Virus, Worms, Trojans

From iGeek
Jump to: navigation, search
VirusWormsTrojans.jpg
Virus, Worms and Trojans, some various hacker terms/attacks explained (simply).


What does it all mean?

There's a recent media storm about the Code Red worm. But most people don't know what the terms mean or what the risks are.

The first question is what is a worm? And of course, if we're discussing worms, then what about virus's, Trojans and other related terms?

A computer virus is just a program that "spreads" or makes copies of itself without the user knowing about it.

A worm is also a program that copies itself without permission or knowledge. So a worm is a type of virus.

The difference between a worm and a virus is that a virus usually spreads itself on the machine it is on, or to files that are accessible from that machine (it attacks local files). A worm usually tries to infect other machines across the network, or it attacks other systems (instead of just spreading within the system you are on). Of course a virus will try to spread to many files, often including files it can see across a network or files that will be transmitted across a network (directly or via email) or files that will be given to others on floppy disk. But a worm is a bit more deliberate on attacking others, actually targeting other systems and trying to infect them - viruses spread everywhere and happen to get to other machines.

A Trojan (or Trojan Horse), is a program that pretends to be one thing (by name, icon or description) but does something completely different. It might be obviously difference, when the intruder leaps out and kills you, or it might be subtle and do exactly what you think it does... plus something else (like install a vitus, malware, etc). But it's that false advertising and surprise that makes it a Trojan.

VirusChar.png

When you get an email that says "look at the cool picture", but clicking on it really is a script or program that does something else, that's a Trojan. In fact, even some websites or emails say "click here" to do one thing, but they do another, are a form of Trojan Horse.

Most Trojans (like the "Melissa" or "I Love you" viruses) are also a form of viruses - in that one of the things they do when they are run, is try to spread themselves (without you intentionally copying or sending them). They fake you into do something, which runs them, and which allows them to do things (like send themselves to everyone on your email list). It is just that the method of spreading is based on a user action - if you don't run them, they can't copy themselves. Whereas, you don't have to do anything to spread a virus - they are running automagically, and so copy themselves without any action on your part.

Some of the nastier things going around, are viruses or worms that infect your system and exploit holes in Windows, to create bigger holes in Windows. Actually, what they do is install a "bot" (robot or netbot) that can be commanded to do things. They broadcast to hackers that your machine is open for business - and the business is allowing hackers to see what's on your machine, or to use your machine to attack others.

VirusWormsAndTrojans.jpeg

Some hackers collect fleets of these attack "bots", which they can command to attack some machine they don't like. Or some bots are automatic (autobots) in that they attack at a preconfigured time/date. (Since the channels/ports that allow someone to talk to or command a bot are auditable, it is little easier to find and block a regular bot than an autobot). With a fleet of those machines (bots) all making requests at once, a targeted machine is flooded and overwhelmed (functionally blocked from getting any real work done). This is called a DDOS (Distributed Denial of Service) attack or flood attack.

These attacks and security holes are possible on any type of computer. But they are easiest to do using Microsoft Windows. This is because when Microsoft was creating Windows, and many of the Applications like their email and web-browser, they sacrificed security for the sake of making their lives easier. People warned Microsoft against this policy early on, but MS saved money/time by not having to pay the price of designing in security. The results are that they created the least secure of the popular Operating Systems - and now all users pay the price -- since anyone can be a victim of a Windows based attack.

The Code Red worm was a worm (type of virus), that installed a nasty little auto-bot on Windows that would automatically attack (DDOS) the whitehouse.gov website during the last few days of the month. Sadly, the holes in Windows mean that this is not the end of these types of attacks, but just the beginning.

2001.09.10

More on Cyber Security and threats : Hack, Crack or PhreakCrackingEaster Eggs • Firewalls • Hacking • How Secure are you?PasswordsPhreaking • Privacy • Shopping • Virus, Worms, Trojans