Computer Viruses, Worms, Trojan Horses, and Rootkits
• A computer virus is a potentially damaging computer program that affects, or infects, a computer negatively by altering the way the computer works without the user’s knowledge or permission.
• A worm is a program that copies itself repeatedly, for example in memory or on a network, using up resources and possibly shutting down the computer or network.
• A Trojan horse (named after the Greek myth) is a program that hides within or looks like a
legitimate program. A certain condition or action usually triggers the Trojan horse.
• A rootkit is a program that hides in a computer and allows someone from a remote location to take full control of the computer. Once the rootkit is installed, the rootkit author can execute programs, change settings, monitor activity, and access files on the remote computer.
• A computer virus is a potentially damaging computer program that affects, or infects, a computer negatively by altering the way the computer works without the user’s knowledge or permission.
• A worm is a program that copies itself repeatedly, for example in memory or on a network, using up resources and possibly shutting down the computer or network.
• A Trojan horse (named after the Greek myth) is a program that hides within or looks like a
legitimate program. A certain condition or action usually triggers the Trojan horse.
• A rootkit is a program that hides in a computer and allows someone from a remote location to take full control of the computer. Once the rootkit is installed, the rootkit author can execute programs, change settings, monitor activity, and access files on the remote computer.
Safeguards against Computer Viruses and Other Malware
1. Never start a computer with removable media inserted in the drives or plugged in the ports, unless the media are uninfected.
2. Never open an e-mail attachment unless you are expecting it and it is from a trusted source.
3. Set the macro security in programs so that you can enable or disable macros. Enable macros only if the document is from a trusted source and you are expecting it.
4. Install an antivirus program on all of your computers. Update the software and the virus signature files regularly.
5. Scan all downloaded programs for viruses and other malware.
6. If the antivirus program flags an e-mail attachment as infected, delete or quarantine the attachment immediately.
7. Before using any removable media, scan the media for malware. Follow this procedure even for shrink-wrapped software from major developers. Some commercial software has been infected and distributed to unsuspecting users.
8. Install a personal firewall program.
9. Stay informed about new virus alerts and virus hoaxes.
Botnets
A botnet is a group of compromised computers connected to a network such as the Internet that are used as part of a network that attacks other networks, usually for nefarious purposes. A compromised computer, known as a zombie, is one whose owner is unaware the computer is being controlled remotely by an outsider. Cybercriminals use botnets to send spam via e-mail, spread viruses and other malware, or commit a denial of service attack.
Denial of Service Attacks
A denial of service attack, or DoS attack, is an assault whose purpose is to disrupt computer access to an Internet service such as the Web or e-mail. Perpetrators carry out a DoS attack in a variety of ways. For example, they may use an unsuspecting computer to send an influx of confusing data messages or useless traffic to a computer network. The victim computer network slows down considerably and eventually becomes unresponsive or unavailable, blocking legitimate visitors from accessing the network.
Perpetrators have a variety of motives for carrying out a DoS attack. Those who disagree with the beliefs or actions of a particular organization claim political anger motivates their attacks. Some perpetrators use the attack as a vehicle for extortion. Others simply want the recognition, even though it is negative.
Back Doors
A back door is a program or set of instructions in a program that allow users to bypass security controls when accessing a program, computer, or network. Once perpetrators gain access to unsecure computers, they often install a back door or modify an existing program to include a back door, which allows them to continue to access the computer remotely without the user’s knowledge.
Spoofing
Spoofing is a technique intruders use to make their network or Internet transmission appear legitimate to a victim computer or network. E-mail spoofing occurs when the sender’s address or other components of the e-mail header are altered so that it appears the e-mail originated from a different sender. E-mail spoofing commonly is used for virus hoaxes, spam, and phishing scams. IP spoofing occurs when an intruder computer fools a network into believing its IP address is associated with a trusted source. Perpetrators of IP spoofing trick their victims into interacting with a phony Web site.
Safeguards against Botnets, DoS Attacks, Back Doors, and Spoofing
To defend against botnets, DoS attacks, improper use of back doors, and spoofing, users can implement firewall solutions and install intrusion detection software.
Firewalls
A firewall is hardware and/or software that protects a network’s resources from intrusion by users on another network such as the Internet.
Organizations use firewalls to protect network resources from outsiders and to restrict employees’ access to sensitive data such as payroll or personnel records. Large organizations often route all their communications through a proxy server, which is a component
of the firewall. Home and small office/home office users often protect their computers with a personal firewall utility. A personal firewall is a utility program that detects and protects a personal computer and its data from unauthorized intrusions.
