Tag / virus

by Kush Sharma

Does your machine behaving weird these days?

sick pc

Keep in mind that a combination of symptoms is much more likely proof that you’re infected: rarely does a virus have just one effect. That said, here’s a checklist of what to look out for before you press the almighty Scan button on your anti-virus (if the virus hasn’t already disabled it!).

 

    1. 0Your computer takes charge and does things on its own—moving the mouse cursor all by itself, randomly closing and opening windows, showing you messages that say “We’ve got you!” and so forth. If any of this is happening, we don’t even need to tell you that you’re infected!
    2. 1Your computer often stops responding. This is more so a sign of an infection with Windows 7 than with earlier versions: Windows 98 used to stop responding often even without infection, so that doesn’t mean much!
    3. 2The crashes-and-restarts-on-its own syndrome: this is a pretty good indicator of viral activity on your computer. Of course, it could be something else, but if this is happening and your antivirus is working, why not do a scan anyway?
    4. 3Several apps seem broken. The key word here is “several”: one program not working correctly, like we said, is seldom an indicator of a virus. But if you notice functional anomalies in several applications, it’s time to scan.
    5. 4Certain drives on your computer have suddenly become inaccessible, even though they show up in My Computer.

 

    1. 5Not being able to print correctly has been stated as an indicator of a viral infection, but don’t panic if you get a bad printout. It’s probably due to something else. But if it happens in conjunction with other symptoms…
    2. 6Unexpected error messages with weird codes! Of course, error messages are seldom user-friendly, so the key here is how often they pop up, and how weird they are. For example, a big red cross and an OK button that doesn’t say “OK”.
    3. 7Now this is so typical of possible viral infection that we hardly need to mention it: distorted dialog boxes and menus. Hit “Scan” immediately. And if it turns out not to have been a virus, there’s still something wrong with your computer, so have it checked.
    4. 8If, despite all our warnings in the past five years, you still opened a suspicious-looking attachment—driven, of course, by what is called the libido—and immediately after that, everything (or at least some things) went funny, you’re in for it. Hit Scan. And hope that the anti-virus will scan.
    5. 9It could be that your anti-virus needs a re-install, but it’s unlikely: if the anti-virus is disabled and you didn’t disable it, you’re very likely infected. Before panicking, first try reinstalling the antivirus. If that doesn’t work, panic.
    6. 10Continuing along those dire lines, if you’re able to install any program but an anti-virus, then yes, you are a victim.

 

    1. 11When someone tells you he or she got an infected message from you, you almost certainly have something bad on your computer. It might or might not be a virus.

 

    1. 12A not-so-common symptom, but a deadly giveaway, is the mouse pointer changing to something else. Of course, if you went to one of those “1000 cursors free!” sites and downloaded and installed cursors, then you’re infected by spyware anyway.
    2. 13Icons on the desktop that you didn’t place are again a giveaway symptom.

 

    1. 14Unnecessary shortcuts have been created of files and folders that don’t even needed.

 

  1. 15You cannot see anything in a folder or drive but it is still occupying memory space. Best solution to try is Go to Organize > Folder and Search Option > View and Unmark – Hide Protected System files, also – Select Show hidden files and folders. Most of the time you will get your hidden files through this.
  2. 16If you just installed a program—successfully—and it doesn’t work properly, or if its icons have vanished, don’t reinstall it! There’s no time to waste—quickly do a scan.
  3. 17Now this could also be an indicator of spyware, but when you notice that your modem is doing a lot of activity on its own—both sending and receiving—or if your hard disk is performing more activity than you’d expect, like chattering away when you’re not even working on anything, it could be a sign of viral infection.

Then there’s the System Configuration Utility, activated by typing in “msconfig” at a command prompt. Run it and take a good, hard look at all the programs running. If you see something with random character strings as its name… you’ve guessed it: you’re infected by either a virus or spyware. But most viruses and spyware don’t give themselves away so easily, and call themselves by decent names.

