• 1. Most of the worms which use e-mail to propagate use Microsoft Outlook or Outlook Express to spread. If you need to use Outlook, download and install the latest Outlook security patch from Microsoft. In general, keep your operating system and applications up-to-date and apply the latest patches when they become available. Be sure to get the updates directly from the vendor.
• 2. When possible, avoid e-mail attachments both when sending and receiving e-mail.
• 3. Configure Windows to always show file extensions. In Windows 2000, this is done through Explorer via the Tools menu: Tools/Folder Options/View - and uncheck "Hide file extensions for known file types". This makes it more difficult to for a harmful file (such as an EXE or VBS) to masquerade as a harmless file (such as TXT or JPG).
• 4. Never open e-mail attachments with the file extensions VBS, SHS or PIF. These extensions are almost never used in normal attachments but they are frequently used by viruses and worms.
• 5. Never open attachments with double file extensions such as NAME.BMP.EXE or NAME.TXT.VBS
• 6. Do not share your folders with other users unless necessary. If you do, make sure you do not share your full drive or your Windows directory.
• 7. Disconnect your network or modem cable when you're not using your computer - or just power it down.
• 8. If you feel that an e-mail you get from a friend is somehow strange - if it is in a foreign language or if it just says odd things, double-check with the friend before opening any attachments.
• 9. When you receive e-mail advertisements or other unsolicited e-mail, do not open attachments in them or follow web links quoted in them.
• 10. Avoid attachments with sexual filenames. E-mail worms often use attachments with names like PORNO.EXE or PAMELA_NUDE.VBS to lure users into executing them.
• 11. Do not trust the icons of attachment file. Worms often send executable files which have an icon resembling icons of picture, text or archive files - to fool the user.
• 12. Never accept attachments from strangers in online chat systems such as IRC, ICQ or AOL Instant Messenger.
• 13. Avoid downloading files from public newsgroups (Usenet news). These are often used by virus writers to distribute their new viruses.
  

• Use anti-virus software. To learn more, please search for "Virus Protection" in Google Search.
• Download anti-virus software updates frequently. They are usually posted weekly, and generally only take a couple of minutes to download.
• Scan email attachments and programs downloaded from the Internet. If you receive attachments you aren't expecting or from someone you don't know, do not open the attachment. Even if you know the sender, you should scan the attachment in all cases.
• Turn off the feature in email programs that automatically open attachments.
• Don't install unfamiliar programs. Unless you know exactly what a program does and how it will affect your computer, don't install it.
• Carefully read pop-up warnings. Many unscrupulous companies use pop-up advertising that falsely appear to be warnings. The pop-ups (which appear on sites other than Cyber Logic Host™) encourage users to install corrective software. These pop-ups should be ignored.
• Verify email warnings. You may receive an email warning that claims to be from a computer "expert" warning you of a virus. Such emails usually instruct you to take certain steps to protect your computer. These are usually a hoax -- before following the steps outlined in any email, research it online by searching for "Computer Virus Hoax" in Google Search.

 

Viruses, Trojan Horses and Worms - part-II

• Viruses
• Trojans
• Worms

"In the mid-1980s two brothers in Pakistan discovered that people were pirating their software. They responded by writing the first computer virus, a program that would put a copy of itself and a copyright message on any floppy disk copies their customers made. From these simple beginnings, an entire virus counter-culture has emerged. Today new viruses sweep the planet in minutes and can corrupt data, slow networks down, or harm your reputation."

What is a virus?
A virus or worm is a computer program that can spread across computers and networks by making copies of itself, usually without the user’s knowledge. Viruses can have harmful effects. These can range from displaying irritating messages to stealing data or giving other users control over your computer.

How does a virus infect computers?
A virus program has to be run before it can infect your computer. Viruses have ways of making sure that this happens. They can attach themselves to other programs or hide in code that is run automatically when you open certain types of file. Sometimes they
can exploit security flaws in your computer’s operating system to run and to spread themselves automatically.
You might receive an infected file in an email attachment, in a download from the internet, or on a disk. As soon as the file is launched, the virus code runs. Then the virus can copy itself to other files or disks and make changes on your computer.

