Computer Virus

What is a computer virus and how do you get one?

If you depend on the information stored on your personal computer, you need to understand how computer viruses spread, and you should use anti-virus software to reduce the chance that a computer virus will infect your programs and files.

A computer virus is a program that makes copies of itself and infects files. Computer viruses can spread to other computers and files whenever infected files are exchanged. Often infected files come as email attachments, even from people you know. The email senders have no idea that they are passing on a file with a virus in it.

Some computer viruses can erase or change the information stored on your computer, other viruses may do little or no harm to your system. Writing and releasing any virus is prohibited by university policy, and anyone who does so will be held legally accountable for damages.

How to protect your computer?

There are several things that you should do to protect your computer from virus infections:

Use a high-quality anti-virus program, and be sure to update it regularly. Use it to scan any files, programs, software, or diskettes (even new software from a commercial company) before you use them on your computer.
Make back-up copies of important documents or files and store them on separate diskettes. Making backups will also protect your information against accidental file deletion, diskette failure, and other damage.
Whenever you use a computer in a campus lab, be sure to reboot or run “cleanup” before you start your session and log out when you end your session.
Do not share commerical software with anyone. It is a violation of the author’s copyright to distribute such material, and it is a way to spread viruses.
When you get public domain (PD) software for which the author has granted permission to make copies, get it from a reliable source. (For example, and individual you do not know is not a reliable source.) Before you run PD material, use an anit-virus program to inspect for known viruses.
Always scan your disks and files after using them on another computer.
Always scan all files you download from the Internet.
Always scan Word or Excel file email attachments before you read them.

What if your computer gets a virus?

Not all damage to your programs and files is caused by viruses: worn out floppies, failing hard drives, user error, and poorly written programs can all cause you to lose data. If your computer is behaving strangely, or if you think your computer has a virus, use an anti-virus program to find out.

If your computer is infected with a virus, DON’T PANIC! Use an anti-virus program to remove the virus yourself, or turn your computer off and find someone who knows how to remove the virus.

If a virus is active in memory, it may prevent anti-virus programs from working correctly. To be sure no virus is active, turn off your computer and reboot from a known-clean system diskette before you begin the disinfection process.

Eliminate all copies of the virus as quickly as possible. Check all your diskettes, and warn anyone else who may have infected files or disks.

Remember, most viruses can be removed without permanent damage to your system, and most virus infections can be prevented. With proper care, your computer can remain virus-free.

Data Storage

Top 10 worst computer viruses (Sasser & I Love You)

DATARECOVERYUNION.COM15 years ago11 years ago15 mins

2. Sasser
Shaun Nichols: Just how much damage can a virus do? Well, take the Sasser worm as one example. This relatively simple little attack managed to cripple airlines, news agencies and even knocked out government systems.

Perhaps most frustrating, however, was that Sasser infection was very easy to prevent. The vulnerability which the attack exploited had been patched for months, and all users had to do was install the most recent security updates from Microsoft.
Sasser was a stark warning that has yet to be heard by many. Unpatched systems are still pervasive around the world, leaving users vulnerable to Sasser and countless other malware attacks that target patched vulnerabilities.

Iain Thomson: I remember the Sasser outbreak well, as I was on holiday and staying with friends in New York when it struck. Being the token geek I spent a good few hours fixing my friend’s computer and cursing the fool who wrote the worm that had me sitting in front of a computer screen when I could be sipping cocktails in Greenwich Village.

The worm caused havoc, not just shutting down a news agency’s systems but causing Delta to cancel some flights and leaving the British coastguard crippled for hours, putting lives at risk. If I’d been a seaman in peril I’d want serious words with the 17-year old author, Sven Jaschan. He was caught after Microsoft put a bounty on his head, something they should do more often.

Jaschan got away with a suspended sentence because he wrote the code before reaching the age of 18. He also caused a storm by accepting a job with a security company in his German homeland. This is not done in the security industry and caused the company, Securepoint, to be shunned by others in the field

1. I Love You
Shaun Nichols: They say you always hurt the ones you love. In 2000, this was taken to extremes when the ILoveYou attack racked up some $5.5bn in damages.

