Internet Basics Review 02 - Viruses

by Rob Zorn
from the April 2003 Newsletter

In light of the fact that Actrix has many customers new to the Internet, and that more and more are coming online through Actrix each day, I thought it might be a good idea to do a series of review articles. I talked with a few chaps and chapesses around the office to see if we could come up with a handful of things that anyone new to the Internet really ought to know. This month I want to revive the old subject of viruses. So much has been written about them, but the continued world-wide proliferation of these nasties still demonstrates that not enough people are yet clear on how to avoid them.

What Are Viruses?

In medical terms, a virus is a mysterious, self-replicating, mutating, nasty little bug that will do your health damage by getting into your body and attempting to destroy it from within as it reproduces itself. In computer terms, a virus is nearly the same thing. It's a nasty little program that will get onto your hard drive and, if allowed to run, will start delivering whatever its predetermined payload is. The difference is that medical viruses usually occur naturally. In computer terms, viruses are made by people with the explicit goal of doing damage.

What Motivates Virus Writers?

animated_virus.gif (9517 bytes)There are a number of motivations. The most common motivation is probably only different from any public vandal's motivation in terms of degree. I guess these virus-writers get some sort of buzz out of knowing that it is their little baby that is spreading around the world, crashing machines and costing people much money and inconvenience. These types write viruses that are designed to destroy. Once the virus is allowed to run by the unsuspecting user, it begins to delete important files, or even the entire contents of the hard drive. Or, it may start to play pranks on the user, shifting things around, making weird things happen and so forth. I guess it's a power thing.

An even more sinister motivation lies behind those who include Trojans with their viruses. Trojans (named after the famous Trojan horse) find some way to open the computer up to be connected to across the Internet, and then report back to the writer in some way informing him that he can now connect to the infected computer directly himself and take clandestine control over it. Many of the latest viruses have come with Trojans or "backdoors."

The ultimate motivation here is usually firepower, and not just the stealing of your private information. It is possible to wage a kind of war across the Internet through what are called Denial of Service attacks. if you wanted to take a company (e.g. a bank) or an organisation (e.g. a government department) down, one of the best ways to do it is to render its computers useless. This is easy to do, at least temporarily, if you can find some way to send so much traffic at those computers that they can't handle it and cease to function. Just as the Coalition forces want to use several fronts in Iraq, the virus writer knows he can better hurt someone else's computer by attacking it from several fronts. if he can get control over your machine without you knowing it, he can double the firepower he can send at the computers he wants to attack. The more machines he can control, the more firepower he (or she, I guess) has. This isn't hysterical. It really happens. If you can understand why an evil despot wants to amass power to himself for its own sake, you can understand what a blast it would be for an evil mind to control 100, 1000, or several thousand machines across the world.

How Do They Work?

Most commonly, viruses come to you as e-mail attachments that are disguised as something that the writer hopes will lure you into running them. They may appear to be a sex movie, or a funny film, or a beautiful screen saver, but the minute you click them to run, you find out that they weren't. You click it, you heard your hard drive whirrr for a bit,and then - nothing! But the next time you start your machine, odd things happen, or you suddenly find your receiving bounced e-mails from a whole lot of people you never sent anything to. Uh oh.....

There are still plenty of viruses around that try to exploit known security holes in programs like Outlook or Outlook Express. if you haven't got the latest versions of software that have those holes patched, then the viruses can run without you even having to click the attachments! I wrote about this last month in the review article (http://editor.actrix.co.nz/0303.htm) about how important the Windows Update Page is.

Just like a medical virus, one of the first things the virus will be concerned about is re-creating itself. Most viruses will hijack your e-mail program and send themselves out to everyone in your address book, or to every e-mail address they can find stored on your computer. Their hope is that the next recipient will also be fooled and infect their machine - and so the process goes on.

What's the Story with Hoax Viruses?

There have been a few of these - Sulfnbk.exe and Jdbgmgr.exe (Teddy Bear) are two of the most famous hoaxes. These ones come and warn you that there might be a virus on your computer. They tell you how to look for it to confirm. Lo and behold, you follow the instructions and you find you do have that file on your computer! Shock horror! What you don't realise is that both of these files (sulfnbk.exe and jdbgmgr.exe) are legitimate parts of Windows, and should be on your computer!

People that start these hoaxes are creating what are called virtual viruses. There is no nasty little program but they get you to do some damage to yourself anyway, and the e-mail warning you received encourages you to send it on to everyone in your address book. No virus is needed. They dupe you into doing exactly what the virus would have done.

What Should You Do to Stay Safe?

1. If you use Windows and you don't yet see the value of the Windows Update Page for keeping yourself secure, then you need to. As I wrote last month, using Windows and not being aware of the Windows Update Page is like driving a car without servicing it. At the worst possible moment, and well in accordance with Murphy's Law, you're probably going to break down late at night in the worst part of town...

2. Don't click attachments unless you know exactly what they are. Especially avoid ones that have a double file extension, e.g. anna.scr.pif. Viruses often have an extra file extension added to confuse virus scanners, or to make them appear to be a type of program that they are not.

3. Watch your kids and make sure they understand the importance of not clicking attachments when they're online. Kids are bigger risk-takers and love things that are funny, so you have to really stress it to them. (I can say this, I got a few of them.)

4. Use anti-Virus software. Lots of companies make such programs, and they are all pretty much as good as each other. You can download them online, or purchase them from computer retailers.

5. If your ISP offers server-based virus protection, and you don't mind your ISP filtering your mail for you, then ask to have the service added for your account.