It is Important to Recognize the Difference Between Worms and Trojan Horses

By Kenny Williams

I have about had it with this virus stuff. Again I have been hit and now my Norton anti-virus 2003 protected, Windows 2000 machine has been rendered totally useless due to a worm that entered my computer. I may have lost everything, as I do not think that I will be able to recover my data off the infected hard drive. This infection was of such a nasty variety that it infected a 2nd hard drive (protected with a fully updated version of Panda anti-virus) that I had hooked up as a master drive in the hopes of being able to recover some files. I canít even get a rescue disk to work before the whole system shuts down.  

From what I read in the press lately I am not the only one facing this kind of annoying issue. The thing about all this press is that a bunch of different names for malicious files seem to be getting lumped into the "virus" category.  Worms and Trojan horses are often lumped into the virus category. It is important to understand the difference and how these files infiltrate and work within your computer to give you a better chance of preventing the infections from happening. Some of the stuff may seem real confusing, but in this case I cannot stress the importance of being informed.

Viruses are the oldest type of file designed and created by some loser to cause system damage or activate an unauthorized program. "Virus" is often the generic term for any malicious file. If the truth were known, most major modern threats are worms. A True virus will infect a system via a floppy diskette, e-mail, or another external source but generally remain on the infected computer. Viruses generally replicate on the infected computer by copying themselves so many times that they fill all available memory and/or drive space thus rendering the computer useless. Newer, advanced viruses contain payloads that can do everything from tampering with files to deleting an entire hard drive.

Typically a virus infects either files on the computer or the boot sector of the hard drive, the portion where the OS (operating system) gets all of the data and instructions it uses during the boot process. The worm that I recently was attacked by is one of the types called a multipartite virus. A multipartite virus infects both files and the boot sector of your hard drive thus making it extremely difficult to get rid of. What makes them so complicated is they often can control the computer from the moment the system boots. This can be a real crummy situation for even the most experienced of computer experts.

Another nasty type of virus is called a Polymorphic virus. These work by attempting to slip by anti-virus programs by changing their code slightly each time they reproduce. The result of this is that a new virus is created with each replication cycle. Eventually the code changes can pile up to the point where not a trace of the original virus exists. Over time, anti-virus software cannot detect the virus during a scan. Since the virus programmer has little control over how the virus eventually evolves, these types of viruses tend to be unpredictable and destructive.

A worm is designed to infiltrate a computer and deliver a destructive payload. Often they will take damage to new heights. They will often automatically spread to other computers connected to the infected host. Where viruses are compared to an annoying family member or friend that shows up uninvited to your house and makes a mess, worms are like a vagrant from the streets that is constantly on the move without ever calling one place home.

Most worms propagate by heisting your address book for your computerís e-mail software and e-mailing themselves to every address on the list. This is a very effective method of "reproduction" because your friends and associates think they are receiving an e-mail message from you, their trusted friend. In reality theyíre inviting a lousy vagrant worm to take up residence on their computers and do the same thing to their address books.

Most worms are spread through infected e-mail messages. Others are designed to take advantage of security holes in e-mail software, Web browsers, and other applications so they can force their way into a system without you knowing. They will then install themselves automatically.

Trojan horses or "Trojans" are the final common type of malicious file. Trojans differ from the other types of malicious code because the Trojan horses are not usually designed to replicate or send themselves to other computers. Instead, they usually spread manually by a hacker or person who wants to damage or gain access to a computer. They often come in under the guise of an innocuous-looking program such as a cute screen saver or game. Many times the attachment looks legitimate and actually functions when you open it. Unfortunately the Trojan sets up shop during installation and makes your hard drive its new playground. Trojans often give hackers the opportunity to use your computer as a base of operations to hack into other PCs, making it look as though the illegal activity originated from your PC. Real nice, huh?

Viruses, worms, and Trojan horses have achieved high levels of sophistication. The sad part is that they are just a hint of what is yet to come. There is a new style of malicious code called "blended threats". Blended threats are malicious files that donít target a particular program for delivery and even have their own delivery systems. Theyíre difficult to protect against because they have many avenues of attack. You may start seeing mobile devices, such as cell phones, wireless notebooks, and handheld computers attacked.

Presently, the best way to protect against a computer virus, worm, or Trojan horse is to invest in a good anti-virus package and update the virus definitions as often as possible (daily or even bi-daily). Think of these virus definitions as "fingerprints" that the anti-virus scanner uses to detect viruses.

Rely on common sense when browsing the Internet or viewing e-mail and you will be able to avoid most problems. Donít visit Web sites that your mother would not approve of, always click "No" when Windows asks if you want to download a file that you did not ask for, and contact seemingly trustworthy people who send you suspicious-looking e-mail to make sure itís legitimate before opening the letter or any attachments. This is especially true if the attachment ends with an .EXE, .COM, .INF, .PIF, .DLL, .BAT, .VBS because files of this type are easy to accidentally execute.

The WebServer is a weekly computer column with a circulation of over 120,000 readers in three different publications. Look for your weekly dose of WebServer in The Caribbean Connection in Atlanta, Orlando, and Miami and in The Observer News in SouthShore.

If you have any questions, comments or suggestions, or are in need of computer lessons, feel free to e-mail me at:  WebServerColumn@yahoo.com.

Observer News Front Page