Trojan horse Virus & worms explained

Trojan horse Virus & worms explained

Most people are familiar with the legend of the Trojan horse. During the siege of Troy, the Greeks left a large wooden horse outside the gates, allegedly as a peace offering. The Trojans brought the horse inside the city walls only to discover it was full of Greek soldiers who quickly sacked the city.

A computer Trojan horse is similar. It looks like a benign or useful program but actually contains hidden code that can destroy data or install spyware.

A Trojan is often referred to as a PC virus, but unlike a true computer virus doesn't replicate itself. It's simply designed to gain access to your system and wreak havoc - like the mythical Greek soldiers. Many Trojan horses (or simply 'Trojans') are spyware, used to monitor your computer activity and send information to a third party without your knowledge or consent.

Spyware can be used to deliver unsolicited pop-up ads, or to log private information such as credit card numbers and passwords, or even reroute your browser to a commercial site. The unscrupulous vendor at that site usually paid the spyware creator to do just that.

Another common use for a Trojan horse is to install a 'backdoor' - an access point to your computer which bypasses the normal login procedure. Hackers use backdoors to gain control of your computer to send spam or to wreak malicious damage. Since the damage appears to originate from your system it can be hard to combat. Geeks make a distinction between 'crackers' who gain access to a system to do harm, and 'hackers' who just want to understand the details of how a system works. We'll stick with the more common, though less accurate, term.

How Trojans Are Distributed

Trojans horses are hidden in programs which appear useful. You visit a free utility site, download one and run the program. Your system is infected.

They can also be spread by e-mail attachments. If the attachment contains an executable file, that program can also contain a Trojan which will infect your computer as soon as it is run.

Executable files have extensions such as .exe but sometimes the extensions are hidden to make the file look like a harmless text file. An example of this would be a file named 'look_at_me.txt.exe. The user may not notice the '.exe' part of the filename (the extension) and think it's a text file. Some operating systems allow users to hide extensions, so in this case the user would simply see 'look_at_me.txt'.

Newer tactics involve embedding them in certain image files. The lesson is: never open a file from someone unknown, or when its arrival is unexpected. Even well-meaning individuals pass on PC viruses this way.

It's common for Trojan horse to be spread through operating system vulnerabilities. An operating system controls the basic functions of the computer. Computers connect to the Internet through 'ports', some of which present security risks. Malware takes advantage of these vulnerabilities.

One well-known Trojan is called Sub7. Some claim it has legitimate uses (such as remotely controlling your own computer), though it's often used for illegal activities. Computers with Sub7 installed are accessible from a remote location and can be used to steal credit card numbers by logging keystrokes for example.

Fighting Trojans - The modern way

Most PC antivirus software will detect and remove Trojans. Keep your PC virus database up to date to provide the best protection. Some PC antivirus programs require you to manually scan attachments or other incoming files. Get one that does it automatically. The cost difference is negligible.

Always use caution when opening email attachments, even if they come from a known source. If the attachment is unexpected it should be suspected. Firewalls should also be used to close vulnerabilities when using the Internet.

Viruses Explained

Why is a PC virus harmful? For the same basic reason that biological viruses are they damage components that keep systems healthy.

Some are relatively benign - they generate annoying, juvenile messages or crash the system once, then go away. But many are specifically designed to do substantial harm - by deleting files needed to run word processing programs or perform essential operating system tasks. Some prepare the way for further attacks by opening up access to administrative functions.

Combating them is simple - install antivirus software, keep it up-to-date and running in the background and don't open email attachments from unknown sources. Nonetheless, odds are high that someday the system will be infected with some type of PC virus. Important data will be lost, essential program and operating system files will be zapped. Now what?

First thing: Don't panic. You may not even be infected. Before implementing a cure you have to diagnose properly. If the system is still functional and you have access to the Internet, search for current, known PC viruses. Scan your system manually and search the file system for computer virus programs or infected files. Search memory too - sometimes the little creeps hide there.

Test multiple programs and operating system functions. It may be that something just went wrong with one component. Not a fool-proof method, the PC virus may have just attacked those specific ones.

If the system isn't functional, boot the system using an antivirus diskette or CD. You did prepare one, right? No? Er, go back to Step 0 - pre-attack - and (1) prepare bootable antivirus diskettes and a CD, (2) create CD copies of software purchased and/or organize the originals, and (3) backup important data.

Scan the system after booting from diskette or CD and look for the PC virus or infected files. You really are infected? Ok, on to the next phase. If you're running Windows select the boot option: Last Known Good Configuration. It rarely helps, but sometimes you'll get lucky, and if you've re-booted twice you've lost the opportunity.

If you're running Windows, check for existence and the dates of key operating system files. (The list is too long to display here. Search Microsoft's web site for 'Operating System files', or make a list from the Windows (or WINNT) directory and System (or System32) sub-directory, of another computer. For the same service pack level, the dates should match other files, for the most part.

Check especially kernel32.exe and lsass.exe. Hackers like to go after those two. Fixes from Microsoft update some, but they tend to come in bunches. Just one with a different date is suspect. Yes, no one said this was going to be easy. Windows is to some extent self-protecting and self-healing but far from perfect. Replace those files with good ones, if needed.

Again for Windows users, it may be the Registry that's corrupted. There are several useful tools available to fix damaged caused by a computer virus. Just search on Windows Registry repair utilities and choose one suitable for your version. Any recommendation made here will be out-of-date in six months, but forums are full of helpful up-to-date opinions.

If the problem is only a program - word processing software, or email client or browser, for example - de-install and re-install. Annoying, but usually pretty straight forward, and most programs won't delete any user created data files without prompting you first.

In the worst case scenario - lost user data not backed up somewhere (oops, you skipped Step 0) - several commercial Data Recovery services are available that can sometimes get it back. They tend to be expensive, but your data may be worth it. It sounds like magic, but they often can recover at least some even though you've searched thoroughly and the data appears lost.

Worms Explained

Worms are similar to viruses and malicious code in that they're self-replicating. These types of computer viruses reproduce themselves across networks without human assistance, such as e-mail sending. A worm, though, doesn't need another executable program to be distributed.

Worms usually affect networks more than individual computers on the network. Their self-replicating behavior can overload network resources, causing slowdowns in data transmission by consuming massive bandwidth normally used to forward normal traffic. Network systems that route Internet traffic are just specialized computer hardware and software. They, too, can be affected by malware.

Worms can also be designed to carry a payload, using a 'backdoor' installation program. A backdoor is a hidden access point to a computer that bypasses the normal login procedure. They're commonly used by spammers to distribute junk e-mail, for example.