System Threats – Virus, Worms and Trojan horse

Guided By: Miss Binita Patel

Prepared by:

Vaibhavi OzaAvani Panchal

Seminar Report on

System Threats – Virus, Worms and Trojan horse

AT

Hasmukh Goswami Collage of Engineering

Naroda - Dehgam Road, Vahelal - Dascroi. Ahmedabad - 382330

Submitted By:

Oza Vaibhavi AlkeshBhai (24)Panchal Avani (25)

Bachelors in Information Technology Semester – V

Year 2009 – 10

Hasmukh Goswami College of Engineering Naroda - Dehgam Road , Vahelal - Dascroi. Ahmedabad - 382330

C E R T I F IC A T E

Hasmukh Goswami College of Engineering

This is to certify that following student of Bachelors in Information Technology Semester – V has completed their Seminar on titled System threats – virus, worms and Trojan horse satisfactory in partial requirement of Bachelors in Information Technology In the year 2009– 10.

Roll No. Name of the Student 24 Oza Vaibhavi AlkeshBhai 25 Panchal Avani

Section Head – ITMr. Manthan Khopker

( Seminar Guide)Miss Binita Patel

Date: -Place: -

Hasmukh Goswami College of Engineering Naroda - Dehgam Road , Vahelal - Dascroi. Ahmedabad - 382330

Table of Content

1 Introduction to Virus

1.1 Definition 1

1.2 History of virus 2

1.3 Virus Evolution 4

1.4 Working of virus 6

1.5 Types of virus 7

2 Introduction to worm

2.1 Definition 10

2.2 History of worms 11

2.3 Working of worms 13

2.4 Types of worms 16

3Introduction to Trojan

horse

3.1 Definition 18

3.2 History of Trojans 19

3.3 Working of Trojan 20

3.4 Types of Trojan 23

4Difference between

virus worm &Trojan

4.1 Difference 26

ABSTRACT

The seminar we are going to present is on the Computer Virus, Worms and

Trojan horse.

In today’s time every one uses computers and internet. The one who uses

them must have come across to these words. People do know these words,

but don’t know what actually they are and what the differences are between

a Virus, a Worm & a Trojan horse.

In this seminar we are going to introduce you to what is a virus? What are

the types of it? How do they work? How can you prevent your computer

from those threats?

The same way we will tell about the Worms and Trojan horse. And also we

would talk about the latest attack patterns, as you can notice there were no

big attacks in the year2008 which can affect mass number of computers, but

still they have affected the systems.

ACKNOWLEDMENT

I would like to take this opportunity to thank my institute for offering

a course like Semiar to us, so that we can show our skills and can get the

idea about how to handle presentations. And can be familiar about the things

related to how to develop a project.

I would also like to thank our faculties Ms Binita Patel for providing us the

guidelines whenever needed.

I would also like to thank our Head of the department Mr. Manthan

Khopker for keeping an eye on us.

Oza Vaibhavi .

Panchal Avani.

1. Introduction to Virus:

1.1 Definition:

A computer virus, according to Webster's Collegiate Dictionary, is "a

computer program usually hidden within another seemingly innocuous

program that produces copies of itself and inserts them into other programs

or files, and that usually performs a malicious action (such as destroying

data)". Or you can say that,

A computer virus attaches itself to a program or file enabling it to spread

from one computer to another, leaving infections as it travels. Like a human

virus, a computer virus can range in severity: some may cause only mildly

annoying effects while others can damage your hardware, software or files.

A computer virus shares some of these traits. A computer virus must

piggyback on top of some other program or document in order to launch.

Once it is running, it can infect other programs or documents. Obviously, the

analogy between computer and biological viruses stretches things a bit, but

there are enough similarities that the name sticks.

Two categories of viruses, macro viruses and worms, are especially common

today.

Computer viruses are never naturally occurring; they are always man-made.

Once created and released, however, their spread is not directly under human

control.

1

1.2 History:

Traditional computer viruses were first widely seen in the late 1980s, and

they came about because of several factors.