The concept was pretty simple: a user receives a file from a known email contact under the title ‘LoveLetter’ or ‘ILoveYou’. When the attachment is opened, the virus is launched. After infecting the host, the virus then took control of the user’s email program and sent the same ‘ILoveYou’ message to every user in the host’s address book.

Love must have been in the air, because the virus was potent enough to infect some 10 per cent of internet-connected machines at its peak. At a time when many users were still trying to learn the finer points of the internet, ILoveYou was a major wakeup call to some of the dangers on the web.

Iain Thomson: Everybody wants to be loved and ILoveYou was brilliant social engineering. It helped that the virus was spammed out in the early days of internet use and there were a lot of newbies online who had only a vague idea about viruses and how dangerous they could be.

Email was a trusted format and, because the messages came from people the recipient actually knew, the likelihood of them being opened was much higher.

Things are different today, although there are still plenty of people who get caught by social engineering attacks, but ILoveYou makes it so high in the list because it was a brilliant piece of social engineering.

Data Storage

Top 10 worst computer viruses (Nimda & MyDoom)

DATARECOVERYUNION.COM15 years ago3 years ago05 mins

4. Nimda
Iain Thomson: A week after the 11 September atrocities a new virus hit the internet in a big way. Nimda was one of the fastest propagating viruses in history, going from nowhere to become the most common virus online in 22 minutes, according to some reports.

The reason for this speed was that Nimda used every trick in the book to spread itself. It used email, open network shares, IIS vulnerabilities and even web sites to spread. It hit pretty much every version of Windows available and appeared all over the place.

In the paranoid days after the terrorist attack some speculated that this was a digital 11 September, and some security consultants got large speaking fees for suggesting just that. In fact, it was nothing of the sort and was just another attempt at large scale infection.

Shaun Nichols: In the days following the 11 September attacks, everyone was on edge and all types of threats were given plenty of attention. This, in part, helps to explain why Nimda got the attention it did.

Nimda not only played on hype; the worm was also especially virulent due to the sheer number of methods it used to propagate. In addition to spreading via email, Nimda used web site exploits to infect HTML pages and local machine exploits to spread between individual files.

The result was an extremely effective virus circulating at a time when people were more sensitive to all types of threats, both online and offline.

3. MyDoom
Shaun Nichols: Ah yes, the old ‘infect the host then resend to the entire address book’ attack method. Like many other attacks, MyDoom used the tried-and-true practice of spreading through email and address books.

But MyDoom went a step further and targeted peer-to-peer networks. The worm not only spread itself through address books but through the shared folder of users who ran the Kazaa file sharing application.

While definitely skilled programmers, MyDoom’s creators also seemed to be fans of good old-fashioned vigilante justice. One of the early tasks performed by infected users was to take part in a denial-of-service attack against SCO, the infamous software vendor that once tried to lay claim to the patents for Linux.

Iain Thomson: MyDoom was interesting because it was one of the first to use peer to peer as a transmission device, as Shaun notes.

Kazaa was at the peak of its popularity and was causing headaches for Hollywood and the security community. If I had £1 for each time a security expert ranted about the stupidity of using peer-to-peer networks I’d be a rich man. Downloading a file onto your computer from an untrusted source? Madness.

The attack on SCO was also fascinating. SCO was, and to an extent still is, the most hated IT company among users, even more than Microsoft at the time. A worm that attacked a company was something new and raised all sorts of possibilities.

Data Storage

Top 10 worst computer viruses (Storm & Melissa)

DATARECOVERYUNION.COM15 years ago3 years ago15 mins

6. Storm
Shaun Nichols: Before Conficker came around and got everyone worked into a lather, Storm was the big bad botnet on the block. First appearing in early 2007 as a fake news video on European flooding, the Storm malware menaced users for more than a year.

The huge botnet was also influential for its continued use of social engineering tactics. The malware disguised itself as everything from video files to greeting cards, and attacks were continuously refreshed to coincide with holidays and current news events.

While Storm has since been eclipsed by newer botnets, the name still brings to mind one of the most menacing attacks seen in recent years.