One thing to remember is that slow behavior could also be due to spyware, and it doesn’t necessarily mean a virus. Of course, it could be nothing at all, and all in your head.

You need to decide on what “slow” and “odd” mean. First off, whatever your machine, you know when it’s running slower than usual, and when that happens, there’s a possibility that you’re infected. Windows pop up more slowly. Random activity seems to be happening in the background more often than it should. Something negative seems to have happened to the overall responsiveness of the system.

by Kush Sharma

Adware and Spyware – What are they ?

Spyware - Adwares

What if you bought a music CD and every five minutes a voice came on and asked you to get a new credit card, or to change your mobile service provider, or to earn $2032 per hour just from home? What if your music listening habits were constantly being monitored? And if the force behind the voice caused your CD player to eventually go kaput? Translate that to the world that is the Internet, and what you have is adware and spyware.

What are they?

Essentially, “adware” is an abbreviation for advertising-supported software. Adware comes bundled with some commercial software which, upon installation, installs packages that download advertising material to your computer and display them. These ads are usually displayed when the user is using the original software application. However, this is not always the case. As it becomes increasingly pervasive on your computer, adware begins to pop up ads even when you aren’t using the original software application. And that’s when it gets really irritating.

Spyware, on the other hand, is irritating right from the beginning. It gets its name from the fact that it installs itself and performs (often malicious) operations on the user’s computer without his knowledge. It is intentionally designed to stealthily install itself and monitor the user’s activity, accessing information that can easily be used to someone’s  profit. Essentially, spyware, once on your computer, is used to transmit personal data to a third-party that will use it for a purpose you did not sanction.

Spyware shouldn’t be confused with viruses or worms, as a spyware package is not intended to replicate itself.

 

Cartoon virus

Courtesy : scottgbrooks

How Do They Attack?

Adware, spyware, and for that matter, any malware, can attack in a variety of ways.

Adware Attacks

As mentioned earlier, adware is usually bundled with a commercial software. It can install itself on your computer either with your permission or without your knowledge when you install the software package. Milder forms of adware are also present in the form of pop-up (and the increasingly common, pop-under) banners that pop up when you visit certain sites. These ads, sometimes referred to as “Java traps,” open up in several mini-windows—each time a window is closed by the user, code that spawns another window is activated. Programmers sometimes add adware to their software packages in order to recover some of the cost of developing the package.

If the package is freeware then the adware is used to make up for the entire cost of development. Shareware packages also sometimes carry adware that is activated once the trial period is over. Adware can have several negative effects on your computer. It generally slows it down since it gobbles up some of your system’s RAM. It also, to a large extent, slows down your Internet connection, as a lot of bandwidth can be used to download ad content.

Funny ads

Fake ads to attract attention.

Adware is generally licensed content, and therefore usually (though not always) requires the user’s permission before being installed on the user’s computer. It collects information about how one is using one’s computer and the content transmitted therein, and based on this, displays “relevant” ads in your browser. The free versions of certain browsers, like Opera, used to support adware. Come P2P clients, such as KaZaA, have adware (for example, Gator, TopSearch, etc.) that install on your computer.

However, there are very few examples of such “good” adware. Good adware allows you to uninstall it whenever you like. The other type of adware installs itself on your computer without your permission. Usually, sites with explicit content install such packages onto your computer. These could eventually “hijack” your browser, causing your screen to get filled with more and more pop-ups.

 

Spyware Attacks

Spyware is intended to gather information about a computer user without that user’s permission and knowledge. There are different levels of information that spyware intends to collect from one’s computer. The milder versions collect data about the user’s Internet usage and sends it to, say, an online advertising agency, who will then point your browser towards advertising content (read tons of pop-ups). The harsher versions of spyware can take more personal information from your Internet history such as credit card numbers and passwords.

