DARK SIDE OF THE COMPUTER: VIRUSES, TROJANS, AND ATTACKS
A computer virus is computer code that is designed to insert itself into other software and, when executed, is able to replicate itself and propagate with the host software or file. Viruses can be designed to damage the infected host by corrupting files, stealing hard disk space or CPU time, logging keystrokes to steal passwords, creating embarrassing messages, and other activities all performed without the computer user’s approval or knowledge. Early viruses were boot sector viruses and spread by computer users sharing infected floppy disks. Other viruses attached to e-mail or a part of the body of an e-mail, and when the code viruses were executed, a message with the virus embedded was sent to other mail clients. In some cases, the code could be designed to provide the scripts access to the user’s address book and could, in turn, propagate and use those addresses to further propagate the virusinfected message. Other viruses were designed to be attached to data files such as word documents or spreadsheets. These scripts are visual basic code that can execute when the file is loaded, and once the virus has attached itself to an application, the code in the virus will run every time the application runs.
Eugene H. Spafford notes that the first use of the term virus as referring to unwanted computer code was offered by Gregory Benford, a research physicist at the Lawrence Livermore Radiation Laboratory, who noticed that “bad code” could self-reproduce among laboratory computers and eventually got into the ARPANET.13 However, John Von Newmann actually developed the theory of self-replicating programs in 1949. In 1983, Fred Cohen formally defined the term computer virus, and he created an example of the self-reproducing code and named it as a computer virus to describe a program that is created to affect other computer programs by modifying them to include a copy of itself in the program.
DEVELOPMENT OF COMPUTER VIRUSES
1981—Elk Cloner virus
1986—The Brain virus
1999—Melissa virus
2000—I Love You virus
2001—Code Red virus
2002—Nimda virus
2003—Slammer virus
2004—My Doom virus
The Elk Cloner virus was written for Apple DOS 3.3 and spread via floppy disks; it displayed a short poem and was activated on its 50th use. The Elk Cloner virus was the first PC virus.
The Brain virus was the first worldwide virus to also spread by floppy disks, and the two brothers in Pakistan who wrote the virus did not intend for it to be a destructive virus, yet despite their intentions, it materialized into one.
The Melissa virus was based on a Microsoft Word Macro and was designed to infect e-mail messages by sending infected word documents to the first 50 people in a user’s outlook list. The Melissa virus was reported to cause more than $50 million in damages to other computer users and businesses. The I Love You virus infected millions of computers in a single day simply because the attachment stated “I Love You” and people’s curiosity caused them to open the infected attachment, which, when opened, would copy itself in different files on the user’s hard drive and also download a file that stole passwords from the victim.
The Code Red virus was directed to attack the U.S. White House as a distributed denial-of-service attack, but it was stopped before it could effect the attack. However, this virus did infect thousands of computers and caused over $1 billion dollars in damages. A second version, Code Red II, attacked Windows 2000 and Windows NT systems.
The Nimda virus was one of the fastest propagating viruses to enter the Internet, and its targets were Internet servers; it really worked as a worm and caused significant damage to many users.
The Slammer virus in 2003 was a Web server virus that also roamed through the Internet at incredible speed. Many corporations in both the financial services and airline industries suffered significant losses estimated in the range of several billion dollars.
The My Doom virus used a denial-of-service attack script and sent search engine requests for e-mail addresses, causing companies such as Google to receive millions of requests and severely slow down services and, in some cases, to close down companies.
Worms do not change other programs, but a worm is a computer program that has the ability to replicate itself from computer to computer and to cross over to network connections. It is important to stress that while worms do not change other programs, they may carry other code that does change programs, such as a true virus.
In 2007, the “Storm” worm used social media approaches to fool computer users into situations where they loaded botnets into their computers, and Bruce Schneier reported that millions of computers were infected by this worm, which carried virus code as well.
A Trojan horse is a program that masquerades as a legitimate application while also performing a covert function. Trojan horse programs do not propagate on their own, so they rely on users to accept the executables from untrusted sources. Consequently, this becomes a major social engineering problem.