Not so Much Fun with Computer Viruses

It has probably happened to us all at one point or another. We are sitting in front of our PC merrily tapping away when we get an alert that our computer is infected with a virus or we just notice that things seem to be slower than normal and there is a lot of disk activity. We just got hit with a virus. If we have been good boys and girls and kept our computers up to date then it's not that big of a deal. The AV software cleans or quarantines the bad file and we move on with our lives. If we haven't been so good we might have a big problem on our hands. Where did these things come from? Who is making them and why? To answer these questions I offer a bit of history.

What is a computer virus? That's one of those arcane things that some computer geeks will argue endlessly. For simplicity I will stick with the definition provided in Wikipedia:

"A computer virus is a computer program that can copy itself and infect a computer without the permission or knowledge of the user."

Computer viruses are rooted in concepts that were developed at the dawn of the computer age. In 1949 the first theories of self replicating programs were developed as one of the ways to speed up computer programming. The simple analog computers of the day weren't able to take advantage of the idea so it lay dormant for many years. During the 1970's students at MIT developed a game in which players wrote code that would copy itself and erase opposing players' data. The last byte standing won. Many of the concepts developed for this game later found their way into computer viruses.

In 1981 at Texas A&M University one of the earliest viruses noted infected Apple IIe computers through pirated game software. Yes Virginia, the earliest viruses infected Apple Computers. In spite of these early infections viruses stayed off of most people's radar screens until 1986 when two infections spread like wildfire through the computing world. The first was called brain and is believed to be the handiwork of two Pakistani brothers who ran a software company in Pakistan. The brothers had discovered how to embed their malicious code in the boot sector of a floppy disk. While that discovery showed a little bit of intellectual talent, what they did with it showed a lack of common sense. They included a message with their address and phone number in the infected file. Soon their phone was ringing off the hook with calls from irate computer owners all over the world. The brothers had to disconnect their phone. The second outbreak of 1986 involved what became known as a Trojan Horse, a malicious program disguised as something else. In the mid eighties a popular program called PC-Write was being distributed through bulletin boards and floppy disks. At some point a malicious individual created a file that appeared to be version 2.72 of this popular program and posted it on several bulletin board systems (BBS). When executed the Trojan destroyed the information on the File Allocation Table of the PC's Hard Disk and then formatted it, deleting all of the data.

During the early years viruses were generally limited in their scope, it was rare for a virus to infect more than a few hundred computers at any given time and this was mainly because the only real means of distribution was through infected media, such as floppy disks. Most of these viruses did things like distort the display on the monitor or cause the sound card to make strange noises. To actually encounter a virus was so rare that most technicians equated these symptoms with some kind of hardware problem.

In the 1990's the Internet exploded onto the scene and went from being a hobby for computer geeks to an indispensible tool for everyone. With it came instantaneous communication and the ability to send files to thousands of people with no effort at all. The list of viruses exploded and along with it a new industry was created, the computer security industry. Names like Norton, Kaspersky, and McAfee will probably be written next to Rockefeller, Carnegie, and Morgan when historians talk about the robber barons of the twentieth century as a result. It seemed like there was a period where one new outbreak followed another, each breathlessly reported as a potential disaster by the media. MyDoom, Klez, Anna Kournikova, Blaster, I love You, and Michelangelo became words of doom, some of which were serious problems, but most were much ado about nothing, or at most petty annoyances.

Who were the people who were writing and releasing these things? In the 1995 movie Hackers, a film only notable for an early appearance by Angelina Jolie, we were presented with the popular imagination's version of who these people were. They were quirky, hip young kids, out for fun and adventure. Unfortunately the movie bore almost no resemblance to reality, the average hacker was nowhere near as interesting as the kids in that movie, but then they weren't making a documentary. The early viruses were mainly written by people who, if they didn't have computers to play with, would be out spray painting their names on the sides of buildings. It was done for fun and bragging rights. I don't believe most of them meant any real harm, but they didn't care if they caused any either.

That was a "Golden Age" for viruses because we who are on the receiving end can look back fondly at a time when the worst thing that could happen is your data got erased (You have backups - right?). It was a somewhat innocent undertaking, something that could occasionally be funny in its own way. Those days are over. This isn't funny at all anymore. Today writing and releasing viruses and other malware is about one thing - Money.

