01-03-2010, 11:27 AM
[attachment=2494]
1. INTRODUCTION
Do viruses and all the other nasties in cyberspace matter Do they really do much harm Imagine that no one has updated your anti-virus software for a few months. When they do, you find that your accounts spreadsheets are infected with a new virus that changes figures at random. Naturally you keep backups. But you might have been backing up infected files for months. How do you know which figures to trust Now imagine that a new email virus has been released. Your company is receiving so many emails that you decide to shut down your email gateway altogether and miss an urgent order from a big customer. Imagine that a friend emails you some files he found on the Internet. You open them and trigger a virus that mails confidential documents to everyone in your address book including your competitors. Finally, imagine that you accidentally send another company, a report that carries a virus. Will they feel safe to do business with you again Today new viruses sweep the planet in hours and virus scares are major news.
A computer virus is a computer program that can spread across computers and networks by making copies of itself, usually without the user's knowledge. Viruses can have harmful side effects. These can range from displaying irritating messages to deleting all the files on your computer.
A virus program has to be run before it can infect your computer. Viruses have ways of making sure that this happens. They can attach themselves to other programs or hide in code that is run automatically when you open certain types of files. The virus can copy itself to other files or disks and make changes on your computer. Virus side effects, often called the payload, are the aspect of most interest to users. Password-protecting the documents on a particular day, mailing information about the user and machine to an address somewhere are some of the harmful side effects of viruses. Various kinds of viruses include macro virus, parasitic or file virus, Boot virus,
E-mails are the biggest source of viruses. Usually they come as attachments with emails. The Internet caused the spreading of viruses around the globe. The threat level depends on the particular code used in the WebPages and the security measures taken by service providers and by you. One solution to prevent the viruses is anti-virus softwares. Anti-virus software can detect viruses, prevent access to infected files and often eliminate the infection.
Computer viruses are starting to affect mobile phones too. The virus is rare and is unlikely to cause much damage. Anti-virus experts expect that as mobile phones become more sophisticated they will be targeted by virus writers. Some firms are already working on anti-virus software for mobile phones. VBS/Timo-A, Love Bug,Timofonica,CABIR,aka ACE- and UNAVAILABLE are some of the viruses that affect the mobile phones
2. BASIC CONCEPTS
2.1.What is a virus
A computer virus is a computer program that can spread across computers and networks by making copies of itself, usually without the user's knowledge. Viruses can have harmful side-effects. These can range from displaying irritating messages to deleting all the files on your computer.
2.2.Evolution of virus
In the mid-1980s Basit and Amjad Alvi of Lahore, Pakistan discovered that people were pirating their software. They responded by writing the first computer virus, a program that would put a copy of itself and a copyright message on any floppy disk copies their customers made. From these simple beginnings, an entire virus counter-culture has emerged. Today new viruses sweep the planet in hours and virus scares are major news.
How does a virus infect computers
A virus program has to be run before it can infect your computer. Viruses have ways of making sure that this happens. They can attach themselves to other programs or hide in code that is run automatically when you open certain types of files. You might receive an infected file on a disk, in an email attachment, or in a download from the internet. As soon as you launch the file, the virus code runs. Then the virus can copy itself to other files or disks and make changes on your computer.
Who writes viruses
Virus writers don't gain in financial or career terms; they rarely achieve real fame; and, unlike hackers, they don't usually target particular victims, since viruses spread too indiscriminately. Virus writers tend to be male, under 25 and single. Viruses also give their writers powers in cyberspace that they could never hope to have in the real world.
2.3.Virus side effects(Payload)
Virus side-effects are often called the payload. Viruses can disable our computer hardware, Can change the figures of an accounts spreadsheets at random, Adversely affects our email contacts and business domain, Can attack on web servers...
¦ Messages -WM97/Jerk displays the message 'I think (user's name) is a big stupid jerk!'
¦ Denying access -WM97/NightShade password-protects the current document on Friday 13th.
¦ Data theft- Troj/LoveLet-A emails information about the user and machine to an address in the Philippines.
¦ Corrupting data -XM/Compatable makes changes to the data in Excel spreadsheets.
¦ Deleting data -Michelangelo overwrites parts of the hard disk on March 6th.
