Virus
Primer (courtesy
of TrendMicro)
(Note:
Always be sure to check first to see if something
is a virus or a hoax before accepting an email
message as the real fact. This will avoid problems. If a file is a virus
it will be listed.
What is Malware?
Malware – short for malicious
software – refers to any malicious or unexpected program or code such as
viruses, Trojans, and droppers. Not all malicious programs or codes are
viruses. Viruses, however, occupy a majority of all known malware to date
including worms. The other major types of malware are Trojans, droppers,
and kits.
Due to the many facets of
malicious code or a malicious program, referring to it as malware helps
to avoid confusion. For example, a virus that also has Trojan-like capabilities
can be called malware.
What is a Trojan?
A Trojan is malware that
performs unexpected or unauthorized, often malicious, actions. The main
difference between a Trojan and a virus is the inability to replicate.
Trojans cause damage, unexpected system behavior, and compromise the security
of systems, but do not replicate. If it replicates, then it should be classified
as a virus.
A Trojan, coined from Greek
mythology's Trojan horse, typically comes in good packaging but has some
hidden malicious intent within its code. When a Trojan is executed users
will likely experience unwanted system problems in operation, and sometimes
loss of valuable data.
What is a Virus?
A computer virus is a program
– a piece of executable code – that has the unique ability to replicate.
Like biological viruses, computer viruses can spread quickly and are often
difficult to eradicate. They can attach themselves to just about any type
of file and are spread as files that are copied and sent from individual
to individual.
In addition to replication,
some computer viruses share another commonality: a damage routine that
delivers the virus payload. While payloads may only display messages or
images, they can also destroy files, reformat your hard drive, or cause
other damage. If the virus does not contain a damage routine, it can cause
trouble by consuming storage space and memory, and degrading the overall
performance of your computer.
Several years ago most viruses
spread primarily via floppy disk, but the Internet has introduced new virus
distribution mechanisms. With email now used as an essential business communication
tool, viruses are spreading faster than ever. Viruses attached to email
messages can infect an entire enterprise in a matter of minutes, costing
companies millions of dollars annually in lost productivity and clean-up
expenses.
Viruses won't go away anytime
soon: More than 60,000 have been identified, and 400 new ones are created
every month, according to the International Computer Security Association
(ICSA). With numbers like this, it's safe to say that most organizations
will regularly encounter virus outbreaks. No one who uses computers is
immune to viruses.
Life Cycle of a Virus
The life cycle of a virus
begins when it is created and ends when it is completely eradicated. The
following outline describes each stage:
Creation
Until recently, creating
a virus required knowledge of a computer programming language. Today anyone
with basic programming knowledge can create a virus. Typically, individuals
who wish to cause widespread, random damage to computers create viruses.
Replication
Viruses typically replicate
for a long period of time before they activate, allowing plenty of time
to spread.
Activation
Viruses with damage routines
will activate when certain conditions are met, for example, on a certain
date or when the infected user performs a particular action. Viruses without
damage routines do not activate, instead causing damage by stealing storage
space.
Discovery
This phase does not always
follow activation, but typically does. When a virus is detected and isolated,
it is sent to the ICSA in Washington, D.C., to be documented and distributed
to antivirus software developers. Discovery normally takes place at least
one year before the virus might have become a threat to the computing community.
Assimilation
At this point, antivirus
software developers modify their software so that it can detect the new
virus. This can take anywhere from one day to six months, depending on
the developer and the virus type.
Eradication
If enough users install
up-to-date virus protection software, any virus can be wiped out. So far
no viruses have disappeared completely, but some have long ceased to be
a major threat.
What can you do to Protect
against Malware?
There are many things you
can do to protect against malware. At the top of the list is using a powerful
antivirus product, and keeping it up-to-date with the latest pattern files.
To learn more about Trend Micro's offerings, and find out which solution
is right for you, please view the interactive Trend Micro Enterprise Solution
diagram. You may also visit the ICSA Web site for further suggestions.
|