The first factor was the spread of personal computers (PCs). Prior to the

1980s, home computers were nearly non-existent or they were toys. Real

computers were rare, and they were locked away for use by "experts."

During the 1980s, real computers started to spread to businesses and homes

because of the popularity of the IBM PC (released in 1982) and the Apple

Macintosh (released in 1984). By the late 1980s, PCs were widespread in

businesses, homes and college campuses.

The second factor was the use of computer bulletin boards. People could dial

up a bulletin board with a modem and download programs of all types.

Games were extremely popular, and so were simple word processors,

spreadsheets and other productivity software. Bulletin boards led to the

precursor of the virus known as the Trojan horse. A Trojan horse is a

program with a cool-sounding name and description. So you download it.

When you run the program, however, it does something un cool like erasing

your disk. You think you are getting a neat game, but it wipes out your

system. Trojan horses only hit a small number of people because they are

quickly discovered, the infected programs are removed and word of the

danger spreads among users.

2

Floppy disks were factors in the spread of computer viruses.

The third factor that led to the creation of viruses was the floppy disk. In the

1980s, programs were small, and you could fit the entire operating system, a

few programs and some documents onto a floppy disk or two. Many

computers did not have hard disks, so when you turned on your machine it

would load the operating system and everything else from the floppy disk.

Virus authors took advantage of this to create the first self-replicating

programs.

Early viruses were pieces of code attached to a common program like a

popular game or a popular word processor. A person might download an

infected game from a bulletin board and run it. A virus like this is a small

piece of code embedded in a larger, legitimate program. When the user runs

the legitimate program, the virus loads itself into memory and looks around

to see if it can find any other programs on the disk. If it can find one, it

modifies the program to add the virus's code into the program. Then the

virus launches the "real program." The user really has no way to know that

the virus ever ran. Unfortunately, the virus has now reproduced itself, so two

programs are infected. The next time the user launches either of those

programs, they infect other programs, and the cycle continues.

3

If one of the infected programs is given to another person on a floppy disk,

or if it is uploaded to a bulletin board, then other programs get infected. This

is how the virus spreads.

The spreading part is the infection phase of the virus. Viruses wouldn't be so

violently despised if all they did was replicate them selves. Most viruses also

have a destructive attack phase where they do damage. Some sort of trigger

will activate the attack phase, and the virus will then do something --

anything from printing a silly message on the screen to erasing all of your

data. The trigger might be a specific date, the number of times the virus has

been replicated or something similar.

1.3 Virus Evolution:

As virus creators became more sophisticated, they learned new tricks. One

important trick was the ability to load viruses into memory so they could

keep running in the background as long as the computer remained on. This

gave viruses a much more effective way to replicate themselves. Another

trick was the ability to infect the boot sector on floppy disks and hard disks.

The boot sector is a small program that is the first part of the operating

system that the computer loads. It contains a tiny program that tells the

computer how to load the rest of the operating system. By putting its code in

the boot sector, a virus can guarantee it is executed. It can load itself into

memory immediately and run whenever the computer is on. Boot sector

viruses can infect the boot sector of any floppy disk inserted in the machine,

and on college campuses, where lots of people share machines, they could

spread like wildfire.

4

In general, neither executable nor boot sector viruses are very threatening

any longer. The first reason for the decline has been the huge size of today's

programs. Nearly every program you buy today comes on a compact disc.

Compact discs (CDs) cannot be modified, and that makes viral infection of a

CD unlikely, unless the manufacturer permits a virus to be burned onto the

CD during production. The programs are so big that the only easy way to

move them around is to buy the CD. People certainly can't carry applications

around on floppy disks like they did in the 1980s, when floppies full of

programs were traded like baseball cards. Boot sector viruses have also

declined because operating systems now protect the boot sector.

Infection from boot sector viruses and executable viruses is still possible.

Even so, it is a lot harder, and these viruses don't spread nearly as quickly as

they once did. Call it "shrinking habitat," if you want to use a biological

analogy. The environment of floppy disks, small programs and weak

operating systems made these viruses possible in the 1980s, but that

environmental niche has been largely eliminated by huge executables,

unchangeable CDs and better operating system safeguards.

