If once the risk of seeing one’s personal computer as the victim of an infection was relatively small (the mass Internet was still far away…) and the main viruses spread mainly through the exchange of floppy disks between friends and colleagues, today, the diffusion of e-mail and the intensive use of the web have led to the birth of new types of viruses, greatly favoring their distribution.
The evolution of operating systems has paradoxically boosted the proliferation of unknown viruses, which are increasingly dangerous and more capable of replicating themselves. The arrival of scripting languages made virus development much more straightforward. Worm viruses ( script worms ) are written mainly in Visual Basic Script (VBS), and the technical skills required to design a virus of this type are now minimal compared to the past.
Just think that software that includes basic routines and excerpts of code ready to create new worms in less than no time has even appeared on the net for some time. The evolution of software has therefore brought, together with the benefits that we all know (greater simplicity in the use of applications, in the development of programs, in the management of the operating system…) also many disadvantages: the operating system has become an object increasingly complex (it has to be able to manage an ever-increasing number of peripherals, protocols, it has opened up more and more to the Internet…
Thanks to security shortcomings of the operating system, not promptly resolved, viruses of the Internet worm type can settle “undisturbed” within the “victim” system. Just think of the damage that the Nimda(the first to intensively exploit operating system vulnerabilities) caused worldwide in 2001. Its main feature is to use a vulnerability inherent in Windows to run itself and thus spread undisturbed.
With Nimda, we wanted to demonstrate that sometimes, even though infected attachments are not opened, your system can still be “infected” if you have not installed the necessary patches to resolve the various vulnerabilities. Nimda can exploit shared resources in local networks to spread further. This means that the worm scans the network to which the infected computer belongs, looking for shared folders that allow writing.
When a folder with write rights is found, Nimda renames it and inserts the viral code inside it. The worm then exploits a vulnerability in IIS (the web server used by 30% of servers worldwide; source Netcraft Web Server Survey) called IIS Web Directory Traversal, for which a patch had already been released, but evidently, few had proceeded to install. Users connected to an infected web server thus received a request to download a .eml file (extension associated with Outlook emails) containing the extremely dangerous worm as an attachment.
Those who used version 5.0 of Internet Explorer received the request to download the viral file. In contrast, the virus automatically affected those who used version 5.5 without installing the appropriate patches. The worm then exploits a vulnerability in IIS (the web server used by 30% of servers worldwide; source Netcraft Web Server Survey) called IIS Web Directory Traversal, for which a patch had already been released, but few had proceeded to install. Users connected to an infected web server thus received a request to download a .eml file (extension associated with Outlook emails) containing the extremely dangerous worm as an attachment.
Those who used version 5.0 of Internet Explorer received the request to download the viral file. In contrast, the virus automatically affected those who used version 5.5 without having installed the appropriate patches. The worm then exploits a vulnerability in IIS (the web server used by 30% of servers worldwide; source Netcraft Web Server Survey) called IIS Web Directory Traversal, for which a patch had already been released, but evidently, few had proceeded to install.
Users connected to an infected web server thus received a request to download a .eml file (extension associated with Outlook emails) containing the extremely dangerous worm as an attachment. Those who used version 5.0 of Internet Explorer received the request to download the viral file. In contrast, the virus automatically affected those who used version 5.5 without installing the appropriate patches.
source Netcraft Web Server Survey) called IIS Web Directory Traversal, for which a patch had already been released but which few had installed. Users connected to an infected web server thus received a request to download a .eml file (extension associated with Outlook emails) containing the extremely dangerous worm as an attachment. Those who used version 5.0 of Internet Explorer received the request to download the viral file.
In contrast, the virus automatically affected those who used version 5.5 without having installed the appropriate patches. source Netcraft Web Server Survey)
called IIS Web Directory Traversal, for which a patch had already been released but which few had installed. Users connected to an infected web server thus received a request to download a .eml file (extension associated with Outlook emails) containing the extremely dangerous worm as an attachment.
Those who used version 5.0 of Internet Explorer received the request to download the viral file. In contrast, the virus automatically affected those who used version 5.5 without having installed the appropriate patches. Thus they received a request to download a .eml file (extension associated with Outlook emails) which contained the extremely dangerous worm as an attachment.