Spyware is usually developed by individuals who want to infiltrate computers and use it to their profit. Spyware, once installed on your computer, can drastically slow down its performance, since it consumes a large amount of RAM; with every subsequent browser function, it slows down your computer further. But how does spyware get installed on your computer? Well, you don’t have to visit a pornography site to be attacked by spyware. These days, spyware has pervaded to sites with not only explicit content, but also to sites with other accessible Web content, including downloads from sources that aren’t legitimate.

Though it may seem pretty cool to have been able to get some really expensive pirated software off a warez site, you are almost certainly going to be open to spyware as you do it. The same goes for some P2P clients (like Kazaa, BearShare, and Morpheus). Spyware can get installed on your computer when you install certain software, through the ActiveX controls of malicious Web sites, or even through pop-up advertising. ActiveX is a technology used by Microsoft IE, and it allows different applications—or parts of them—that you installed on your computer to be accessed by your browser to display content. Some spyware developers are particularly cunning, disguising their spyware programs as spyware removal programs, thereby fooling users into downloading more spyware.

Spyware programs are getting more malicious by the day. They could install a variety of application DLLs on your computer that allow hackers to snoop on what you’re doing. These DLLs can do a variety of things to your computer—monitor your keystrokes on or offline, access your word processor, hijack your Web browser, display advertisements, and more. And some spyware leaves your computer even more open to attack from other spyware.

Gator basically displays advertising on the computer on which it is installed. It also installs a host of other applications like GotSmiley, Dashbar, and more, which further slow down your computer.

 

by Kush Sharma

Brief : Why you should concern about security ?

notebook-analysis-virus-pc

Hackers awaiting for your actions

Adware can bring down your PC, a virus can mass-mail annoying contents to all the contacts in your address book, a key logger can send every keystroke of yours to someone on the Net—and these are just a few risks that are out there affecting PCs. Also, for someone even moderately well versed with operating systems, getting into a poorly-secured PC is child’s play.

WHY SECURITY?

As computers become more and more integrated into our lives, we end up leaving a lot of sensitive information on our PCs—from passwords, e-mail IDs (even official e-mail IDs) and bank accounts to personal diaries and notes, business plans (or worse still, tender bids), confidential documents, a log of surfing habits (which can be viewed out of context), a backup of phone SMSes, and much more. Then there is another risk, especially when you are online—viruses and spyware. Though viruses and spyware are talked about in the same breath, there is one fundamental difference: a virus is written to cause damage to your operating system, programs or files, usually with no direct benefit to the virus creator. Spyware, on the other hand, is written for gain. This could be by tracking the surfing habits of a user on an infected computer and sending this information to someone who would send the user advertisements supposedly targeted at him based on his surfing habits.

Very strictly speaking, spyware is not intended to cause damage, at least in the traditional sense, but more often than not, they end up doing so on your PC, which is rendered difficult to repair. When we speak of computer security, what we mean is the ways in which you can prevent people from accessing data on your computer, keep your computer safe from viruses and spyware, and protect yourself from hacking and phishing.

 

The Internet

The Internet brings the world to your desktop, no doubt. But that world also includes a sub-world of spyware, worms, phishing attacks, and more. The most common of online irritants is spam e-mail. Spam is simply unsolicited email that urge you to buy herbal concoctions to enlarge certain body parts, promise youthfulness via a pill, say that you’ve won a Rolex watch, and so on. These mails invariably contain a link to a supposed online store that will ask you for a credit card number for an online payment. It is difficult to believe how someone can fall for a trick like this, but apparently, there are a few innocent people out there who get tricked into buying a “herbal” cure or a “collector’s watch.” Needless to say, you need to just delete these mails. The other common annoyance, which can also bring down your PC, is spyware / adware. The source of these is most usually pornographic sites or those with cracks for software. These sites can also be the very links you get in spam mail. Once they get installed, they are able to send a list of the Web sites you surf, and even your e-mail address. Based on your surfing habits, spam is sent to your email ID, advertising products or services that would ostensibly be of interest to you. An adware program will open browser windows all by itself and direct you to Web sites selling products of the same nature. Some of them are so designed that if you close the window that they bring up, they will open two or more instantly! If you receive a suspicious looking file in an e-mail (something like “annakournikova nude playing tennis.avi.scr”) even from a known source, do not download the file. It is likely that a virus has hacked into the sender’s e-mail client (or even disguised the sending address as something else—yes, that’s possible too) and is sending out spam or offensive mails.