¦ Disabling Hardware -CIH or Chernobyl (W95/CIH-10xx)
¦ attempts to overwrite the BIOS on April 26th, making the machine unusable.
¦ Crashing servers-Melissa or Explore Zip, which spread via email, can generate so much mail that servers crash.
There is a threat to confidentiality too. Melissa can forward documents, which may contain sensitive information, to anyone in your address book. Viruses can seriously damage your credibility. If you send infected documents to customers, they may refuse to do business with you or demand compensation. Sometimes you risk embarrassment as well as a damaged business reputation. WM/Polypost, for example, places copies of your documents in your name on alt.sex usenet newsgroups.
2.4.Where are the virus risks
3. VIRUSES AND VIRUS LIKE PROGRAMMES
3.1.Trojan horses
Trojan horses are programs that do things that are not described in their specifications The user runs what they think is a legitimate program, allowing it to carry out hidden, often harmful, functions. For example, Troj/Zulu claims to be a program for fixing the 'millennium bug' but actually overwrites the hard disk. Trojan horses are sometimes used as a means of infecting a user with a computer virus.
3.2.Backdoor Trojans
A backdoor Trojan is a program that allows someone to take control of another user's PC via the internet. Like other Trojans, a backdoor Trojan poses as legitimate or desirable software. When it is run (usually on a Windows 95/98 PC), it adds itself to the PC's startup routine. The Trojan can then monitor the PC until it makes a connection to the internet. Once the PC is on-line, the person who sent the Trojan can use software on their computer to open and close programs on the infected computer, modify files and even send items to the printer. Subseven and Back Orifice are among the best known backdoor Trojans.
3.3.Worms
Worms are similar to viruses but do not need a carrier (like a macro or a boot sector).They are subtype of viruses. Worms simply create exact copies of themselves and use communications between computers to spread. Many viruses, such as Kakworm
(VBS/Kakworm) or Love Bug (VBS/LoveLet-A), behave like worms and use email to forward themselves to other users.
3.4.Boot sector viruses
Boot sector viruses were the first type of virus to appear. They spread by modifying the boot sector, which contains the program that enables your computer to start up. When you switch on, the hardware looks for the boot sector program - which is usually on the hard disk, but can be on floppy or CD - and runs it. This program then loads the rest of the operating system into memory. A boot sector virus replaces the original boot sector with its own, modified version (and usually hides the original somewhere else on the hard disk). When you next start up, the infected boot sector is used and the virus becomes active. You can only become infected if you boot up your computer from an infected disk, e.g. a floppy disk that has an infected boot sector. Many boot sector viruses are now quite old. Those written for DOS machines do not usually spread on Windows 95, 98, Me, NT or 2000 computers, though they can sometimes stop them from starting up properly.
Boot viruses infect System Boot Sectors (SBS) and Master Boot Sectors (MBS). The MBS is located on all physical hard drives. It contains, among other data, information about the partition table (information about how a physical disk is divided into logical disks), and a short program that can interpret the partition information to find out where the SBS is located. The MBS is operating system independent. The SBS contains, among other data, a program whose purpose is to find and run an operating system. Because floppy diskettes are exchanged more frequently than program files boot viruses are able to propagate more effectively than file viruses.
Form -A virus that is still widespread ten years after it first appeared. The original version triggers on the 18th of each month and produces a click when keys are pressed on the keyboard.
Parity Boot - A virus that may randomly display the message 'PARITY CHECK' and freeze the operating system. The message resembles a genuine error message displayed when the computers memory is faulty.
3.5.Parasitic virus (File virus)
Parasitic viruses, also known as file viruses, attach themselves to programs (or 'executables') and Acts as a part of the program .When you start a program infected with a file virus, the virus is launched first. To hide itself, the virus then runs the original program. The operating system on your computer sees the virus as part of the program you were trying to run and gives it the same rights. These rights allow the virus to copy itself, install itself in memory or release its payload. these viruses Infects over networks. The internet has made it easier than ever to distribute programs, giving these viruses new opportunities to spread.
¦ Jerusalem- On Friday 13th deletes every program run on the computer.
¦ CIH (Chernobyl) - On the 26th of certain months, this virus will overwrite part of the BIOS chip, making the computer unusable. The virus also overwrites the hard disk.
