Andromeda IT - Specialists in home and small business computing

Navigation

---

Home page
Computers
Computer Help
Web Design
   Overview
   Services
   Features
   Costs
   References
   Guest Book
      Sign
      List
Contact Us
Free

---

Information
 Virus
 Spyware
 Linux
 Hints & Tips
 Domain Names
 Humour

Viruses, Worms, Trojans & Phishing

Virus - Definitions

1) A virus is a contagious computer program: a computer program that is part of another and inserts copies of itself.  A virus travels with the program that contains it and may damage the integrity of stored data.

2) A virus is a program or segment of program code that may make copies of itself (replicate), attach itself to other programs, and perform unwanted actions within a computer. Such programs are almost always introduced into a computer without the knowledge or assent of its owner, and are often malicious, causing destructive actions such as erasing data on disk, but sometime only annoying, causing peculiar objects to appear on the display.

How do viruses replicate?

Viruses piggyback onto a program, e.g. a spreadsheet and get run every time the spreadsheet is run. This gives the virus the opportunity to replicate itself to other programs.

Email viruses, often replicate themselves by sending copies to everyone in your address book. The Melissa virus is a good example of this genre. Emails contained an infected Word document that replicated itself as it was opened (if macros were enabled). The virus then lowered the macro security levels so all macros could run in future when documents were opened without prompting the user for permission. The macro then propagated itself to the first 50 entries in the user's address book. The virus also infected the normal.dot default Word document template, so that it executed every time a new document was created.

Trojan Horse - Definition

A Trojan Horse is a computer program designed to evade the security precautions within a computer system and perform illicit operations, or to do malicious damage, and often designed to look like a different kind of program, such as a game, archiver, or directory lister. This term is not applied to a program that replicates itself, such as a virus.

Worm - Definitions

1) A Worm is a program or algorithm that replicates itself over a computer network and usually performs malicious actions, such as using up the computer's resources and possibly shutting the system down.

2) A Worm is a software program capable of reproducing itself that can spread from one computer to the next over a network. A worm can, for example, scan the network for another machine that has a specific security hole (such as open IP ports used for file transfer or data sharing). It copies itself to the new machine using the security hole, and then starts replicating from there, as well.

How does a worm spread?

The Slammer worm used UDP protocol and IP port 1434. The first copy hit a server running Microsoft SQL in the USA. It then replicated itself by randomly sending itself, masquerading an an SQL query, to computers world-wide. Each copy, then did the same. It spread amazingly quickly and within 15 minutes of its first hit, huge sections of the Internet were completely jammed with many email and name servers failing under the deluge of UDP packets. Within 30 minutes it had knocked out more than just the Internet. Emergency 911 dispatchers in Seattle resorted to paper. Continental Airlines, unable to process tickets, cancelled flights from its Newark hub. The Slammer worm contained no malicious code, i.e. it didn't damage infected computers. However, by sending copies of itself to random Internet addresses so fast, (up to 30,000 times per second from a single infected PC), the Internet quickly jammed up in many countries. The total cost of the incident in lost revenue is estimated at more than $1 billion.
More information on Slammer worm.

Phishing - Definition

Phishing (pronounced 'fishing') is a form of Internet fraud.

A dummy web site is created resembling that of a legitimate organisation, typically a financial institution such as a bank or insurance company. A email is sent requesting that the recipient logs-on to the dummy web site by clicking a link or image. (Embedding the links in the email avoids the possibility of the user entering the legitimate web site address by hand.)

If the user clicks-through from the email, they are presented with a replica of a web site they trust. More sophisticated operations go so far as to register plausible URLs, e.g. using similar initials or a sub-domain that mirrors the legitimate web site address. Once at the dummy site, the user is prompted to confirm or re-enter their personal details, including security access codes.

The aim of the fraud is to obtain access codes; to online transaction services or credit cards. The increase in such fraud has prompted additional security measures such as banks requiring the account holder to confirm their identity by telephone to complete high-value transactions.

Virus Removal

Assuming your Internet connection is still up and working, the simplest option is to us one of the online free virus scan tools.

These normally download (to a temporary file on your PC) an anti-virus program and database of viruses. They then scan your PC for viruses and in most cases will remove any viruses they find.

However, you do need to make sure that you use one of the more reliable on-line virus scanners.

We can recommend:

Anti-Virus Software

There are many anti-virus products available. You can of course buy one of the better know ones, such as McAfee, or Norton AntiVirus.

However, we have found less well-known products such as Trend Micro PC-cillin Internet Security, Panda Antivirus Platinum and F-Prot to be excellent.

If you run Linux then F-Prot (who have one of the highest virus detection rates) provide a version that is free for home users. (However it is not a full-function version, if only does an on-demand scan which you need to schedule with cron).

Currently generally regarded as the best is PC-cillin Internet Security, which is a complete Internet security package providing all the features you are likely to need for full protection.

Features include:

• virus detection and removal
• a personal firewall
• spyware and adware removal
• spam filtering
• protection against phishing
  
• wireless network intrusion protection
• software vulnerability analysis.

See this site for a review of the best non-free anti-virus software.

Free Anti-Virus Software

There are plenty of FREE anti-virus programs some of which are excellent products with a very high rate of virus detection.

Here is a review of free anti-virus software.

We can personally recommend:

• AVG Anti-Virus Software
• Alwil Avast 4

AVG Anti-Virus

As with many anti-virus software products, there are multiple versions:

• AVG Anti-Virus Free Edition
  
• AVG Anti-Virus Professional

Free Edition features include:

• resident virus scanner - which does on-access scans of executable files and documents
• email scanner - which checks emails and attachments as they are downloaded
• a virus scan scheduler - to do a full daily scan
• virus database updates every few days

As you would expect, the free edition doesn’t have as many options as AVG Professional, so for example, if your scheduler is switched on it does a daily full scan (at a time of your choosing) of all your disks. With the Professional version, you can chose what you want to scan and how often. 

One annoying feature currently is that downloads of the AVG Update File seem to take a very long time to get started. Perhaps the server is extremely busy or there are network bandwidth limitations. Whatever, the cause, we can only hope Grisoft get it fixed soon.

Avast!4

Comes in 2 versions:

• avast! 4 Home Edition - Free to home users for non-commercial use
• avast! Professional Edition
  

These products are very highly rated. The Home Edition has all the same features as AVG. It is highly configurable, although most users will just go with the defaults.

Some unusual features are:

• Email scanning also includes a “mass message check” facility.
  This ensures you aren’t being used to relay spam to thousands of users.
  
• Virus Recovery Database.
  This can be used to repair any programs that do get infected. This database is optional, and can be built when the computer is idle, or when the screen-saver is running. At the time of writing, we have not had to use this feature to repair any infected files.
• Peer-to-Peer protection feature.
  This is used to scan files that are downloaded using peer-to-peer software such as Kazaa, iMesh, eDonkey, etc.. 
  

Conclusion

If you can afford it get Trend Micro PC-cillin Internet Security. If not get one of the excellent free products such as AVG or Avast! (We have a slight preference for Avast!4.)

Whichever product you chose, get it TODAY! We find and remove about one virus per month from our PCs, so it may not be long before you get a virus that could destroy all your data..

---