and infect other files. Since WHS is available on Windows 98 and Windows 2000, the viruses can be activated simply by double clicking the *.vbs or *.js file from the Windows Explorer.

Trigger condition or date
Indicates the condition or date on which the virus’ payload will be triggered. Please note that date-activated viruses may infect your computer 365 days a year. Also, your computer may be infected by these viruses prior to the date specified.

Web sites have come alive through the development of such software applications as ActiveX and Java Applets. These devices enable animation and other special effects to run, making Web sites more attractive and interactive. However, the ease with which these applications can be downloaded and run has provided a new vehicle for inflicting damage. A vandal is a software application or applet that causes destruction of varying degrees. A vandal can destroy just a single file or a major portion of a computer system.

Innumerable types of network attacks have been documented, and they are commonly classified in three general categories: reconnaissance attacks, access attacks, and denial of service (DoS) attacks.

• Reconnaissance attacks are essentially information gathering activities by which hackers collect data that is used to later compromise networks. Usually, software tools, such as sniffers and scanners, are used to map out network resources and exploit potential weaknesses in the targeted networks, hosts, and applications. For example, software exists that is specifically designed to crack passwords. Such software was created for network administrators to assist employees who have forgotten their passwords or to determine the passwords of employees who have left the company without telling anyone what their passwords were. Placed in the wrong hands, however, this software can become a very dangerous weapon
• Access attacks are conducted to exploit vulnerabilities in such network areas as authentication services and File Transfer Protocol (FTP) functionality in order to gain entry to e-mail accounts, databases, and other confidential information
• DoS attacks prevent access to part or all of a computer system. They are usually achieved by sending large amounts of jumbled or otherwise unmanageable data to a machine that is connected to a corporate network or the Internet, blocking legitimate traffic from getting through. Even more malicious is a Distributed Denial of Service attack (DDoS) in which the attacker compromises multiple machines or hosts

Data Interception
Data transmitted via any type of network can be subject to interception by unauthorized parties. The perpetrators might eavesdrop on communications or even alter the data packets being transmitted. Perpetrators can use various methods to intercept the data. IP spoofing, for example, entails posing as an authorized party in the data transmission by using the Internet Protocol (IP) address of one of the data recipients.

Social Engineering
Social engineering is the increasingly prevalent act of obtaining confidential network security information through non-technical means. For example, a social engineer might pose as a technical support representative and make calls to employees to gather password information. Other examples of social engineering include bribing a coworker to gain access to a server or searching a colleague’s office to find a password that has been written in a hidden spot.

Spam is the commonly used term for unsolicited electronic mail or the action of broadcasting unsolicited advertising messages via e-mail. Spam is usually harmless, but it can be a nuisance, taking up the recipient’s time and storage space.

© Copyright 2002 Eitech. All rights reserved.