¦ Remote Explorer - WNT/RemExp (Remote Explorer) infects Windows NT executables. It was the first virus that could run as a service, i.e. run on NT systems even when no-one is logged in.
Parasitic viruses infects executables by companion, link, overwrite, insert, prep end, append techniques
a) Companion virus
A companion virus does not modify its host directly. Instead it maneuvers the operating system to execute itself instead of the host file. Sometimes this is done by renaming the host file into some other name, and then grant the virus file the name of the original program. Or the virus infects an .EXE file by creating a .COM file with the same name in the same directory. DOS will always execute a .COM file first if only the program name is given, so if you type "EDIT" on a DOS prompt, and there is an EDIT.COM and EDIT.EXE in the same directory, the EDIT.COM is executed.
b) Linking Virus
A page link virus makes changes in the low-level workings of the file system, so that program names do no longer point to the original program, but to a copy of the virus. It makes it possible to have only one instance of the virus, which all program names point to.
c) Overwriting viruses
An overwriting virus places itself at the beginning of the program, directly over the original program code, so the program is now damaged. When you try to run this program, nothing happens except for the virus infecting another file. Such viruses are easily apprehended and destroyed by users and user support staff, so they actually spread very poorly in the wild. You have almost no chance of ever getting an overwriting virus in your machine.
d) Inserting viruses
An inserting virus copies itself into the host program. Programs sometimes contain areas that are not used, and viruses can find and insert themselves into such areas. The virus can also be designed to move a large chunk of the host file somewhere else and simply occupy the vacant space.
e)Prep-ending viruses
The pure prepending virus may simply place all of its code at the top of your original program. When you run a program infected by a prep ending file virus, the virus code runs first, and then your
original program runs.
f) Appending viruses
An appending virus places a "jump" at the beginning of the program file, moves the original beginning of the file to the end of the file, and places itself between what was originally the end of the file and what was originally at the beginning of the file. When you try to run this program, the "jump" calls the virus, and the virus runs. The virus then moves the original beginning of the file back to its normal position and then lets your program run.
3.6.Macro viruses
Macro viruses take advantage of macros, commands that are embedded in files and run automatically. Many applications, such as word processing or spreadsheet programs, use macros. A macro virus is a macro program that can copy itself and spread from one file to another. If an infected file is opened, i.e. a file that contains a macro virus, the virus copies itself into the application s startup files. The computer is now infected. When another file is opened using the same application, the virus infects that file. If the computer is on a network, the infection can spread rapidly: when an infected file is send to someone else, they can become infected too. A malicious macro can also make changes to your documents or settings. Macro viruses infect files used in most offices and some can infect several file types, such as Word or Excel files. They can also spread to any platform on which their 'host application runs. Above all, they spread easily because documents are exchanged frequently via email and websites.
¦ WM/Wazzu - Infects Word documents. It moves between one and three words and inserts the word 'wazzu at random.
¦ OF97/Crown-B - Can infect Word, Excel and PowerPoint files. When it infects a Word document, it turns off macro protection in the other Office 97 applications, so that it can infect them.
Embedding and Linking
The open systems in many of Microsoft s applications utilize OLE in order to combine different data types. You can embed an object such as a bitmap or an executable within a Word document. Embedding an object means that any edits to the object will not be reflected in any other copies of the object. You can also page link an object such as an Excel spreadsheet to a Word document. Linking an object means that you may edit the object in either its source application or from within the application to which it is linked, and all copies of the object will be updated.
3.7.Virus hoaxes
Hoaxes are reports of non-existent viruses. A hoax is a chain letter, typically sent over e-mail, which carries false warnings about viruses or Trojans. Typically, they are emails which do some or all of the following:
Warn you that there is an undetectable, highly destructive new virus, Ask you to avoid reading emails with a particular subject line, e.g. Join the Crew or Budweiser Frogs, Claim that the warning was issued by a major software company, internet provider or government agency, e.g. IBM, Microsoft, AOL or the FCC, Claim that a new virus can do something improbable. For instance, A moment of silence says that 'no program needs to be exchanged for a new computer to be infected' and Urge you to forward the warning to other users.
