Virus 2 by Nirmal

[FrontPage Save Results Component]

Computer viruses tend to grab our attention. On the one hand, viruses show us how vulnerable we are. A properly engineered virus can have an amazing effect on the worldwide Internet. On the other hand, they show how sophisticated and interconnected human beings have become. For example, experts estimate that the Mydoom worm infected approximately a quarter-million computers in a single day in January 2004. (Times Online). Back in March 1999, the Melissa virus was so powerful that it forced Microsoft and a number of other very large companies to completely turn off their e-mail systems until the virus could be contained. The ILOVEYOU virus in 2000 had a similarly devastating effect. That's pretty impressive when you consider that the Melissa and ILOVEYOU viruses are incredibly simple. In this article, we will discuss viruses -- both "traditional" viruses and the newer e-mail viruses -- so that you can learn how they work and also understand how to protect yourself. Viruses in general are on the wane, but occasionally a person finds a new way to create one, and that's when they make the news.

Types of Infection

When you listen to the news, you hear about many different forms of electronic infection. The most common are:

Viruses - A virus is a small piece of software that piggybacks on real programs. For example, a virus might attach itself to a program such as a spreadsheet program. Each time the spreadsheet program runs, the virus runs, too, and it has the chance to reproduce (by attaching to other programs) or wreak havoc.
E-mail viruses - An e-mail virus moves around in e-mail messages, and usually replicates itself by automatically mailing itself to dozens of people in the victim's e-mail address book.
Worms - A worm is a small piece of software that uses computer networks and security holes to replicate itself. A copy of the worm scans the network for another machine that has a specific security hole. It copies itself to the new machine using the security hole, and then starts replicating from there, as well.
Trojan horses - A Trojan horse is simply a computer program. The program claims to do one thing (it may claim to be a game) but instead does damage when you run it (it may erase your hard disk). Trojan horses have no way to replicate automatically.

What's a "Virus"?

Computer viruses are called viruses because they share some of the traits of biological viruses. A computer virus passes from computer to computer like a biological virus passes from person to person.

There are similarities at a deeper level, as well. A biological virus is not a living thing. A virus is a fragment of DNA inside a protective jacket. Unlike a cell, a virus has no way to do anything or to reproduce by itself -- it is not alive. Instead, a biological virus must inject its DNA into a cell. The viral DNA then uses the cell's existing machinery to reproduce itself. In some cases, the cell fills with new viral particles until it bursts, releasing the virus. In other cases, the new virus particles bud off the cell one at a time, and the cell remains alive.

A computer virus shares some of these traits. A computer virus must piggyback on top of some other program or document in order to get executed. Once it is running, it is then able to infect other programs or documents. Obviously, the analogy between computer and biological viruses stretches things a bit, but there are enough similarities that the name sticks.

Viruses exist in two forms

Active in your computer's memory.
Some computer viruses damage the data on your disks by corrupting programs, deleting files, or even reformatting the disk. Just like the effects of biological viruses, effects of computer viruses may be undetectable for days or weeks. Some viruses are timed to cause their damage at certain hours of the day or on certain dates. Before a virus does any noticeable damage to your system, an infected hard disk can infect disks you insert into your computer's floppy disk drive. Once infected, those floppy disks can infect other computers that read it.
Lying dormant in files and boot records.
Thus the infection can spread before any damage is done. Turning off the computer removes viruses from the memory, but not from disks or files that have been infected. The next time you use your computer, the virus is activated again and attaches itself to more programs.

Macro viruses

Macros are computer programs that are easily created to repeat a series of actions you do frequently using applications like Microsoft Word. Rather than repeating the actions over and over, these applications can record the actions as a "macro," and rerun the macro whenever you want.

Macro viruses are written to infect files you create with applications that support macros. These viruses can be inadvertently spread to any file you subsequently save using those applications because, in applications like Microsoft Word, you can have a macro run automatically whenever Word is started.

