& Other "Infections"
A virus is a small, self-contained piece of
computer code hidden within another computer program. Like a real virus, it can reproduce,
infect other computers, and then lie dormant for months or years before it strikes. A
virus is only one of several types of "malicious logic" that can harm your
computer or your entire network.
Unauthorized diskettes brought in from home are a common source of
|Worms, logic bombs, and Trojan Horses are
similar "infections" commonly grouped with computer viruses. A computer worm
spreads like a virus but is an independent program rather than hidden inside another
program. A logic bomb is a program normally hidden deep in the main computer and set to
activate at some point in the future, destroying data. A Trojan Horse masquerades as a
legitimate software program. It waits until triggered by some pre-set event or date and
then delivers a payload that may include destroying files or disks.
Some viruses are high-tech pranks not intended to
cause damage. For example, a virus may be designed to conceal itself until a predetermined
date, then flash a message on all network computers. Even pranks, however, are not benign.
They steal computer memory, storage, and processing time.
Of greatest concern, of
course, are viruses and other devices that are deliberately malicious. They are intended
to cause serious damage such as deleting files, provide access for an outsider to copy
your files, or disrupting the operation of an entire computer network or organization.
From an information security point of view,
one of the more dangerous types of malicious logic is a Trojan Horse that allows a remote
user to access and control your computer without your knowledge whenever you are on the
Internet. One of these Trojan Horses was originally developed as a means of playing pranks
on friends. When installed on another person's computer, you can control that computer via
the Internet. For example, you can make the CD-ROM tray on that person's computer pop out
repeatedly for no discoverable reason, or reverse the functions of the left and right
buttons on the person's mouse. However, you can also read, change, or copy all the
person's files without his or her knowledge. This Trojan Horse can be snuck onto someone's
computer by burying it in a game program or other executable script sent by e-mail.
Happily, known versions of the program will be caught by a good virus checker.
The virus threat is increasing for several
- Creation of viruses is getting easier. The
same technology that makes it easier to create legitimate software is also making it
easier to create viruses, and virus construction kits are now available on the Internet.
About 200 to 300 new viruses are being created each month, while the old ones continue to
- The increased use of portable computers,
e-mail, remote link-ups to servers, and growing links within networks and between networks
mean that any computer that has a virus is increasingly likely to communicate with -- and
infect -- other computers and servers than would have been true a few years ago.
- As organizations increasingly use computers
for critical functions, the costs of virus-induced downtime are increasing.
A virus or other malicious logic can be transmitted by any
software that enters your system. A study of major U.S. and Canadian computer users found
that an infected diskette was responsible for transmitting most (87%) viruses. Forty-three
percent of the diskettes responsible for introducing a virus into corporate computers had
been brought from home. Downloading software from an electronic bulletin board was
responsible for 7% of the infections, while miscellaneous other sources accounted for 6%. 2
You can catch a virus by launching an
infected application or starting up your computer from a disk that has infected system
files. Once a virus is in memory, it usually infects any application you run, including
network applications (if you have write access to network folders or disks). A properly
configured network is less susceptible to viruses than a stand-alone computer.
When you interact with another computer, the
virus may automatically reproduce itself in the other computer. Once a virus infects a
single networked computer, the average time required to infect another workstation in the
same network is from 10 to 20 minutes -- meaning a virus can paralyze an entire
organization in a few hours. 3
Not all viruses, worms, logic bombs, and
Trojan Horses are transmitted through infected software brought in from outside the
organization. Some of the most damaging are implanted by disaffected insiders. For
- A computer programmer at a Fort Worth, Texas,
insurance firm was convicted of computer sabotage for planting malicious software code
that wiped out 168,000 payroll records two days after he was fired.
- A computer programmer at defense contractor
General Dynamics was arrested for planting a "logic bomb" set to go off several
months after he resigned from the company. If the bomb had not been detected by another
General Dynamics employee, it would have destroyed irreplaceable data on several defense
Your organization has policies and tools for
countering the threat of viruses. In order to avoid security or system maintenance
problems, many organizations require that all software be installed by a system
administrator. Some organizations require that any diskette you bring into the building be
tested for viruses before being used. Others do not. Consult your system administrator to
learn the correct procedures in your organization.
Be sure you know how your virus detection
software works. If it indicates your system has a virus problem, report it immediately to
your system administrator and then to the person you believe may have passed the virus to
you. It is important to remain calm. There are many virus hoaxes as well as real viruses,
and a virus scare can cause as much delay and confusion as an actual virus outbreak.
Before announcing the virus widely, make sure you verify its presence using a virus
detection tool, if possible, with the assistance of technically competent personnel.
If you have a stand-alone computer or your
organization has few controls on installing new programs or bringing in diskettes, the
following procedures will help lower the risk of infection or amount of damage if the
worst does happen.
- Don't be promiscuous. Most risk of infection
by viruses can be eliminated if you are cautious about what programs are installed on your
computer. If you are unaware of or unsure of the origin of a program, it is wise not to
run it. Do not execute programs or reboot using old diskettes unless you have reformatted
them, especially if the old diskettes have been used to bring software home from a trade
show or another security-vulnerable place.
- Excellent virus-checking and security audit
tools are available. Use them and, if possible, set them to run automatically and
regularly. Update your virus checker regularly, as many new viruses are created each
- Notice the unusual. Be familiar with the way
your system works. If there is an unexplainable change (for instance, files you believe
should exist are gone, or strange new files are appearing and disk space is
"vanishing"), you should check for the presence of viruses.
- Back up your files. If worst comes to worst,
you can restore your system to its state before it was infected.
1. Ann Grimes, "Warning About New Computer Virus Is Issued
after Attack on MCI Network, Wall Street Journal, Dec. 22, 1998, p. B6.
2. Computer Virus Market Survey conducted by Dataquest in October
1991 for the National Computer Security Association, as reported in "Computer Viruses
-- An Executive Brief" on the Symantec site, www.symantec.com/avcenter/reference.
Symantec is a manufacturer of antivirus software. The Symantec Antivirus Research Center
web site has extensive information at www.symantec.com/avcenter.
3. D. L. Carter & A.J. Katz (1996). Trends and experiences in
computer-related crime: Findings from a national study. Paper presented at the Annual
Meeting of the Academy of Criminal Justice Sciences, Las Vegas, NV.
4. Lynn Fischer (1991). "The Threat to Automated Data Systems,"
Security Awareness Bulletin, No. 2-91. Richmond, VA: Department of Defense