What can viruses do?
Viruses used to play pranks or stop your computer working, but now they compromise security in more insidious ways. Here are the things that viruses can do:

• Slow down email. Viruses that spread by email, such as Sobig, can generate so much email traffic that servers slow down or crash. Even if this doesn't happen, companies may react to the risk by shutting down servers anyway.
• Steal confidential data. The Bugbear-D worm records the user's keystrokes, including passwords, and gives the virus writer access to them.
• Use your computer to attack websites. MyDoom used infected computers to flood the SCO software company's website with data, making the site unusable (a denial of service attack).
• Let other users hijack your computer. Some viruses place “backdoor Trojans” on the computer, allowing the virus writer to connect to your computer and use it for their own purposes.
• Corrupt data. The Compatable virus makes changes to the data in Excel spreadsheets.
• Delete data. The Sircam worm may attempt to delete or overwrite the hard disk on a certain day.
• Disable hardware. CIH, also known as Chernobyl, attempts to overwrite the BIOS chip on April 26, making the computer unusable.
• Play pranks. The Netsky-D worm made computers beep sporadically for several hours one morning.
• Display messages. Cone-F displays a political message if the month is May.
• Damage your credibility. If a virus forwards itself from your computer to your customers and business partners, they may refuse to do business with you, or demand compensation.
• Cause you embarrassment. For example, PolyPost places your documents and your name on sexrelated newsgroups.

Where are the virus risks?
Viruses can reach your computer via all the routes shown here:

• Programs anddocuments
  Programs and documents can be infected with viruses. When you share them with other users, by putting them on your network or intranet, or by sending them out, the infection can spread.
• The internet
  You may download programs or documents that are infected. Security vulnerabilities in your operating system can also allow viruses to infect your computer via the internet connection, without your having to do anything at all.
• Email
  Email can include infected attachments. If you doubleclick on an infected attachment, you risk infecting your machine. Some emails even include malicious scripts that run as soon as you preview the mail or read the body text.
• CDs and floppies
  Floppy disks can have a virus in the boot sector. They can also hold infected programs or documents. CDs may also hold infected items.

Which files can viruses infect?
Viruses can attach themselves to any code that runs on your computer: programs, documents, or the files that start up the operating system.

• Programs
  Some viruses infect programs. When you start the infected program, the virus is launched first. This type of virus appeared early in virus history but still poses a threat, as the internet makes it easy to distribute programs.
• Documents
  Word processing or spreadsheet applications often use “macros” to automate tasks. Some viruses take
  the form of a macro that can spread from one document to another. If you open a document that contains the virus, it copies itself into the application’s startup files and infects other documents you open with that application.
• Boot sectors
  When you switch on your computer, it accesses a part of the disk called the “boot sector”and runs a program that starts the operating system. The earliest viruses replaced this boot sector with their own, modified version. If the user started up their computer from an infected disk, the virus became active.

Email viruses
Many of the most prolific viruses are email-aware: they distribute themselves automatically by email. Typically, email-aware viruses depend on the user clicking on an attached document. This runs a script that can forward infected documents to other people. The Netsky virus, for example, searches the computer for files that may contain email addresses (e.g. EML or HTML files), and then uses the email program on your computer to send itself to those addresses. Some viruses, like Sobig-F, don’t even need to use your email browser; they include their own “SMTP engine” for sending mail. Email viruses may compromise your computer’s security or steal data, but their most common effect is to create excessive email traffic and crash servers.

Email attachments
Any attachment that you receive by email could carry a virus; launching such an attachment can infect your computer. Even an attachment that appears to be a safe type of file, e.g. a file with a .txt extension, can pose a threat. That file may be a malicious VBS script with the real file type (.vbs) hidden from view.