Those who used version 5.0 of Internet Explorer received the request to download the viral file. In contrast, the virus automatically affected those who used version 5.5 without having installed the appropriate patches. Thus they received a request to download a .eml file (extension associated with Outlook emails) which contained the extremely dangerous worm as an attachment. Those who used version 5.0 of Internet Explorer received the request to download the viral file. In contrast, the virus automatically affected those who used version 5.5 without having installed the appropriate patches.
Worms, of whatever kind, find email as their primary (and ideal) means of diffusion. More and more frequently, it is possible to come across them as simple attachments to e-mail messages.
Until some time ago, viruses couldn’t hurt if the user didn’t execute the viral code (generally, with the classic “double click”). Today worm viruses are doing everything to ensure that they are activated even without the “double click”: this can be made possible, in fact, by exploiting vulnerabilities in the operating system, email client, or Internet browser ( Nimda does.. . ).
Those who develop viruses, however, usually immerse themselves in the mentality of the average user trying to establish what might be the best stratagems so that their “evil creature” has the most significant probability of being launched. If the worm is not able to exploit the vulnerabilities of a system to “auto-execute” itself (for example, if Windows, Internet Explorer and the mail client have been correctly updated with the latest security patches)
They are often attributed – to the infected attachment that we receive by email – inviting or curious names. Some worms then attach messages like Hello to the body of the e-mail. This is the document you’ve been waiting for…or they urge you to open the attachment by declaring that it contains pornographic, extravagant, or risqué photos… Therefore, one of the best pieces of advice is to always not let yourself be deceived by emails that arrive and invite you to open attached files.
Trojan horses. On the other hand, the so-called Trojan horses are tiny programs that do not replicate themselves, as viruses do, but are capable of causing damage or compromising the security of the personal computer where they are run. Like the corresponding wooden specimen used by Ulysses to conquer Troy, the Trojan horses hide their evil nature behind the appearance of a game or a utility.
Trojan horses, divided into backdoors and Remote Administration Trojans, open a gap that allows attacks from outside, thus making one’s computer vulnerable. Some send e-mail messages or alerts to remote “hackers,” communicating the IP address associated with the “victim” machine from time to time so that it can be easily hacked.
Thanks to the spread of peer-to-peer clients (for example, WinMX, Kazaa, eDonkey/e-Mule, IMesh,…) for exchanging files between remote users, Trojan Horses have found new lifeblood. If these programs are downloaded and run on your personal computer, our data can quickly become prey to malicious people. SubSeven, one of the most dangerous Trojan Horses, allows a remote hacker to control the infected personal computer.
Alternatively, those who use Trojan Horses usually publish them on newsgroups – in disguise -, send them as attachments to e-mail messages, make them downloadable from websites by concealing their “offensive” behavior, spread them through messaging software snapshots as (like ICQ, MSN, AIM) or via IRC. Users are often urged to download and run a trojan as a required update to the operating system.
Macro viruses. Along with worms, macro viruses are the most common viruses today. A macro consists of instructions allowing you to automate processes without repetitive operations manually. All programs in the Microsoft Office package will enable the use of macros within documents they produce: macro viruses exploit this feature to carry out malicious actions on the infected personal computer.
Once a Word or Excel document infected with macro viruses has been opened (for example, as an attachment to a standard e-mail message), usually – in addition to causing more or less severe damage to the data stored on the hard disk – it modifies the file ” template” ( template) on which all others are created. This way, all documents created, for example, with Word or Excel, will be automatically infected with the same macro virus. We have mentioned only worms, macro viruses, and trojan viruses because, proportionally, there are few cases of infection with other types of viruses today.
In confirmation of this, the first ten viruses for diffusion in March 2003 – according to Kaspersky statistics – were all worms or macros (the trend is not destined to change…). Leading the ranking of the number of infections recorded worldwide is the Klez worm, with 37.6% of computers affected, followed by Sobig with 10.75%, Lentin with 9.03%, and Avron with 3.3%. In fifth place is a macro virus (Word 97.Thus) affecting documents created with Microsoft Word (2.62% of global infections).
ALSO READ: Android Auto, The Driver Interface In The Mobile Phone, Will Cease To Exist