Permalink
Cannot retrieve contributors at this time
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
327 lines (281 sloc)
17.7 KB
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN"> | |
| <html> | |
| <head> | |
| <meta name="GENERATOR" content="Microsoft FrontPage 4.0"> | |
| <title>Viruses are out to get you!</title> | |
| </head> | |
| <body bgcolor="#FFFFFF"> | |
| <p align="center"> </p> | |
| <p align="left" style="margin-top: 27"><b><font face="Times New Roman" color="#FF0000" size="6"> </font><font face="Times New Roman" color="#A53831" size="6">Viruses</font><font face="Times New Roman" color="#FF0000" size="7"> </font></b></p> | |
| <p align="left"><img border="0" src="images/line.gif" width="600" height="10"></p> | |
| <p align="left">Viruses seem to be in the news every week Love Bug and Melissa | |
| are just two names you may recognise and new viruses are reported almost daily.</p> | |
| <p>If you never use your computer and never switch it on, then you don't need to read | |
| this. However, as you do, then viruses are a risk.</p> | |
| <div align="left"> | |
| <table border="0" width="100%" height="319"> | |
| <tr> | |
| <td width="16%" height="315" valign="top"> | |
| <p style="margin-top: -10"> <table> | |
| <tr> | |
| <td width="120"> | |
| <table border="0" cellPadding="2" cellSpacing="0" width="147" height="170"><font face="Verdana, Arial, Helvetica" size="-2"> | |
| <tr bgColor="#990033" vAlign="top"> | |
| <td width="143" height="28" valign="top"><font color="#ffffff" face="Verdana, Arial, Helvetica" size="-2"><b>TOP 10 VIRUSES<br> | |
| FOR 1998</b></font></td> | |
| </tr> | |
| </font> | |
| <tr bgColor="#cccccc" vAlign="top"> | |
| <td width="143" height="134" valign="top"> | |
| <p align="left"><font face="Verdana, Arial, Helvetica" size="-2"> 1. | |
| AutoStart-Worm <br> | |
| 2. Cap <br> | |
| 3. Cheval <br> | |
| 4. Cih Spacefiller <br> | |
| 5. Class <br> | |
| 6. Groov <br> | |
| 7. Laroux <br> | |
| 8. Marburg <br> | |
| 9. Paix <br> | |
| 10. Shiver </font></p> | |
| </td> | |
| </tr> | |
| </table></td> | |
| </tr> | |
| </table></td> | |
| <td width="84%" height="315"><big><u><strong>HISTORY</strong></u></big> | |
| <p align="left"><font color="#000000">Where exactly the first computer | |
| viruses came from is a bit of a mystery. Certainly the early viruses | |
| tended not to be malicious. One of the earliest viruses was called worms | |
| and was not meant to be malevolent and simply got out of hand. Concept, | |
| which was one of the first Microsoft Word Viruses was probably written | |
| by someone who was trying to show the flaws in Word. What seems to have | |
| a grain of truth is that the first dangerous viruses came out of Bulgaria | |
| in the mid to late eighties. There may have been earlier ones but this | |
| is when they started to hit the market in greater volumes. The story | |
| develops that it was mainly disgruntled Government employees who tended | |
| to write the programmes or possibly someone from the underground | |
| movement. The Internet and the growth of personal computers have dramatically | |
| increased the field for viruses to spread. My first encounter | |
| with a virus was in 1990. I loaded a floppy to be told that I had been | |
| stoned. I simply took out the 5 1/4 floppy Disk, switched off my machine | |
| and rebooted with my boot disk. However, now that 99.99% of computers | |
| have a hard disk, things are not as simple. Recently Flash Bios viruses | |
| have emerged and viruses that destroy your hard disk. </font></p> | |
| <p align="left"><font color="#000000">However there have been a fair number of hoaxes as | |
| well. The good times, you have won a holiday e-mail (see below)</font></td> | |
| </tr> | |
| </table> | |
| </div> | |
| <p align="left"><big><u><strong><font color="#000000">WHAT IS A VIRUS</font>?</strong></u></big></p> | |
| <p>One of the early pioneers of viruses research is Dr Fred Cohen who submitted his thesis | |
| in 1986. Dr. Cohen's definition of a computer virus as "a program that can 'infect' | |
| other programs by modifying them to include a ... version of itself" is generally | |
| accepted as a standard. </p> | |
| <p>A computer virus is a program that replicates itself, attaches to other programs, and | |