Can I get a virus just by reading email?
You don’t have to open an attachment to become infected via email. Just viewing your mail is a risk. Some viruses, such as Kakworm and Bubbleboy, can infect users as soon as they read email. They look like any other message but contain a hidden script that runs as soon as you open the email, or even look at it in the preview pane (as long as you are using Outlook with the right version of Internet Explorer). This script can change system settings and send the virus to other users via email. Microsoft issue patches that eliminate this security weakness and others like it. To find out which patches you need, visit windowsupdate.microsoft.com. To keep informed about future patches, you can subscribe to a mailing list at www.microsoft.com/technet/security/bulletin/notify.asp

A brief history of viruses

• 1950s Bell Labs develop an experimental game in which players use malicious programs to attack each other’s computers.
• 1975 Sci-fi author John Brunner imagines a computer “worm” spreading across networks.
• 1984 Fred Cohen introduces the term “computer virus” in a thesis on such programs.
• 1986 The first computer virus, Brain, is allegedly written by two brothers in Pakistan.
• 1987 The Christmas tree worm paralyses the IBM worldwide network.
• 1988 The Internet worm spreads through the US DARPA internet.
• 1992 There is worldwide panic about the Michelangelo virus, although very few computers are infected.
• 1994 Good Times, the first major virus hoax, appears.
• 1995 The first document virus, Concept, appears.
• 1998 CIH or Chernobyl becomes the first virus to paralyse computer hardware.
• 1999 Melissa, a virus that forwards itself by email, spreads worldwide.Bubbleboy, the first virus to infect a computer when email is viewed, appears.
• 2000 Love Bug becomes the most successful email virus yet. The first virus appears for the Palm operating system, although no users are infected.
• 2001 A virus claiming to contain pictures of tennis player Anna Kournikova infects hundreds of thousands of computers worldwide.
• 2002 David L Smith, the author of Melissa, is sentenced to 20 months in prison by US courts.
• 2003 The Blaster worm spreads itself across the internet via a security weakness in Microsoft software. Together with the Sobig email virus, it makes August 2003 the worst month ever for virus incidents.
• 2004 The creators of the Netsky and Bagle series of worms compete to see which can have the greater impact.

Trojan horses
Trojan horses are programs that pretend to be legitimate software, but actually carry out hidden, harmful functions. For example, DLoader-L arrives in an email attachment and claims to be an urgent update from Microsoft for Windows XP. If you run it, it downloads a program that uses your computer to connect to certain websites, in an attempt to overload them (this is called a
denial of service attack). Trojans cannot spread as fast as viruses because they do not make copies of themselves. However, they now often work hand-in-hand with viruses. Viruses may download Trojans which record keystrokes or steal information. On the other hand, some Trojans are used as a means of infecting a computer with a virus.

Backdoor Trojans
A backdoor Trojan is a program that allows someone to take control of another user’s computer via the internet. A backdoor Trojan may pose as legitimate software, just as other Trojan horse programs do, so that users run it. Alternatively – as is now increasingly common – a virus may place a backdoor Trojan onto a computer. Once the Trojan is run, it adds itself to the computer’s startup routine. It can then monitor the computer until the user is connected to the internet. Once the computer is online, the person who sent the Trojan can run programs on the infected computer, access personal files, modify and upload files, track the user’s keystrokes, or send out spam mail. Well-known backdoor Trojans include Subseven, BackOrifice and Graybird, which was disguised as a fix for the notorious Blaster worm.

Worms
Worms are similar to viruses but do not need a carrier program or document. Worms simply create exact copies of themselves and use communications between computers to spread. Many viruses, such as MyDoom or Bagle, behave like worms and use email to forward themselves.

Internet worms
You may be at risk whenever you are connected to the internet, even if you don’t open suspicious email. Internet worms can travel between connected computers by exploiting security “holes” in the computer’s operating system. The Blaster worm, for example, takes advantage of a weakness in the Remote Procedure Call service that runs on Windows NT, 2000 and XP computers and uses it to send a copy of itself to another computer. As the worm spreads, it creates a lot of traffic on the internet, slowing down communications or causing computers to crash. This particular worm also later uses the computer to deluge a Microsoft website with data, with the aim of making the site inaccessible. Microsoft (and other operating system vendors) issue patches to fix security loopholes in their software. You should update your computer regularly by visiting the vendor’s website.

Can I get a virus from a website?
Web pages are written in HTML (Hypertext Markup Language). This cannot carry a virus, although it can call up programs or files that do. You cannot be infected by visiting an HTML page unless there is a security vulnerability on your computer that allows a program to run and infect you.