What are Computer Viruses & what types of viruses are there?

Why people write viruses

        The general public’s view of a virus writer is a misconception that he is a “dysfunctional, pasty-faced teenager with no girlfriend and no life”. One reason that can be attributed to this generalization is the fact that the internet is able to hide the virus writer’s identity so the general public will take on a false impression of the writer. The realistic scenario is that most virus writers are normal people with normal lifestyles and they often do not write codes for malicious purposes.

Virus writers come from different age groups, backgrounds, and countries. Many of them write viruses for different purposes. Most of the teenage virus writers code viruses for the excitement and the challenge that it brings. Additionally, writing a new virus gives the writers credibility and status among their peers. Aside from the benign intentions of teenage virus writers, harm can be caused when they forget to “think about the effect their actions will have on other people”. Most virus writers who were teenagers in the past have already grown out of the virus writing phase and consider virus writing an inferior type of coding.

Since the unveiling of the internet to the public, anyone that has access to a computer and internet can now go on the web and search for virus source codes and put together a malicious program and send it off through the internet. Current virus coders who still continue to write viruses and post them (source codes, not executable virus programs) on the internet agree that they “intentionally create and distribute viruses” to harm others. They do note that posting of source codes will not prevent those that have destructive intentions from putting together the source codes into a program and sending it off. The source code writers argue that they should not be held responsible for their creations because the writing of the code does not cause any real harm, but the person who puts them into a program and sends it to others are the culprit. The writing of virus serves many purposes like enhancing a person’s knowledge of code and learning how a virus works. Learning about viruses is beneficial because it forces many companies to build better systems to prevent virus attacks.

Another view on virus writers is that they use viruses for harmful intentions. Those that are “motivated by financial gain” are likely to be working with internet companies in order to make a profit off their virus victims. Some of these companies are internet spammers who hire the best virus writers around the world to help them. These virus writers are writing viruses for the sole purpose of stealing personal information from the computers of the people they infect.

There are those virus writers who do it to “claim territory, to make a mark in the internet that will be seen by many others”. These types of writers are motivated by the feeling of the global damages they cause by sending their virus through the internet.

Virus writers who write their code to do harm are like other criminals around the world. They have damaging intentions and they should be punished. Those that have outgrown the virus writing phase will eventually be replaced by new virus writers.

Legal Issues

The harm viruses cause to computers is sometimes unquantifiable because it includes economic factors as well as intangible aspects such as reduced consumer confidence. Creating new legislation, however, is a long process and therefore, these crimes face weak laws. For example, the writer of the “I Love You” computer virus had all charges dropped against him in the Philippines even though he released a virus that caused billions of dollars in damages all over the world because there were no laws in place to prosecute him by.

However, in the United States, lawmakers are attempting to keep up with the quick changing technology and the problems that come with it. Although distribution of a virus with a malicious intent is considered a federal crime, the sole act of writing or providing easy access to virus code is not. The United States courts have come to establish original computer code as a form of intellectual property, putting it in the same category as music and artwork. Intellectual property is protected under the 1st Amendment of free speech. This was established in 1995 after a graduate student, Daniel Bernstein, filed a law suit against the government for violating his constitutional right because to post an encryption program, the government ruled that he would need to register as an international weapons dealer fearing that the program would mask illegal activity.

These freedoms of speech associated with intellectual property are restricted if they harm the public’s welfare. They, however, are closely guarded by the courts even in instances where it may seem there is potential for harm. “Many potentially dangerous pieces of intellectual property have appeared in the U.S. - articles on how to make bombs and how to commit assassinations- and the courts have routinely suppressed any restraints on free speech.”(cc and 1st amendment) Another problem arises when trying to define the term ‘malicious’,  a requirement to proceed with federal prosecution of virus distribution, “any code that interferes with the smooth operation of a person’s system could conceivably be characterized as malicious.” (PC world) Essentially, this means that if a program makes the computer run slower because it takes up a lot of space, even if it helps the user or is something the user voluntarily installed, it could be characterized as ‘malicious’. These two issues leave virus writers with a strong argument and a small chance of being convicted or even prosecuted.

