12.2 Viruses and Threats

Last updated
Save as PDF

Page ID: 91546

$ \newcommand{\vecs}[1]{\overset { \scriptstyle \rightharpoonup} {\mathbf{#1}} } $ $ \newcommand{\vecd}[1]{\overset{-\!-\!\rightharpoonup}{\vphantom{a}\smash {#1}}} $$\newcommand{\id}{\mathrm{id}}$ $ \newcommand{\Span}{\mathrm{span}}$ $ \newcommand{\kernel}{\mathrm{null}\,}$ $ \newcommand{\range}{\mathrm{range}\,}$ $ \newcommand{\RealPart}{\mathrm{Re}}$ $ \newcommand{\ImaginaryPart}{\mathrm{Im}}$ $ \newcommand{\Argument}{\mathrm{Arg}}$ $ \newcommand{\norm}[1]{\| #1 \|}$ $ \newcommand{\inner}[2]{\langle #1, #2 \rangle}$ $ \newcommand{\Span}{\mathrm{span}}$ $\newcommand{\id}{\mathrm{id}}$ $ \newcommand{\Span}{\mathrm{span}}$ $ \newcommand{\kernel}{\mathrm{null}\,}$ $ \newcommand{\range}{\mathrm{range}\,}$ $ \newcommand{\RealPart}{\mathrm{Re}}$ $ \newcommand{\ImaginaryPart}{\mathrm{Im}}$ $ \newcommand{\Argument}{\mathrm{Arg}}$ $ \newcommand{\norm}[1]{\| #1 \|}$ $ \newcommand{\inner}[2]{\langle #1, #2 \rangle}$ $ \newcommand{\Span}{\mathrm{span}}$$\newcommand{\AA}{\unicode[.8,0]{x212B}}$

After studying this section you should be able to do the following:

Identify core characteristics of the three major types of malware

Virus

Definition

A computer virus is a piece of code, generally malicious in nature, that is intended to “infect” a computer. Once it has infected a host machine, it may potentially spread itself. The term virus is often used generically, as a reference to any manner of malicious code that may impact (albeit unknowingly) a user’s experience. They can remain hidden, pose minor inconveniences (such as repeated pop-ups), or even replicate to the point of making a computer unbootable.

Examples

One great example is the ILOVEYOU virus from 2000. Once a user has clicked on an infected attachment (using social engineering as a love confession scam), the virus then automatically sends itself as an attachment to other users. After that, the virus then replicates itself to overwrite other files on the host machine eventually making the machine unable to boot. It was estimated to reach 45 million people in a single day, and caused upwards of $15 billion in damages.

Another good example, and of a virus incredibly hard to kill off, is Conficker, also known as Downad. Even 10 years after its debut, it still routinely infects millions of computers worldwide. The primary reason it remains such a threat is because so many machines are still running on out of date software/patching. It spreads itself using methods and protocols that have since been patched and fixed, but as long as people continue to let their systems stay out of date, Conficker will continue to be a prevalent threat. Even though it was not created to generate revenue for criminals (such as with ransomware), it still aims to infect as many machines as it can simply for notoriety. There is nothing to say that its methods couldn’t also be used to deliver other more malicious payloads as well.

How to Protect Yourself

There are many things one can do to help protect their devices from being infected by a virus. The only guaranteed way of preventing a virus is to completely isolate the machine from the rest of the world (no access to the Internet, other computers, flash drives, or any other source of a virus - also called air gapped). In today’s world, this practically defeats the purpose of having a computer, but the trick is to reduce the likelihood of being exposed.

Install Anti-virus software. Windows 10 comes with Windows Defender for free,
which recent studies have shown to be very effective - even more so than some of the paid products.
Keep operating systems, web browsers, and other applications up to date with the latest patches.
Never plug in unknown media from an unknown source, this includes things like flash drives and DVDs.
Never click on ads, ever. If you see an ad for something you are interested in, do a web search in a trusted search engine or go directly to the retailer’s website. This would include things known as “clickbait” where a headline for a web link may be written in such a way to tempt you to visit in order to read more.
Don’t download software you aren’t explicitly sure is safe, or from sources that aren’t trustworthy. Be especially wary of Peer-to-Peer (P2P) sites that allow downloading of pirated software through methods such as BitTorrent. Even legal software through these methods may be infected. To mitigate your risk, you should also verify the hash of software.
Practice good email habits - don’t click on attachments that you aren’t 100% sure of the source and intention.
Keep important files backed up to another location that is isolated, such as an external hard drive dedicated to backups that is not kept connected when not in use.
Be wary of anything that wants to transact in digital currency such as BitCoin. It’s often a clue that an entity wants to cover their tracks, and usually for no good reason.

