Viruses, Trojans, and Worms, Oh My!

Have you ever received an email message like this:

"Another new virus has been discovered. It arrives in an email titled "California IBM". Microsoft has announced that it is very bad, worse than "Love Letter." There is no remedy or cure. It will consume all the information in the hard drive, and will destroy Netscape Navigator and Microsoft Internet Explorer. Do not open anything with this title, and pass this message on to your email contacts. Right now not many people know about this, so please pass it on as quickly as possible."

Relax. It's a hoax ... Sort of.

Think about what a computer virus is, what it does, and how it spreads.

Viruses are usually small bits of code that interfere with the normal operation of your computer. They may erase or modify files, disable your system, or just slow it down. They spread from machine to machine through infected files, often transmitted via email.

Now, think about those hoax virus warnings. They're just text, simple code, but they bog down email systems as unsuspecting but well intentioned users send them to everyone they know. They may suggest you delete certain files or edit your system configuration, in the process causing more damage then a virus would itself.

So how can you tell the difference between a legitimate virus warning and a hoax?

First consider the source. Is the warning coming from a reputable authority, such as a security company or a vendor of antivirus software, or has it been relayed countless times by people telling everyone they know and urging you to do the same?

Is this warning realistic? Few viruses will "erase your entire hard drive". A legitimate warning will include specific details of both the symptoms and results of infection.

Does the message cite a supposed authority, but not include a link directly to more information? Like the example noted above, hoaxes will often appear legitimate because they mention IBM, the FBI, or Microsoft, perhaps even including a link to a general site (like www.microsoft.com) but not provide a link directly to a specific page with detailed removal instructions.

If you receive a message you suspect is a hoax, what should you do? Before taking any action, verify the legitimacy of the warning. There are a number of reliable internet sites that maintain current lists of both real viruses and hoaxes. Try these for starters:

• McAfee - http://vil.mcafee.com/hoax.asp
• Command - http://www.commandcom.com/virus/virus_hoaxes.html
• Vmyths.com - http://www.vmyths.com/
• Symantec - http://securityresponse.symantec.com/avcenter/hoax.html

If the threat is real, carefully follow the removal instructions, or find an experienced computer technician to do it for you. If you wish to warn others, direct them to that authoritative site which will probably be maintained with up-to-date information.

If the warning does turn out to be a hoax try not to come down too hard on the person who sent it to you. Chances are they were just trying to help.

Now let's consider real viruses.

The term "virus" has come to encompass a number of malicious creatures including trojans, worms, and to a lesser degree, spyware.

A computer virus functions much like a biological virus. It's a small piece of programming code that invades other programs. When those programs run, the virus becomes active. Depending on how it's written it may delete or overwrite files, format drives, or display vulgar messages. It reproduces by infecting other programs running at the same time. It moves from machine to machine when someone copies or sends by e-mail infected files.

A worm is different from a virus in that it doesn't infect other programs; it operates independently. As well, it doesn't wait for a human to spread it to another machine. It actively seeks out other hosts through network connections and email. The recent Mydoom, Welchia, and Netsky infections were actually worms, not viruses.

Trojans, like Homer's Trojan Horse, appear benign. They usually come in the form of screen savers or joke programs. When an unsuspecting person executes the program the Trojan's real function becomes active in the background. Trojans spread when people pass these jokes on to their friends.

Similar to Trojans, spyware appears benign or even useful. It often comes in the form of file sharing utilities and browser add-on's. In addition to providing its promised services it also captures your keystrokes -- including passwords and credit card numbers -- and sends them back to its creator.

How can you protect yourself from these plagues?

Start by practicing some common sense precautions.

• Don't open email attachments from unknown sources.
• If you receive an attachment you weren't expecting, even from a friend, contact the sender and confirm that the attachment is legitimate before you open it.
• Avoid file sharing schemes, most of which are illegal anyway. If you want to try out a commercial program or game, find out if the vendor provides a trial version on their web site. If you really want it, pay for it.
• Don't run joke programs just because your friend tried them and said they're safe; they could be working in the background in ways you're unaware of. Would you swallow a strange pill just because someone said it was safe?
• Don't pass on bogus virus warnings.

However cautious we are we may still be the target of computer infections. Additional protection comes in the form of firewalls -- which we'll discuss in greater detail in a future issue -- and antivirus software.

Intego (http://www.intego.com), Sophos (http://www.sophos.com), Symantec (http://www.symantec.com), and McAfee (http://www.mcafee.com), all provide strong utilities; shop around and check out some of their free trial versions. While Microsoft Windows is much more vulnerable to virus attacks than Apple's Macintosh operating systems and Unix/Linux systems, no computer is immune. Most vendors now provide Macintosh utilities, and some also offer Linux versions, as well as version for handheld computers including Windows Pocket PC's and Palms.

Since new viruses, Trojans, and worms appear every day, it's important to keep your antivirus system up-to-date. Look for a vendor that provides regular signature updates through their web sites. Some products will even update themselves on a regular basis.

Once you have your antivirus software installed be sure to configure it properly. Usually, you can set it to scan only on demand, or at regular intervals, daily or weekly. If possible, have it scan whenever a new CD or floppy disk is loaded. Many offerings will run in the background, watching for suspicious virus-like activity. This may slow your system down a little and you may be prompted to confirm certain actions, but it's well worth it to keep your system healthy.

Antivirus utilities will eventually incorporate full spyware protection capabilities; some already do to a limited degree. For now, consider tools like Spybot Search & Destroy, written by Patrick M. Kolla (http://spybot.safer-networking.de), and Ad-aware from Lavasoft (http://www.lavasoftusa.com).