Some small office/home office users purchase a hardware firewall, such as a router or other device that has a built-in firewall, in addition to or instead of personal firewall software.
1. Never start a computer with removable media inserted in the drives or plugged in the ports, unless the media are uninfected.
2. Never open an e-mail attachment unless you are expecting it and it is from a trusted source.
3. Set the macro security in programs so that you can enable or disable macros. Enable macros only if the document is from a trusted source and you are expecting it.
4. Install an antivirus program on all of your computers. Update the software and the virus signature files regularly.
5. Scan all downloaded programs for viruses and other malware.
6. If the antivirus program flags an e-mail attachment as infected, delete or quarantine the attachment immediately.
7. Before using any removable media, scan the media for malware. Follow this procedure even for shrink-wrapped software from major developers. Some commercial software has been infected and distributed to unsuspecting users.
8. Install a personal firewall program.
9. Stay informed about new virus alerts and virus hoaxes.
Botnets
A botnet is a group of compromised computers connected to a network such as the Internet that are used as part of a network that attacks other networks, usually for nefarious purposes. A compromised computer, known as a zombie, is one whose owner is unaware the computer is being controlled remotely by an outsider. Cybercriminals use botnets to send spam via e-mail, spread viruses and other malware, or commit a denial of service attack.
Denial of Service Attacks
A denial of service attack, or DoS attack, is an assault whose purpose is to disrupt computer access to an Internet service such as the Web or e-mail. Perpetrators carry out a DoS attack in a variety of ways. For example, they may use an unsuspecting computer to send an influx of confusing data messages or useless traffic to a computer network. The victim computer network slows down considerably and eventually becomes unresponsive or unavailable, blocking legitimate visitors from accessing the network.
Perpetrators have a variety of motives for carrying out a DoS attack. Those who disagree with the beliefs or actions of a particular organization claim political anger motivates their attacks. Some perpetrators use the attack as a vehicle for extortion. Others simply want the recognition, even though it is negative.
Back Doors
A back door is a program or set of instructions in a program that allow users to bypass security controls when accessing a program, computer, or network. Once perpetrators gain access to unsecure computers, they often install a back door or modify an existing program to include a back door, which allows them to continue to access the computer remotely without the user’s knowledge.
Spoofing
Spoofing is a technique intruders use to make their network or Internet transmission appear legitimate to a victim computer or network. E-mail spoofing occurs when the sender’s address or other components of the e-mail header are altered so that it appears the e-mail originated from a different sender. E-mail spoofing commonly is used for virus hoaxes, spam, and phishing scams. IP spoofing occurs when an intruder computer fools a network into believing its IP address is associated with a trusted source. Perpetrators of IP spoofing trick their victims into interacting with a phony Web site.
Safeguards against Botnets, DoS Attacks, Back Doors, and Spoofing
To defend against botnets, DoS attacks, improper use of back doors, and spoofing, users can implement firewall solutions and install intrusion detection software.
Firewalls
A firewall is hardware and/or software that protects a network’s resources from intrusion by users on another network such as the Internet.
Organizations use firewalls to protect network resources from outsiders and to restrict employees’ access to sensitive data such as payroll or personnel records. Large organizations often route all their communications through a proxy server, which is a component
of the firewall. Home and small office/home office users often protect their computers with a personal firewall utility. A personal firewall is a utility program that detects and protects a personal computer and its data from unauthorized intrusions.
Some small office/home office users purchase a hardware firewall, such as a router or other device that has a built-in firewall, in addition to or instead of personal firewall software.
Intrusion Detection Software
To provide extra protection against hackers and other intruders, large organizations sometimes use intrusion detection software to identify possible security breaches. Intrusion detection software automatically analyzes all network traffic, assesses system vulnerabilities, identifies any unauthorized access (intrusions), and notifies network administrators of suspicious behavior patterns or system breaches.
To utilize intrusion detection software requires the expertise of a network administrator because the programs are complex and difficult to use and interpret. These programs also are quite expensive.
To provide extra protection against hackers and other intruders, large organizations sometimes use intrusion detection software to identify possible security breaches. Intrusion detection software automatically analyzes all network traffic, assesses system vulnerabilities, identifies any unauthorized access (intrusions), and notifies network administrators of suspicious behavior patterns or system breaches.
To utilize intrusion detection software requires the expertise of a network administrator because the programs are complex and difficult to use and interpret. These programs also are quite expensive.