Viruses, Worms, Trojan Horses and Zombies

Viruses, Worms, Trojan Horses and ZombiesMalicious software: Any software written to cause damage to or use up the resources of a target computer. Malicious software is frequently concealed within or masquerades as legitimate software. In some cases, it spreads itself to other computers via e-mail or infected floppy disks. Types of malicious software include viruses, Trojan horses, worms and hidden software for launching denial-of-service attacks.

Few aspects of computer security have achieved the notoriety of malicious software that preys on unsuspecting computer users. Viruses, worms, Trojan horses, logic bombs, zombies, password grabbers - the list gets longer and longer. The different types of malicious software work by a variety of methods, and they have different potentials for causing damage.

The Chernobyl and Melissa viruses and the Worm.Explore.Zip program caused extensive PC damage after spreading themselves around the world through e-mail last year. The denial-of-service attacks that brought major e-commerce Web sites to their knees earlier this year were launched by malicious software hidden on hundreds of Internet-connected computers without their owners' knowledge.

A mini-industry of organizations, professionals and volunteers has sprung up to categorize malicious software, issue warnings and market software designed to detect, locate and eradicate such programs. New malicious code appears monthly, generated by an underground community of programmers apparently motivated by the desire to cause damage, steal information or sometimes just prove their technical prowess.

Viral Threats

Viruses are the best-known type of malicious software. These programs secretly attach themselves to other programs. What makes them dangerous is that, before they do whatever damage they may be programmed for, they first copy themselves to additional program files. Thus, computer viruses infect and reproduce in a fashion somewhat analogous to biological viruses.

The scope of the threat has changed significantly in the past few years, says Sal Viveros, director of McAfee Active Virus Defense at Network Associates Inc., a Santa Clara, Calif.-based vendor that develops programs to protect against malicious software.

"Five or six years ago, viruses were spread by floppies," Viveros says. "They were called boot-sector viruses because they booted off the floppy drive. At that time, virus infections were very regional; they spread, but (they) took longer than they do today.

"Then came the applications with macros - programs like Microsoft Outlook or Word - that attracted a huge number of macro viruses," he adds.

"Last year came Melissa and the other mass-mailing e-mail viruses," Viveros notes. "And at the end of last year there was a virus called BubbleBoy that you could get just by opening your e-mail because it used the Visual Basic scripting language in the e-mail."

Viruses are still the biggest computer security problem. According to The WildList Organization International, an independent group that tracks viruses, there are more than 300 viruses "in the wild" that represent a threat to computer users. That's only a fraction of the 50,000 known malicious software codes, Viveros says.

Symantec Corp. in Cupertino, Calif., another vendor of antivirus software, sees copies of about 15 new viruses a day, although most are never released, says Vincent Weafer, director of Symantec's Antivirus Research Center in Santa Monica, Calif.

Peaks in new virus production occur in the fall and after the winter holidays - dates that coincide with the end of college vacations, when young programmers have had time to develop new viruses, according to Weafer.

Macro viruses, which are triggered by automated tasks within programs such as Microsoft Word, are today's biggest threat. Last month, they accounted for nine of the top 15 viruses, Viveros says. There are also some complex variations such as polymorphic and stealth viruses, which try to avoid detection by changing their internal structure, he says.

Other Malefactors

In addition to viruses, there is a growing threat from other types of malicious software, including Trojan horses, worms and denial-of-service attacks, Viveros says. And hostile Java applets are an emerging threat.

A Trojan horse, like its mythological namesake, is a program that appears legitimate but contains a second, hidden function that may cause damage. A common type of Trojan horse is often distributed by e-mail with the aim of stealing passwords from a victim's computer and then e-mailing the stolen data to an anonymous recipient.

Worms use up computer resources such as memory and network bandwidth, slowing down both PCs and servers. In addition, worms sometimes delete data and spread rapidly via e-mail.

In denial-of-service attacks, specific Web sites are overwhelmed by an intentional onslaught of Internet traffic. Such attacks rely on launching programs, sometimes called zombies, that have previously been hidden on hundreds of Internet-connected computers that belong to unsuspecting third parties such as universities, Weafer says.

Hostile Java applets steal information from or cause damage to the computers of users who visit hostile Web sites. Victims may be tricked into visiting the sites when they click on links they receive via e-mail, Viveros says. Although they aren't yet a major problem, hostile applets "are the next big threat," he says.