| performs unsolicited or unwanted, if not malicious, actions when it executes. The two | |
| fundamental virus categories are “boot” and “file” viruses<br> | |
| Boot viruses dwell in the boot sector of the hard or floppy disk that carries them. These | |
| execute as your computer starts. Once they copy themselves into your computer’s | |
| memory, they can then spread to other disks or other computers on a network, each time | |
| leaving copies of themselves that can repeat the cycle.<br> | |
| <br> | |
| File viruses become active only when you execute the program that carries them. Typically, | |
| such viruses infect files with the extensions .EXE, .COM, or .DLL, and non-executable | |
| files such as Microsoft Word or Excel data and template files. Once executed, the file | |
| virus also loads itself into your computer’s memory, then replicates and attaches | |
| itself to other executable programs.</p> | |
| <p>New viruses are being written at about one hundred per month. No virus software | |
| can be foolproof but you can try your best to stay clean from viruses.</p> | |
| <p>For companies the cost associated with viruses is the man time updating | |
| anti-virus software or a greater cost of cleaning infections. Even at ten minutes per | |
| computer this soon adds up if you have 1000's of computers.</p> | |
| <p>.The following list describes some of the characteristics of common viruses. </p> | |
| <table border="0" width="100%"> | |
| <tr> | |
| <td width="50%"><p align="left"><strong><big>Boot virus </big></strong></p> | |
| <p align="left">Infects the boot sector of a floppy disk or hard drive and is very easily | |
| spread</td> | |
| <td width="50%"><big><strong>File virus </strong></big><br> | |
| <br> | |
| A file virus attaches itself to an executable program. Whenever the program runs, the | |
| virus attaches itself to other executable programs.</td> | |
| </tr> | |
| </table><table border="0" width="100%"> | |
| <tr> | |
| <td width="50%"><big>Stealth virus <br> | |
| </big><br> | |
| A stealth virus hides itself to evade detection. A stealth virus may be either a boot | |
| virus or a file virus. Stealth viruses can be very difficult to detect.</td> | |
| <td width="50%"><big>Multipartite virus </big><br> | |
| <br> | |
| A multipartite virus acts like both a boot virus and a file virus by spreading | |
| through disk boot sectors and executable files.<br> | |
| </td> | |
| </tr> | |
| <tr> | |
| <td width="50%"><big>Mutating virus </big><br> | |
| <br> | |
| Mutating viruses change their code signature to avoid detection. Many mutating viruses are | |
| also encrypted viruses.<br> | |
| <br> | |
| </td> | |
| <td width="50%"><big>Encrypted virus </big><br> | |
| <br> | |
| Encrypted viruses encrypt part of their code signature to avoid detection. Many encrypted | |
| viruses are also mutating viruses.<br> | |
| </td> | |
| </tr> | |
| <tr> | |
| <td width="50%"><big>Polymorphic virus<br> | |
| </big><br> | |
| Polymorphic viruses act somewhat like mutating viruses, but each time a polymorphic virus | |
| copies itself, it changes its code signature slightly to avoid detection. <br> | |
| </td> | |
| <td width="50%"><big>Macro virus</big><br> | |
| <br> | |
| A virus written in a macro language or attached to macros included in a program's data | |
| files. Microsoft Word and Microsoft Excel data files and template files, for example, can | |
| include such viruses.</td> | |
| </tr> | |
| <tr> | |
| <td width="100%" colspan="2"><p align="left"><big><strong>Back Orifice</strong></big></p> | |
| <p align="left">A play on words regarding Microsoft's Back Office suites. This | |
| program was released by the Cult of the Dead Cow. If someone downloads the relevant programme and | |
| has this running on their PC then a user thousands of miles away could delete, steal or | |
| monitor all data on a persons computer. The Cult of the Dead Cow when contacted recently | |
| said they are simply trying to show the flaws in Windows and not destroy anyone's machine<big><big>.</big></big></td> | |
| </tr> | |
| </table> | |
| <p align="left"><big><br> | |
| <big><u><strong>Hardware Danger</strong></u></big></big></p> | |
| <p>Until recently it was common for a bad virus attack to leave you with the need | |
| to reformat the hard drive and reinstall your programmes and data. However, | |