5

1.4 Working of computer virus:

A file virus attaches itself to a file or the usually an executable application

(e.g. a word processing program or a DOS program). In general, file viruses

don't infect data files. However, data files can contain embedded executable

code such as macros, which may be used by virus or Trojan writers. Recent

versions of Microsoft Word are particularly vulnerable to this kind of threat.

Text files such as batch files, postscript files, and source code which contain

commands that can be compiled or interpreted by another program are

potential targets for malware (malicious software), though such malware

is not at present common.

Boot sector viruses alter the program that is in the first sector

(boot sector) of every DOS-formatted disk. Generally, a boot

sector infector executes its own code (which usually infects the boot

sector or partition sector of the hard disk), then continues the PC

boot up (start-up) process. In most cases, all write-enabled floppies

used on that PC from then on will become infected.

Multipartite viruses have some of the features of both the above

types of virus. Typically, when an infected *file* is executed, it

infects the hard disk boot sector or partition sector, and thus

infects subsequent floppies used or formatted on the target system.

6

1.5 Types of computer virus:

Macro viruses: A macro is a piece of code that can be embedded in a data

file. Some word processors (e.g., Microsoft Word) and spreadsheet programs

(e.g., Microsoft Excel) allow you to attach macros to the documents they

create. In this way, documents can control and customize the behavior of the

programs that created them, or even extend the capabilities of the program.

For example, a macro attached to a Microsoft Word document might be

executed every time you save the document and cause its text to be run

through an external spell-checking program.

A macro virus is a virus that exists as a macro attached to a data file. In most

respects, macro viruses are like all other viruses. The main difference is that

they are attached to data files (i.e., documents) rather than executable

programs. Many people do not think that viruses can reside on simple

document files, but any application that supports document-bound macros

that automatically execute is a potential haven for macro viruses. By the end

of the last century, documents became more widely shared than diskettes,

and document-based viruses were more prevalent than any other type of

virus. It seems highly likely that this will be a continuing trend.

Stealth viruses: A stealth virus is one that, while active, hides the

modifications it has made to files or boot records. It usually achieves this by

monitoring the system functions used to read files or sectors from storage

media and forging the results of calls to such functions.

7

This means that programs that try to read infected files or sectors see the

original, uninfected form instead of the actual, infected form. Thus the

virus's modifications may go undetected by antivirus programs. However, in

order to do this, the virusmust be resident in memory when the antivirus

program is executed, and the antivirus program may be able to detect its

presence.

Polymorphic viruses: A polymorphic virus is one that produces varied but

operational copies of itself. This strategy assumes that virus scanners will

not be able to detect all instances of the virus. One method of evading scan-

string driven virus detectors is self-encryption with a variable key. More

sophisticated polymorphic viruses vary the sequences of instructions in their

variants by interspersing the decryption instructions with "noise"

instructions (e.g., a No Operation instruction, or an instruction to load a

currently unused register with an arbitrary value), by interchanging mutually

independent instructions, or even by using various instruction sequences

with identical net effects (e.g., Subtract A from A, and Move 0 to A). A

simple-minded, scan-string based virus scanner would not be able to reliably

identify all variants of this sort of virus; in this case, a sophisticated scanning

engine has to be constructed after thorough research into the particular virus.

8

Boot sector viruses: Boot sector viruses infect or substitute their own code

for either the DOS boot sector or the Master Boot Record (MBR) of a PC.

The MBR is a small program that runs every time the computer starts up. It

controls the boot sequence and determines which partition the computer

boots from. The MBR generally resides on the first sector of the hard disk.

Since the MBR executes every time a computer is started, a boot sector virus

is extremely dangerous. Once the boot code on the drive is infected, the

virus will be loaded into memory on every startup. From memory, the boot

virus can spread to every disk that the system reads. Boot sector viruses are

typically difficult to remove, as most antivirus programs cannot clean the

MBR while Windows is running. In most cases, it takes bootable antivirus

disks to properly remove a boot sector virus.

