In addition to replicating itself, a virus might deliver a payload, which could
be as harmless as displaying an annoying message or as devastating as
trashing the data on your computer’s hard disk. It can corrupt files, destroy
data, display an irritating message, or otherwise disrupt computer operations.
A trigger event, such as a specific date, can unleash some viruses.
For example, the Michelangelo virus triggers on March 6, the birthday of artist
Michelangelo. Viruses that deliver their payloads on a specific date are
sometimes referred to as time bombs. Viruses that deliver their payloads in
response to some other system event are referred to as logic bombs.
Viruses spread when people distribute infected files by exchanging disks
and CDs, sending e-mail attachments, exchanging music on file-sharing
networks, and downloading software from the Web.
What is a worm? A computer worm is a self-replicating program
designed to carry out some unauthorized activity on a victim’s computer.
Worms can spread themselves from one computer to another without any
assistance from victims. They can enter a computer through security holes
in browsers and operating systems, as e-mail attachments, and by victims
clicking on infected pop-up ads or links contained in e-mails.
Mass-mailing worms such as Klez, Netsky, MyDoom, Sasser, and Bagle
(also called Beagle) have made headlines and caused havoc on personal
computers, LANs, and Internet servers. A mass-mailing worm spreads by
sending itself to every address in the address book of an infected computer.
To make these worms difficult to track, the From line of the infected message
sometimes contains a spoofed address of a randomly selected person
from the e-mail address book.
Although e-mail is currently the primary vehicle used to spread worms,
hackers have also devised ways to spread worms over file-sharing networks,
such as Kazaa. Some worms are designed to spread over instant
messaging links. Worms such as Cabir and Symbos_skulls can even infect
mobile phones.
What is a Trojan horse? A Trojan horse (sometimes simply called a
Trojan) is a computer program that seems to perform one function while
actually doing something else. Unlike a worm, a Trojan is not designed to
spread itself to other computers. Also differing from viruses and worms,
Trojans are not typically designed to replicate themselves. Trojans are
standalone programs that masquerade as useful utilities or applications,
which victims download and install unaware of their destructive nature.
Trojan horses are notorious for stealing passwords using a keylogger—a
type of program that records keystrokes. Another type of Trojan called a
Remote Access Trojan (RAT) has backdoor capabilities that allow remote
hackers to transmit files to victims’ computers, search for data, run programs,
and use a victim’s computer as a relay station for breaking into other
computers.
TERMINOLOGY NOTE
A spoofed address is one
that is misleading or incorrect.
In the case of e-mail,
it is not the actual address
of the person or computer
that sent the e-mail message.
Spoofed addresses
make it difficult or impossible
to trace mail back to
the sender.
What is a bot? Any software that can automate a task or autonomously
execute a task when commanded to do so is called an intelligent agent.
Because an intelligent agent behaves somewhat like a robot, it is often
called a bot.
Good bots perform a variety of helpful tasks such as scanning the Web to
assemble data for search engines like Google. Some bots offer online help,
while others monitor chat groups for prohibited behavior and language. Bad
bots, on the other hand, are controlled by hackers and designed for unauthorized
or destructive tasks. They can be spread by worms or Trojans.
Most bad bots are able to initiate communications with a central server on
the Internet to receive instructions. A computer under the control of a bad
bot is sometimes referred to as a zombie because it carries out instructions
from a malicious leader.
Like a spider in its web, the person who controls many bot-infested computers
can link them together into a network called a botnet. Experts
have discovered botnets encompassing more than 1 million computers.
Botmasters who control botnets use the combined computing power of their
zombie legions for many types of nefarious tasks such as breaking into
encrypted data, carrying out denial-of-service attacks against other computers,
and sending out massive amounts of spam.
What is spyware? Spyware is a type of program that secretly gathers
personal information without the victim’s knowledge, usually for advertising
and other commercial purposes. Once it is installed, spyware starts monitoring
Web-surfing and purchasing behavior, and sends a summary back to
one or more third parties. Just like Trojans, spyware can monitor keystrokes
and relay passwords and credit card information to cybercriminals.
Spyware can get into a computer using exploits similar to those of Trojans.
It can piggyback on seemingly legitimate freeware or shareware downloads.
You can also inadvertently allow spyware into your computer by clicking
innocuous but infected pop-up ads or surfing through seemingly valid and
secure but compromised Web sites.
What does malware do? Once viruses, worms, bots, Trojans, and
spyware enter your computer, they can carry out a variety of unauthorized
activities, such as those listed in Figure 3-45.