Website Builders.com

You are here: Home / The WebsiteBuilders.com Guide to Computer Viruses

The WebsiteBuilders.com Guide to Computer Viruses

Tweet
Share
Pin

Since the very beginning of human life on this planet, we have been dealing with biological viruses and infections of one sort or another. Now, in the digital age, a new sort of pestilence has emerged — the computer virus, along with a host of related electronic pathogens. As with their older “wet ware” cousins, computer viruses can cause trouble ranging from minor inconvenience to epic disaster. And, just like with “real” viruses, a whole host of strategies and tactics are needed to protect against infection, mitigate the damage done during an attack, recover from disease, and rid the infected systems of lingering germs.

The cornerstone of any effective anti-virus strategy is knowledge. The more you know about computer viruses, how they work, and how they spread, the more able you will be to protect yourself and your systems from problems.

What is a computer virus?

A virus is a computer program that is designed to spread. The ability of a program to replicate and spread itself is the defining characteristic of a virus.

There are related phenomenon, which we’ll cover in this article, that aren’t viruses. Additionally, there are many different types of viruses, which can be categorized in different ways — the way they spread, and also the way in which they compromise a computer system.

Did You Know?

The ability of a program to replicate and spread itself is the defining characteristic of a virus.

There is a lot of overlap in these different categorizations. For example, there is a type of computer program that hides itself from your computer’s internal detection system. This is called a “rootkit.” Not all rootkits are viral. In fact, not all rootkits are even necessarily malicious — some are built-in to a system’s firmware by the hardware manufacturer. But some rootkits are definitely malicious, some are used to hide other malicious software, and some are designed to self-replicate and spread, which makes them viruses.

Many people call all these different bad computer programs “viruses,” even the ones that aren’t technically viral. Additionally, viruses and other malicious programs are often grouped together with the idea of being “hacked,” or attacked directly. Many people who experience computer viruses will say, “I’ve been hacked” or “My email has been hacked.” It’s helpful to have a handle on what these different terms actually mean, because that will help you understand the general ecosystem of malware.

A short malware glossary — different types of computer viruses

Malware is the general word used to describe all types of malicious or unwanted software that gets onto a computer system without the owner’s or administrator’s knowledge or consent. There are a lot of different types of malware.

Spyware

Spyware is any type of program that is designed to record your activity and report it back to someone else — typically without your knowledge. (Some activity monitoring is explicitly announced to users, often with an opt-out option. This is not really spyware.) Spyware can take many forms, and can be built in to all sorts of programs.

Most of it is more-or-less benign (depending on your point of view):

  • Websites track your browsing in order to better advertise to you.
  • Apps monitor your activity in order to more effectively sell you in-app purchases or other products and services.

Some of it is legal, ethically defensible, but definitely unwanted by the user:

  • Monitoring features that disable your ability to use copyrighted content without a valid license (various forms of digital rights management).
  • Police and government surveillance, for things like crime fighting and domestic security

Some of it is definitely illegal:

  • Government surveillance, used for intelligence gathering (both domestic and foreign)
  • Surveillance, used for blackmail (usually by organized crime)
  • Identity theft

That last one — identity theft — is the biggest problem for most of us. Few of us are important enough to come under threat from government surveillance or mafia-run blackmail schemes, but all of us have credit card numbers that could be compromised and used by criminals.

Worms

A worm is a type of virus that replicates itself over and over on a host machine. This is distinct from the more general designation “virus” which only means that the program tries to spread to other machines.

Some worms only do damage by replicating. The act of copying over and over uses up CPU cycles and memory, and the numerous copies use up more and more storage space. In a network environment (which is most computers today), the replication of the worm can also use up bandwidth, slowing down the network and impacting performance.

These types of worms, where the only malicious thing is the replication itself, are called payload-free worms. Other worms additionally carry a payload — features of the worm which do other sorts of harm, like installing spyware, backdoors, or another form of malware.

Backdoors

A backdoor is an opening in a computer’s security system that allows an outside party to login as a user, usually as an administrator or superuser.