 

internet_security - spyware

Spyware

The affected person may not even know that spam mails from his ID are being sent. You can be a good friend and call him up to let him know of this so he can take curative measures. Some sites even make use of the fact that people occasionally make typographical errors! A recent example is www.ork0t.com (now taken down), which you could have visited if you typed what you thought was “www.orkut.com” and made a typo. When one entered one’s user ID and password into that site, it would be used to hack into your account and send out spam to all your contacts! Phishing is a threat that can potentially rob you of your money. It’s a means of fooling you into disclosing your login details of any site / service. If you are using an e-banking service, be very careful of mails that you may receive claiming to be from your bank, asking you to fill in your login details. As a policy, most banks do not send out e-mails asking you to fill in any e-banking details. If you do receive such a mail, it is fake. Before you fill out any details on a site following a link sent via e-mail, do confirm with your bank’s customer care if they have indeed sent out such a mail. Visit only your bank’s official site for all transactions.

 

Attacks From Known Sources 

It is not uncommon for crime investigators to find that the culprit was known to the victim—this is the case with computer security as well. Someone who works at your computer may access your personal files—and even your surfing habits. It is not generally practical to keep your PC under lock and key, but what you can have is a digital version of a lock and key: set up passwords and encrypt files.

Data theft is a growing concern amongst corporates. Personal and professional harm can arise if someone gets access to your private data or worse still, your e-mail, wherein they could email someone posing as you. You can assign a password to access your PC and, similarly, password-protect your files as a first step to safeguard yourself from this risk. And, it is good practice not to let anyone install unfamiliar programs on your computer.

You must realize that given sufficient time and resources, a competent enough person can eventually break into your PC, but that is no reason to leave it entirely unsecured.

A cartoon from drxtoon

by Kush Sharma

Story of How Computer Viruses Evolved

computer-virus-evolution

Like any other field in computer science, viruses have evolved a great deal indeed over the years. In the series of press releases which start today, we will look at the origins and evolution of malicious code since it first appeared up to the present.

Going back to the origin of viruses, it was in 1949 that Mathematician John Von Neumann described self-replicating programs which could resemble computer viruses as they are known today. However, it was not until the 60s that we find the predecessor of current viruses. In that decade, a group of programmers developed a game called Core Wars, which could reproduce every time it was run, and even saturate the memory of other players’ computers. The creators of this peculiar game also created the first antivirus, an application named Reeper, which could destroy copies created by Core Wars.

However, it was only in 1983 that one of these programmers announced the existence of Core Wars, which was described the following year in a prestigious scientific magazine: this was actually the starting point of what we call computer viruses today.

At that time, a still young MS-DOS was starting to become the preeminent operating system worldwide. This was a system with great prospects, but still many deficiencies as well, which arose from software developments and the lack of many hardware elements known today. Even like this, this new operating system became the target of a virus in 1986: Brain, a malicious code created in Pakistan which infected boot sectors of disks so that their contents could not be accessed. That year also saw the birth of the first Trojan: an application called PC-Write.

Shortly after, virus writers realized that infecting files could be even more harmful to systems. In 1987, a virus called Suriv-02 appeared, which infected COM files and opened the door to the infamous viruses Jerusalem or Viernes 13. However, the worst was still to come: 1988 set the date when the “Morris worm” appeared, infecting 6,000 computers.