| with the newer machines having Flash BIOS that is easily upgraded. Flash BIOS | |
| can be on Graphics Cards, Modems and Motherboards etc. There is a real risk | |
| that if you get infected by a hardware virus that it could cost you hundreds | |
| of pounds.</p> | |
| <p>The most dangerous virus in this category is known as "Variant CHI". | |
| This was originally spread by a free disk on a Games Magazine. The machine is | |
| effectively dead once infected.</p> | |
| <p><big><big><u><strong>Some Myths</strong></u></big></big></p> | |
| <font SIZE="3"> | |
| <p align="left">AOL had all their e-mail addresses hacked by a hacker as did Microsoft | |
| a few months ago and that is where one of the famous virus myths came from the | |
| hoax was called "Good times virus, or win a free holiday." </p> | |
| </font> | |
| <font SIZE="3"> | |
| <p><strong>THERE ARE NO SUCH VIRUSES.</strong></p> | |
| <p>Some basic principles about viruses: | |
| <ol> | |
| <li>They can not be part of a text file (They are a programme). An e-mail is | |
| usually a text file. </li> | |
| <li>They can be part of an e-mail but then only as an attachment, you would | |
| have to click on the attachment and open the file. If you had your virus software | |
| running and up to date it would not allow you to do this. I suggest you log | |
| onto <a href="http://www.grisoft.com">grisoft.com</a> and download AVG this | |
| is free for personal use.</li> | |
| <li>You would have to be pretty dumb to open an attachment from a file from someone you did | |
| not know.</li> | |
| <li>Most servers run junk e-mail software and therefore you just don’t get the same | |
| Spam.</li> | |
| </ol> | |
| <p>I get a lot of e-mail and I have only twice had a virus on e-mail.</p> | |
| <p>I have seen four viruses in the last two years and I surf a lot. Two of these | |
| were old and archaic and easily dealt with. The other two were on the net. I | |
| worked out that my infection rate over the last two years is about 800hrs surfing | |
| per virus. </p> | |
| <p>I have lots of disks from different people and surf and have companies send | |
| me software and I rarely see one. When I do I get all excited because they are | |
| rare and if you have the right virus software and have kept it up to date they | |
| are very rarely dangerous. A big Computer Hardware company sent me some new | |
| drivers for my soundcard and I discovered that the disk was infected with the | |
| Wazzu Virus. On contacting them I was thanked for telling them and they said | |
| "We don't run any anti-virus software on our machines, we wait for the | |
| public to tell us." A thousand disks had been sent out with the virus | |
| on them.</p> | |
| </font> | |
| <p><font size="4"><u><strong>A CAUTIOUS NOTE REGARDING MIRC</strong></u></font></p> | |
| <p><font SIZE="3">Internet Relay Chat or MIRC has been growing dramatically in the last | |
| nine years since it started on EFnet. However, custom designed Trojan horses, viruses and | |
| scripts have been written. A couple of the more common ones are Script.ini and | |
| DMSETUP.EXE, both are designed to copy passwords and allow access to your computer. They | |
| are self replicating and you send them to other people on line.</font></p> | |
| <p><font SIZE="3">The other script that I have encountered recently is where the script | |
| reassigns your keyboard keys. This is easily solved by uninstalling MIRC</font></p> | |
| <p><font SIZE="3">Our advice for MIRC is as follows:-</font> | |
| <ol> | |
| <li><font SIZE="3">Do not have auto-accept enabled in MIRC options</font></li> | |
| <li><font SIZE="3">Do not accept a file from anyone, whoever they are. </font></li> | |
| <li><font SIZE="3">Be wary of people who "WhoIS" you.</font></li> | |
| <li><font SIZE="3">Have a virus checker resident in memory at all times</font></li> | |
| <li><font SIZE="3">Uninstall MIRC weekly and wipe any files associated with it and | |
| re-install it from a zipped file or fresh download.</font></li> | |
| <li><font SIZE="3">Never give out your e-mail address unless you know the person personally.</font></li> | |
| <li><font SIZE="3">Steer away from any hackers channels.</font></li> | |
| </ol> | |
| <p> </p> | |
| <p><font size="4"><u><strong>JAVA AND ACTIVEX</strong></u></font></p> | |