Backdoors come in several different varieties:

  • Deliberately placed by the developers. — This is often done with proprietary software and hardware, in order to allow the originators of the system to continue to exert control over the system after it has been purchased or deployed. (Many movie plots revolve around this sort of thing — unfortunately it happens a lot in real life, too). The problem with these backdoors is that they can be discovered by malicious third-parties and used to install other forms of malware.
  • Accidentally left by the developers. — Development teams use a lot of different bug testing and development tools when building software, and sometimes traces of these utilities get left behind when software is packaged up for sale and distribution. Additionally, sometimes developers are simply sloppy — for example, leaving log-in information unencrypted or accessible.
  • Accidentally left by the user. — One of the most common forms of backdoor is default passwords. Users are supposed to change these passwords before using the system in production, but often don’t.
  • Placed by malware. — Sometimes the payload of a piece of malware is a program which grants administrative access to a system — often by exploiting some existing security hole, adding a user, changing login information to something known by the attacker, or by using spyware to obtain login information.

In movies (and sometimes in real life), when someone talk abouts “hacking into” a system, they are usually talking about exploiting or creating some kind of backdoor.

Backdoors are used for all sorts of nefarious purposes, from identity theft to surveillance, or even simply causing damage for its own sake (cyber terrorism when the bad guys do it, cyber warfare when it’s the good guys).

Botnets

Botnets are distributed supercomputers made up of networks of compromised machines running bots. In some cases, the individual nodes are small programs that run on other machines (hidden from view), and in other cases they are entire virtual machines running on top of compromised systems.

The purpose of botnets is to harness a little bit of computing power from each node — typically a small enough amount that the host computers’ owners never notice — and pool all that computing resource into one large network which can be used for various malicious purposes.

There are several large, active botnets running in the world today. It is generally thought that they are controlled by organized crime syndicates in Russia and China. It is likely that these groups have ties to political authority in their home countries.

The economy of botnets is interesting. The groups that actually control and operate these nets don’t typically use them for their own purposes, but rent them out to other groups — they are, in effect, cloud services for crime.

Criminal groups use botnets for all sorts of activities, but the most prevalent use is sending spam email.

Rootkits

A rootkit is a malicious piece of software that gains access to a computer’s root user privileges in order to mask its own presence. Rootkits can run in the background of a computer system without showing up on activity loggers or lists of currently running processes.

Rootkits are often built-in to proprietary software and hardware, and frequently used to engage in a form of copyright protectionism. Unfortunately, this is often legal and near-impossible to disable.

Many virus designers build rootkits into their viruses, in order to mask their actions from the owner — this is to be expected. What is perhaps even more surprising is that virus designers can also take advantage of existing, developer-placed rootkits — exploiting a design feature in order to hide malicious activity.

(For a fascinating, in-depth look at rootkits and the dangers to users caused by their deployment, see Cory Doctorow’s excellent book Information Doesn’t Want to Be Free.)

Methods of Transmission and Infection

Malware isn’t effective unless it gets on to computers. Knowing how viruses and other malicious programs spread can help you prevent infection.

It’s important to realize that many of these methods work in combination. For example, a virus might use bulk email to send itself to other potential hosts, while disguising itself as a useful program.

Autonomous Network Movement

Computers are networked together. If you, as a user, can log in to a distant computer and install something, a script on your computer can do the same. Some viruses are designed to do exactly that — find all the possible connections between one computer and others, log-in to them remotely, and install themselves on other computers in the network.

Speaking subjectively, this is the coolest method of transmission — so it shows up in movies and TV shows quite a bit. It is also the most difficult type to design and implement, so it doesn’t (often) happen in real life.

Spam

Spam is massive unsolicited email. There’s a lot of different types of spam, and not all of it is related to computer viruses — some spam is just trying to elicit purchases (marketing spam), while some spam is trying to collect log in information for the purpose of identity theft (Phishing).

Some viruses spread themselves by spam — the program actually takes control of a host’s email system and begins mailing copies of itself (or links to a website which will trigger a download) to everyone in the host’s address book.

Trojans

Some malware hides itself inside of something that seems useful or desirable in some way. Free games and utilities are a common cover, as are media files — particularly any kind of illegal content. In some cases the the program actually does contain the advertised feature, but other times there is simply nothing at all there except the malicious payload.

Trojans built into illegal or illicit content are often used in various blackmail and entrapment schemes. For example, in the 1990s it was somewhat common for Russian organized crime to hide spyware in illegal pornography. They could then identify who had downloaded the content and threaten to expose them. It has been conjectured that the U.S. Government has engaged in similar activity.

Autodownloads

It is possible to trigger an automated download when a user arrives at a website. This is really just another form of trojan — the website’s actual or advertised content being the cover for the malicious payload which is downloaded using Javascript or Flash.