Iain Thomson: When extreme weather hit Europe the damage was bad enough, but the Storm code made things much worse. At a time when many were seriously concerned about the health and safety of friends and family, the last thing anyone needed was an infection.

But Storm was a classic piece of social engineering. At a time when people are concerned they don’t always think of the consequences, be it approving torture or opening an email attachment.

This kind of social networking is nothing new, of course, but the Storm malware did it very well indeed and proved very effective as a result.

5. Melissa
Shaun Nichols: It was a classic love story. Boy meets girl, girl dances for money, boy goes home and writes computer virus for girl, computer virus gets out of hand and causes millions of dollars in damage. It’s the Romeo and Juliet of our time.

When a New Jersey hacker wrote a small bit of code named after a stripper he met in Florida, he had no idea of the chaos that would ensue. The Melissa virus, as it came to be known, got way, way out of hand.

The virus spread like wildfire throughout the net, and an unintended effect of the worm led to a glut of email traffic that overflowed servers and caused tons of damage and lost work time to corporate IT systems.

The hacker himself was later caught and sentenced to a year and half in prison. Next time he wants to impress a girl, hopefully he’ll stick to chocolates and jewelery.

Iain Thomson: Now, I’ve done some stupid things to impress girls, things that cause me to bite my fist with embarrassment nowadays and one that left me with a small amount of scar tissue, but writing a computer virus makes these pale by comparison.

The real damage of Melissa was not in the code itself, but in its spamming capabilities. The software caused a massive overload of email systems and generated enough traffic to make it highly visible. Current computer malware writers have taken note of code like Melissa and now fly much lower under the wire to attract less attention.

Data Storage

Top 10 worst computer viruses (Conficker & ExploreZip)

DATARECOVERYUNION.COM15 years ago3 years ago05 mins

8. Conficker
Shaun Nichols: The global catastrophe that wasn’t, the third form of the Conficker attack provided nice theatrics but little in the way of actual damage.

The premise was pretty simple: Conficker.C would spread to as many machines as possible throughout March. Each infected machine was given a huge list of domains, one of which would be contacted by 1 April.

The deadline made all the difference. Now, Conficker wasn’t just a simple malware infection, it was a ‘ticking time bomb’, and a looming menace that would unleash carnage. Or at least that’s what the story turned into when unscrupulous security vendors and tech-newbie news outlets got hold of the story.

Then the deadline passed and, pretty much as every reasonable person in the industry predicted, Conficker didn’t do much of anything. The botnet remains intact and still poses a threat, but nothing near the utter cyber-carnage that many spoke of.

Iain Thomson: Conficker has now started its attacks and has proved to be just another botnet builder like most other malware.

However, the media panic over Conficker has shown that people are still scared of viruses. As Bruce Schneier pointed out at RSA last week, Conficker hit all the right buttons. It had a funny sounding name, was mysterious and was set to do something on a ‘magic’ date.

Conficker has, however, served a useful purpose. It spreads via a vulnerability that has had a patch available since last October. If my company’s servers got hit by a vulnerability that old, my IT manager would be getting a stern talking to, possibly involving a thumbscrew and a hot pair of pliers.

7. ExploreZip
Iain Thomson: ExploreZip was written over a decade ago but is still to be found in the wild today, a good example of how persistent these little programs can be.

ExploreZip, like most viruses of the time, targeted Windows systems a nd was spread via email. The recipient got an email reading ‘I have received your email and I shall send you a reply ASAP. Till then take a look at the attached zipped docs.’

Clicking on the attachment booted the virus onto the user’s computer and it immediately spammed itself out to all of the contacts in Outlook. More worryingly it also overwrote Word documents with lines of zeros, and did some damage to the operating system itself. As destructive worms go it wasn’t too bad, but in the pre-Millennium days of 1999 it certainly caused a panic.

Shaun Nichols: Often, viruses aren’t meant to be overtly destructive. Older viruses often did damage through unintended conflicts, while newer malware tries to remain undetected in order to steal data or hijack programs.

This wasn’t the case with ExploreZip, however. Upon receiving the virus, users would open an attachment that would immediately begin damaging the host computer.

This seems pretty scary at first. But when you think about it, a damaged hard drive is still far less serious than a hijacked bank account.

