1	"Presentation on" Presentation on Viruses, Trojan Horses, Worms & Spam By Ernie Arnett August 11, 2002
2	Virus Definition A computer virus is a small program written to alter the way a computer operates, without the permission or knowledge of the user. A virus must meet two criteria: It must execute itself. It will often place its own code in the path of execution of another program. It must replicate itself. For example, it may replace other executable files with a copy of the virus infected file. Viruses can infect desktop computers and network servers alike. Some viruses are programmed to damage the computer by damaging programs, deleting files, or reformatting the hard disk. Others are not designed to do any damage, but simply to replicate themselves and make their presence known by presenting text, video, and audio messages. Even these benign viruses can create problems for the computer user. They typically take up computer memory used by legitimate programs. As a result, they often cause erratic behavior and can result in system crashes. In addition, many viruses are bug-ridden, and these bugs may lead to system crashes and data loss.
3	Number of Virus’s As of 8/7/02 Symantec has identified 61800 virus’s.
4	Five recognized types of viruses 1.)File infector viruses: File infector viruses infect program files. These viruses normally infect executable code, such as .com and .exe files. They can infect other files when an infected program is run from floppy, hard drive, or from the network. Many of these viruses are memory resident. After memory becomes infected, any no infected executable that runs becomes infected. Examples of known file infector viruses include Jerusalem and Cascade.
5	Five recognized types of viruses 2.) Boot sector viruses: Boot sector viruses infect the system area of a disk--that is, the boot record on floppy disks and hard disks. All floppy disks and hard disks (including disks containing only data) contain a small program in the boot record that is run when the computer starts up. Boot sector viruses attach themselves to this part of the disk and activate when the user attempts to start up from the infected disk. These viruses are always memory resident in nature. Most were written for DOS, but, all PCs, regardless of the operating system, are potential targets of this type of virus. All that is required to become infected is to attempt to start up your computer with an infected floppy disk Thereafter, while the virus remains in memory, all floppy disks that are not write protected will become infected when the floppy disk is accessed. Examples of boot sector viruses are Form, Disk Killer, Michelangelo, and Stoned.
6	Five recognized types of viruses 3.) Master boot record viruses: Master boot record viruses are memory resident viruses that infect disks in the same manner as boot sector viruses. The difference between these two virus types is where the viral code is located. Master boot record infectors normally save a legitimate copy of the master boot record in an different location. Windows NT computers that become infected by either boot sector viruses or master boot sector viruses will not boot. This is due to the difference in how the operating system accesses its boot information, as compared to Windows 95/98. If your Windows NT systems is formatted with FAT partitions you can usually remove the virus by booting to DOS and using antivirus software. If the boot partition is NTFS, the system must be recovered by using the three Windows NT Setup disks. Examples of master boot record infectors are NYB, AntiExe, and Unashamed.
7	Five recognized types of viruses 4.) Multi-partite viruses: Multi-partite (also known as polypartite) viruses infect both boot records and program files. These are particularly difficult to repair. If the boot area is cleaned, but the files are not, the boot area will be reinfected. The same holds true for cleaning infected files. If the virus is not removed from the boot area, any files that you have cleaned will be reinfected. Examples of multi-partite viruses include One_Half, Emperor, Anthrax and Tequilla.
8	Five recognized types of viruses 5.) Macro viruses: These types of viruses infect data files. They are the most common and have cost corporations the most money and time trying to repair. With the advent of Visual Basic in Microsoft's Office 97, a macro virus can be written that not only infects data files, but also can infect other files as well. Macro viruses infect Microsoft Office Word, Excel, PowerPoint and Access files. Newer strains are now turning up in other programs as well. All of these viruses use another program's internal programming language, which was created to allow users to automate certain tasks within that program. Because of the ease with which these viruses can be created, there are now thousands of them in circulation. Examples of macro viruses include W97M.Melissa, WM.NiceDay and W97M.Groov.
9	What is a virus hoax? Virus hoaxes are messages, almost always sent by email, that amount to little more than chain letters. Some of the common phrases used in these hoaxes are: If you receive an email titled [email virus hoax name here], do not open it! Delete it immediately! It contains the [hoax name] virus. It will delete everything on your hard drive and [extreme and improbable danger specified here]. This virus was announced today by [reputable organization name here]. Forward this warning to everyone you know! Most virus hoax warnings do not deviate far from this pattern.