Again, this is extremely common with websites that contain content which is illegal, illicit, or at the very least morally objectionable. The reason for this is two-fold:

  • It is (relatively) easy to get (some) people to click on links to sexual content.
  • People who contract viruses this way are less likely to seek help because of embarrassment.
Social Engineering

Social engineering refers to a broad range of tactics which are used to compel people to install malware on their own computers voluntarily. Again, this is really a specific form of a trojan.

The most common (and, too a security expert, the saddest) form of socially engineered malware infection is simply leaving a data device (such as a disk, CD, or USB drive) somewhere where people can find it — for example, in a corporate cafeteria or bathroom. People are extremely curious, and it is not unusual for someone to simply pick it up and plug it in to their machines to check it out. These can be set up to autorun an installation program, immediately infecting the computer when plugged in. Sometimes the storage device is labeled in a way to make it even more tempting — for example, “Quarterly Bonus Awards.”

Another, particularly elaborate example of social engineering involves cold calling employees of a company and posing as tech support. The false agent can then induce the victim to install “helpful” software.

Uses of computer viruses and malware

What’s the point of all this? Why would anyone want to infect your computer in particular? Some of the various motivations have been discussed above, but let’s go through all of the different purposes behind malicious software.

First of all, it’s important to remember that 99.99% of the time (or more), malicious software isn’t personally directed. Almost no one cares about your computer in particular — what the malicious parties want is as many computers as possible.

Another thing to keep in mind is that many infection schemes are multi-tiered. For example, a virus which enlists compromised hosts into a botnet might be sent via spam. That spam might be sent via the botnet, and once the computer is infected, it sends out even more spam, trying to build the botnet. Then, the botnet is used to send spam related to phishing schemes. It’s a complicated ecosystem, and sometimes various malware programs are competing for use of the host computer.

Botnet: Criminal Cloud Services

Many viruses enlist their host computer to join a botnet. Thse are then used for a wide variety of activity — including sending out more viruses. Botnets are typically built up by organized criminal gangs who rent out the computing power of the botnet to other criminal gangs. These arrangements are often multination operations — for example, many Nigerian phishing schemes are run on top of Russian-controlled botnets.

Surveillance

Government and non-government entities have a strong motivation to collect intelligence, and there is clear evidence that many of them — including the U.S. Government — engage in various forms of network surveillance. At least of a portion of that work is accomplished via the use of computer viruses.

Spam

Have you ever gotten email that tried to entice you to buy cheap prescription drugs, or refinance your mortgage? What about vaguely worded emails that seem to come from a friend and link to some website? Have you ever won a lottery you didn’t know you entered?

You probably get more spam than you can handle. You also probably get more than you even realize — for every piece of spam email that gets into your inbox, hundreds were blocked along the way.

Most spam is sent by compromised computers — either individually or as part of a botnet. Of course, spam itself is often a transmitter of viruses. The more computers get infected, the more computers can get infected.

Identity Theft and Credit Card Fraud

Most people use their computers to shop, and when most people shop, they enter their credit card numbers.

It is common for people to worry about the security of an online store, or the internet itself — they are concerned that their credit card information might be intercepted en route to the store’s website, or concerned it might be stolen from the store’s database.

Oddly enough, data in transmission between your computer and the store’s website is the least vulnerable. This is almost always encrypted — unusable even if the transmission is intercepted.

Certainly store databases are vulnerable — a number of high-profile hacks have been revealed over the last few years. But there is also a vulnerability most people don’t think much about — key loggers on their own computers.

Some viruses actually track what you type, which includes everything from credit card numbers to passwords to social security numbers. This information is then used by criminals to steal money or to purchase goods.

Extortion

A particularly nefarious and debilitating attack involves encrypting all the data on an infected computer and then demanding a payment in exchange for the decryption key. The attacker is, in effect holding the victim’s data hostage.

Payments are usually elicited via Bitcoin or other anonymous payment methods. The ransom demands are usually low enough (a few hundred dollars) that many people consider the payment to be an easier solution than losing the data altogether. To induce swift payment, there is usually deadline attached to the demand.

Often, data extortion schemes are combined with illegal or illicit content, making it highly unlikely that the victim will seek any legal recourse — they frequently won’t even take the computer to a recovery specialist for help because they fear what the specialist will find on the computer’s hard drive.

