2/10/2007

What is a virus?

In 1983, Fred Cohen coined the term “computer virus”, postulating a virus was "a program that can 'infect' other programs by modifying them to include a possibly evolved copy of itself.” Mr. Cohen expanded his definition a year later in his 1984 paper, “A Computer Virus”, noting that “a virus can spread throughout a computer system or network using the authorizations of every user using it to infect their programs. Every program that gets infected may also act as a virus and thus the infection grows.”
Using that explanation, we can see that viruses infect program files. However, viruses can also infect certain types of data files, specifically those types of data files that support executable content, for example, files created in Microsoft Office programs that rely on macros. Compounding the definition difficulty, viruses also exist that demonstrate a similar ability to infect data files that don't typically support executable content - for example, Adobe PDF files, widely used for document sharing, and .JPG image files. However, in both cases, the respective virus has a dependency on an outside executable and thus neither virus can be considered more than a simple ‘proof of concept’. In other cases, the data files themselves may not be infectable, but can allow for the introduction of viral code. Specifically, vulnerabilities in certain products can allow data files to be manipulated in such a way that it will cause the host program to become unstable, after which malicious code can be introduced to the system. These examples are given simply to note that viruses no longer relegate themselves to simply infecting program files, as was the case when Mr. Cohen first defined the term. Thus, to simplify and modernize, it can be safely stated that a virus infects other files, whether program or data.
In contrast to viruses, computer worms are malicious programs that copy themselves from system to system, rather than infiltrating legitimate files. For example, a mass-mailing email worm is a worm that sends copies of itself via email. A network worm makes copies of itself throughout a network, an Internet worm sends copies of itself via vulnerable computers on the Internet, and so on.
Trojans, another form of malware, are generally agreed upon as doing something other than the user expected, with that “something” defined as malicious. Most often, Trojans are associated with remote access programs that perform illicit operations such as password-stealing or which allow compromised machines to be used for targeted denial of service attacks. One of the more basic forms of a denial of service (DoS) attack involves flooding a target system with so much data, traffic, or commands that it can no longer perform its core functions. When multiple machines are gathered together to launch such an attack, it is known as a distributed denial of service attack, or DDoS.
While purists draw a firm distinction between viruses, worms, and Trojans, others argue that it is merely a matter of semantics and give the virus moniker to all viruses, worms, and Trojans. The term malware, a.k.a. malicious software, can most easily be used to describe viruses, worms and Trojans while satisfying both arguments.
Malware is an even more appropriate term when one considers spyware, adware, and and browser hijacking techniques that may not fit in any of the aforementioned virus, worm, or Trojan classifications. Thus, malware can be defined as any program, file, or code that performs malicious actions on the target system without the user’s express consent. This is in contrast to Sneakyware, which can best be described as any program, file, or code that the user agrees to run or install without realizing the full implications of that choice. One of the best examples of Sneakyware was Friendly Greetings, a greeting-card trick that exploited users’ willingness to say Yes without reading the licensing agreement. By doing so, they were blindly agreeing to allow the same email to be sent to all contacts listed in their address book.

To recap:
  • Viruses infect other files;
  • Worms make copies of themselves;
  • Trojans perform malicious actions but do not spread;
  • Malware is an all-encompassing term that describes any malicious software program or file operating without the users explicit consent.

No comments: