PC Viruses
How they got the name
What they are
How they spread
How to prevent them
and how to prevent their annoying evil twin, virus hoaxes
PC Viruses
How they got that name
PC Viruses
How they got the name

Computer viruses are called viruses
because they share some of the traits
of biological viruses.
• A computer virus passes from computer
to computer like a biological virus passes
from person to person.
PC Viruses
How they got the name

A biological virus is not living.
• It’s a fragment of DNA inside a protective
jacket. Unlike a cell, a virus has no way
to do anything or to reproduce by itself -it is not alive.

Computer viruses also can not
reproduce by themselves
PC Viruses
How they got the name

A biological virus inject itself into a
cell
• And uses the cell's existing machinery to
reproduce itself

A computer virus “piggybacks” on top
of a program or document
• And “reproduces (gets executed)
• Once running, it’s able to infect other
programs or documents
PC Viruses
What they are
PC Viruses
What they are

A virus is a small piece of software
(code) that piggybacks on real
programs, like Excel, that have
“embedded executable languages”
• Macro languages -- Visual Basic, etc.
• Each time the program runs the virus
runs, too
• and it has the chance to reproduce (by
attaching to other programs) or wreak havoc.
PC Viruses
What they are

E-mail viruses
• An e-mail virus moves around in
attachments to e-mail messages, and
usually replicates itself by automatically
mailing itself to dozens of people in the
victim's e-mail address book.
PC Viruses
What they are

Dave Parry, TPC User explains
• Most e-mails are sent as plain ASCII text,
which cannot run programs.
• Word and Excel files can carry viruses
because they have a macro language.
• The files as such are quite harmless if they
have no macros.
• One way to cleanse WinWord DOC files is
to save them as RTF, which is text only
and no macros.
PC Viruses
What they are

TPC October Meeting participants
respond:
• email that uses HTML coding can carry
viruses embedded in the HTML coding of
the message.
• Users have a choice to use HTML coding
or not
• the suggestion from the floor was to turn it off
PC Viruses
What they are

Trojan Horse
• A Trojan horse is a computer program
• The program claims to do one thing
(it may claim to be a game)
but instead does damage when you run it
(it may erase your hard disk)
• Trojan horses have no way to replicate
automatically.
PC Viruses
What they are

Worms
• A worm is a small piece of software that
uses computer networks and security
holes to replicate itself.
• A copy of the worm scans the network for
another machine that has a specific security
hole.
• It copies itself to the new machine and starts
replicating from there
PC Viruses
What they are

Worms and Trojan horses are actually
more common today than viruses.
• Antivirus programs offer protection
against all viruses, worms, and Trojans
• refer to all of these types of malware as
viruses.
PC Viruses
How they spread
PC Viruses
How they spread

A virus runs first when a legitimate
program is executed.
• The virus loads itself into memory and
looks to see if it can find any other
programs on the disk.
• If it can find one, it modifies it to add the
virus's code to the new program.
• Then the virus launches the "real program."
PC Viruses
How they spread

The user has no way to know that the
virus ever ran.
• Unfortunately, the virus has now
reproduced itself, so two programs are
infected.
• The next time either of those programs
gets executed, they infect other
programs, and the cycle continues.
PC Viruses
How they spread

When the infected program
• is distributed by
• floppy disk
• uploaded to a bulletin board
• zipped and delivered as an executable
• then other programs get infected

This is how viruses spread
PC Viruses
How they spread

Virus Attacks
• Some sort of trigger will activate the
attack phase, and the virus will then "do
something”
• Anything from printing a silly message on
the screen to erasing all of your data.
• The trigger might be a specific date, or the
number of times the virus has been replicated,
or something similar.
PC Viruses
How they spread

Virus creator’s tricks
• load viruses into memory so they ran in
the background
• infect the boot sector on floppy disks and
hard disks
PC Viruses
How to prevent them
PC Viruses
How to prevent them

Run a secure operating system like
UNIX or Windows NT
• security features keep viruses away



Buy virus protection software
Avoid programs from unknown
sources (like the Internet)
Stick with commercial software
purchased on CDs
PC Viruses
How to prevent them

With E-mail viruses
• defense is personal discipline
• Never double-click on an attachment that
contains an executable program
• Attachments that come in as
• Word files (.DOC), spreadsheets (.XLS), images (.GIF
and .JPG), etc., are data files
• and they can do no damage
• excepting the macro virus problem in Word and
Excel documents mentioned above
PC Viruses
How to prevent them

With E-mail viruses
• defense is personal discipline
• Never double-click on an attachment that
contains an executable program
• A file with an extension like .EXE, .COM or
.VBS is an executable
• and an executable can do all sorts of damage
• once run, you have given it permission to do
anything on your machine.
• Never run executables from e-mail.
PC Viruses
How to prevent them

Don’t victimize yourself
• learn where to find legitimate
information on hoaxes, myths etc.
• do not forward warnings if you haven’t
personally checked them out!