The Computer Fraud and Abuse Act (CFAA) has made it illegal to distribute code either with the intention of causing damage or economic loss or doing so recklessly; and has outlined a list of criminal penalties without infringing upon the 1st amendment rights of virus writers.  At first when the CFAA was enacted in 1984, it pertained only to government computers or those owned by large corporations. The National Information Infrastructure Protection Act expanded the CFAA in 1996 to include any computer connected to the internet. Exhibit 1 details what the CFAA prohibits.

Some more recent computer viruses are doing more than annoying users, some are being written to access private information, steal money, and even identities. Electronic mail is now being treated as physical mail, unauthorized access to the messages, either through interception or hacking into an account, is considered a federal crime as a result of the Electronic Communications Privacy Act. While ISP employees are allowed to read messages to protect themselves, officials can obtain warrants to access this information and a recently added clause requires that carriers modernize their equipment to make it capable of electronic surveillance. There was a worm written that would take a penny from each wire transfer and deposit it into a bank account, the Wire Fraud Act makes it illegal to use wire communications systems “to commit a fraud to obtain money or property” and makes “computer-aided theft involving the use of interstate wires or mails” a criminal offense. Finally, identity theft is becoming a bigger problem with the rapid growth of e-commerce. Encryption makes web pages a little more secure, but the uneducated e-commerce consumer sometimes fails to protect his or her information and ends up with a case of stolen identity. The Identity Theft and Assumption Deterrence Act (ITADA) makes the theft of any information that specifically identifies an individual a federal crime and addresses the compensation and relief associated with the damages.

States have also attempted to coin their own laws but they are limited to addressing unauthorized access to networks or sabotage. This is because other computer laws they try to address come up against the roadblock of the extraterritoriality of the crimes. Therefore, the best legislation enacted so far is the CFAA.

Specific Issues

Cisco acquires IDS vendor Riverhead Networks for $39 million

        In March 2004, Cisco purchased Riverhead Networks, who creates technology that is used to prevent denial of service attacks (DOS). These technologies are imbedded in their devices called Guard and Detector that are used to protect the network routers by scanning and screening out current known security attacks. These types of DOS attacks caused by viruses like Mydoom, can create chaos among network and data centers. Cisco plans to integrate Riverhead’s software into their system by April and states that the result will not impede upon normal business activities.

Sobig Virus

        The Sobig virus comes in many different versions. The newest version in 2003 is one that spreads itself through email attachments. Once it gets into a computer, it looks for email addresses and then sends itself to as an email looking like the infected person’s email to the other emails addresses. This virus is harmless, takes resources and bandwidth in its path and for the most part, just plain annoying. Other versions of the virus have made it into corporate companies by attaching itself as a zip file so that the email systems cannot filter the exe. file. Users of email systems are still “opening files in messages even when they have been warned countless times in the past that it's unsafe to do so”. This allows users all across the world to become infected extremely fast.

Bugbear Virus

        This virus has infected thousands of banks worldwide in 2003. This is the first high risk work that has targeted financial institutions across the world. It is known that this virus has been capturing passwords from corporate companies. When the virus makes its way into a computer, it tries to disable the computer’s security system. In addition, the virus is extremely versatile and has a “polymorphic parasitic file” that allows it to change every time it infects a new host. Although the U.S banks have not been hit hard, it is still considered a high threat due to the nature of the virus.

Mydoom Virus

        When infected, this virus will remove documents and picture files from the infected computer. The original version spreads itself very quickly through emails and slowed down many of the top businesses because of the massive amounts of emails that the virus sent out. The worm also has an attached key logger and will capture keystrokes from PCs. The latest version of this virus Mydoom.F isn’t as widespread as its previous versions, but it will do more harm to PCs because it destroy Microsoft document files such as .jpg, .doc, and .xls.  Variants of this virus has performed DOS attacks on the website of Microsoft and the Recording Industry Association of America.

