Kinds of Computer's Viruses

1. What is a computer virus?

A computer virus is a program designed to spread itself by first infecting program files or the system areas of hard and floppy disks and then making copies of itself. Viruses usually operate without the knowledge of the computer user.

2. What kind of files can spread viruses?

Viruses can infect any type of executable code, not just the files that are commonly called 'program files'. Viruses can be spread by:

• Executable code in the boot sector of infected floppy disks
• Executable code in the system area of infected hard drives
• Word processing and spreadsheet documents that use infected macros
• Infected HTML documents that contain JavaScript or other types of executable code

Since virus code must be executed (run) to have any effect, files that the computer treats as pure data are safe. This includes graphics and sound files such as .gif, .jpg, .mp3, .wav, etc., as well as plain text in .txt files. For example, just viewing picture files won't infect your computer with a virus. The virus code has to be in a form, such as an .exe program file or a Word .doc file, that the computer will actually try to execute.

Note: A security vulnerability does exist in Windows XP SP1 and some versions of Microsoft software like Office 2003. A buffer overrun vulnerability exists in the processing of .jpg image formats that could allow remote code execution on an affected system.

3. How do viruses spread?

When you start a program that's infected by a virus, the virus code will execute (run) and try and infect other programs. This can infect the same computer or other computers connected to it on a network. The newly infected programs will try to infect more programs and computers.

When you share a copy of an infected file with other computer users, opening the file may also infect their computers; and files from those computers may spread the infection to yet more computers.

If your computer is infected with a boot sector virus, the virus tries to write copies of itself to the system areas of floppy disks and hard disks. Then the infected floppy disks may infect other computers that boot from them, then the virus on the computer will try to infect more floppies inserted into it.

4. What do viruses do to computers?

Viruses are software programs, the actual effect of a virus depends on how it was programmed by the person who wrote the virus.

Some viruses are designed to overwrite boot sectors and interfere with your computer's operation (boot viruses), others damage your computers memory operation then try and spread themselves around by picking up e-mail or network addresses off your computer (worm viruses). Still others will wipe files from the hard drive and destroy system files (Trojan viruses) and finally there are ones that infect document files, electronic spreadsheets and databases of several popular software packages (Macro viruses).

Viruses can't do any damage to hardware: they won't melt down your CPU, burn out your hard drive, cause your monitor to explode, etc. Warnings about viruses that will physically destroy your computer are usually hoaxes, not legitimate virus warnings.

5. Virus Hoaxes

With increased use of the Internet there is a growing number of viruses that can be spread via email. Many computer users use the Internet to warn friends and colleagues of these threats. At the same time, there has also been a growth of virus hoax warnings. These warnings describe viruses with impossible characteristics. They can cause panic and lead to misconceptions about computer viruses. Forwarding these hoax warnings on only perpetuates the problem, and can waste time and system resources.

Identifying a Hoax

Virus hoaxes follow a basic which should give it away for what it is. Typical phrases in the body of a virus hoax might be:

• Do not open! Doing so will result in the deletion of all of the files on your hard drive!
• Forward this message to all your friends!
• This is not a hoax!
• Look for emphatic statements, the frequent use of UPPERCASE LETTERS and multiple exclamation points!!!!!!!

Basically, warning messages encouraging you to forward the information to all your email contacts will often be hoaxes. Read these messages carefully and use your common sense. Look for inconsistencies, some hoaxes have nothing to do with viruses. Instead they may promise the user something for free in return for forwarding the message.

6. What's the story on viruses and E-mail?

You can't get a virus just by reading a plain-text E-mail message or Usenet post. What you have to watch out for are encoded messages containing embedded executable code (i.e., JavaScript in an HTML message) or messages that include an executable file attachment (i.e., an encoded program file or a Word document containing macros).

In order to activate a virus, your computer has to execute (or run) some type of code. This could be a program attached to an E-mail, a Word document you downloaded from the Internet, or something received on a floppy disk. There's no special hazard in files attached to Usenet posts or E-mail messages: they're no more dangerous than any other file.

Here are some points to remember when receiving or reading email messages:

1. If you receive an email with an attached file from an unknown source, simply delete it.
2. Virus programs must have code that is executed in order to infect. If you "double-click" an attached file on an email message, you are executing code and may infect your machine.

Note: Newer anti-virus software is capable of scanning these attachments before they are opened. James Cook University uses a virus protection program called Sophos, which scans all incoming and outgoing email message attachments for viruses. If it detects a virus it will replace the infected file with a "Virus Warning.txt" file to prevent the recipient's computer from becoming infected..

7. What is 'spoofing' is it some kind of spam?

No 'spoofing' is not spam, it is caused by a computer virus. Sender forging' or 'spoofing' is when an email address of an infected computer is replaced with another address, often randomly plucked off the infected computer by the virus. Sender forging is normally done just before the virus sends itself out to more potential victims. By changing the address in the 'Sender' field, no one knows who sent the email or where it came from.

Some gateway applications that scan email attachments for viral content email auto-reply when a virus is found. If the 'Sender' name has been forged, the auto-reply can be received by an innocent party, causing undue confusion and stress.

We recommend that users do not respond to emails from auto-responders accusing them of being infected and spreading a virus. However, you should consider double-checking your computer for the latest viruses just in case you are genuinely infected.

8. What is Phishing?

Phishing attempts to fraudulently acquire sensitive information, such as usernames, password and credit card details. Recent phishing attempts have targeted the customers of banks and online payment services like eBay and PayPal. Phishing is typically carried out using email or an instant message, and often directs users to give details at a website, although phone contact has been used as well. The techniques employed involve link manipulation and website forgery so be very careful about clicking on links contained in email, even from known contacts.

9. What can I do to reduce the chance of getting viruses from E-mail?

Treat any file attachments that might contain executable code as carefully as you would any other new files: save the attachment to floppy disk and check it with an up-to-date virus scanner before opening the file.

If your E-mail or news software has the ability to automatically execute JavaScript, Word macros, or other executable code contained in or attached to a message, disable this feature.

If an executable file (extensions like .EXE .COM or .VBS) shows up unexpectedly attached to an e-mail, you should delete it unless you can positively verify what it is, who it came from, and why it was sent to you.

Just because an E-mail appears to come from someone you trust, this does NOT mean the file is safe or that the supposed sender had anything to do with it.

10. How did Spammers obtain my email address?

Rest assured that it was not from a direct intrusion against one of our servers like LearnJCU - we have security measures in place which would prevent that and the Student Contact details as found on the page can only be accessed from an internal (JCU IP address) connection. Some of the most common way that spammers extract email addresses are:

• By searching. They use specialized search engines ( Spambots ) to collect email addresses from web pages, newsgroups, bulletin boards, discussion forums, white & yellow pages, mailing lists, ... etc. automatically.
• By guessing. They can generate a random sequence of characters, hoping to match a few valid addresses.
• By purchasing. They can buy or exchange email addresses from other spammers.
• By having access to some persons' computers through Trojan viruses, that person has you in their address book and they obtain it from there.
• By social engineering. Spammers use a hoax to convince people into giving their email addresses.
• People may be required to submit their email addresses on the Internet (e.g. before downloading some software or subscribing to a forum), and these email addresses may be released to unknown persons.
• People may leave their email addresses in some dubious questionnaire that are found on the Internet.