From that date up to 1995 the types of malicious codes that are known today started being developed: the first macro viruses appeared, polymorphic viruses … Some of these even triggered epidemics, such as Michael Angelo. However, there was an event that changed the virus scenario worldwide: the massive use of the Internet and e-mail. Little by little, viruses started adapting to this new situation until the appearance, in 1999, of Melissa, the first malicious code to cause a worldwide epidemic, opening a new era for computer viruses.

Part 1

This second installment of ‘The evolution of viruses’ will look at how malicious code used to spread before use of the Internet and e-mail became as commonplace as it is today, and the main objectives of the creators of those earlier viruses. Until the worldwide web and e-mail were adopted as a standard means of communication the world over, the main mediums through which viruses spread were floppy disks, removable drives, CDs, etc., containing files that were already infected or with the virus code in an executable boot sector.

When a virus entered a system it could go memory resident, infecting other files as they were opened, or it could start to reproduce immediately, also infecting other files on the system. The virus code could also be triggered by a certain event, for example when the system clock reached a certain date or time. In this case, the virus creator would calculate the time necessary for the virus to spread and then set a date –often with some particular significance for the virus to activate. In this way, the virus would have an incubation period during which it didn’t visibly affect computers, but just spread from one system to another waiting for ‘D-day’ to launch its payload. This incubation period would be vital to the virus successfully infecting as many computers as possible.

One classic example of a destructive virus that lay low before releasing its payload was CIH, also known as Chernobyl. The most damaging version of this malicious code activated on April 26, when it would try to overwrite the flash-BIOS, the memory which includes the code needed to control PC devices. This virus, which first appeared in June 1998, had a serious impact for over two years and still continues to infect computers today.

Because of the way in which they propagate, these viruses spread very slowly, especially in comparison to the speed of today’s malicious code. Towards the end of the Eighties, for example, the Friday 13th (or Jerusalem) virus needed a long time to actually spread and continued to infect computers for some years. In contrast, experts reckon that in January 2003, SQLSlammer took just ten minutes to cause global communication problems across the Internet.

Notoriety versus stealth

For the most part, in the past, the activation of a malicious code triggered a series of on-screen messages or images, or caused sounds to be emitted to catch the user’s attention. Such was the case with the Ping Pong virus, which displayed a ball bouncing from one side of the screen to another. This kind of elaborate display was used by the creator of the virus to gain as much notoriety as possible. Nowadays however, the opposite is the norm, with virus authors trying to make malicious code as discreet as possible, infecting users’ systems without them noticing that anything is amiss.

Part 2

This third installment of ‘The evolution of viruses’ will look at how the Internet and e-mail changed the propagation techniques used by computer viruses.

Internet and e-mail revolutionized communications. However, as expected, virus creators didn’t take long to realize that along with this new means of communication, an excellent way of spreading their creations far and wide had also dawned. Therefore, they quickly changed their aim from infecting a few computers while drawing as much attention to themselves as possible, to damaging as many computers as possible, as quickly as possible. This change in strategy resulted in the first global virus epidemic, which was caused by the Melissa worm.

With the appearance of Melissa, the economic impact of a virus started to become an issue. As a result, users above all companies started to become seriously concerned about the consequences of viruses on the security of their computers. This is how users discovered antivirus programs, which started to be installed widely. However, this also brought about a new challenge for virus writers, how to slip past this protection and how to persuade users to run infected files.

The answer to which of these virus strategies was the most effective came in the form of a new worm: Love Letter, which used a simple but effective ruse that could be considered an early type of social engineering. This strategy involves inserting false messages that trick users into thinking that the message includes anything, except a virus. This worm’s bait was simple; it led users to believe that they had received a love letter.

This technique is still the most widely used. However, it is closely followed by another tactic that has been the center of attention lately: exploiting vulnerabilities in commonly used software. This strategy offers a range of possibilities depending on the security hole exploited. The first malicious code to use this method –and quite successfully were the BubbleBoy and Kakworm worms. These worms exploited a vulnerability in Internet Explorer by inserting HTML code in the body of the e-mail message, which allowed them to run automatically, without needing the user to do a thing.