Perhaps the worst part of all of this is that sometimes, after paying, victims are never provided with the decryption key.

Cyber terrorism, warfare, and activism

Malware, either directly or via botnets, can be used to disable computers, networks, websites, and other systems. This can take all sorts of forms:

  • Distributed Denial of Service (DDoS) attacks — sending an overwhelming number of requests to a website, rendering it unable to respond to legitimate visitors
  • Deleting data, or encrypting it to render it unusable.
  • Altering the functioning of software.
  • Disabling key features.
  • Changing content.

Some of this is carried out by military actors (governments, terrorist organizations) as part of a larger campaign of violence. Sometimes it is carried out by activist (or “hacktivist”) groups, such as Anonymous, who attack organizations as part of a protest.

Vandalism (for teh lulz)

Some people create or distribute viruses and other malware for no particular reason other than to cause damage. They might do it to impress other people, or because they think it’s fun to watch other people suffer. They do it for laughs, or “teh lulz” (a badly spelled cliche form of the abbreviation “LOL”).

Popular entertainment has made it seem as if the majority of computer viruses and attacks originate from these people — lonely hackers in their moms’ basements wreaking havoc on other people’s lives while drinking soda and playing video games.

It is perhaps true that in the early days of internet this was at least partially the case. There are even a great number of basement-dwellers today who attempt to project this image of themselves, however inadequate or even non-existent their actual “hacking” chops are.

However, today, the vast majority of viruses and other malware is the product of organized crime, governments, terrorist organizations, and other institutional actors — the lone wolf character is precisely that: a character, a work of fiction.

How to protect yourself against computer viruses and malware

So now you know the bad news. The online world is full of potential viruses, malware, and other nasty infectious programs. But there there is good news too. Keeping yourself safe online isn’t all that difficult.

The key to staying ahead of viruses is three-fold:

  • Avoid malware before it gets to you
  • Get rid of malware once you have it
  • Mitigate against the damage that can be done by malware

Avoid malware

The most common attack vectors can be avoided if you simply practice responsible internet use.

  • Don’t open unsolicited emails or emails that come from people you don’t know
  • Don’t open unsolicited attachments, even from people you know, unless you can verify that the sended intended to send the file to you
  • Don’t visit websites that contain illicit or illegal content
  • Don’t click on links sent to you anonymously
  • Don’t click on links sent to you from people you know unless they come with an explanation that verifies they were sent on purpose
  • Don’t send emails to people that contain nothing but a link or an attachment — this trains people to think this is acceptable and makes them more likely to click on spam links
  • Don’t download files from anonymous file sharing sites
  • Don’t use shareware programs
  • Keep your software and operating system up to date

Get rid of malware that reaches your computer

You must use anti-virus software, and perform regular scans. One of the most well-respected anti-virus programs is the free AVG Anti-virus. There is also the very popular Norton anti-virus program.

Reduce the impact of viruses

The most important thing you can do to protect yourself is to keep your personal data and files backed up. You should have a copy of all of your documents and media stored remotely — either on a separate physical drive or in a cloud-storage service like Google Drive or Dropbox.

Also, if you suspect you have an infected system, you should run anti-virus, anti-rootkit, and anti-spyware programs. However — DO NOT take drastic action such as reformatting your hard drive, uninstalling your operating system, or defragging. Unless you know what you are doing, these actions can often make your problem worse, or make lost data irretrievable. Stop what you are doing and take your computer to a security specialist. (If your computer is still functioning, take the opportunity to backup your files.)

Conclusion

The real world is a dangerous place — germs, viruses, bad people, spores, molds, and fungus. But we have mostly adapted — most of us wash our hands, get our shots, take our vitamins. We carry umbrellas and we lock our car doors. Taken altogether, these simple actions add up to a relatively high and stable level of safety. Yes, things still happen, but our personal level of risk is usually very low.

The same is true of the online world. It is a dangerous place. There are viruses and worms, there are hackers and vandals. People are trying to steal your credit card information or break into your email system. But all it takes is a fairly simple set of practices — the online equivalent of remembering to wash our hands — to reduce our overall risk. As in life, we can never be 100% safe, but we can get close enough.

We aren’t helpless. We can adapt.

Tweet
Share
Pin

Recent Posts

About WebsiteBuilders.com

Everything you need to know about the WebsiteBuilders.com team.

About

Authors

How The Website Is Funded