Viruses & Other "Infections"

A virus is a small, self-contained piece of computer code hidden within another computer program. Like a real virus, it can reproduce, infect other computers, and then lie dormant for months or years before it strikes. A virus is only one of several types of "malicious logic" that can harm your computer or your entire network.

cartoon
Unauthorized diskettes brought in from home are a common source of viruses.

Worms, logic bombs, and Trojan Horses are similar "infections" commonly grouped with computer viruses. A computer worm spreads like a virus but is an independent program rather than hidden inside another program. A logic bomb is a program normally hidden deep in the main computer and set to activate at some point in the future, destroying data. A Trojan Horse masquerades as a legitimate software program. It waits until triggered by some pre-set event or date and then delivers a payload that may include destroying files or disks.

Some viruses are high-tech pranks not intended to cause damage. For example, a virus may be designed to conceal itself until a predetermined date, then flash a message on all network computers. Even pranks, however, are not benign. They steal computer memory, storage, and processing time.

Of greatest concern, of course, are viruses and other devices that are deliberately malicious. They are intended to cause serious damage such as deleting files, provide access for an outsider to copy your files, or disrupting the operation of an entire computer network or organization.

From an information security point of view, one of the more dangerous types of malicious logic is a Trojan Horse that allows a remote user to access and control your computer without your knowledge whenever you are on the Internet. One of these Trojan Horses was originally developed as a means of playing pranks on friends. When installed on another person's computer, you can control that computer via the Internet. For example, you can make the CD-ROM tray on that person's computer pop out repeatedly for no discoverable reason, or reverse the functions of the left and right buttons on the person's mouse. However, you can also read, change, or copy all the person's files without his or her knowledge. This Trojan Horse can be snuck onto someone's computer by burying it in a game program or other executable script sent by e-mail. Happily, known versions of the program will be caught by a good virus checker.

The virus threat is increasing for several reasons:

  • Creation of viruses is getting easier. The same technology that makes it easier to create legitimate software is also making it easier to create viruses, and virus construction kits are now available on the Internet. About 200 to 300 new viruses are being created each month, while the old ones continue to spread.1
  • The increased use of portable computers, e-mail, remote link-ups to servers, and growing links within networks and between networks mean that any computer that has a virus is increasingly likely to communicate with -- and infect -- other computers and servers than would have been true a few years ago.
  • As organizations increasingly use computers for critical functions, the costs of virus-induced downtime are increasing.

bullet   A virus or other malicious logic can be transmitted by any software that enters your system. A study of major U.S. and Canadian computer users found that an infected diskette was responsible for transmitting most (87%) viruses. Forty-three percent of the diskettes responsible for introducing a virus into corporate computers had been brought from home. Downloading software from an electronic bulletin board was responsible for 7% of the infections, while miscellaneous other sources accounted for 6%. 2

You can catch a virus by launching an infected application or starting up your computer from a disk that has infected system files. Once a virus is in memory, it usually infects any application you run, including network applications (if you have write access to network folders or disks). A properly configured network is less susceptible to viruses than a stand-alone computer.

bullet  When you interact with another computer, the virus may automatically reproduce itself in the other computer. Once a virus infects a single networked computer, the average time required to infect another workstation in the same network is from 10 to 20 minutes -- meaning a virus can paralyze an entire organization in a few hours. 3

Not all viruses, worms, logic bombs, and Trojan Horses are transmitted through infected software brought in from outside the organization. Some of the most damaging are implanted by disaffected insiders. For example:

  • A computer programmer at a Fort Worth, Texas, insurance firm was convicted of computer sabotage for planting malicious software code that wiped out 168,000 payroll records two days after he was fired.
  • A computer programmer at defense contractor General Dynamics was arrested for planting a "logic bomb" set to go off several months after he resigned from the company. If the bomb had not been detected by another General Dynamics employee, it would have destroyed irreplaceable data on several defense contracts. 4

Countermeasures

Your organization has policies and tools for countering the threat of viruses. In order to avoid security or system maintenance problems, many organizations require that all software be installed by a system administrator. Some organizations require that any diskette you bring into the building be tested for viruses before being used. Others do not. Consult your system administrator to learn the correct procedures in your organization.

Be sure you know how your virus detection software works. If it indicates your system has a virus problem, report it immediately to your system administrator and then to the person you believe may have passed the virus to you. It is important to remain calm. There are many virus hoaxes as well as real viruses, and a virus scare can cause as much delay and confusion as an actual virus outbreak. Before announcing the virus widely, make sure you verify its presence using a virus detection tool, if possible, with the assistance of technically competent personnel.

If you have a stand-alone computer or your organization has few controls on installing new programs or bringing in diskettes, the following procedures will help lower the risk of infection or amount of damage if the worst does happen.

  • Don't be promiscuous. Most risk of infection by viruses can be eliminated if you are cautious about what programs are installed on your computer. If you are unaware of or unsure of the origin of a program, it is wise not to run it. Do not execute programs or reboot using old diskettes unless you have reformatted them, especially if the old diskettes have been used to bring software home from a trade show or another security-vulnerable place.
  • Excellent virus-checking and security audit tools are available. Use them and, if possible, set them to run automatically and regularly. Update your virus checker regularly, as many new viruses are created each month.
  • Notice the unusual. Be familiar with the way your system works. If there is an unexplainable change (for instance, files you believe should exist are gone, or strange new files are appearing and disk space is "vanishing"), you should check for the presence of viruses.
  • Back up your files. If worst comes to worst, you can restore your system to its state before it was infected.

References
1. Ann Grimes, "Warning About New Computer Virus Is Issued after Attack on MCI Network, Wall Street Journal, Dec. 22, 1998, p. B6.
2. Computer Virus Market Survey conducted by Dataquest in October 1991 for the National Computer Security Association, as reported in "Computer Viruses -- An Executive Brief" on the Symantec site, www.symantec.com/avcenter/reference. Symantec is a manufacturer of antivirus software. The Symantec Antivirus Research Center web site has extensive information at www.symantec.com/avcenter.
3. D. L. Carter & A.J. Katz (1996). Trends and experiences in computer-related crime: Findings from a national study. Paper presented at the Annual Meeting of the Academy of Criminal Justice Sciences, Las Vegas, NV.
4. Lynn Fischer (1991). "The Threat to Automated Data Systems," Security Awareness Bulletin, No. 2-91. Richmond, VA: Department of Defense Security Institute.

 

<-- PrevNext -->
SECURITY BRIEFING TABLE OF CONTENTS