Vulnerabilities allow many different types of actions to be carried out. For example, they allow viruses to be dropped on computers directly from the Internet such as the Blaster worm. In fact, the effects of the virus depend on the vulnerability that the virus author tries to exploit.

Part 3

In the early days of computers, there were relatively few PCs likely to contain “sensitive” information, such as credit card numbers or other financial data, and these were generally limited to large companies that had already incorporated computers into working processes.

In any event, information stored in computers was not likely to be compromised, unless the computer was connected to a network through which the information could be transmitted. Of course, there were exceptions to this and there were cases in which hackers perpetrated frauds using data stored in IT systems. However, this was achieved through typical hacking activities, with no viruses involved.

The advent of the Internet however caused virus creators to change their objectives, and, from that moment on, they tried to infect as many computers as possible in the shortest time. Also, the introduction of Internet services like e-banking or online shopping brought in another change. Some virus creators started writing malicious codes not to infect computers, but, to steal confidential data associated to those services. Evidently, to achieve this, they needed viruses that could infect many computers silently.

trojan-horse

Their malicious labor was finally rewarded with the appearance, in 1986, of a new breed of malicious code generically called “Trojan Horse”, or simply “Trojan”. This first Trojan was called PC-Write and tried to pass itself off as the shareware version of a text processor. When run, the Trojan displayed a functional text processor on-screen. The problem was that, while the user wrote, PC-Write deleted and corrupted files on the computers’ hard disk.

After PC-Write, this type of malicious code evolved very quickly to reach the stage of present-day Trojans. Today, many of the people who design Trojans to steal data cannot be considered virus writers but simply thieves who, instead of using blowtorch or dynamite have turned to viruses to commit their crimes. Ldpinch.W or the Bancos or Tolger families of Trojans are examples of this.

Part 4

Even though none of them can be left aside, some particular fields of computer science have played a more determinant role than others with regard to the evolution of viruses. One of the most influential fields has been the development of programming languages.

These languages are basically a means of communication with computers in order to tell them what to do. Even though each of them has its own specific development and formulation rules, computers in fact understand only one language called “machine code”.

Programming languages act as an interpreter between the programmer and the computer. Obviously, the more directly you can communicate with the computer, the better it will understand you, and more complex actions you can ask it to perform.

According to this, programming languages can be divided into “low and high level” languages, depending on whether their syntax is more understandable for programmers or for computers. A “high level” language uses expressions that are easily understandable for most programmers, but not so much for computers. Visual Basic and C are good examples of this type of language.

On the contrary, expressions used by “low-level” languages are closer to machine code, but are very difficult to understand for someone who has not been involved in the programming process. One of the most powerful, most widely used examples of this type of language is “assembler”.

In order to explain the use of programming languages through virus history, it is necessary to refer to hardware evolution. It is not difficult to understand that an old 8-bit processor does not have the power of modern 64-bit processors, and this of course, has had an impact on the programming languages used.

In this and the next installments of this series, we will look at the different programming languages used by virus creators through computer history:

– Virus antecessor: Core Wars

As was already explained in the first chapter of this series, a group of programs called Core Wars, developed by engineers at an important telecommunications company, are considered the antecessor of current-day viruses. Computer science was still in the early stages and programming languages had hardly developed. For this reason, authors of these proto-viruses used a language that was almost equal to machine code to program them.

Curiously enough, it seems that one of the Core Wars programmers was Robert Thomas Morris, whose son programmed years later the “Morris worm”. This malicious code became extraordinarily famous since it managed to infect 6,000 computers, an impressive figure for 1988.

– The new gurus of the 8-bits and the assembler language.

The names Altair, IMSAI and Apple in USA and Sinclair, Atari and Commodore in Europe, bring memories of times gone by, when a new generation of computer enthusiasts “fought” to establish their place in the programming world. To be the best, programmers needed to have profound knowledge of machine code and assembler, as interpreters of high-level languages used too much run time. BASIC, for example, was a relatively easy to learn language which allowed users to develop programs simply and quickly. It had however, many limitations.