Other types of viruses

Please be aware that sometimes information about a virus is a hoax. Some examples of virus hoaxes are: AFP, AOL4FREE, Deeyenda, Eyes, Free Money, Ghost, Good Times, Hackingburgh, Irina, Join the Crew, Kiss of Death, Mpeg, PenPal Greetings, PKZ300, Russia Virus 666, Sheep and Win a Holiday.

These so-called viruses are usually circulated by email amongst offices, homes and the Internet saying something like "FWD: PASS THIS LETTER, I WANT TO WARN YOU ABOUT A VIRUS!" The irony of these messages is that the "virus" is the email you're passing. By spreading the email around and getting a good feeling inside thinking "all my friends are safe now that I've sent this email," you're inadvertently spreading the creator's virtual virus, which does nothing more than clog the system with all of these email warnings. Be careful to check whether or not these viruses are really being circulated.

If you hear something about an email virus you should know that email itself does not carry a virus; however, an attachment might. You might receive an infected Word document, Excel spreadsheet, or other application. The only way an email virus might be considered a virus is when hundreds of people flood the Internet with messages about it. Please no not forward email messages about non-existent viruses as this will only help circulate the myth further.

More about computer viruses

The computer virus has a three-stage life cycle: infection, detection and recovery. In the infection stage, a virus infects a file in your computer. These infections come from a variety of sources:

Reused floppy disks from unknown sources
Floppy disks from home, school, or friends
Programs downloaded from the Internet or a BBS
Opened, re-shrinkwrapped, or pirated software
Preformatted floppy disks

Viruses can:

Infect program files used for word processing, spreadsheet or operating system programs and document files such as windows .doc (Microsoft Word) files that contain macros.
Infect the information stored on disks by attaching to special programs in areas called boot records and master boot records.
Corrupt files and data.
Wipe system BIOS settings requiring a trip to the repair shop.

Viruses cannot:

Damage hardware, such as keyboards or monitors, although strange behaviour, such as screen distortion or characters not appearing when typed, may occur. If this happens, a virus has affected the programs that control the display or keyboard.
Damage your disks physically.
Infect write-protected disks.

Something About Cell-phone Virus

The first known cell-phone virus appeared in 2004 and didn't get very far. Cabir.A infected only a small number of Bluetooth-enabled phones and carried out no malicious action -- a group of malware developers created Cabir to prove it could be done. Their next step was to send it to anti-virus researchers, who began the process of developing a solution to a problem that promises to get a lot worse.

Cell-phone viruses are at the threshold of their effectiveness. At present, they can't spread very far and they don't do much damage, but the future might see cell-phone bugs that are as debilitating as computer viruses. In this article, we'll talk about how cell-phone viruses spread, what they can do and how you can protect your phone from current and future threats.

Cell-phone Virus Basics

A cell-phone virus is basically the same thing as a computer virus -- an unwanted executable file that "infects" a device and then copies itself to other devices. But whereas a computer virus or worm spreads through e-mail attachments and Internet downloads, a cell-phone virus or worm spreads via Internet downloads, MMS (multimedia messaging service) attachments and Bluetooth transfers. The most common type of cell-phone infection right now occurs when a cell phone downloads an infected file from a PC or the Internet, but phone-to-phone viruses are on the rise.

Current phone-to-phone viruses almost exclusively infect phones running the Symbian operating system. The large number of proprietary operating systems in the cell-phone world is one of the obstacles to mass infection. Cell-phone-virus writers have no Windows-level marketshare to target, so any virus will only affect a small percentage of phones.

Infected files usually show up disguised as applications like games, security patches, add-on functionalities and, of course, pornography and free stuff. Infected text messages sometimes steal the subject line from a message you've received from a friend, which of course increases the likelihood of your opening it -- but opening the message isn't enough to get infected. You have to choose to open the message attachment and agree to install the program, which is another obstacle to mass infection: To date, no reported phone-to-phone virus auto-installs. The installation obstacles and the methods of spreading limit the amount of damage the current generation of cell-phone virus can do.