Data Storage

Top 10 worst computer viruses (Part Two)

DATARECOVERYUNION.COM15 years ago11 years ago05 mins

10. Elk Cloner
Iain Thomson: Elk Cloner was written by a 15-year old high school student called Rich Skrenta as a practical joke. Unfortunately for him the joke turned bad very quickly.

The virus was developed for the Apple II system and was a boot sector virus that spread via floppy discs. Apparently Skrenta was a fan of pirated games and would swap them with his friends, sometimes with little messages added. After one too many of these infected discs, he devised a way to alter discs automatically and the Elk Cloner virus was invented.

It had little in the way of a payload. Every 50th time a person booted an infected disc the software ran a little program on the computer screen, and that was it. Nevertheless it was a serious annoyance and was a harbinger of things to come.

Shaun Nichols: And they say Apple computers don’t get viruses. What Skrenta did not realise was that he was helping to popularise what would later become standard practice for spreading viruses.

Elk Cloner spread through what is now known as a ‘boot sector’ infection. The virus copied itself into the boot sector of a floppy disk and then spread into all future disks. This became a popular attack method for Apple and PC computers, taking over as the preferred method of infection until the internet came along and email attacks emerged.

9. Klez
Iain Thomson: Klez is a persistent little devil, and variants are still doing the rounds today, seven years after it first turned up.

The most common varient, Klez H, spoofs email addresses by randomly picking one from an infected machine before sending itself on to other users. This makes backtracing the identity of the infected machine particularly difficult, since any email stored for any reason can be used.

It exploits a vulnerability in Outlook that allows it to boot up automatically on unpatched systems. It’s a cunning little devil but for all its ingenuity I still want to strangle the writer.

Shaun Nichols: The late 1990s and early 2000s were not only the golden age of the internet, they seemed to be the golden age for malware. Over that time period, few viruses were able to match the reign of Klez.

Like many other viruses of its time, Klez spread through email. Users were duped into opening infected files and, once the malware was installed, the victim’s address book was opened and copies of the attack were sent to contacts.

Klez, however, took this a step further. Not only did the virus send itself to people in your address book, it pretended to be from other people. Later, the worm wreaked further havoc by pretending to be its own removal tool.

Data Storage

Top 10 worst computer viruses (Part One)

DATARECOVERYUNION.COM15 years ago6 years ago05 mins

All this panic over a simple strain of flu got us thinking about some of the more virulent computer pandemics that have hit in recent years. While a computer virus pales in seriousness to a human outbreak, malware attacks can still take a huge toll on businesses throughout the world.

The viruses below may not have been the most widespread or effective, although many of them were. Instead they are the ones that stick in the mind as being particularly notable. There are been so many over the years, and viruses will always be a part of computing now, but these may bring back memories, not all of them pleasant.

Honourable mention: Creeper
Iain Thomson: Creeper was possibly the very first computer virus, although this is contested. It was invented back in 1971 by Bob Thomas, using the Tenex operating system, and used the precursor of the internet, ARPANET, to spread between DEC PDP 10 systems.

To delete the Creeper program another piece of code, Reaper, was created to hunt it down and destroy it. The first anti-virus virus, Reaper was an excellent idea and one that worked well.

Some don’t consider it a virus because it lacked many of the features of modern viruses, but I’m counting it anyway because it was an example of the harmlessness of the early age of computers. Creeper did nothing more than display the message ‘I’m the creeper, catch me if you can!’ No payload, no theft, it was an example of a simpler age.

Shaun Nichols: In computer years, 1971 was nearly prehistoric. No Apple, no Microsoft and the internet was still a wild, far-off concept. Still, in this era where computer programming was a highly-specialised skill, we saw many firsts.

Perhaps a sign of the early times, Creeper’s creator not only released the virus itself, but a cleaning program called Reaper that removed the Creeper code.

Honourable mention: Brain
Iain Thomson: Brain was the first virus written for Microsoft’s DOS operating system, back in 1986. It was originally developed to stop the copying of a medical software program developed by two Pakistani brothers, Basit and Amjad Farooq Alvi.