This caused the appearance of two groups of programmers: those who used assembler and those who turned to high-level languages (BASIC and PASCAL, mainly).

Computer aficionados of the time enjoyed themselves more by programming useful software than malware. However, 1981 saw the birth of what can be considered the first 8-bit virus. Its name was “Elk Cloner”, and was programmed in machine code. This virus could infect Apple II systems and displayed a message when it infected a computer.

Part 5

Computer viruses evolve in much the same way as in other areas of IT. Two of the most important factors in understanding how viruses have reached their current level are the development of programming languages and the appearance of increasingly powerful hardware.

In 1981, almost at the same time as Elk Kloner (the first virus for 8-bit processors) made its appearance, a new operating system was growing in popularity. Its full name was Microsoft Disk Operating System, although computer buffs throughout the world would soon refer to it simply as DOS.

DOS viruses

The development of MS-DOS systems occurred in parallel to the appearance of new, more powerful hardware. Personal computers were gradually establishing themselves as tools that people could use in their everyday lives, and the result was that the number of PCs users grew substantially. Perhaps inevitably, more users also started creating viruses. Gradually, we witnessed the appearance of the first viruses and Trojans for DOS, written in assembler language and demonstrating a degree of skill on the part of their authors.

Far less programmers know assembler language than are familiar with high-level languages that are far easier to learn. Malicious code written in Fortran, Basic, Cobol, C or Pascal soon began to appear. The last two languages, which are well established and very powerful, are the most widely used, particularly in their TurboC and Turbo Pascal versions. This ultimately led to the appearance of “virus families”: that is, viruses that are followed by a vast number of related viruses which are slightly modified forms of the original code.

Other users took the less ‘artistic’ approach of creating destructive viruses that did not require any great knowledge of programming. As a result, batch processing file viruses or BAT viruses began to appear.

Win16 viruses

The development of 16-bit processors led to a new era in computing. The first consequence was the birth of Windows, which, at the time, was just an application to make it easier to handle DOS using a graphic interface.

The structure of Windows 3.xx files is rather difficult to understand, and the assembler language code is very complicated, as a result of which few programmers initially attempted to develop viruses for this platform. But this problem was soon solved thanks to the development of programming tools for high-level languages, above all Visual Basic. This application is so effective that many virus creators adopted it as their ‘daily working tool’. This meant that writing a virus had become a very straightforward task, and viruses soon appeared in their hundreds. This development was accompanied by the appearance of the first Trojans able to steal passwords. As a result, more than 500 variants of the AOL Trojan family designed to steal personal information from infected computers were identified.

Part 6

This seventh edition on the history of computer viruses will look at how the development of Windows and Visual Basic has influenced the evolution of viruses, as with the development of these, worldwide epidemics also evolved such as the first one caused by Melissa in 1999.

While Windows changed from being an application designed to make DOS easier to manage to a 32-bit platform and operating system in its own right, virus creators went back to using assembler as the main language for programming viruses.

Versions 5 and 6 of Visual Basic (VB) were developed, making it the preferred tool, along with Borland Delphi (the Pascal development for the Windows environment), for Trojan and worm writers. Then, Visual C, a powerful environment developed in C for Windows, was adopted for creating viruses, Trojans and worms. This last type of malware gained unusual strength, taking over almost all other types of viruses. Even though the characteristics of worms have changed over time, they all have the same objective: to spread to as many computers as possible, as quickly as possible.

With time, Visual Basic became extremely popular and Microsoft implemented part of the functionality of this language as an interpreter capable of running script files with a similar syntax.