Odds are incredibly high that every person will have to deal with a virus at least once, if not numerous times. When that happens, it is a good idea to run a scan using your anti-virus software. There are also some free tools from reputable anti-virus companies that can be used to scan if you do not have an anti-virus application installed. In worst case scenarios, the best thing that can be done is to wipe the device clean with a fresh install of the factory image or operating system. This provides the highest likelihood of completely eliminating the virus.

Trojans

Definition

Trojans are malicious malware that attempt to disguise themselves as a safe or familiar program, software, or file. This is to deceive the user from the true intent of the malware which could be almost anything. They are named Trojans based on the Greek Trojan Horse story where the army hid in a horse in order to deceive the town as a peace offering or gift, then proceed to gain entrance into the city undetected.

Examples

Trojan horse malware comes in many different types based on the task it is needed for. One common Trojan horse malware is the Backdoor Trojan that when used by a hacker and successfully placed and masked on a computer, grants access and control of the computer to the hacker. The worst part is that this Trojan or other malware can be downloaded by a different type of Trojan. The Downloader Trojan targets affected computers then proceeds to download new versions of the Trojan or more malware, adware, and trojans. These are only the tipping point of a vast sea of Trojan horse malwares equipped for any purpose and want.

The plethora of Trojans makes circulation of malware easy and with the boom of coin-mining one particular Trojan would gain traction and attention. The Rakhni Trojan is a malware that has been around since 2013 and is used to take a computer and use it as a means of mining. This Trojan as people may feel their computer slow down but not realize that it is the innocent looking app that is using the computer to generate wealth.

How to Protect Yourself

With the serious nature of these trojans, it makes sense to take the best course of action in protecting one’s device from suffering from a Trojan. First, you should make sure all security software is up to date, then make sure you have and are using a firewall and antivirus service with a good reputation. Even if they have a good reputation, this still does not mean you should go clicking on every link in an email, or go to every ad popup and website. You should also make sure your passwords are hard to crack.

Worms

Definition

Worms are malware that are self replicating, which helps it remain active on devices that has already infected while using that network to infect more devices. Each copy can also make copies of itself, which causes these infections to spread quickly from device to device. Since worms are self-replicating they don’t need human interaction in order to spread, this is another reason why they’re considered more aggressive and contagious than a regular virus. Keep an eye on hard drive space, performance and if there are any missing or new files, Worms will eat up hard drive space and slow down your device. They also delete or replace files.

Examples

MyDoom, a computer worm that affected Windows computers, first sighted in January 26 , 2004. It’s an email worm that was the fastest spreading worm that had exceeded Sobig worm and ILOVEYOU. The email that contain MyDoom had a typical error message and if the recipient were to click on the attachment then the worm would then resend itself to the addresses in the user’s address book of their email. Although the author of the virus is unknown, some researchers believe that it originated in Russia. The original worm had two triggers, one was to begin a DDoS attack on Feb. 1 and the second was for it to stop on

Feb. 12. However the backdoors that it created in the operating system would remain open. The second attack a year later started a DDoS attack on certain search engines. There was also a MyDoomB that blocked Microsoft websites and antivirus sites by modifying host files, this blocked removal tools from antivirus sites.

MyLife is another email based worm that affected Microsoft Outlook in the same manner as MyDoom. By replicating and sending itself to users in the address book. MyLife would download itself into a system file, later varients it would display an image as it did this. The worm will go in to check the time and if it’s greater than :45 then it will start deleting system files. These files included: .sys and .com files in the C:\ root folder, all .com, .sys, .ini, and .exe in the Windows folder and .sys, .vxd, .exe, and .dll files in the System folder.

How to Protect Yourself

Updating the devices’ latest updates for operating systems and applications since worms take advantage of software vulnerabilities.

Phishing is also a way that worms can infect a computer by downloading or clicking links that come from untrustworthy sources. Always check links and downloads before clicking.

Anti-virus software that includes phishing protection along with protection against other online threat is also recommended.

If your device happens to get infected by a worm, disconnect from the internet to prevent the spread of the worm and damage. Scan your computer to see if your antivirus software can remove the worm if it can’t remove the problem then you might have to reinstall your operating system. Reinstalling the operating system removes all the files and any additional software you may have on your computer. Once reinstalling your operating system it’s best to go through and install any patches to fix the vulnerabilities that the worm used to get onto your device in the first place.