How They Spread

Phones that can only make and receive calls are not at risk. Only smartphones with a Bluetooth connection and data capabilities can receive a cell-phone virus. These viruses spread primarily in three ways:

Internet downloads - The virus spreads the same way a traditional computer virus does. The user downloads an infected file to the phone by way of a PC or the phone's own Internet connection. This may include file-sharing downloads, applications available from add-on sites (such as ringtones or games) and false security patches posted on the Symbian Web site.
Bluetooth wireless connection - The virus spreads between phones by way of their Bluetooth connection. The user receives a virus via Bluetooth when the phone is in discoverable mode, meaning it can be seen by other Bluetooth-enabled phones. In this case, the virus spreads like an airborne illness. According to TechnologyReview.com, cell-phone-virus researchers at F-Secure's U.S. lab now conduct their studies in a bomb shelter so their research topics don't end up spreading to every Bluetooth-enabled phone in the vicinity.
Multimedia Messaging Service - The virus is an attachment to an MMS text message. As with computer viruses that arrive as e-mail attachments, the user must choose to open the attachment and then install it in order for the virus to infect the phone. Typically, a virus that spreads via MMS gets into the phone's contact list and sends itself to every phone number stored there.

In all of these transfer methods, the user has to agree at least once (and usually twice) to run the infected file. But cell-phone-virus writers get you to open and install their product the same way computer-virus writers do: The virus is typically disguised as a game, security patch or other desirable application.

The Commwarrior virus arrived on the scene in January 2005 and is the first cell-phone virus to effectively spread through an entire company via Bluetooth (see ComputerWorld.com: Phone virus spreads through Scandinavian company). It replicates by way of both Bluetooth and MMS. Once you receive and install the virus, it immediately starts looking for other Bluetooth phones in the vicinity to infect. At the same time, the virus sends infected MMS messages to every phone number in your address list. Commwarrior is probably one of the more effective viruses to date because it uses two methods to replicate itself.

The Damage Done

The first known cell-phone virus, Cabir, is entirely innocuous. All it does is sit in the phone and try to spread itself. Other cell-phone viruses, however, are not as harmless.

A virus might access and/or delete all of the contact information and calendar entries in your phone. It might send an infected MMS message to every number in your phone book -- and MMS messages typically cost money to send, so you're actually paying to send a virus to all of your friends, family members and business associates. On the worst-case-scenario end, it might delete or lock up certain phone applications or crash your phone completely so it's useless. Some reported viruses and their vital statistics are listed below.

Cell-phone Viruses

Cabir.A
First reported: June 2004
Attacks: Symbian Series 60 phones
Spreads via: Bluetooth
Harm: none
More information (including disinfection):

http://www.f-secure.com/v-descs/cabir.shtml

Skulls.A
First reported: November 2004
Attacks: various Symbian phones
Spreads via: Internet download
Harm: disables all phone functions except sending/receiving calls
More information (including disinfection):

http://www.f-secure.com/v-descs/skulls.shtml

Commwarrior.A
First reported: January 2005
Attacks: Symbian Series 60 phones
Spreads via: Bluetooth and MMS
Harm: sends out expensive MMS messages to everyone in phonebook (in course of MMS replication)
More information (including disinfection):

http://www.f-secure.com/v-descs/commwarrior.shtml

Locknut.B
First reported: March 2005
Attacks: Symbian Series 60 phones
Spreads via: Internet download (disguised as patch for Symbian Series 60 phones)
Harm: crashes system ROM; disables all phone functions; inserts other (inactive) malware into phone
More information (including disinfection):

http://www.f-secure.com/v-descs/locknut_b.shtml

Fontal.A
First reported: April 2005
Attacks: Symbian Series 60 phones
Spreads via: Internet download
Harm: locks up phone in startup mode; disables phone entirely
More information (including disinfection):

http://www.f-secure.com/v-descs/fontal_a.shtml

As you can see from the above descriptions, cell-phone viruses have gotten a lot more harmful since the Cabir worm landed in the hands of researchers in 2004. But on the bright side, there are some steps you can take to protect your phone.

Wanna Make some money?
If you have access to your own email account, you can get paid.