Security Vendors Join Forces to Fight Viruses

The rapid growth of viruses have made security companies more inclined to make their efforts in developing anti-virus technology cooperative rather than competitive. In mid-2002 there was an increasing security threat as demonstrated by the combined attacks of the Nimda and Code Red worms, therefore, Internet Security Services and Network Associates decided to combine forces. Instead of having separate research teams, they decided to integrate certain aspects of their respective businesses and products (PC world). This effort will last through mid-2005 and will provide customers with complete security coverage. All the products resulting from this partnership were available as of 2003. Other than integrating technologies to make the applications more effective for customers, they have also been combining their response teams to lower response time and those of their threat research teams to combat viruses even faster. There is a growing trend of security companies working together because of their vested interest in continuing to meet the growing demands of customers. Without coordinating efforts, response times and virus solutions would probably take much longer because viruses are emerging faster and are becoming more complex. Moreover, customers would be reluctant to pay for outdated virus updates.

The Future of Viruses        

The future of viruses is something that experts follow closely so that they can anticipate ways to combat problems that may arise and develop new systems to deal with them. So what exactly is the future of viruses? There is no one answer, but many experts agree that viruses have become modular, that is, they use components from old viruses in new combinations. Therefore we can expect to see similar aspects of viruses reappear in the future. David Perry, experienced in the field of virus prevention, says he would expect to see viruses that, “exploit wireless telecommunications between digital devices”. He believes this will be increasingly true with the development of more powerful wireless applications, for example on BlueTooth, which can possibly trade code. He also predicts that rather than individuals writing virus code, groups will begin to collaborate when writing viruses and they will become more hybrids. David Perry says that some are already bigger than most operating systems having gone from 100 bytes ten years ago to 1.5MB now. The fast technology, he claims, is also a target for viruses because Denial of Service attacks and backdoor Trojans need high speed connections. Perry recommends virus education as a tool to help combat future viruses. A new device “Gatelock” is a piece of hardware that will prevent viruses from reaching a user’s desktop and the firewall warns them of people trying to access the computer with authorization.

        Although the development of new technologies and software is providing many opportunities for users to run applications that help them with everything from financial analysis to grocery shopping, they also are not bullet-proof. This gives the opportunity to a virus writer to find and exploit these weaknesses. Although most email users now know not to open or download attachments from unfamiliar users, some vulnerability in email and browser applications are allowing for viruses to be spread before a user opens an email attachment. Once the email is opened, the code copies the virus onto the computer system and the next time Windows is launched, the virus is unleashed. (pc world) Some viruses have even begun to infect the computer before the user even opens their email (pcw). The consequences of these things may cause email users to become apprehensive about communicating classified or private information over email and deter business from using emails in confidential communications. However, in an article by PC World, the president/ CEO of McAfee.com, Srivats Sampath, says that future viruses do not aim to destroy data but instead, capture it; and so far these companies do not have a solution to this problem.

        Viruses will most likely begin to enter newer territory. For example, the Phage virus, was the first virus to be written for handheld devices (PC world) and it is likely that it is just the beginning of many to come which can be spread through ‘beaming’ features of handheld devices. There is also a more menacing fear that malicious code will be used in cyber-terrorism, much like an electronic weapon of mass destruction, and many experts are surprised this still has not occurred seeing that most systems are not well equipped to deal with this kind of attack.(PC World)

        Computer security companies are trying to combat the emerging viruses with new technologies and trying to lower their response time as well as establish a system that will automatically update all computers that are registered with them. (PC World) While it takes seconds for a virus to be distributed, it takes antivirus application providers “1 to 4 hours to scan and examine a virus, produce an antidote, and deploy it to users.”(PC World)

        The ideas that they are coming up with take years to develop, such as IBM’s “Digital Immune System, and are very costly but they also have some privacy issues that come along with them. Some companies have automated systems that detect suspicious code activity and send it to the company where it is analyzed. This, however, gives the companies a lot of power and establishes vulnerability in the sense that if a hacker infiltrated these communications, there would be no way of stopping the virus. (PC World).  IBM’s “Digital Immune System” took 12 years to develop and is hoping to reduce the detection and antidote distribution from 1-4 hours down to 30 minutes. (PC World)

        Security companies are doing as much as they can but the rapid advancement of technology is making it difficult for them to keep up with the various flaws in applications that must be protected and the many viruses that must be cured. According the PC World, all users can do for now is be cautious in opening emails and in visiting websites.

