14 December 2007

I hear about computer viruses all the time. What purpose do they serve, and should I be worried?

Viruses are a type of malware — malicious software developed for the purpose of doing harm. In the early years of mainstream computing, they spread from PC to PC via floppy disks and generally had a destructive and obvious payload.

With the growth of the Internet and always-on computing, the threat has evolved and become more stealthy and sophisticated as business-minded hackers have realised there is serious money to be made. Most threats target Windows PCs, but there have been recent attempts aimed at Macs.

The most prevalent form of malware is the “trojan”, which will deliver one thing while pretending to be another. A typical infection might come about through a search for “free MP3 site”. By following the returned links and downloading an “MP3” you might get a lot more than you expected — and perhaps not even the promised music file.

Most sites on your list will try to install a code without your knowledge or any interaction. Once successfully installed, a trojan might then try to download and install more malware to log and redistribute personal information, credit card numbers and passwords.

Your PC might also become a “spam zombie” and member of a “botnet” (robot network). Botnets are controlled by “herders” who rent the combined power of the PCs they control to spammers or those wishing to attack corporate sites.

A recent development has been the growth of “drive-by” malware, where reputable websites or ad servers displaying banners get hacked, with the result that files are unwittingly downloaded by users going about their normal business. Recent cases include the Miami Dolphins’ stadium site during the Superbowl, and the Bank of India website which was hacked in September. Users were redirected to a server with 22 types of malicious code for visiting PCs. I am also aware of one architect’s practice website which has been affected in this way.

Once your computer is “owned”, it is likely that your anti-virus software will be surreptitiously disabled and you will receive virus updates — literally — from its controller as their “warez” develop. This year has seen a botnet war where rival gangs have vied for global zombie supremacy, each attempting to uninstall the other’s malware and substitute it with their own.

For individuals, there is great cause to worry, and you should be extremely cautious in your browsing habits. Computers should be patched with the latest system and anti-virus updates, and you should never follow links embedded in emails — especially ones purporting to come from your bank or eBay. Companies stand to lose money through decreased productivity and loss of reputation. Fraud on company credit cards is very common, and can take longer to detect than on personal accounts.

The bad news is that the forthcoming holiday season, when we are most likely to be spending more money online, is traditionally the time of year virus writers reserve for their most devastating attacks. Merry Christmas!

© Liam Southwood. All rights reserved.

• Upgrading from XenServer 5.5 to 5.6 and missing NICs
• Catch a virus at Christmas
• Email on the move
• How to dispose of your PCs
• Sizing up file sending
• Vista Upgrade
• Spam Avalanche