Brain spread by floppy disc and copied itself into the boot sector of the media. It displayed the names of the creators, and suggested the infected recipients got in contact to get disinfected.

It spread quickly and the two brothers were inundated with calls from people around the world demanding that their machines were disinfected. Such was the volume of calls that the two eventually had their phone lines cut off.

Shaun Nichols: Remember how much heat Sony took when it used a rootkit as part of its copy-protection software? Well, it turns out Sony wasn’t the first group to make that mistake.

Back in 1986, a pair of developers from Pakistan tried to stop piracy of their biomedical software by including a small snippet of code to track and report possible piracy. That code was soon removed and redistributed as a virus.

This was back in 1986, so the ‘FAIL’ meme had yet to be put into use, but if it had, Brain Computer Services would have no doubt more than earned the tag.

Data Recovery

Virus Protection Key to Healthy Computing

DATARECOVERYUNION.COM15 years ago11 years ago03 mins

Computer viruses are proving to be highly complex but preventing viruses from infecting your computer systems is simple. Use two well-known brands of anti-virus software and keep them as current as possible.

Beyond that, there are some simple, common sense procedures that everyone should use, whether at work or in the home computing environment. Never open a file whose origins are unknown. In a simpler day, that wisdom only applied to executable files, or files that did something. They have the suffixes .exe, .com and .bat and each can start a program on your computer. These viruses spread through games downloaded from the Internet, on borrowed diskettes and through the old ‘bulletin board’ services.

Today, unfortunately, a whole new wave of viruses has been unleashed on unsuspecting computer users because software manufacturers introduced feature-rich new programs without considering how vulnerable they are to viruses. Now, almost any document and many email messages can carry and spread ‘macro’ viruses at lightning speed. That’s why it is so important never to open messages or documents from unknown sources. Viruses can delete data, change file names or even damage the physical media the data where the data is stored.

How important is virus protection?
If your data is critical to your business operations, there is nothing more important. Even though about 75 per cent of all data loss incidents are caused by human error or system malfunctions, a virus attack can still cripple your data center. A combination of regular, verified backups and constantly updated virus protection are absolutely essential to protect your data – and your organization.

Data Storage

DATARECOVERYUNION.COM15 years ago3 years ago014 mins

How to protect from getting a virus?
In today’s world having anti-virus software is not optional. A good anti-virus program will perform real-time and on-demand virus checks on your system, and warn you if it detects a virus. The program should also provide a way for you to update its virus definitions, or signatures; so that your virus protection will be current (new viruses are discovered all the time). It is important that you keep your virus definitions as current as possible.

Once you have purchased an anti-virus program, use it to scan new programs before you execute or install them and new diskettes (even if you think they are blank) before you use them.

You can also take the following precautions to protect your computer from getting a virus:

Always be very careful about opening attachments you receive in an email — particularly if the mail comes from someone you do not know. Avoid accepting programs (EXE or COM files) from USENET news group postings. Be careful about running programs that come from unfamiliar sources or have come to you unrequested. Be careful about using Microsoft Word or Excel files that originate from an unknown or insecure source.
Avoid booting off a diskette by never leaving a floppy disk in your system when you turn it off.
Write protect all your system and software diskettes when you obtain them. This will stop a computer virus spreading to them if your system becomes infected.
Change your system’s CMOS Setup configuration to prevent it from booting from the diskette drive. If you do this a boot sector virus will be unable to infect your computer during an accidental or deliberate reboot while an infected floppy is in the drive. If you ever need to boot off your Rescue Disk, remember to change the CMOS back to allow you to boot from diskette!
Configure Microsoft Word and Excel to warn you whenever you open a document or spreadsheet that contains a macro (in Microsoft Word check the appropriate box in the Tools | Options | General tab).
Write-protect your system’s NORMAL.DOT file. By making this file read-only, you will hopefully notice if a macro virus attempts to write to it.
When you need to distribute a Microsoft Word file to someone, send the RTF (Rich Text Format) file instead. RTF files do not suport macros, and by doing so you can ensure that you won’t be inadvertently sending an infected file.
Rename your C:\AUTOEXEC.BAT file to C:\AUTO.BAT. Then, edit your C:\AUTOEXEC.BAT file to the following single line:
auto. By doing this you can easily notice any viruses or trojans that try to add to, or replace, your AUTOEXEC.BAT file. Additionally, if a virus attempts to add code to the bottom of the file, it will not be executed.
Finally, always make regular backups of your computer files. That way, if your computer becomes infected, you can be confident of having a clean backup to help you recover from the attack.