9

2. Introduction to Worms:

2.1 Defination:

A worm is a computer program that has the ability to copy itself from

machine to machine. Worms use up computer time and network bandwidth

when they replicate, and often carry payloads that do considerable damage.

A worm usually exploits some sort of security hole in a piece of software or

the operating system. For example, the Slammer worm (which caused

mayhem in January 2003) exploited a hole in Microsoft's SQL server.

Worms normally move around and infect other machines through computer

networks. Using a network, a worm can expand from a single copy

incredibly quickly.

When the worm is launched, it opens a back door into the computer, adds

the infected machine to a botnet and installs code that hides itself. The

botnets are small peer-to-peer groups rather than a larger, more easily

identified network. Experts think the people controlling Storm rent out their

micro-botnets to deliver spam or adware, or for denial-of-service attacks

102.2 History of computer worm:

Malware with self-replicating capability has been an issue in the world of

computing for several years, dating back to the first self-replicating code

created by Ken Thompson in 1984. Over the past few years, both worms and

viruses have become major problems, mainly due to widespread use of the

internet. This wide open platform enables these infections to spread rapidly

with no geographic restrictions. Worms in particular are becoming more

sophisticated as malicious coders have learned from their mistakes and

successes as well.

In this article, we will take brief glance at the history of computer

worms and how they have impacted the current state of computing.

Early Infections

Self-replicating applications date back to the early days of the Unix

operating system. Ken Thompson's code was essentially a compiler

modification that manipulated login procedures and the compiler itself. The

conventional virus became a common plague in the era of the Apple II

system. This infection moved rather slowly, yet provided the means of

distributing some of the most known viruses, such as Chernobyl and

Michelangelo.

11

The first Internet infection that required no human intervention to propagate

was the Morris Worm, discovered in 1988 and released by Robert Morris. It

spread very quickly, infecting a number of vulnerable computers in a matter

of hours. The Morris Worm infected various machines and also used

multiple exploits including buffer overflows, debugging routines in mail

components, password sniffing, and other streams of execution to improve

its ability to attack other computers.

Although released on accident, the benign concept doesn't really apply to the

Morris Worm, as it had a significant amount of impact because of the bug in

its code. When re infecting a computer, there remained the possibility that

ssthe new infection would be persistent, allowing other worms to run and

terribly impact system performance. However, this caused the worm to be

noticed instantly, and therefore, quickly contained.

Modern Worms

Active computer worms have returned to prominence in recent times. The

first one to cause an eruption was Code Red. This infection proved how

quickly a simple self-replicating program could spread via the internet's

current infrastructure. Code Red exploited a buffer flow condition in the

Microsoft IIS (Internet Information Server). It was able to propagate quickly

because of the "always on" nature of IIS and many versions of the Windows

operating system. Code Red was also equipped with scanning capabilities

that improved its throughput and gave it the ability to elude numerous IP

address security features.

12

one should also create a strategy to elude worm exploits. While there is no

perfect solution, there are many steps that can be taken to prevent damage

and reduce the spread of infection. Anti-virus software and firewalls are a

must these days, two powerful weapons that will keep you one step ahead of

a worm outbreak. It is also critical to conduct routine backups of your data

as these infections can easily corrupt or completely overwrite existing files.

When it comes to the disruption of worms and other malware, it's much

better to be safe than sorry.

2.3 Working of computer worms:

To understand the working of the worm we will see working of some of the

worms that how they attacked and how dangerous they can be.

Worms normally move around and infect other machines through computer

networks. Using a network, a worm can expand from a single copy

incredibly quickly. The Code Red worm replicated itself more than 250,000

times in approximately nine hours on July 19, 2001.

The Code Red worm slowed down Internet traffic when it began to replicate

itself, but not nearly as badly as predicted. Each copy of the worm scanned

the Internet for Windows NT or Windows 2000 servers that did not have the

Microsoft security patch installed. Each time it found an unsecured server,

the worm copied itself to that server. The new copy then scanned for other

servers to infect. Depending on the number of unsecured servers, a worm

could conceivably create hundreds of thousands of copies.

