3.5 Viruses and Worms

The most common types of network attacks are the virus and the worm. A virus is a program used to infect a computer. It is usually buried inside another program ”known as a Trojan ”or distributed as a stand-alone executable.

Not all viruses are malicious; in fact, very few cause extensive damage to systems. Most viruses are simply practical jokes, designed to make it appear, or scare recipients into thinking, that something is wrong with Windows. Unfortunately, the viruses that are destructive are often extremely destructive. A well-designed virus can disable an entire network in a matter of minutes.

Worms are often confused with viruses, but they are very different types of code. A worm is self-replicating code that spreads itself from system to system. A traditional virus requires manual intervention to propagate itself, by copying it unknowingly to a floppy, unwittingly embedding it in an attachment, or some other method. Worms do not require assistance to spread; instead, a worm can automatically e-mail itself to other users, copy itself through the network, or even scan other hosts for vulnerabilities ”and then attack those hosts .

A worm resides in active memory; the program is executed, does what it is going to do, and propagates itself. A virus typically overwrites, or attaches itself to, system files.

The distinction is often difficult to follow: It is not uncommon for a virus to be paired with a worm prior to launch. The virus does its job, and the worm transports the virus to the next group of victims.

Worms have become much more dangerous with the advent of application integration. Many worms take advantage of code that allows that programs to automatically execute code to automate common office tasks . E-mail applications are often especially vulnerable to worms. Sometimes worms are sent as attachments that execute when a user attempts to open them, but more often the malicious code can be executed simply by previewing the message, without even reading the message.