vmyths.com/index.cfm
http//antivirus.about.com
www3.ca.com/virusinfo/
PC Viruses
How to prevent them

Some rules of thumb:
• if you merely find JDBGMGR.EXE on your
computer, then it's probably not infected;

But. . .
• if you receive JDBGMGR.EXE as an email
attachment, then it probably is infected.
PC Viruses
How to prevent them

TPC Member Jim Tittsler reports:
• “...there have been problems with buffer
overflows where downloading a message
with carefully crafted Date: header was
enough to execute code.
• No attachment, no preview or "opening"
required, since the attack begins when the
client retrieves the Date: header of the
message from the server.
• http://www.iss.net/security_center/static/4953.php
PC Viruses
How to prevent them
Don’t fall for the

"False Authority Syndrome”
• Most people who claim to speak with
authority about computer viruses have
little or no genuine expertise.
• The person feels competent to discuss
viruses because of
• his job title,
• because of expertise in another computer field,
• simply because he knows how to use a computer
PC Viruses
How to prevent them

E-mail is clearly the predominant
vulnerability point for viruses
• Current viruses are spread via security
holes in Microsoft Outlook and Outlook
Express
• Free patches are available from Microsoft
to address these problems
• many people are reluctant to apply them.
PC Viruses
How to prevent them

First, update your system with
Windows Update and Office Update
• or, buy a Mac

Buy virus protection software
• eTrust EZ Anti Virus
• (TPC NG’s Tom Young from Osaka recommends it)
• http://www2.my-etrust.com/products/Antivirus
PC Viruses
How to prevent them

What’s the best one to buy?
• The WildList International:
• As each package offers slightly different
features, only the individual or corporate
administrator can decide which package
would best suit the need.
• There are a number of papers written on how
to choose the best personal antivirus
software.
PC Viruses
How to prevent them

What’s the best one to buy?
• The WildList International:
• We encourage you to arm yourself with as
much knowledge as possible prior to making a
final purchasing decision.
• This includes being familiar with
• the affiliation of the authors of such papers and
• any affiliations between testers and software
developers.
• (see False Authority Syndrome)
PC Viruses
How to prevent them
Product
(rated by PC Magazine)
Norton Anti Virus 2002
McAfee Security Suite
Trend PC-Cillin 2002
Panda Antivirus Platinum 6.0
Norman Virus Control 5.2
McAfee Virus Scan 6.0
Kaspersky Anti-Virus Personal
F-Secured Anti-Virus Pesonal Edition
ETrust EX Armor Suite
Editor's
Rating
5
No rating
3
4
3
3
3
3
3
Member's
Rating
3
No rating
4
No rating
No rating
4
No rating
No rating
No rating
PC Viruses
How to spot a hoax
PC Viruses
How to spot a hoax

"Thoughts travel faster in a vacuum."
• Think about it. By removing the actual
thinking process, thoughts can travel
uninhibited and thus exceed all logical
bounds.
• In addition, such thoughts often tend to
become hyperdriven (adj. driven by hype).
PC Viruses
How to spot a hoax

Rule of thumb: If you receive a virus
alert message, don't believe it.
• There are warnings usually in ALL CAPS
about reading or downloading an e-mail
message
• Also look for the multiplication of exclamation
marks.
• Salvation by immediate deletion is also
nearly universal.
PC Viruses
How to spot a hoax


For some reason the word "miscreant"
is a common catchphrase in hoaxes.
Hoax viruses always seem to wield
the powers of a vengeful binary god.
• Such godlike viruses can often do nasty
things to your system that are beyond the
abilities of software, mere mortals, or
even most hardware technicians.
PC Viruses
How to spot a hoax

(it says) forward this mail to anyone
you care about.
• Here it is. This is the replication engine.
This is what gives the virus the pesky
lifelike ability to multiply. This is also a
dead giveaway that it is a hoax.
PC Viruses
How to spot a hoax

The Authoritative Source Syndrome
• "Whoa! The FCC. This must be real."
• This aspect of cited authority is meant to lend
credibility to the hoax.
• The truth is, however, that according to the FCC
they have never, and will never, send out virus
warnings.
PC Viruses
How to spot a hoax

Superlative abilities of the virus:
• unparalleled in its destructive capability
• this virus is "highly intelligent”
• Odd. All the viruses seen (at IBM Research)
are extremely dumb.
• “most destructive”
• “most polymorphic”
• “stealthiest” virus.
PC Viruses
How to spot a hoax


The language is crafted to sound
technical.
It uses computer jargon
• It tends to lend credibility to the hoax.
• Do you believe that a CPU can be
melted
down by "an nth-complexity
infinite binary
loop”?
Bonus Pack!
TPC User Comments
PC Viruses Bonus Pack!
TPC Users comment

Recent virus unleashed!
• W32/Bugbear@MM
• found on McAfee’s site
• reported by TPC Member Sam Julien
PC Viruses Bonus Pack!
TPC Users comment