It forms a chain letter via email and their by Overloads mail servers. Antivirus software can't detect virus hoaxes as they are only email messages.
Why are hoaxes a problem
Hoaxes can be as disruptive and costly as genuine virus. If users do forward a hoax warning to all their friends and colleagues, there can be a deluge of email. This can overload mail servers and make them crash. The effect is the same as that of the real Love Bug virus, but the hoaxer hasn't even had to write any computer code. This cripples communications more effectively than many real viruses, preventing access to email that may be really important. False warnings also distract from efforts to deal with real virus threats. Hoaxes can be remarkably persistent too. Since hoaxes aren't viruses, your anti-virus softwares can't detect or disable them.
What can be done about hoaxes
Hoaxes, like viruses or chain mail, depend on being able to spread themselves. If you can persuade users to break the chain, you limit the harm done.
¦ Have a company policy on virus warnings: The solution may be a company policy on virus warnings. ALL virus warnings should be sent to name of responsible person only. It is their job to notify everybody of virus warnings. A virus warning which comes from any other source should be ignored. As long as users follow the policy, there will be no flood of emails and the company expert will decide whether there is any real risk.
¦ Keep informed about hoaxes: Keep informed about hoaxes by visiting the hoaxes pages on our website:
4.VIRUSES THAT TRAVELLED FURTHEST...
Love Bug 0VBS/Love Let-A
0 Best known & pretends to be a LL
0 First seen : May 2000
0Origin : Philippines
0 Trigger : On initial infection
0 Effect :E-mail with subject LL,distribute via MS-outlook, Steal user info,
overwrites cert files
Kakworm
0 VBS/Kakworm
0 By viewing infected mails
0 First seen : June 1998
0Origin : written by Chen Ing Hau of Taiwan
0Trigger : On initial infection or 1st of any month
0 Effect :Arrives embedded in mail, infects when open, affects MS-outlook i.e. virus code is automatically included with all outgoing mails, on 1st of any month -displays "Kagou-Anti_Kro$oft says not today"& shuts down Melissa
0WM97/Melissa-Word 97 macro virus 0 Uses psychological subtlety 0 First seen : March 1999
0 Origin : A 31 yr old US programmer, David .L.Smith
0Trigger : On initial infection
0 Effect :Sends message to first fifty in all address books ,Attaches infected document CIH (Chernobyl)
0W95/CIH-10xx-parasitic virus, runs on Win-95
0 First virus to damage hardware
0 First seen : June 1998
0Origin :Written by Chen Ing Hau of Taiwan
0Trigger :April-26th,June 26th or 26th of any month
0 Effect :Overwrites HD,overwrites BIOS, needs BIOS chip replacement
5.PREVENTING VIRUSES
The simple measures to avoid being infected or to deal
with viruses if you are infected are
¦ Make users aware of the risks: Tell everyone in the organization that they are at risk if they swap floppy disks, download files from websites or open email attachments.
¦ Install anti-virus software and update it regularly: Anti-virus programs can detect and often disinfect viruses. If the software offers on-access virus checking, use it. On-access checking protects users by denying access to any file that is infected
¦ Keep backups of all your data: Make sure you have backups of all data and software, including operating systems. If you are affected by a virus, you can replace your files and programs with clean copies.
6. SOURCES OF VIRUSES
6.1.E mail
Email is now the biggest source of viruses. As long as viruses were transferred by floppy disk, they spread slowly. Companies could ban disks or insist on having them virus checked. Email has changed all that. Conventional viruses can spread faster and new kinds of virus exploit the workings of email programs. Viruses such as Kakworm and Bubbleboy can infect users when they read email. They look like any other message but contain a hidden script that runs as soon as you open the email, or even look at it in the review pane (as long as you are using Outlook with the right version of Internet Explorer). This script can change system settings and send the virus to other users via email.
The greatest security risk at present isn't email itself but email attachments. Any program, document or spreadsheet that you receive by email could carry a virus; launching such an attachment can infect your computer.
Viruses that spread automatically by email
The most successful viruses today are those that spread themselves automatically by email. Typically, these viruses depend on the user clicking on an attached document. This runs a script that uses the email program to forward infected documents to other email users. Melissa, for example, sends a message to the first fifty addresses in all address books that Microsoft Outlook can access. Other viruses send themselves to every address in the address book.