10	What is not a virus? Because of the publicity that viruses have received, it is easy to blame any computer problem on a virus. The following are not likely to be caused by a virus or other malicious code: Hardware problems. There are no viruses that can physically damage computer hardware, such as chips, boards, and monitors. The computer beeps at startup with no screen display. This is usually caused by a hardware problem during the boot process. Consult your computer documentation for the meaning of the beep codes. The computer does not register 640 K of conventional memory. This can be a sign of a virus, but it is not conclusive. Some hardware drivers such as those for the monitor or SCSI card can use some of this memory. Consult with your computer manufacturer or hardware vendor to determine if this is the case. You have two antivirus programs installed and one of them reports a virus. While this could be a virus, it can also be caused by one antivirus program detect the other program's signatures in memory. For additional information, see Should you run more than one antivirus program at the same time?
11	What is not a virus? You are using Microsoft Word and Word warns you that a document contains a macro. This does not mean that the macro is a virus. You are not able to open a particular document. This is not necessarily an indication of a virus. Try opening another document or a backup of the document in question. If other documents open correctly, the document may be damaged. The label on a hard drive has changed. Every disk is allowed to have a label. You can assign a label to a disk by using the DOS Label command of from within Windows.
12	What is a Trojan Horse? Trojan Horses are impostors--files that claim to be something desirable but, in fact, are malicious. A very important distinction from true viruses is that they do not replicate themselves, as viruses do. Trojans contain malicious code, that, when triggered, cause loss, or even theft, of data. In order for a Trojan Horse to spread, you must, in effect, invite these programs onto your computers--for example, by opening an email attachment. The PWSteal.Trojan is a Trojan.
13	What is a Trojan Horse? These programs can perform various malicious activities, such as deleting files, changing system settings, and running malicious programs.
14	Backdoor.Trojan This Trojan opens a port to allow a hacker to control the infected system. Within the larger grouping, there are Trojans that share very similar characteristics. These are given specific names and include any Trojans with "Backdoor." at the beginning of the name, such as Backdoor.Subseven and Backdoor.Netbus.
15	PWSteal.Trojan A Trojan horse that gathers and sends out some type of password. If the password-stealing Trojan targets America Online user login information, the detection will be AOL.Trojan.
16	What is a worm? Worms are programs that replicate themselves from system to system without the use of a host file. This is in contrast to viruses, which requires the spreading of an infected host file. Although worms generally exist inside of other files, often Word or Excel documents, there is a difference between how worms and viruses use the host file. Usually the worm will release a document that already has the "worm" macro inside the document. The entire document will travel from computer to computer, so the entire document should be considered the worm. PrettyPark.Worm is a particularly prevalent example.
17	However, a few basic precautions can minimize your risk of infection. Do not leave a floppy disk in the floppy disk drive when you shut down or restart the computer. Write-protect your floppy disks after you have finished writing to them. Be suspicious of email attachments from unknown sources. Verify that attachments have been sent by the author of the email. Newer viruses can send email messages that appear to be from people you know. Do not set your email program to "auto-run" attachments. Obtain all Microsoft security updates. Back up your data frequently. Keep the (write protected) media in a safe place--preferably in a different location than your computer.
18	However, a few more basic precautions can minimize your risk of infection. DO NOT open attached files (especially .exe files) if you are not 100% positive where it came from. Virus developers use something called "social engineering" that can make a harmful attachment look like it came from your friend Joe, when in fact Joe unknowingly has the virus and it sent itself to everyone in Joe's mailbox. Always verify with the sender what they sent you before opening the attachment. Run virus scanning software or virus monitoring software. Keep up with current news on virus releases. If you know what's out there you can take measures to avoid it.
19	What is spam Spam is unwanted, invasive Internet advertising aka Unsolicited Commercial Email (UCE).
20	Types of UCE or Spam Chain letters Pyramid schemes (including Multilevel Marketing, or MLM) Other "Get Rich Quick" or "Make Money Fast" (MMF) schemes Offers of phone sex lines and ads for pornographic web sites Offers of software for collecting e-mail addresses and sending UCE Offers of bulk e-mailing services for sending UCE Stock offerings for unknown start-up corporations Quack health products and remedies Illegally pirated software ("Warez").
21	Why is UCE or Spam Bad Fraud. Spammers know that in survey after survey, the overwhelming majority (often approaching 95%) of recipients don't want to receive their messages. As a result, many junk emailers use tricks to get you to open their messages. For instance, they make the mail "subject" look like it is anything other than an advertisement.
22	Why is UCE or Spam Bad Waste of Others' Resources. When a spammer sends an email message to a million people, it is carried by numerous other systems en route to its destination, once again shifting cost away from the originator. The carriers in between are suddenly bearing the burden of carrying advertisements for the spammer. The number of spams sent out each day is truly remarkable, and each one must be handled by other systems; there is no justification for forcing third parties to bear the load of unsolicited advertising.
