On the Origin and Evolution of Computer Viruses

0

Trends and industry analysts state that the efforts of the propagators will not relent. Last year marked the first ever mobile phone virus and Bluetooth technology, for example, compounds the threats to security. 35% of PCs in the US are infected while in China and India the rates hit 50%.

Experts in the field of security report the first virus was spread as early as 1981. Fred Cohen, however, wrote in his seminal paper that the first virus was conceived as an experiment on November 3rd, 1983. Since then viruses and malware have plagued and wreaked havoc among computer systems worldwide.

Risks through the Internet

With the advent of such communications advances like the Internet, mobile telephony and Bluetooth (a short range radio technology that simplifies wireless communication among devices such as computers and mobiles. It also aims at quickly and easily connect these devices to the Internet) computer viruses have spread at an alarming rate. The downside to such advances is that where before only a few computers would get infected, now thousands, if not millions, are at the mercy of virus authors.

Early Threats Disable 10% of Computers Infected

In 1987 a large network (ARPANET) used by universities and the US government was infected by a virus. Robert Morris, son of a computer security expert for the National Security Agency, sent malicious code through ARPANET, affecting about 10% of the connected computer hosts – at the time there were only 60,000 hosts connected to the network. The code reproduced itself and filtered through network computers; consequently, the size of the files filled computers’ memories, thus disabling numerous machines.

An alarming 66% of PCs today are Infected by Spyware and 35% are infected by viruses in the US. Today, an estimated 1.21 billion people (Computer Industry Almanac) are connected to the Internet with millions of computer hosts connected chatting, exchange files, emails and communicating in general. Can you imagine how easy it is to spread a virus or malware?

One anti-spyware developer, reports that the infection rate of malicious spyware at companies is approximately at 7% and adware appears on an incredible 52% of machines. 3 to 5% of enterprise machines had keyloggers. At homes, the percentages are much higher. The same anti-spyware developer reports that 66% of the PCs scanned by its online tool were found to be infected with an average of 25 spyware entities each. If one were to define cookies as spyware than the rate will shoot up to 88%! Adware was found on 64% of the machines. Viruses and Trojans, reports the company, were found on 7% and 19% of the machines respectively.

According to Panda Software, over 50% of PCs in India and China, for example are infected with a virus. In the US and the UK, the rate is 35%. All in all, this means that many people still remain without active protection today.

Anti-virus is not enough

In a study performed by security firm Checkbridge, the company ran 2 million email messages through three famous email scanners. None of the programs tested caught all the viruses. The success rates of the scanners varied from 97% to 64%. The CEO of Checkbridge also states that in many cases using two scanners at the same time does not guarantee pinpointing all the viruses all of the time. Similarly, many computer experts report that using two or three anti-spyware programs usually manages to delete 95%+ of spyware.

Pillars of Security

How can you protect your system and your data in the midst of so many threats to security coming from so many different sources?

Just think, malware (malicious code) has been around for almost 25 years already. Every year, millions of people and businesses lose substantial sums of money in terms of lost and, many times, irrecoverable data. To top it all, some viruses hog system resources and Internet connections making it impossible to work or play. And this does not include the frustration and anger at not being able to pinpoint the source of the problem.

One of the very first steps to protecting your PC is to make sure that the operating system (OS) is updated. This is critical as OS manufacturers such as Microsoft Windows update security features of their products continuously to cover any potential and actual loopholes.

Secondly you should have updated anti-virus software running on your system. Make sure to choose one of the better ones on the market today – a few dollars wont break you but a virus will. Make sure that the anti-virus software is updated frequently (sometimes even daily if needs be) with fixes to the actual engine and to the database files that contain the latest cures against new viruses, worms and Trojans. The anti-virus software must have the ability of scanning email and files as they are downloaded from the Internet to help prevent malware reaching your system.

Many users are using a third component for their home and/or computer system security – firewall software. A good system prevents unauthorised use and access to your computer from external sources (e.g. hackers or hijackers) plus giving you additional protection against the more common Trojans and worms. A firewall on its own will not get rid of the virus problem but when used in conjunction with your OS updates, anti-virus software and processlibrary.com information, it will give you deeper system security and protection.