6.1.1.Email hoaxes
Email is a popular medium for hoaxes. These are bogus virus reports that urge you to forward the message to everyone you know. An email hoax can spread across networks like a virus and can cause a mail
overload. The difference is that the hoax doesn't need virus code; it simply depends on users' credulity
6.1.2.What is spam
Spam is unsolicited email, often advertising get-rich quick schemes, home working jobs, loans or pornographic websites. Spam often comes with fake return information, which makes it more difficult to deal with the perpetrators. Such mail should simply be deleted.
Email interception and forgery
Email interception involves other users reading your email while it is in transit. You can protect yourself with email encryption. Email forgery means sending mail with a forged sender s address or tampering with contents. by using digital signatures.
6.1.3.How to stop email virus
¦ Have a strict policy about email attachments: Changing your (and other users ) behavior is the simplest way to combat email threats. Don t open any attachments, even if they come from your best friend. If you don t know something is virus-free, treat it as if it s infected. You should have a company policy that ALL attachments are authorized and checked with anti-virus software before being launched.
¦ Use anti-virus software: Use on-access anti-virus software on the desktop and at the email gateway. Both arrangements can protect against viruses sent via email.
¦ Block unwanted file types at the gateway: Viruses often use file types such as VBS, SHS, EXE, SCR, CHM and BAT to spread. It is unlikely that our organization will ever need to receive files of these types from outside, so block them at the email gateway.
¦ Block files with double extensions at the gateway: Some viruses disguise the fact that they are programs by using a 'double extension', such as .TXT.VBS, after their filename. Block such files at the email gateway.
6.2.The internet
The internet has made more information available to more people more quickly than ever before. The downside is that the internet has also made it easier for harmful computer code to reach office and home computers.
Click and infect
The internet has increased the risk of infection. Ten years ago, most viruses spread via floppy disks. Spreading in this way was slow and depended on users making a conscious effort to run new programs. If the virus had side-effects that were too obvious, it was unlikely to affect many users. But internet caused the widespread of viruses.
Can I be infected just by visiting websites
Visiting a website is less hazardous than opening unknown programs or documents. There are risks, though. The threat depends on the types of code used in the site and the security measures taken by service providers and by the user. The main types of codes
are
6.2.1.Different types of codes used in the websites HTML
Web pages are written in HTML (Hypertext Markup Language). This language lets web authors format their text and create links to graphics and to other pages. HTML code itself can't carry a virus. However, web pages can contain code that launches applications or opens documents automatically. This introduces the risk of launching an infected item.
ActiveX
ActiveX is a Microsoft technology for web developers used only on computers running Windows.ActiveX applets, used to create visual effects on web pages, have full access to resources on your computer, which makes them a potential threat. However, digital signatures, which prove that an applet is authentic and hasn t been tampered with, do provide limited security.
Java
People sometimes worry unduly about Java viruses on the internet. They do so because they confuse Java applets, which are used to create effects on web pages, with Java applications and Java scripts. Applets are generally safe. They are run by the browser in a secure environment known as a 'sandbox'. Even if a security flaw lets an applet escape, a malicious applet cannot spread easily. Applets usually flow from a server to users' computers, not from one user to another (you tell your friends to visit a site, rather than sending them a copy of an applet). In addition, applets are not saved on the hard disk, except in the web cache. If you do encounter a harmful applet, it is most likely to be a Trojan, i.e. a malicious program pretending to be legitimate software. Java applications are simply programs written in the Java language. Like any other program, they can carry viruses. You should treat them with the same caution as you would use with other programs. Java script is script embedded in HTML code in web pages. Like any other script, it can carry out operations automatically, which carries risks. You can disable active scripts
JScript:
The Microsoft version of JavaScript. It is about as flexible and expandable (and unsafe) as Visual Basic Script. JScript is found in *.JS files or on web pages.
VBS script
VBS (Visual Basic Script) can run as soon as a page is viewed, depending on the browser used. You don t have to do anything to launch it. This script is used by email worms such as Kakworm and Bubbleboy, but can just as well be run from web pages.