23	Why is UCE or Spam Bad Displacement of Normal Email. Email is increasingly becoming a critical business tool. In the late 1980s, as more and more businesses began to use Fax machines, the marketers decided that they could Fax you their advertisements. For anyone in a busy office in the late 1980s, you will remember the piles and piles of office supply advertisements and business printing ads that came pouring out of your Fax machine... making it impossible to get the Fax that you were expecting from your office.
24	Why is UCE or Spam Bad Annoyance Factor. Your email address is not the public domain! It is yours, you paid for it, and you should have control over what it is used for. If you wish to receive tons of unsolicited advertisements, you should be able to. But you shouldn't be forced to suffer the flood unless and until you actually request it.
25	Why is UCE or Spam Bad Ethics. Spam is based on theft of service, fraud and deceit as well as cost shifting to the recipient. The great preponderance of products and services marketed by UCE are of dubious legality. Any business that depends on stealing from its customers, preying on the innocent, and abusing the open standards of the Internet is -- and should be -- doomed to failure.
26	How Spamers get your e-mail address Mailing list Newsgroups Acquired list Web pages Other Spammers IRC & chat software, chat rooms AOL profiles Previous owner of the e-mail address.
27	How to avoid getting Spam Use Multiple e-mail address Use one for Family and Close Friends Use a different one for newsgroups Use another one for mailing list Have another one for Junk mail.
28	How to get rid of Spam once you are on the mailing list Use filter to auto delete Contact your ISP to see if they can filter/block Locate the header of the e-mail and contact the originating ISP. Forward the offensive mail with your complaint to postmaster@website.com or abuse@website.com.
29	Why does notifying the ISP work All corporations will act immediately to protect their businesses. All ISPs will act immediately on this to protect their businesses and their IP numbers. There is no "freedom of speech" problem here. ISPs will immediately cancel the offensive account(s) and maybe even legally follow-up. You can be almost guaranteed that individual will be off the net the next business day if what was done was egregious enough! Most ISPs do not appreciate customers using their services for "no good" and do not wish to be known as being tolerant of this sort of behavior, especially since sexual harassment and junk email are federal offenses and put the ISP at risk of being prosecuted, as well.
30	What NOT to do if you get Spam Never respond to a spam e-mail. For a spammer, one "hit" among thousands of mailings is enough to justify the practice. Instead, if you want a product that is advertised in a spam e-mail, go to a Web site that also carries the product, inquire there, and tell them you do not approve of spam methods and will not patronize a company that uses spammers.
31	What NOT to do if you get Spam Never respond to the spam e-mail's instructions to reply with the word "remove." This is just a trick to get you to react to the e-mail -- it alerts the sender that a human is at your address, which greatly increases its value. If you reply, your address is placed on more lists and you receive more spam
32	What NOT to do if you get Spam Never sign up with sites that promise to remove your name from spam lists. These sites are of two kinds: (1) sincere, and (2) spam address collectors. The first kind of site is ignored (or exploited) by the spammers, the second is owned by them -- in both cases your address is recorded and valued more highly because you have just identified it as read by a human.
33	What NOT to do if you get Spam Never mail-bomb spam sites or engage in hacking to stop spammers. This only increases the amount of wasted Internet traffic, creates sympathy for spammers, and makes the Internet even less reliable than it already is.
34	How to report fraudulent e-mail Most spam is simply annoying, but some of it is illegal. One obvious category is an e-mail that asks you to send, say, $5 to several addresses in the letter, and promises big returns if you follow the letter's instructions -- this is called a "pyramid scheme" and it is illegal. There are many other kinds of illegal e-mail, too many to describe here. If you believe an e-mail is fraudulent, you should report it. Here are some addresses that accept fraud reports: FTC Spam Report e-mail address (uce@ftc.gov) The Federal Trade Commission Home Page The National Fraud Information Center A list of State Attorneys General + Agency List
35	Web Sites of Interest www.rvpcc.org www.symantec www.microsoft.com www.mcafee.com www.virus-scan-software.com www.pandasoftware.com www.cauce.org/about/resources.shtml www.newcreations.net/webmaster/spam.html - Very Good www.stop-spam.org/On-Line_Spam
36	Web Sites of Interest http://email.about.com/library/weekly/aa101397.htm www.emailabuse.org http://www.nwtechusa.com/sophos.php http://www.grisoft.com/html/us_index.htm http://www.f-secure.com/products/ http://housecall.antivirus.com http://www.arachnoid.com/lutusp/antispam.html http://www.oitc.com/Disney/WhatToDo.html - Very Good http://dlis.gseis.ucla.edu/people/pagre/spam.html - Some material a little dated
37	"Questions?" Questions? Email Ernie at vicepresident@rvpcc.org