82. About Malware
Keeping your network up and running after you configure your WiFi router correctly could be a fairly carefree endeavor. Now, I said "could be"; computing in general could be a much more carefree pastime if we didn't have to deal with malicious software that can disable or hijack our computers. I'm talking about viruses, Trojan horses, worms, and spyware. Malicious software such as these are often referred to collectively as malware. Malware would be any software designed to exploit or damage your computer. Another annoying computer incursion that we all have to deal with is spam email, and while spam doesn't really qualify as malware, it can be just as annoying.
Malware Malicious software such as viruses, worms, and spyware.
Fortunately, the unsettling fact (actually it's depressing that someone with people programming knowledge would spend their time creating viruses) that there are numerous viruses, worms, and Trojan horses loose means that some excellent software tools have been developed (and continue to evolve) to protect your computer against malware. Let's take a look at the different types of malware, and then we'll walk through some tasks that explore some of the ways to protect your computer.
A definite threat to your computer (or computers) and your network's security is the virus. A virus is self-replicating software code, meaning that it can make copies of itself. The fact that a virus can self-replicate means that it can spread easily from computer to computer.
Virus Malicious, self-replicating software code that can infect computers and damage system and other files.
Viruses actually require action from you before they can infect your system. For example, if you open an infected file shared by another user or open an infected email attachment, you are going to infect your computer. The virus can then be spread from computer to computer over a network (such as your workgroup) when the infected file is shared and opened. Viruses can also be spread on removable media such as floppy disks, CDs, and USB memory sticks.
Viruses come in several varieties. A number of different virus types have evolved over the years. These different types of viruses have been classified based on how they infect a computer:
Boot sector viruses are uncommon now. In fact, many new computers do not even come configured with floppy drives, which makes boot sector viruses a rather outdated venture for those malcontents who create viruses.
The actual number of viruses in the "wild" (meaning those that are infecting computers and networks) at any one time varies, but in general, the number is increasing.
The only way you can protect your computer from virus infection is to install antivirus software on your computer and keep it up to date. Unfortunately, protection against a particular virus doesn't become part of the antivirus software capabilities until the virus "goes public." This means that there is always a lag time between the virus's appearance and the ability of the antivirus software to protect against it.
A good place to look for information related to viruses is the SANS institute. SANS, at http://www.sans.org/, provides information on viruses and other network security issues. You can also find information on current virus and other malware threats by checking out the website of the antivirus software that you use.
Worms and Trojan Horses
Viruses aren't the only malware threats that can infect your computer. There are also worms and Trojan Horses.
A worm is a program that spreads itself from computer to computer on a network. It doesn't need to be activated by you as does a virus. Worms are typically specific to an operating system (such as Windows) and exploit some weakness in that operating system. Worms often exploit open ports and can actually hijack a computer and use it in denial-of-service (DOS) attacks against websites (in DOS attacks, a website is flooded by requests from the computers that have been hijacked by the worm).
Worm Self-spreading and self-activating malware software code that typically exploits a particular weakness in an operating system.
Trojan Horse Malware that appear to be a normal program but, when executed, causes harm to your system. The fact that the malicious program is masquerading as a "normal" program is why this particular type of malware is referred to as a Trojan horse.
A Trojan horse, on the other hand, is a program that appears to be perfectly benign, such as a screensaver or a game. For example, the HAPPY99.EXE Trojan horse, when executed, provides a nice little fireworks display on your screen and then immediately uses mail addresses found in your computer's email client to send off copies of itself to these addresses (this is similar to how the Melissa virus is spread).
One of the earliest Trojan horses was the AIDS Information Disk Trojan, which was actually a disk sent out to medical establishments as an AIDS-awareness product. After being executed, the Trojan horse file created a hidden directory on the computer's hard drive and eventually encrypted the entire contents of the hard drive, making it unusable.
One of the biggest threats related to Trojan horses is that some can actually invade a computer and allow remote control of the infected computer by the originator of the Trojan horse (the hacker). This allows the hacker to steal personal information and also use the computer in en-masse attacks upon website servers.