Think about it. When is the last time anyone heard of a widespread destructive virus? It's been a while. They're still out there, but they are just not newsworthy and there aren't that many. Of the top ten viruses listed by Symantec, nine of them download and execute malicious code from the Internet or open backdoors into the PC for further exploitation. Today the average computer user is likely to see a virus that does one of two things, joins the PC to a BotNet so it becomes part of a spammer's network, or searches the PC for personal information so someone can drain the user's bank accounts. These are not produced by pranksters but rather they are written by gangs of organized criminals who have been so successful that it has been reported that a valid credit card number can be bought from them for as little as 40 cents. Think of how many cards must be compromised to make that low price profitable. Where does this money go? A lot of it goes directly into the pockets of organized crime where it can be used to finance any number of nefarious undertakings.

How does it work? They days of the infected floppy disk have long since passed; who uses floppies anymore? Actually the day of the virus as we have known it has passed as well. The classic virus is rapidly becoming a lot like Bigfoot. We've all heard of it, it's a little scary, but we don't really expect to see it for ourselves. The infections we are seeing today are mostly Trojans. They arrive in our inboxes promising us something good to get us to click on the attachment. Most of the time when we do and nothing appears to happen we think nothing of it; the file was probably just bad. It was bad, just not in the way we might think.

What I am about to relate is one of those stories that, if I hadn't heard it first hand from the person who actually fixed it, I would have thought it was an urban legend. A widowed lady in her fifties had purchased a new computer and decided to make the jump from dial-up to high speed internet so she signed with the local cable company. After about three months she found that her new PC had slowed considerably and the disk seemed to constantly be active. She contacted my friend who arrived thinking he would do the normal spyware cleanup and everything would be fine. He ran the usual tools and sure enough there was a good amount of spyware which he cleaned. After cleaning it the performance didn't seem to improve much so he began to poke around. On the root of the C: drive was a folder identified only with a hexadecimal number. Inside that folder were dozens of other folders, also identified only with numbers. In those were hundreds upon hundreds of pornographic videos and pictures. Using a network monitoring tool he was able to detect that other computers were accessing these folders through the Internet and determined their IP addresses. Most of the requests came from web sites that were registered overseas. Somehow she had gotten software on her PC that changed share permissions on her disk, disabled the Windows firewall, and then called home to let the perpetrators know that a new PC was available for them to use. They were storing their porn on hijacked computers in other countries to avoid prison in their own. As frightening as this is, imagine if a child porn network decided to do the same thing. How would an innocent person explain that to the police?

This lady was what I would call the typical computer user. She used her machine to surf the net and send e-mails and that was about it. She had no idea what a firewall was and didn't even know that Windows had one built in, much less how to use it. She thought that the bootleg copy of Symantec Enterprise that her friend had installed for her was more than adequate, even though it was years out of date. She thought she was protected but her computer was hijacked anyway.

What occurred here was similar to a BOTNET or Robot Network. Trojans loaded onto a computer open an access path to the outside and alert the home computer that the infected machine is available. These machines can be used for any purpose, but most of the time they are used to send Spam. A BOTNET of 100 computers can send out ten million spam messages in less than two minutes. The number of infected computers has grown so large and the business so lucrative, that some individuals actually sell time on their illegally gained networks to other groups rather than send the spam themselves.

What can you do to protect yourself? There are those who will say don't use Microsoft operating systems, and there is a measure of truth to this advice; although there is no truth to the idea that LINUX or Mac OS is any more secure than Windows. The reality is that Windows holds 90 - 98 percent of the desktops in the world; the rest are just splitting up what's left, and collectively the other operating systems simply are not big enough targets to make the effort worthwhile.

Even if you are using one of the other operating systems there are simple rules that everyone should follow:

1. Update your computer regularly. Use automatic updates when possible.

2. Use a reputable anti-virus/anti-spyware software package and keep it up to date as well.

3. Use a firewall. The Windows firewall is OK as far as it goes, but there are a number of better ones out there and some are even free.

4. If you have a wireless router in your home set up security on it. The merits of WEP and WPA are a subject for another article, but use WPA; WEP is worthless.

5. Turn your computer off when you are not using it. It limits the window of opportunity for the bad guys and if you are the tree hugger type, it saves electricity which is good for the environment and your wallet.

6. Never, ever, ever click on an attachment to an e-mail that you are not expecting, even if it is from someone you know.

7. Beware of pop ups telling you that your computer is infected. Always run your installed AV program rather than trust a pop up that only occurs when you are surfing the Internet.

And finally, please, don't ever click a link in Spam e-mail message. If you need Viagra that bad, just go see your doctor.