A fourth component for security is manual intervention. This option may be daunting to any beginner, however, such intervention will definitely help you combat insipid Trojans that may not be removed by your standard anti-virus and spyware products.

I would like to explain two tools that may be used intervene when all else fails – the native Windows Task Manager to help you list all the processes running on your PC and a good online library that explains what these processes are for and whether they are legitimate or not. Of course, you need to use these tools with care. Hit CTRL+ALT+DEL to call up the Windows Task Manager to help you identify most of the processes running on your computer – this is an in-built Windows OS functionality. Go through the processes one by one and then search for the process names in one of the many process libraries available – I use processlibrary.com but there are many others including neuber.com, file.net, and bleepingcomputer.com. In any case, these libraries are directories of information (typically free of charge) with search functionality.

With this information you can immediately identify any possible new threats that may have infiltrated into your system. The definitions will help you cover that window of time until your preferred anti-virus and anti-spyware software vendors update their scanners. When identified just search the process within the processlibrary.com database and you’ll have an exact definition and advice on what to do.

Fighting Spyware, Adware and Other Forms of Malware

In some cases, it is not that easy to realize that spyware and related forms of malware are installed on your system.

In other cases, you will almost immediately notice changes to your web browser that you didn’t make. These changes include toolbars that you didn’t want installed, different homepage settings or changes to your security settings and favourites list.

Other signs of spyware include advert pop-ups which are not related to the website being viewed at the time. Many such adverts usually relate to pornography or emoticons or performance/security optimizers and are not displayed as they are usually shown on legitimate adverts. Adverts may also appear when you are not surfing the web. Spyware is not only annoying but it slows your system performance, causes start-up time to increase, hogs your Internet connection and on occasion will lead to system crashes.

You should install an anti-spyware software package. There are some good ones on the market and many experts go as far as suggesting installing two or three since any single package may not be powerful enough to find all the entries and changes to your registry and other files made by spyware. Such malware is installed like any other application on your system thus leaving traces of itself on the registry files of and other places with your system. Anti-spyware works by looking for these traces and deleting them.

Also beware of what you download from the Internet. Make sure that the sources that you download stuff from are know to you – and even here you have to pay extreme attention. For example, not all companies who claim their software contains adware are really offering adware only! There’s always the possibility that there is spyware disguised in the program. Make sure that you read privacy policies and license agreements. Also firewalls should help you greatly in the fight against spyware and malware.

New Forms of Security Threats

Malware authors and hackers are always looking for new ways of disrupting the normal operation of your system and, worse still, stealing your private data. Cross site request forgery (CSRF) is a form of website attack also known as session riding. According to leading security experts (e.g., Jeremiah Grossman) this form of attack is rare yet it is a “sleeping giant”.

Here is an excerpt that explains what CSRF is taken from an excellent CSRF FAQ: “Cross Site Request Forgery (also known as XSRF, CSRF, and Cross Site Reference Forgery) works by exploiting the trust that a site has for the user. Site tasks are usually linked to specific urls (Example: [http://site/stocks?buy=100&stock=ebay]) allowing specific actions to be performed when requested. If a user is logged into the site and an attacker tricks their browser into making a request to one of these task urls, then the task is performed and logged as the logged in user. Typically an attacker will embed malicious HTML or JavaScript code into an email or website to request a specific ‘task url’ which executes without the users knowledge, either directly or by utilizing a Cross-site Scripting Flaw. Injection via light markup languages such as BBCode is also entirely possible. These sorts of attacks are fairly difficult to detect potentially leaving a user debating with the website/company as to whether or not the stocks bought the day before was initiated by the user after the price plummeted.” Click here to read the whole FAQ

So What is the Solution? The solution is to try to work hard to minimize threats to security by using the right tools and by demanding that the websites you use on a regular basis take a similar approach.

Leave a Reply