What types of files that can scan and set for auto-protection?
Here’s a list of file extensions that you should make sure your anti-virus software scans and auto protects:

386, ADT, BIN, CBT, CLA, COM, CPL, CSC, DLL, DOC, DOT, DRV, EXE, HTM, HTT, JS, MDB, MSO, OV?, POT, PPT, RTF, SCR, SHS, SYS, VBS, XL?

What are some good indications that the computer has a virus?
A very good indicator is having anti-virus software tell you that it found several files on a disk infected with the same virus (sometimes if the software reports just one file is infected, or if the file is not a program file — an EXE or COM file — it is a false report).

Another good indicator is if the reported virus was found in an EXE or COM file or in a boot sector on the disk.

If Windows can not start in 32-bit disk or file access mode your computer may have a virus.

If several executable files (EXE and COM) on your system are suddenly and mysteriously larger than they were previously, you may have a virus.

If you get a warning that a Microsoft Word document or Excel spreadsheet contains a macro but you know that it should not have a macro (you must first have the auto-warn feature activated in Word/Excel).

What are the most common ways to get a virus?
One of the most common ways to get a computer virus is by booting from an infected diskette. Another way is to receive an infected file (such as an EXE or COM file, or a Microsoft Word document or Excel spreadsheet) through file sharing, by downloading it off the Internet, or as an attachment in an email message.

What should do when get a virus?
First, don’t panic! Resist the urge to reformat or erase everything in sight. Write down everything you do in the order that you do it. This will help you to be thorough and not duplicate your efforts. Your main actions will be to contain the virus, so it does not spread elsewhere, and then to eradicate it.

If you work in a networked environment, where you share information and resources with others, do not be silent. If you have a system administrator, tell her what has happened. It is possible that the virus has infected more than one machine in your workgroup or organization. If you are on a local area network, remove yourself physically from it immediately.

Once you have contained the virus, you will need to disinfect your system, and then work carefully outwards to deal with any problems beyond your system itself (for example, you should meticulously and methodically look at your system backups and any removable media that you use). If you are on a network, any networked computers and servers will also need to be checked.
Any good anti-virus software will help you to identify the virus and then remove it from your system. Viruses are designed to spread, so don’t stop at the first one you find, continue looking until you are sure you’ve checked every possible source. It is entirely possible that you could find several hundred copies of the virus throughout your system and media!

To disinfect your system, shut down all applications and shut down your computer right away. Then, if you have Fix-It Utilities 99, boot off your System Rescue Disk. Use the virus scanner on this rescue disk to scan your system for viruses. Because the virus definitions on your Rescue Disk may be out of date and is not as comprehensive as the full Virus Scanner in Fix-It, once you have used it and it has cleared your system of known viruses, boot into Windows and use the full Virus Scanner to do an “On Demand” scan set to scan all files. If you haven’t run Easy Update recently to get the most current virus definition files, do so now.
If the virus scanner can remove the virus from an infected file, go ahead and clean the file. If the cleaning operation fails, or the virus software cannot remove it, either delete the file or isolate it. The best way to isolate such a file is to put it on a clearly marked floppy disk and then delete it from your system.

Once you have dealt with your system, you will need to look beyond it at things like floppy disks, backups and removable media. This way you can make sure that you won’t accidentally re-infect your computer. Check all of the diskettes, zip disks, and CD-ROMs that may have been used on the system.

Finally, ask yourself who has used the computer in the last few weeks. If there are others, they may have inadvertently carried the infection to their computer, and be in need of help. Viruses can also infect other computers through files you may have shared with other people. Ask yourself if you have sent any files as email attachments, or copied any files from your machine to a server, web site or FTP site recently. If so, scan them to see if they are infected, and if they are, inform other people who may now have a copy of the infected file on their machine.