Andrew Hayes writes:
• “Store your original program installation
CD's and license information in a safe
place (A safe place is not next to you PC)
• Keep backups of your data or any
downloaded software
• (after it has been thoroughly scanned)
• Run AV software 24/7
PC Viruses Bonus Pack!
TPC Users comment

Andrew Hayes writes:
• Don't open email attachments unless
you're 110% certain they are safe,
• if you're not expecting something from a
friend, confirm with them before opening it.
• (He’s) seen a few infected systems, from
a relatively benign Word Macro virus to
one that trashed the HDD (so that) a lowlevel format was need to get it working
again.
PC Viruses Bonus Pack!
TPC Users comment

Andrew Hayes writes:
• “I also saw one that blew the mobo by
setting registers to a certain combination
that caused an overload in part of the
circuit, but I'm sure those sort are very
rare now.
• Modern motherboards don't have those
types of defects, do they?”
PC Viruses Bonus Pack!
TPC Users comment

David Parry (uses)
• Virus Buster from Leprechaun Software
• Updates are available very soon after a new
virus appears
• e-mailed notification of new viruses and also
news of hoaxes.
• (He) gave up on McAfee after paying for upgrades
and getting the runaround when (he couldn’t) log in
to download the goodies.
• He goes on to say that the Australian Gov’t
uses Leprechaun antivirus software
PC Viruses Bonus Pack!
TPC Users comment

CR Lipton has interesting comments
• about security on the Trend Micro site
• “Apparently, if this morning's CNet News is to be believed, one of the
things you should NOT do is to scurry down to the Trend Micro
website and buy anything from them.
• According to the story, their shopping pages have a little glichette
that causes it to pop up with the previous buyer's name, address, and
credit card information already filled in for you.
• If anyone wants to, they can then charge their purchase to your credit
card while getting the product delivered to themselves.
• And, even better, your credit card info continues to be displayed until
the next honest person erases yours and types in theirs.
PC Viruses
Resources
PC Viruses
Resources









www.tokyopc.org/ Chit Chat Newsgroup -- Chit Chat “Personal Computer Virus Attacks”
www.vmyths.com/ This site is NOT sponsored by antivirus companies – it lists virus
hoaxes
www.symantec.com/avcenter/hoax.html Here’s another hoax site, from Symantec
www.symantec.com/avcenter/ Symantec Security Advisory site
www.howstuffworks.com/virus.htm How computer viruses work
www.cert.org/other_sources/viruses.html Carnegie Mellon Software Engineering
Institute, CERT® Coordination Center Computer Virus Resources
www.virusbtn.com/ Virus Bulletin Independent Anti Virus Advice
www.ciac.llnl.gov/ciac/CIACVirusDatabase.html Although the Computer Incident
Advisory Capability site (associated with the DOE) is no longer being maintained, it has
loads of advice and information about PC and Mac viruses. Also links to other sites that
are being maintained.
www.zdnet.com/products/stories/reviews/0,4161,2248291,00.html
ZD Nets tells
you how to protect against computer viruses.
PC Viruses
Resources




www.special.northernlight.com/compvirus/ Current news, Journal articles and
editorials; Virus Writers and Hackers; Journals, Portals and Reference; US
Government Resources; Web bugs; Malware, Spyware, Adware and Trojan Horses;
Diagnostics; Anti-Virus Solutions (over 30 of them!)
www.research.ibm.com/antivirus/SciPapers/Wells/HOWTOSPOT/howtospot.htm
l Joe Wells seminar and funny paper on getting “in the know”
www.jaring.nmhu.edu/virus.htm Computer viruses have been with us since the
late 1980s and continue to increase in number. The following list includes some of the
best sites on the Internet for describing computer viruses as well as links to many of
the top anti-virus software sites. From Wayne Summers at New Mexico Highlands
University.
www3.ca.com/virusinfo/ More than I ever wanted to know about computer viruses.
The Virus Information Center serves as a rich, up-to-the-minute resource, containing
detailed information on viruses, worms, Trojans, and hoaxes, as well as valuable
documentation on the implementation of comprehensive antivirus protection. CA’s
eTrust Antivirus Research Centers monitor around-the-clock to defend against the
damaging effects a virus outbreak could cause.
PC Viruses
Resources






www.sophos.com/virusinfo/whitepapers/videmys.html An introduction to
computer viruses written by Carole Theriault, carole.theriault@sophos.com, Sophos
Plc, Oxford, UK and first published in: October 1999
www.cknow.com/vtutor/index.htm Computer Knowledge Virus Tutorial
www.pcmag.com/article2/0,4149,6276,00.asp PC Magazine Personal Antivirus
Article
www.wildlist.org/ The world's premier source of information on which viruses are
spreading In the Wild. But don't take our word for it. Read what PC Magazine,
MSNBC an others have to say about us
www.research.ibm.com/antivirus/SciPapers.htm With scientific papers titled,
Where There’s Smoke, There’s Mirrors, how can you go wrong?
http://vil.mcafee.com/dispVirus.asp?virus_k=99728McAfee detailed information
on latest virus released into the Wild.
PC Viruses
Thank you!