IRC scripts
Internet Relay Chat is a chat system for the Internet Chat systems can be scripted to perform certain tasks automatically, like sending a greeting to someone who just joined the chat room. However, the scripts also support sending of files, and many worms and viruses spread over IRC. Known IRC programs that have been exploited are the popular mIRC, pIRCH and VIRC clients.
Are cookies a risk
Cookies do not pose a direct threat to your computer or the data on it. However, they do threaten your confidentiality: a cookie enables a website to remember your details and keep track of your visits to the site. If you prefer to remain anonymous, you should use the security settings on your browser to disable cookies.
6.2.2.Attacks on web servers
End-users aren't the only ones at risk on the internet. Some hackers target the web servers which make websites available. A common form of attack involves sending so many requests to a web server that it slows down or crashes. When this happens, genuine users can no longer gain access to the websites hosted by the server. CGI (Common Gateway Interface) scripts are another weak point. These scripts run on web servers to handle search engines, accept input from forms, and so forth. Hackers can exploit poorly-implemented CGI scripts to take control of a server
6.2.3.Safety on the net
If you want to use the internet safely, you should do
the following:
¦ Have a separate network for internet machines: Maintain separate networks for those computers that are connected to the internet and those that are not. Doing so reduces the risk that users will download infected files and spread viruses on your main network.
¦ Use firewalls and/or routers: A firewall admits only authorized traffic to your organization. A router controls the flow of packets of information from the internet.
¦ Configure your internet browser for security: Disable Java or ActiveX applets, cookies, etc., or ask to be warned that such code is running. For example, in Microsoft Internet Explorer, select Tools/Internet Options|Security| Custom Level and select the security
settings you want
7.VIRUSES ON DIFFERENT OPERATING SYSTEMS
a) MS-DOS :
Since the macro viruses that we have seen to date infect data files generated from and read by Windows applications, macro viruses are not a problem on MS-DOS-only machines. Traditional file viruses and boot viruses prosper in MS-DOS machines because MS-DOS has no inherent security features. Viruses, therefore, have free rein to infect memory, and program files
b) Windows :
Macro viruses have been written to target Windows applications, and therefore the presence of Windows is required. Combining the wide acceptance of Windows with the fact that macro viruses infect data files rather than program files (see "Macro virus" on page 19) has led to six macro viruses being amongst the ten most common viruses overall. The actual booting process on a Windows machine is no different than on a DOS-only machine. Therefore, boot viruses have not been hindered by Windows, and they continue to propagate by infecting hard drives, going memory resident, and then infecting floppy
c) Windows 95/98/ME
Windows and DOS, Windows 95/98 is marketed as having built-in security features. Unfortunately, such features are not robust enough to safeguard Windows 95/98 against viruses. In fact, the first virus written especially to target Windows 95 (the Boza virus) emerged late in 1995. Furthermore, Windows 95 s workgroup networking environment has no file-level protection and therefore can potentially lead to increases in virus spreading. After the rather primitive Boza virus, the Windows 95/98 and Windows NT/2000 viruses have increased in numbers and complexity. Like in the DOS environment, the first viruses were amateurish. Some of the viruses under Windows 95/98 and Windows NT/2000 spread by active use of the network protocol. DOS file viruses can easily spread on a Windows 95/98 machine because DOS program files' only limitation under Windows 95/98 is that they cannot write directly to the hard drive. Since the Windows 95/98 boot process is the same as a DOS only or Windows machine (up to a certain point), boot viruses are able to infect hard drives of Windows 95/98 machines. When Windows 95/98 loads, however, boot viruses are often disabled and not allowed to propagate.
d) 40Windows NT/2000/XP
Windows NT supports DOS applications, Windows applications, and native Windows NT applications. like Windows 95/98, Windows NT is backwards compatible, and to some extent with DOS and Windows. Despite the fact that NT's security features are more robust than Windows 95/98's, file viruses can still infect and propagate within Windows NT. As with Windows 95/98, Windows NT supports applications that contain macro programming languages, making NT as vulnerable to macro viruses as old Windows machines. Because Windows NT machines boot the same way that DOS machines do (up to the point at which NT takes over), boot viruses are able to infect NT hard drives. However, when these boot viruses attempt to go memory resident, they will be stopped by NT and therefore be unable to infect floppies.
