Viruses, worms, Trojan horses and zombies

Malicious software: any software written to cause damage to or use up the resources of a target computer. Malicious software is frequently concealed within, or masquerades as, legitimate software. In some cases, it spreads itself to other computers via e-mail or infected floppy disks. Types of malicious software include viruses, Trojan horses, worms and hidden software for launching denial-of-service attacks.

Few aspects of computer security have achieved the notoriety of malicious software that preys on unsuspecting computer users. Viruses, worms, Trojan horses, logic bombs, zombies, password grabbers - the list gets longer and longer.

The different types of malicious software work by a variety of methods, and they have different potentials for causing damage.

The recent love bug, Chernobyl and Melissa viruses and the Worm.Explore.-Zip program caused extensive PC damage after spreading themselves around the world through e-mail. The denial-of-service attacks that brought major e-commerce Web sites to their knees earlier this year were launched by malicious software hidden on hundreds of Internet-connected computers without their owners' knowledge.

A mini-industry of organisations, professionals and volunteers has sprung up to categorise malicious software, issue warnings and market software designed to detect, locate and eradicate such programs. New malicious code appears monthly, generated by an underground community of programmers apparently motivated by the desire to cause damage, steal information or sometimes just prove their technical prowess.

Viral threats

Viruses are the best-known type of malicious software. These programs secretly attach themselves to other programs. What makes them dangerous is that, before they do whatever damage they may be programmed for, they first copy themselves to additional program files. Thus, computer viruses infect and reproduce in a fashion somewhat analogous to biological viruses.

The scope of the threat has changed significantly in the past few years, says Sal Viveros, director of McAfee Active Virus Defence at Network Associates, a vendor that develops programs to protect against malicious software.

"Five or six years ago, viruses were spread by floppies," Viveros said.

"They were called boot-sector viruses because they booted off the floppy drive. At that time, virus infections were very regional; they spread, but took longer than they do today.

"Then came the applications with macros - programs like Microsoft Outlook or Word - that attracted a huge number of macro viruses," he added.

"Last year came Melissa and the other mass-mailing e-mail viruses," Viveros noted.

"And at the end of last year there was a virus called BubbleBoy that you could get just by opening your e-mail because it used the Visual Basic scripting language in the e-mail."

Viruses are still the biggest computer security problem. According to The WildList Organisation International, an independent group that tracks viruses, there are more than 300 viruses ‘in the wild' that represent a threat to computer users. That's only a fraction of the 50,000 known malicious software codes, Viveros said.

Symantec, another vendor of antivirus software, sees copies of about 15 new viruses a day, although most are never released, said Vincent Weafer, director of Symantec's Antivirus Research Centre.

Peaks in new virus production occur during the holidays - dates that coincide with the end of university vacations, when young programmers have had time to develop new viruses, Weafer said.

Macro viruses, which are triggered by automated tasks within programs such as Microsoft Word, are today's biggest threat. There are also some complex variations such as polymorphic and stealth viruses, which try to avoid detection by changing their internal structure, Viveros said.

Other malefactors

In addition to viruses, there is a growing threat from other types of malicious software, including Trojan horses, worms and denial-of-service attacks, Viveros said. And hostile Java applets are an emerging threat.

A Trojan horse, like its mythological namesake, is a program that appears legitimate but contains a second, hidden function that may cause damage. A common type of Trojan horse is often distributed by e-mail with the aim of stealing passwords from a victim's computer and then e-mailing the stolen data to an anonymous recipient.

Worms use up computer resources such as memory and network bandwidth, slowing down both PCs and servers. In addition, worms sometimes delete data and spread rapidly via e-mail.

In denial-of-service attacks, specific Web sites are overwhelmed by an intentional onslaught of Internet traffic. Such attacks rely on launching programs, sometimes called zombies, that have previously been hidden on hundreds of Internet-connected computers that belong to unsuspecting third parties such as universities, Weafer said.

Hostile Java applets steal information from, or cause damage to, the computers of users who visit hostile Web sites. Victims may be tricked into visiting the sites when they click on links they receive via e-mail, Viveros said. Although they aren't yet a major problem, hostile applets "are the next big threat", he said.

Join the newsletter!

Error: Please check your email address.

More about McAfee AustraliaMicrosoftSymantec

Show Comments

Market Place