Interview:

Name: Bryan Smith

Occupation: Software Engineer

Type of Computer: Pentium 4, 2.8 Ghz

Type of Anti-virus Software used: Norton Anti-virus

Cindy: What experiences did you have with viruses?

Bryan: I had a nasty virus on my personal computer. The virus lead to the complete destruction of all my data. I got the virus by trying to run and download an application from a shareware web-site.

C: How have you dealt with viruses in terms of prevention and after you found out you had a virus on your system? What did the virus do to your system?

B: For prevention, I have an anti-virus software installed into my computer but it didn’t detect this particular virus that was infected into my computer. The online scanners found it on my system but couldn’t remove it. There were instructions on how to remove the virus but the virus would still be there after following the instructions.

In terms of how I got rid of the virus, I had to reformat the computer and erase the boot sections of the system. That was the only fool proof way to get rid of the virus. This is always the last resort but I had to use this method.

The virus renamed drive letters on my computer and prevented me from backing up any of my data. There were constant very annoying pop-ups on the screen and casinos that I could not erase. The homepage of my browser would always change  and would not let me use search engines.

C: What do you suggest people do to defend against viruses?

B: I suggest that people should have the latest software with automatic updates. People should not run files that have been downloaded but have not been scanned. The anti-virus does not guarantee that you won’t get a virus but it can lower the probability of it happening.

C: Do you know of any new virus technologies?

B:  Technologies right now are getting more sophisticated using router settings and detection methods for disabling your anti-virus software. Future technology will exploit these methods more so now.

C: What do you think about anti-virus software? Do you think it is a flaw that a person must be a guinea pig first before the companies can create a patch?

B: Anti-viruses are probably 90% effective. There is always lag time to come up with virus patched. This enables virus creators to deliver virus attacks effectively between the lag time. I think it is a small problem but there are controlled teams where they open themselves up and are vulnerable to the virus and once they get it, they can find a patch and work on the defense. Some technology looks for patterns in the program to eliminate the virus. Some will look for specific code in the file or program and detect it as a virus. This works because the anti-virus team will have an existing virus and then if the new files or programs contain any similar code the software will “predict” that it is a virus and will not run the file or program.

C: What do you think of the creators of viruses?

B: Some virus creators create them for a legitimate purpose. For example, some will contact companies telling them that they have holes in the software and will create viruses so they can force the company to patch the software.

Others do it for a power trip. It’s a number game seeing how many people they can affect. Some will steal data so that they can get money from companies that value important stolen information. Others like to exploit the newest technology and they like the power and control of using technology to exploit a system.

C: Do you think that virus writing is ingenious?

B:  I think it is innovative in some ways but I would not call in ingenious. They are using existing technology in new ways. I don’t think it is too special but they put time and thought into creating and even though it is not positive, it is innovative.

C: Do you think the government can have effective enforcement and what do you think companies should do?

B: The government has its own data security system but for them to implement a security system for the mass public, it would be way too expensive. I think Microsoft could do something with Windows. Companies should build an anti-virus system into the operating systems. With Microsoft they might be scared with all the antitrust law suits but I think in the future, companies should think about integrating a prevention system into the operating system.

Interview Commentary-

The interview with Mr. Bryan Smith was enriching and the information that he gave portrayed a software engineer’s perspective on viruses. Even though his technical background is strong and he took all the precautions of preventing a virus infection, his computer system was vulnerable to the new virus technologies and still was infected.

It is interesting to see that even a software engineer can also be vulnerable regardless of the training that he has in technology. It was also interesting to hear his opinions on the virus creators and that he thinks that they are innovative. In that perspective, it is true that virus creators are innovative because they must have a new way of thinking to create a new virus using old methods.

