CHAPTER 14

Viruses, Trojan Horses and Worms

INTRODUCTION Viruses, Trojan Horses and worm are malicious

programs that can cause damage to information and computer.

Malicious programs (also called malware) is usually classified into three characteristics: type of propagation, mechanism it employs and mechanism it requires to run.

There are three popular types of malicious programs: virus, Trojan Horse and worm.

There is another kind of malicious program but not exactly malicious called hoaxes.

Hoaxes tend to mislead people like Trojan Horse.

TYPES OF MALWARE Virus A virus is a piece of computer program (or code)

that attach itself to a host program or file. It can spread from computer to computer,

infecting as it travels. It cant run independently and requires host

program to activate it. Virus can damage software, hardware and files

(information). Virus does not spread without human action. An example of virus is I Love You.

TYPES OF MALWARE Worm A worm, like a virus, is designed to copy itself

from one computer to another, but it can travel alone and independently without user action.

A great danger of worms is their ability to replicate in great volume.

A worm could send out copies of itself to everyone listed in your email address book causing heavy network traffic that would slow down the Internet.

An example of worm is Melissa.

TYPES OF MALWARE Trojan Horse A computer program that appears to be useful

but that actually does damage. It spreads when people are lured into opening a

program because they think it comes from a legitimate source.

Recently, Trojan Horse came in the form of an e-mail that included attachments.

Trojan Horse can also be included in software that downloaded for free.

An example of Trojan Horse is Happy99.

ANATOMY OF VIRUS Viruses are divided into two primary

components: propagation and payload. Propagation Propagation, also known as delivery mechanism,

is the method by which the virus spreads itself. There are two types of propagation: parasitic and

boot sector infector. Parasitic In this propagation, virus attach itself in the files

and the affected files is being parasite on other files.

ANATOMY OF VIRUS Classically, there were .com and .exe files (MS-

DOS files) that could be parasite to other files. In this method, an infected file has to be run,

but, nowadays, an affected file not necessarily to be executable, for example, a macro virus.

Payload Payload refers to what the virus does once

executed. Payload may be nothing, maybe something

harmless or could be something destructive, for example, erasing hard drive.

HOW TO SECURE There are several ways to secure against

malicious software: 1. Use Anti-Virus Software A-V software are full of solutions to almost every

existing virus problems. Always update anti-virus software as frequently

as possible. 2. Use Heuristic Method This method allows the scanner to search for

code that looks like it could be malicious.

HOW TO SECURE

3. Use Web Browser Security Limited surfing only trusted and hope be safe yet

left out of what the Web has offer. Both Netscape and Internet Explorer include

options to disable all the active content that could cause problems.

4. Beware Stranger E-mail Don’t open any e-mail attachment comes from

stranger or unknown content of e-mail.

HOW TO SECURE

5. Use Original Software Always use original application software, for

example, through online resources. 6. Other Techniques Other technique could be used for detecting

virus include file and program integrity checking, for example, “Integrity protection Driver” provided by Windows NT operating system.