Virus
What is a virus?
A virus is a piece of computer code – a program – that has been written to gain access to files or programs on your computer. The virus may enter your computer via floppy disk, by email or by your Internet connection. It will look at the files on your computer and infect some of them if it can.
What do we mean by ‘infect’?
A virus will attach itself in various ways to a file that already exists on a ‘host’ computer, and when that file is run, the virus activates as well. A computer virus works in a similar way to a biological virus.
Biological virus: an infectious agent of small size and simple composition that can multiply only in living cells of animals, plants or bacteria.
Computer virus: an infectious program of small size that can only multiply in other programs.
(Source: Encyclopaedia Britannica, 2000)
Several computers are shown. A virus, looking like a space invader, arrives at one computer and infects it, corrupting its screen. It replicates and the copies spread to the neighbouring computers and infect them.
When the virus is triggered it releases its payload. The payload part of the virus code can be either destructive or intrusive, or possibly both. Some viruses may just display a message, but others corrupt data and delete files.
Most viruses are programmed to hide on the host computer for a period of time before releasing the payload. If the virus shows itself too quickly, alerting the user to the fact that their computer is infected, it is more likely to be detected and hence less likely to be spread to other computers.
Figure 1 : Screen display of the fear-1823 virus taken from the Sophos virus image gallery, http://www.sophos.com/pressoffice/imggallery/virusimg/
Worms
What is the difference between a worm and a virus?
Unlike a virus, a worm does not infect files on a host computer. Instead it adds a file to the computer that is malicious code, and runs it ‘in the background’. A computer has many programs running in this way in order for its system to operate. For instance, when you create a document you can see the text editor, such as Microsoft Word, Notepad or Star Office, but in the background the spell checker or the printer program are working even though you do not see them on the screen.
Worms can spread through any medium that is being used to connect to the Internet, whether it be a modem, broadband, wireless connection, or a local area network at work.
The website of the antivirus software vendor Sophos describes W32/Netsky-R, a worm that was first seen in March 2003. This worm is part of a ‘turf war’ that was being waged at the time of writing between the writers of Netsky and another worm called Bagle.
Trojans
The term Trojan comes from the Greek legend about the fall of the city of Troy. The story goes that, during the seige of the city by the Greeks, a huge, hollow wooden horse was left in front of the gates. The inhabitants thought that it was a peace offering from the Greek army and dragged it into the city. Unknown to them, it was being used to conceal Greek soldiers, who were thus able to use this Trojan horse to enter the city and open the gates for the rest of their army.
Figure 2 : A cartoon showing a computer on whose screen is a picture of a wooden horse.
The Trojan program uses the same tactics to infiltrate a host computer. It purports to be a legitimate program, but in the background it is doing something else. It may be opening a ‘back door’ for a hacker to gain entry, or deleting files, or using a mail program to pass itself on to other computers.
For example, the Happy99 Trojan was very active at the end of 1999 and in 2000-2001. In fact, it is still seen occasionally.
Figure 3 : A screen dump showing a window titled ‘Happy New Year 1999 !!’. The window is black; white dots make a firework pattern.
Happy99 (which is sometimes called Win95/Happy99.Worm, SKA or Win32.SKA.A) arrives as an attachment to an email message. When the recipient opens the file the message ‘Happy New Year 1999!!’ and a fireworks graphic are displayed.
All this sounds quite harmless, but the Trojan is also doing things that the user can’t see. It modifies your computer’s network software so that Happy99 is attached to all outgoing email messages.
Taken From : The Open University
