Virus Awareness

[Guest guest]

Myths about Viruses:

--------------------

 

Many myths have surfaced about the threat of computer " viruses " . There

are mythsabout how widespread they are, how dangerous they are, and

even myths about whata computer virus really is. We want you to know

the facts.

 

The first thing you need to know is that a computer virus falls in the

realm of malicious programming techniques known as " Trojan horses. "

All viruses are Trojan horses, but relatively few Trojan horses can be

called a virus.

 

Viruses, like all Trojan horses, purposely make a program do things

you don't expect it to do. Some viruses will just annoy you, perhaps

only displaying a " Peace on earth " greeting. The viruses we worry

about will try to erase your data (the most valuable asset of your

computer!) and waste your valuable time in recovering from an attack.

 

Virus is a generic term. It can typically be delivered as:

 

a) Trojans: is an " apparently useful program containing hidden

functions that can exploit the privileges of the user [running the

program], with a resulting security threat. A Trojan horse does things

that the program user did not intend " .

 

Trojan horses rely on users to install them, or they can be

installed by intruders who have gained unauthorized access by other

means. Then, an intruder attempting to subvert a system using a Trojan

horse relies on other users running the Trojan horse to be successful.

 

b) Viruses: malicious programs designed to spread themselves from one

file to another on a single computer. A virus might rapidly infect

every application file on an individual computer, or slowly infect

the documents on that computer, but it does not intentionally try to

spread itself from that computer to other computers.

 

Here human is the carrier.

 

c) Worms: are insidious because they rely less on human behaviour and

is designed to copy itself from one computer to another over a

network.

 

d) Exploits: uses Excel spreadsheats to run malicious code unknowingly

to the user.

The commands will be activated as soon as you open the Excel

spreadsheet and are not contained in macros, but in the normal cells

of the spreadsheet. Office 97 will solve this vulnerability.

 

e) Active HTML attacks

An Excel spreadsheet may be posted to the web, and launched on the

user's computer, without prompting the user with the appropriate

notification. The actual malicious XLS file may be put in a hidden

HTML frame, which will further obscure the presence of potentially

malicious code.

 

However, this additional vulnerability may also be resolved

by selecting " Confirm open after download " (Double-click on

'My Computer', select 'View', '(Folder) Options', 'File Types',

and then 'Edit', for all files associated with Excel (XLS).

 

f) Back door attacks (Back Orifice, Netbus, etc.) Back Orifice is a

tool consisting of two main pieces, a client application and a server

application running on two different machines basically to have

a control over the target machine.

 

This tool can be used by an unscrupulous user (e.g., the attacker)

to compromise the security of a computer running Windows 95 or

Windows 98.

 

Programs of a questionable nature:

 

These programs disrupt work flow, cause unnecessary alarms,

and are inappropriate for distribution.

" Joke Programs "

Programs such as game.exe (fake virus genre)

Programs such as cokegift.exe (manipulates users CD)

 

Email Gateway:

--------------

In case you don't know it, a virus must first reach your computer

before it can ever hope to do anything. Antivirus packages insert

themselves into the email stream so they can scan attachments on

arrival. They check for viruses at the email gateway, on the email

server, and inside the user's email software.

Therefore, blame your antivirus software if ILoveYou reached your PC.

 

 

How does viruses propogate ?

----------------------------

 

When allowed to execute, theses programs use address books such as

Microsoft Outlook address book (almost always) to send a copy of the

infected e-mail to say the first 50 individuals or groups listed in

the user's address book.

 

Vulnerability of Microsoft products:

---

Chairman Bill discussed the ILoveYou virus in a recent Network World

interview. I want you to read his comment:

 

NW: Visual Basic script is a key tool on the Windows platform, but

is it also a vulnerability that needs to be addressed in any way,

given the 'ILOVE YOU' virus?

 

GATES: There is nothing new about this virus. If you have

enclosures that are scripts, programs--anything--and people

double-click on those, those things run. They run as programs. We

certainly put up a lot of warning. The fact is, people are

clicking on those enclosures and ignoring those warning screens.

 

Now, administratively we let people get rid of those types of

enclosures, but it's really too bad because it means you can't send

somebody any kind of executable. But if people want to give that up,

we give them the administrative tools that make that possible. If you

don't think people are going to pay attention to those [attachment]

warning screens, then you have to give up mailing executable

enclosures.

 

 

Unfortunately absolute protection from Viruses is to turn off the

ability of browser to receive attachments.

 

Prevention:

-----------

 

Incidentally, these threats exist only on Windows or DOS platforms as

here the execute permissions are given by the extensions of the

files.

 

 

Virus hoax messages are all too familiar to just about all email

users. One of the main reasons for this is that they play on peoples

ignorance - users are understandably concerned about viruses, and so

consider it 'helpful' if, as suggested by the majority of hoaxes, they

forward the message on to their entire address book.

 

Such an action, all be it well-meaning, is not helpful however. Aside

from the imposed network load, the consequence is that the hoax

becomes 'well known' and listed on pages such as these.

This fame (of sorts) no doubt leads to some degree of satisfaction for

the hoax perpetrator.

 

If you receive a virus warning message, follow the advice below, and

you will be able to quickly ascertain if the warning is genuine, and

what action you should take.

 

1.Most such emails are, thankfully, hoaxes.

 

2.Do NOT forward the warning message to 'all your friends',

as

it may suggest in the text. If you have verified that the

message is a hoax, simply delete it. Certainly do so, if it

is to a free personal web-based email account like hotmail.

 

'New' virus hoaxes are more often than not, merely

recycled old hoaxes, with the addition of a few minor

differences. As such it is possible to spot the

tell-tale signs of a hoax. Typical phrases in the body

of a virus hoax might be:

 

DO NOT OPEN! Doing so will result in the deletion

of all of the files on your hard drive!

Forward this message to all your friends!

 

Basically, warning messages encouraging you to

forward the information to all your email contacts,

will typically be hoaxes.

 

 

More information:

-----------------

 

If you are inquisitive to know the nature of disaster meted out by

various viruses and worms, you may go to

http:www.symantec.com/avcenter or several such sites which elaborates

their exploits.