8.ANTIVIRUS SOFTWARE
Anti-virus software can detect viruses, prevent access to infected files and often eliminate the infection. They are....
a. Scanners
Virus scanners can detect, and often disinfect, the viruses known at the time the scanner is released. Scanners are easily the most popular form of anti-virus software but they have to be updated regularly to recognize new viruses. There are on-demand and on-access scanners. Many anti-virus packages offer both. On-demand scanners let you start or schedule a scan of specific files or drives. On-access scanners stay active on your machine whenever you are using it. They check files as you try to open or run them.
b.Check summers
Checksummers are programs that can tell when files have been changed. If a virus infects a program or document, changing it in the process, the checksummer should report the change. The good thing about checksummers is that they do not need to know anything about a virus in order to detect its presence. For that reason, checksummers do not need regular updating. The bad thing about checksummers is that they cannot tell the difference between a virus and a legitimate change, so false alarms are likely. Checksummers have particular problems with documents, which can change frequently. In addition, checksummers can only alert you after infection has taken place, they cannot identify the virus, and they cannot provide disinfection.
c.Heuristics
Heuristic software tries to detect viruses - both known and unknown - by using general rules about what viruses look like. Unlike conventional scanners, this software doesn t rely on frequent updates about all known viruses. However, if a new kind of virus emerges, the software will not recognize it and will need to be updated or replaced. Heuristics can be prone to false alarms.
9.MOBILE PHONES AND PALMTOPS
At the time of writing, there is no virus that infects mobile phones, despite media stories and hoaxes. There have been viruses that send messages to phones. For example, VBS/Timo-A, a worm that spreads itself by email, also uses the modem to send text (SMS) messages to selected mobile numbers. The notorious Love Bug virus is also capable of forwarding text to fax machines and mobiles. However, these viruses can't infect or harm the mobile phone. You can already access internet-like sites and services on the new generation mobiles and the technology is developing fast. But as it becomes easier to transfer data - even on the move - the risk is that new security threats will emerge too.
9.1.WAP phones and viruses
WAP provides internet-type information and services for mobile phones and organizers. It is based on the same model as web communications, i.e. a central server delivers code that is run by a browser on your phone. So, at the moment, the possibilities for viruses are very limited. A virus could infect the server itself, but the chances for it to spread or to have an effect on users would be minimal. First, there is nowhere on a WAP system that a virus can copy itself or survive. Unlike a PC, a WAP phone does not store applications. The phone downloads the code it needs and keeps no copy, except temporarily in the browser cache. Second, a virus cannot yet spread from one user to another because there is no communication between client phones.
9.2.Bluetooth-Bugs
Bluetooth is a standard for low-power radio data communication over very short distances. Computers, mobiles, fax machines and even domestic appliances, like video recorders, can use Bluetooth to discover what services are provided by other nearby mobile devices and establish transparent links with them. Software that utilizes Bluetooth is currently emerging The worry is that an unauthorized user, or malicious code, could exploit Bluetooth to interfere with these services.
9.3.Palmtop computers, PDAs-can they be infected by computer viruses
Palmtop computers or personal digital assistants (PDAs) are likely to provide new opportunities or viruses in the very near future. Palmtops or PDAs run specially written or scaled-down operating systems - such as EPOC, PalmOS and PocketPC (formerly Windows CE). Such systems will eventually be able to use versions of popular desktop applications, making them vulnerable to malicious code in the same way as desktop machines. In early 2001, there were already viruses that affect the Palm system. Palmtops are also regularly connected to home or office PCs to synchronise the data on the two machines (e.g. address book information or calendars). Such data synchronisation could allow viruses to spread easily. No-one yet knows which will be more successful in the future: mobile computers or smart mobile phones. Whichever it is, the security risks will increase as mobile computers become better at communicating.
There is a virus called Palm/Phage, which is able to infect Palm OS, but it is not in the wild and poses little threat.
Palm/Liberty-A-Trojan, that infects Palm OS. It deletes Palm OS applications, but possesses only less risk
9.4.Some mobile phone viruses...