13

The Code Red worm had instructions to do three things:

Replicate itself for the first 20 days of each month

Replace Web pages on infected servers with a page featuring the message

"Hacked by Chinese"

Launch a concerted attack on the White House Web site in an attempt to

overwhelm it .Upon successful infection, Code Red would wait for the

appointed hour and connect to the www.whitehouse.gov domain. This attack

would consist of the infected systems simultaneously sending 100

connections to port 80 of www.whitehouse.gov (198.137.240.91).

The U.S. government changed the IP address of www.whitehouse.gov to

circumvent that particular threat from the worm and issued a general

warning about the worm, advising users of Windows NT or Windows 2000

Web servers to make sure they installed the security patch. .

A worm called Storm, which showed up in 2007, immediately started

making a name for itself. Storm uses social engineering techniques to trick

users into loading the worm on their computers. So far, it's working --

experts believe between one million and 50 million computers have been

infected

When the worm is launched, it opens a back door into the computer, adds

the infected machine to a botnet and installs code that hides itself.

14

2.4 Types of computer Worms:

Email Worms

Spreading goes via infected email messages. Any form of attachment or link

in an email may contain a link to an infected website. In the first case

activation starts when the user clicks on the attachment while in the second

case the activation starts when clicking the link in the email.

Known methods to spread are :

- MS Outlook services

- Direct connection to SMTP servers using their own SMTP API

- Windows MAPI functions

This type of worms is known to harvest an infected computer for email

addresses from different sources.

- Windows Address Book database [WAB]

- MS Outlook address book

- Files with appropriate extensions will be scanned for email like strings

Be aware that during spreading some worms construct new sender addresses

based on possible names combined with common domain names. So, the

sender address in the email doesn't need to be the originator of the email.

16

Instant Messaging Worms

The spreading used is via instant messaging applications by sending links to

infected websites to everyone on the local contact list. The only difference

between these and email worms is the way chosen to send the links.

Internet Worms

Nasty ones. These ones will scan all available network resources using local

operating system services and/or scan the Internet for vulnerable machines.

Attempt will be made to connect to these machines and gain full access to

them.

Another way is that the worms scan the Internet for machines still open for

exploitation i.e. not patched. Data packets or requests will be send which

install the worm or a worm downloader. If succeeded the worm will execute

and there it goes again!

IRC Worms

Chat channels are the main target and the same infection/spreading method

is used as above - sending infected files or links to infected websites.

Infected file sending is less effective as the recipient needs to confirm

receipt, save the file and open it before infection will take place.

File-sharing Networks Worms

Copies itself into a shared folder, most likely located on the local machine.

The worm will place a copy of itself in a shared folder under a harmless

name. Now the worm is ready for download via the P2P network and

spreading of the infected file will continue.

17

3. Trojan Horse: 3.1 Definition:

A Trojan horse is a computer program which carries out malicious

operations without the user's knowledge. The name "Trojan horse" comes

from a legend told in the Iliad (by the writer Homer) about the siege of the

city of Troy by the Greeks.

Legend has it that the Greeks, unable to penetrate the city's defences, got the

idea to give up the siege and instead give the city a giant wooden horse as a

gift offering.

The Trojans (the people of the city of Troy) accepted this seemingly

harmless gift and brought it within the city walls. However, the horse was

filled with soldiers, who came out at nightfall, while the town slept, to open

the city gates so that the rest of the army could enter.

Thus, a Trojan horse (in the world of computing) is a hidden program which

secretly runs commands, and usually opens up access to the computer

running it by opening a backdoor. For this reason, it is sometimes called a

Trojan by analogy to the citizens of Troy.

A Trojan horse may, for example:

steal passwords;

copy sensitive date;

carry out any other harmful operations;

18

3.2 History of Trojan Horse:

The name Trojan horse is a bit different so as it has a tell is bounded with it.

It was called so because of a Greek tale.

