Blocking Viruses and Worms with an Antivirus Program

A virus is a computer program that replicates by attaching itself to another object. Viruses can infect program files, documents (in the form of macro viruses), or low-level disk and file-system structures such as the boot sector and partition table . Viruses can run when an infected program file runs; they can also reside in memory and infect files as the user opens, saves, or creates the files . A worm is a standalone program that replicates by copying itself from one computer to another, usually over a network or through e-mail attachments. The distinction between viruses and worms can be blurry and for practical purposes is unimportant

Historically, the most common source of widespread computer virus outbreaks is the class of hostile software that replicates by sending itself to other potential victims as an attachment to an e-mail message . The accompanying message often uses "social engineering" techniques designed to lure inattentive or gullible users into opening the infected attachment. For example, some viruses arrive as attachments that mimic delivery failure reports from an e-mail server administrator. The attachment, in .zip format, ostensibly includes details of the failed message but actually contains the virus payload.

INSIDE OUT

Beware of .zip files attached to e-mail messages

These days, most mail servers reject all incoming messages with executable files attached; even if the server doesn't stop such messages, modern e-mail clients make it difficult or impossible to run executable attachments . That simple measure completely stops most viruses written before 2003.

To work around the blockade, attachment-based viruses now typically send their payloads using the standard .zip format for compressed files. If the user opens the attachment, the contents of the compressed file appear—in Windows Explorer or in the third-party utility assigned to handle .zip files. Double-clicking the executable file within the compressed archive sets the virus in motion. Virus writers use a variety of tricks with .zip files. In some cases, they include a bogus extension in the file name and then append a large number of spaces before the real file name extension so that the actual file type doesn't appear in the window that displays archived files . Some viruses even encrypt the .zip attachment and include the password as part of the message. That allows the infected attachment to slip past some virus scanners . Most real-time scanners will detect a virus in a .zip file, either when it arrives or when the user tries to extract the file. The moral? Be wary of all attachments, even when they appear to be innocent

Although viruses that spread through e-mail attachments have been to blame for the majority of attacks in recent years, some security experts believe that other modes of transmission represent a far greater threat and will become more prevalent in the future. By their nature, attachments (as well as files transferred with an instant messenger program, a more recent attack vector) require some cooperation from an unwitting or distracted user; that requirement dramatically limits their potential to spread unchecked. As a result, authors of hostile software are always on the lookout for techniques they can use to spread infections automatically.

The Conficker worm, which made headlines in 2009, provides an example: one of its propagation methods relies on AutoPlay, the feature that displays a menu of options when you insert a removable drive, such as a USB flash drive. On unprotected computers it displays an option to "open folder to view files" when a victim inserts an infected USB flash drive in the computer and AutoPlay runs. When clicked, that option actually executes the worm, which then attempts to spread to other computers . Windows 7 doesn't have the vulnerability that Conficker exploits in earlier (unpatched) Windows versions—but it also closes the AutoPlay vulnerability, as AutoRun (the feature that placed the bogus option in the AutoPlay dialog box) is disabled on removable drives .

Another popular mechanism is the use of scripts—written in languages such as JavaScript, JScript, or Microsoft Visual Basic Scripting Edition (often abbreviated as VBScript or VBS)—that automatically take actions on the intended victim's computer when he or she visits a webpage or views an HTML-formatted e-mail message. Protected Mode in Internet Explorer is one defense against this type of intrusion .

For details about Protected Mode and other defensive measures in Internet Explorer, see "Security and Privacy Options" on page 220.

Yet another increasingly common mode of transmission uses e-mail to send a link to a compromised website. If the intended victim clicks the link, she's taken to a page that attempts to install hostile code automatically or prompts the visitor to download a seemingly harmless file. The file is typically disguised as something innocuous, such as a codec required to view a salacious file.

You can review "top ten" lists of current threats and detections, along with links to details about each one, at the Microsoft Malware Protection Center, w7io.com/1518.

Viruses and worms are not necessarily, by their very nature, dangerous . Most are, however—why else would a programmer need to resort to such sneaky techniques?—and you don't want them on your computer. Besides replicating itself, a virus can be programmed to do just about anything that the current user account is allowed to do, such as erase files, make registry changes, and send information over the internet. An important layer in a basic PC protection strategy, therefore, is to use up-to-date antivirus software. Windows does not include any antivirus software, but it's readily available from Microsoft and many other vendors .

Was this article helpful?

0 0
Digital Cancers

Digital Cancers

Get All The Support And Guidance You Need To Be A Success At Protecting Your PC. This Book Is One Of The Most Valuable Resources In The World When It Comes To The Damaging Facts About Computer Viruses.

Get My Free Ebook


Post a comment