¦ VBS/Timo-A,Love Bug-Uses modem to send SMS to mobile phones
¦ CABIR-Install file with .SIS extension, affects symbion OS, corrupts s/m files
¦ aka ACE- and UNAVAILABLE- This virus will erase all IMEI and IMSI information from both the phone and the SIM card, which will make the phone unable to connect with the telephone network.The user will have to buy a new phone. This information has been confirmed by both Motorola and Nokia.There are over 3 million mobile phones being infected by this virus in USA now.
¦ Timfonica- The"Timofonica" virus was designed to send prank messages to cell phones on the Telefonica cellular network, which operates in Spain. The virus worked like this: victims would receive it as an e-mail attachment on their home or work computers. When users opened the infected attachments, the virus, plus a message critical of Telefonica, would be sent to every e-mail address in their address books. The virus would also trigger the each victim's computer to send a text message to a randomly-selected cell phone on Telefonica's network. Timofonica did not harm cell phones any more than a wrong number call damages any phone.
9.5.Mobile phone virus-precautions
¦ Scanning at a gateway or during data transfer: In the near future, the best way to protect mobile devices may be to check data when you transfer it to or from them.For mobile phones, for example, the WAP gateway might be
a good place to install virus protection. All communications pass through this gateway in unencrypted form, so there would be an ideal opportunity for virus scanning. For palmtop computers, you could use virus protection when the palmtop is synchronizing data with a conventional PC.
¦ Virus scanning on the mobile device: As mobile devices become more interconnected, it will become difficult to police data transfer at a central point. The solution will be to put anti-virus software on each device - once they have sufficient processing power and memory.
¦ Enable Bluetooth only when it is needed: Disable Bluetooth, if it is not in use. This will prevent the mobile being affected by virus and will also make the battery last longer as Bluetooth consumes lot of power. But if you have to keep it ON, then at least keep it in invisible mode
¦ Don't install unexpected applications: If your Bluetooth is ON and you are receiving a file, be Alert. Accept only what you expect. Accept only the files you are expecting.
¦ Never download cell phone applications from file sharing networks: It is strongly recommended to scan all the cell applications-even the one downloaded from official web site- with antivirus software on your computer. Some of them do detect cell phone viruses.
10.STEPS TO SAFER COMPUTING
a. Don't use documents in .doc and .xls format: Save your Word
documents in RTF (Rich Text Format) and your Excel spreadsheets as
CSV (Comma Separated Values) files. These formats don't support
macros, so they cannot spread macro viruses, which are by far the
commonest virus threat. Tell other people to supply you with RTF and
CSV files. Some macro viruses intercept File/SaveAs RTF and save the
file with an RTF extension but DOC format. To be absolutely safe, use
text-only files. Don't launch unsolicited programs or documents If you
don't know that something is virus-free, assume it isn't
b. Forward warnings to one authorized person: only Hoaxes are as big a
problem as viruses themselves. Tell users not to forward virus
warnings to their friends, colleagues or everyone in their address
book. Have a company policy that all warnings go to one named person or department only.
c. Block files with double extensions at the gateway: Some viruses
disguise the fact that they are programs by using a 'double extension',
such as .TXT.VBS, after their filename. At first glance a file like LOVE-
LETTER-FORYOU. TXT.VBS or ANNAKOURNIKOVA.JPG.VBS may seem
tobe a harmless text file or a graphic. Any file with double extensions
should be blocked at the email gateway.
d. Block unwanted file types at the email gateway: Many viruses now use
VBS (Visual Basic Script) and Windows scrap object (SHS) file types to
spread. It is unlikely that your organization needs to receive these file
types from outside, so block them at the email gateway.
e. Change your computer's boot up sequence: Most computers try to
boot from floppy disk (the A: drive) first. Your IT staff should change
the CMOS settings so that the computer boots from the hard disk by
default. Then, even if an infected floppy is left in the computer, it
cannot be infected by a boot sector virus. If you need to boot from
floppy at any time, you can have the settings changed back.
f. Write-protect floppies before giving to other users :A write-protected
floppy cannot be infected.
g. Subscribe to an email alert service: An alert service can warn you
about new viruses and offer virus identities that will enable your anti-
virus software to detect them. Sophos has a free alert service.
h. Make regular backups of all programs and data: If you are infected
with a virus, you will be able to restore any lost programs and data.