A Trojan horse derives its name from the Trojan War. Legend has it that

King Odysseus built a Trojan Horse as a gift to the city of Troy to signify

surrender. He then ordered the Greek army to retreat and left the ‘gift’

outside the city gates. However it turned out that the Horse had more than 40

soldiers hidden in its belly. Once inside the city of Troy, these soldiers snuck

out and opened the gates for their fellow soldiers who went on to attack the

unsuspecting city.

So as the same way a Trojan horse come into your computer as a ‘gift’ or

you can say a non harmful package of software but once you run it you will

know what actually it was.

19

3.3: Working of Trojan horse:

Trojans work similar to the client-server model. The attacker deploys the

client to connect to the server, which runs on the remote machine when the

remote user unknowingly executes the Trojan on the machine. 

The typical protocol used by most Trojans is the TCP/IP & UDP protocol. It

will usually try to remain in a stealth mode, or hidden on the computer.

When Trojan is activated, the server starts listening on default or configured

ports for incoming connections from the attacker. It is usual for Trojans to

also modify the registry and/or use some other auto starting method.

When the remote machine is on a network with dynamically assigned IP

address or when the remote machine uses a dial-up connection to connect to

the internet in that case Trojans can configure the features like mailing the

victim’s IP, as well as messaging the attacker via instant messaging

application or Internet Relay Chat (IRC). DSL users on the other hand, have

static IPs so the infected IP is always known to the attacker.

Most of the Trojans use auto-starting methods so that the servers are

restarted every time the remote machine reboots or starts. This is also

notified to the attacker. Some of the well known system files targeted by

Trojans are Autostart Folder, Win.ini, System.ini, Wininit.ini, Winstart.bat,

Autoexec.bat, & Config.sys.

 

20

Modes of Transmission

Trojan can infect the target system with different modes of Transmission.

Common transmission mode is as follows:

Instant Message

IRC (Internet Relay Chat)

Attachments

Physical Access

Browser and E-mail Software Bugs

NetBIOS (File Sharing)

 

Instant message

People can also get infected while chatting / talking / video messaging over

any Instant Messenger Application. It is a risk that the user undertakes when

it comes to receiving files no matter from whom or where it comes. 

IRC

In Internet Relay Chat, the threat comes from exchange of files no matter

what they claim to be or where they come from. It is possible that some of

these are infected files or disguised files. 

Attachments

Any attachment, even if it is from a known source should be screened as it is

possible that the source was infected earlier and is not aware of it.

 

21

Physical Access

Physical access to a target machine is perhaps the easiest way for an attacker

to infect a machine.

 

Browser and E-mail Software Bugs

Having outdated applications can expose the system to malicious programs

such as trojans without any other action on behalf of the attacker.

 

NetBIOS (File Sharing)

If port 139 is opened, the attacker can install trojan.exe and modify some

system file, so that it will run the next time the system is rebooted.

 

To block file sharing in Windows version, navigate to:

Start–>Settings–>Control Panel–>Network–>File and Print Sharing

and uncheck the boxes there.

 

22

3.4 Types of Trojan horse:

Trojan horses are broken down in classification based on how they breach

systems and the damage they cause.

 

The seven main types of Trojan horses are: 

Remote Access Trojans

Data Sending Trojans

Destructive Trojans

Proxy Trojans

FTP Trojans

Denial-of-service attack (DoS) Trojans

Security software disabler Trojans

 

Remote Access Trojans

The attacker gains full control over the systems that the Trojan infects, and

gains full access to files, private conversations, accounting data and so on.

The remote access Trojans acts as a server, and listens on a port that is not

supposed to be available to the internet. Attacker in the same network

located behind the firewall can easily access the Trojans. Example: Back

Orifice and, NetBus.

 

23

Data Sending Trojans

Data Sending Trojans provide hackers with passwords or other confidential

data such as credit card numbers and audit sheets. This Trojans look for

particular information in certain locations.Example:   Badtrans.B email virus

 Destructive Trojans:

The sole purpose of the Destructive Trojans is to delete files on the target

system. Destructive Trojans are generated on the basis of a fixed time and

data much like the logic bomb. Example: dll, .ini, or .exe files.