| <p><font SIZE="3">Although not strictly viruses as such, a lot of concern has been | |
| expressed regarding whether or not Java Applets could be used to run malicious programmes | |
| through a users Web Browser. The same with Active X because it runs a programme on the | |
| users computer. </font></p> | |
| <p><font SIZE="3">Both ActiveX and Java include safeguards designed to prevent harm to | |
| your computer system. Nevertheless, determined programmers have developed objects that use | |
| Java or ActiveX to read data on your hard disk; pass it back to websites you visit; | |
| compose and send offensive e-mail in your name; corrupt or destroy your data; or cause | |
| other damage to your system.<br> | |
| <br> | |
| Dangerous objects such as these can often lurk on websites until you visit and download | |
| them to your system, usually without realising that they exist. Most browser software | |
| includes a feature that allows you to block ActiveX controls or Java applets altogether; | |
| or to turn on security features that authenticate objects before downloading them to your | |
| system. However, these approaches can deprive you of the interactive benefits of websites | |
| you visit by indiscriminately blocking all objects, dangerous or not.</font><font size="4"><small> | |
| The latest anti-virus software can be set to detect malicious Java and ActiveX. </small></font></p> | |
| <p> </p> | |
| <p><font size="4"><u><strong>SO WHAT CAN YOU DO ABOUT VIRUSES</strong></u></font></p> | |
| <p><font SIZE="3">You could ignore them and hope that they will go away. Or only act after | |
| the event. I failed to install anti-virus software in 1993 and ended up losing all my data | |
| and having to re-format my hard drive.</font></p> | |
| <p><font SIZE="3">Our recommended action plan:-</font> | |
| <ol> | |
| <li><strong><font SIZE="3">Run anti-virus software and keep it regularly updated.(at least | |
| monthly)</font></strong></li> | |
| <li><font SIZE="3">Scan all disks whoever they are from, don't trust other business to do | |
| the work for you.</font></li> | |
| <li><font SIZE="3">If you are a business then make it a sacking offence for bringing in | |
| disks from outside (especially on floppies) that are not authorised, games disks | |
| from someone's son or daughter in the playground are the most risky. This may seem harsh | |
| but all your computers could be damaged.</font></li> | |
| <li><font SIZE="3">Do not run attachments from e-mail unless you know the source.</font></li> | |
| <li><font SIZE="3">Be very careful about sharing disks from other computers.</font></li> | |
| <li><font SIZE="3">Do not download files from the Internet unless you know the company or it | |
| is recommended by someone you trust.</font></li> | |
| <li><strong><font SIZE="3">Do not download from a Warez site.</font></strong></li> | |
| <li><font SIZE="3">Take extra vigilance on MIRC not to accept any files</font></li> | |
| <li><font SIZE="3">When running attachments to newsgroups files be cautious.</font></li> | |
| <li><strong><font SIZE="3">Do not send a file knowingly that contains a virus, even if it is | |
| a practical joke. You could go to prison.</font></strong></li> | |
| <li><font SIZE="3">If you encounter virus like activity on your machine, run anti-virus | |
| software and if your machine is still exhibiting virus symptoms, then get expert help. Do | |
| not continue to run the machine as you are infecting other users and the virus may be | |
| replicating.</font></li> | |
| <li><font SIZE="3">Purchase virus software today. Tomorrow is too late.</font></li> | |
| </ol> | |
| <p><font size="5"><u><strong>Conclusion</strong></u></font></p> | |
| <p><font SIZE="3">Although virus infection is low for the majority of users you have a | |
| real chance of encountering at least one in the next year. If it's a harmless practical | |
| joke virus your okay. If not and it is one that wipes your BIOS, look for a new | |
| Motherboard. Protect yourself today and take steps today to cut down the chances of | |
| infection.</font></p> | |
| <p> </p> | |
| <p> </p> | |
| <h5 align="left"> | |
| The WebMaster<br> | |
| | |
| Copyright © 1998 <font color="#A53831">WBSnet</font>. All rights reserved.<br> | |
| | |
| </h5> | |
| </body> | |
| </html> |