The suggestions that Bryan made about how companies should integrate an anti-virus system into the operating systems. This would make the public feel safe about their computer system which will help people maintain a prevention system. This system in turn will make it harder for viruses to penetrate.

Overall, the interview was informative and helpful in understanding specific effects of viruses and the predictions and opinions of others about them. There are many different types of viruses that currently exist and it is very hard to keep track of them. With a good prevention system, someday it will be easier to detect and treat them. Hopefully the efficiency of the new prevention system will deter people from writing viruses because the satisfaction of exploiting applications will not be worth the effort in writing them.

Exhibit 1:

Source:

“CFAA Prohibits:

• Accessing a computer without authorization and subsequently transmitting classified government information;
• Theft of financial information;
• Accessing a “protected computer” which the courts have recently interpreted as being any computer connected to the internet, even if the intruder obtains no data;
• Computer fraud;
• Transmitting code that causes damage to a computer system;
• Trafficking in computer passwords for thepurpose of affecting interstate commerce or a government computer;
• Computer extortion.”

Works Cited

1. . "Microsoft Security Antivirus Information." Antivirus. 10 June 2003. Microsoft. 20 April 2004 <http://www.microsoft.com/security/antivirus/>. 

2.   “How Computer Viruses work” by Marshal Brain 2002

3. . "." Beyond Viruses. 2002. Pest Patrol. 20 April 2004 <http://www.pestpatrol.com/Whitepapers/BeyondViruses0302.asp>. 

4. . " THE HISTORY OF COMPUTER VIRUSES ." Virus Scan Software. . . 20 April, 2004 <http://www.virus-scan-software.com/virus-scan-help/answers/the-history-of-computer-viruses.shtml>.

5. Zetter, Kim. "What Makes Johnny (and Jane) Write Viruses?." Viruses. 15 November. 2000. PC World. 20 April. 2004 <http://www.pcworld.com/news/article.asp?aid=34405>. 

6. Twist, Jo. "Why people write computer viruses." Technology. 23 August. 2003. BBCi. 20 April. 2004 <http://news.bbc.co.uk/1/hi/technology/3172967.stm>. 

7. Hochmuth, Phil & Duffy, Jim. "Cisco to acquire IDS vendor Riverhead Networks for $39 million." Security. 22 March 2004. Network World Fusion. 20 April 2004 <http://www.nwfusion.com/news/2004/0322ciscoriver.html>. 

8. Weiss, Todd R.. "Sobig Worm Crawls Again in New Version." Worms. 26 June 2003. PC World. 20 April 2004 <http://www.pcworld.com/news/article/0,aid,111343,00.asp>. 

9. Leonardo, Albert. "Bugbear Threat Level Raised." Worms. 16 June 2003. PC World. 20 April 2004 <http://www.pcworld.com/news/article/0,aid,111171,00.asp>. 

10. Strope, Leigh. "Computer crimes face weak laws." Cnews. 7 December 2000. Canoe. 20 April 2004 <http://www.canoe.ca/TechNews0012/07_crime-ap.html>. 

11. . "Computer Crime Laws." Who's Responsible. 2001. Frontline. 20 April 2004 <http://www.pbs.org/wgbh/pages/frontline/shows/hackers/blame/crimelaws.html>. 

12. Perry, David. "The future of viruses." Tutorials. July 2002. Maxpc. 20 April 2004 <http://maxpc.co.uk/tutorials/?pagetypeid=2&articleid=7929&subsectionid=706&subsubsectionid=729>. 

13. Chess, David. "The Future of Viruses on the Internet." Future. 3 October 1997. IBM. 20 April 2004 <http://www.research.ibm.com/antivirus/SciPapers/Chess/Future.html>.

14. Zetter, Kim. "Viruses: The Next Generation." Virues. 3 May 2000. PC World. 20 April 2004 <http://www.pcworld.com/reviews/article/0%2Caid%2C32802%2Cpg%2C4%2C00.asp>. 

---