[2.2] Explanation of Viruses and Trojans Horses ----------------------------------------- Written by Acid Phreak Like it's biological counterpart, a computer virus is an agent of infection, insinuating itself into a program or disk and forcing its host to replicate the virus code. Hackers fascinated by the concept of "living" code wrote the first viruses as projects or as pranks. In the past few years, however, a different kind of virus has become common, one that lives up to an earlier meaning of the word: in Latin, virus means poison. These new viruses incorporate features of another type of insidious program called a Trojan horse. Such a program masquerades as a useful utility or product but wreaks havoc on your system when you run it. It may erase a few files, format your disk, steal secrets--anything software can do, a Trojan horse can do. A malicious virus can do all this then attempt to replicate itself and infect other systems. The growing media coverage of the virus conceptand of specific viruse has promoted the development of a new type of software. Antivirus programs, vaccines--they go by many names, but their purpose is to protect from virus attack. At present there are more antivirus programs than known viruses (not for long). Some experts quibble about exactly what a virus is. The most widely known viruses, the IBM Xmas virus and the recent Internet virus, are not viruses according to some experts because they do not infect other programs. Others argue that every Trojan horse is a virus--one that depends completely on people to spread it. How They Reproduce: ------------------- Viruses can't travel without people. Your PC will not become infected unless someone runs an infected program on it, whether accidentally or on purpose. PC's are different from mainframe networks in this way--the mainframe Internet virus spread by transmitting itself to other systems and ordering them to execute it as a program. That kind of active transmission is not possible on a PC. Virus code reproduces by changing something in your system. Some viruses strike COMMAND.COM or the hidden system files. Others, like the notorious Pakistani-Brain virus, modify the boot sector of floppy disks. Still others attach themselves to any .COM or .EXE file. In truth, any file on your system that can be executed--whether it's a program, a device driver, an overlay, or even a batch file--could be the target of a virus. When an infected program runs, the virus code usually executes first and then transfers control to the original program. The virus may immediately infect other programs, or it may load itself into RAM and continue spreading. If the virus can infect a file that will be used on another system, it has succeeded. What They Can Do: ----------------- Viruses go through two phases: a replication phase and an action phase. The action doesn't happen until a certain even occurs--perhaps reaching a special date or running the virus a certain number of times. It wouldn't make sense for a virus to damage your system the first time it ran; it needs some time to grow and spread first. The most vulnerable spot for a virus attack is your hard disk's file allocation table (FAT). This table tells DOS where every file's data resides on the disk. Without the FAT, the data's still there but DOS can't find it. A virus could also preform a low-level format on some or all the tracks of your hard disk, erase all files, or change the CMOS memory on AT-class computers so that they don't recognize the hard disk. Most of the dangers involve data only, but it's even possible to burn out a monochrome monitor with the right code. Some virus assaults are quite subtl. One known virus finds four consecutive digits on the screen and switches two. Let's hope you're not balancing the company's books when this one hits. Others slow down system operations or introduce serious errors.  Downloaded From P-80 International Information Systems 304-744-2253