At the same time as the Win32 platform was implemented, the first script viruses also appeared: malware inside a simple text file. These demonstrated that not only executable files (.EXE and .COM files) could carry viruses. As already seen with BAT viruses, there are also other means of propagation, proving the saying “anything that can be executed directly or through an interpreter can contain malware.” To be specific, the first viruses that infected the macros included in Microsoft Office emerged. As a result, Word, Excel, Access and PowerPoint become ways of spreading ‘lethal weapons’, which destroyed information when the user simply opened a document.

Melissa and self-executing worms

The powerful script interpreters in Microsoft Office allowed virus authors to arm their creations with the characteristics of worms. A clear example is Melissa, a Word macro virus with the characteristics of a worm that infects Word 97 and 2000 documents. This worm automatically sends itself out as an attachment to an e-mail message to the first 50 contacts in the Outlook address book on the affected computer. This technique, which has unfortunately become very popular nowadays, was first used in this virus which, in 1999, caused one of the largest epidemics in computer history in just a few days. In fact, companies like Microsoft, Intel or Lucent Technologies had to block their connections to the Internet due to the actions of Melissa.

The technique started by Melissa was developed in 1999 by viruses like VBS/Freelink, which unlike its predecessor sent itself out to all the contacts in the address book on the infected PC. This started a new wave of worms capable of sending themselves out to all the contacts in the Outlook address book on the infected computer. Of these, the worm that most stands out from the rest is VBS/LoveLetter, more commonly known as ‘I love You’, which emerged in May 2000 and caused an epidemic that caused damage estimated at 10,000 million euros. In order to get the user’s attention and help it to spread, this worm sent itself out in an e-mail message with the subject ‘ILOVEYOU’ and an attached file called ‘LOVE-LETTER-FOR-YOU.TXT.VBS’. When the user opened this attachment, the computer was infected.

As well as Melissa, in 1999 another type of virus emerged that also marked a milestone in virus history. In November of that year, VBS/BubbleBoy appeared, a new type of Internet worm written in VB Script. VBS/BubbleBoy was automatically run without the user needing to click on an attached file, as it exploited a vulnerability in Internet Explorer 5 to automatically run when the message was opened or viewed. This worm was followed in 2000 by JS/Kak.Worm, which spread by hiding behind Java Script in the auto-signature in Microsoft Outlook Express, allowing it to infect computers without the user needing to run an attached file. These were the first samples of a series of worms, which were joined later on by worms capable of attacking computers when the user is browsing the Internet.

The never-ending war of Viruses has still too much to evolve.

by Kush

Kaspersky Pure

kaspersky-pure-img

Kaspersky currently offers three different security products, in escalating level of price: regular Kaspersky Antivirus, Kaspersky Internet Security and this one, Kaspersky Pure.

Antivirus and firewall protection together form the bare minimum for a security suite, and some products stay close to this minimum. Kaspersky PURE 2.0 Total Security ($89.95 direct for three licenses) lies at the opposite end of the suite spectrum. In addition to antivirus, firewall, antispam, antiphishing, parental control, and all the expected components it adds backup, system tuneup, file shredding, encrypted storage, password management, and much, much more.

Internet Security bolts on extra parental controls and tune-up utilities. Pure adds backup to the mix and beefs up the firewall component, with more emphasis on the security of your home network.

The most interesting feature Kaspersky Internet Security/Pure includes is the ability to run applications in a sandbox, without you having to go to the trouble of setting up dedicated virtual machines. Any app you have installed can be locked away in one, identified by a radioactive green glow around its window. A shared folder handles any data-swapping.

kaspersky-pure-img

The core of the package is still the malware detection and firewall modules. These look identical to those found in Kaspersky Internet Security 2010, and they bring with them some neat features, such as the “Safe Run” sandbox for trying out unknown applications, and the highly technical Digital Identity browser that lets you browse and clean up the huge amount of personalised data in your Registry.

Kaspersky’s protection is a strong offering across the board, with a more informative control panel than most, but one that provides easy configuration options. It’s a little more power for only small amount extra, but you won’t be disappointed with the other editions if you don’t need the extras.

Official Link : http://www.kaspersky.com/