 Proxy Trojans:

Proxy Trojans convert the user’s computer into a proxy server. This makes

the computer accessible to the entire world or only the specified attacker.

The attacker has full control over the user’s system, and can also launch

attacks on other systems from the affected user’s network. Generally it is

used for Telnet, ICQ or IRC in order to purchase goods using stolen credit

cards, other illegal activities.

 FTP Trojans:

FTP Trojans are used for FTP transfers and allowing the attackers to connect

to the victim’s system via FTP.

 

24

Denial-of-Service (DoS) Attack Trojans:

This type of Trojans empowers the attacker to start a distributed Denial of

Services (DDoS) attack, if there are a fair number of victims on the network

at that specific time. Example: WinTrinoo, CNN, E*Trade 

Security Software Disablers:

These are designed to disturb the functions of anti-virus software or

firewalls. After these programs are disabled, the hacker can easily attack the

victim’s system. 

  Hazards of Trojan

A botnet also known as a zombie army is a number of Internet computers

that, although their owners are unaware of it, have been set up to forward

transmissions including spam or viruses to other computers on the Internet

such computer is referred to as a zombie - in effect, a computer “robot” or

“bot” that serves the wishes of some master spam or virus originator.

 An increasing number of home users have high speed connections for

computers that may be inadequately protected. A zombie or bot is often

created through an Internet port that has been left open and through which a

small Trojan horse program can be left for future activation. At a certain

time, the zombie army “controller” can unleash the effects of the army by

sending a single command, possibly from an Internet Relay Channel (IRC)

site.  

25

4. Diffarance between virus, worm & Trojan horse:

Most of us don't make a real difference between

worm, virus and Trajan Horse or refer to a worm or

Trojan Horse as a virus.

All of us know all are malicious programs that can

cause very serious damage to PC. Exist differences

among the three, and knowing those differences can

help you to better protect your computer from their

often damaging effects.

A computer virus is a program or piece of code that

is loaded onto your computer without your

knowledge and runs against your wishes. Some

viruses cause only mildly annoying effects while

others can damage your hardware, software or files.

Almost all viruses are attached to an executable file,

which means the virus may exist on your computer

but it cannot infect your computer unless you run or

open the malicious program. A virus cannot be

spread without a human action, (such as running an

infected program) to keep it going. People continue

the spread of a computer virus, mostly unknowingly,

by sharing infecting files or sending e-mails with

viruses as attachments in the e-mail.

A worm is a program or algorithm that replicates

itself. A worm has the capability to travel without

any help from a person from PC to PC and have

ability to replicate itself on your system, so rather

than your computer sending out a single worm, it

could send out hundreds or thousands of copies of

itself, creating a huge devastating effect.

26

A Trojan Horse is a destructive program that

"working" as a benign application ( (like changing

your desktop, adding silly active desktop icons) or

can cause serious damage by deleting files and

destroying information on your system. Trojans are

also known to create a back door on your computer

that gives malicious users access to your system,

possibly allowing confidential or personal

information to be compromised. Trojans do not

reproduce by infecting other files nor do they self-

replicate.

Added into the mix, we also have what is called a

blended threat. Blended threats combine the

characteristics of viruses, worms, Trojan Horses, and

malicious code with server and Internet

vulnerabilities. By using multiple methods and

techniques, blended threats can rapidly spread and

cause widespread damage. Characteristics of blended

threats include: causes harm, propagates by multiple

methods, attacks from multiple points, and exploits

vulnerabilities. This combination of method and

techniques means blended threats can spread quickly

and cause widespread damage. Characteristics of

blended threats include: causes harm, propagates by

multiple methods, attacks from multiple points and

exploits vulnerabilities. They are considered to be

the worst risk to security since the inception of

viruses, as most blended threats require no human

intervention to propagate.

Therefore is very important to protect your PC with a

good anti-virus software installed on your system

with the latest fixes for new viruses, worms, and

Trojan horses.

27