Computer Viruses – Who, What, How and Why

Graham CaparuloBlog

virus-detected

virus-detectedSome of the most common questions that we hear from customers revolve around computer viruses: “How did I get this virus?”. “What exactly is a virus?”. “Who writes them and why?”.

So, in the post, I’ll focus on the How, What, Who and Why of viruses. As a follow up post, I’ll talk about what you can do to protect your PC’s and some additional tricks that we here at Diligex take to protect ourselves and our clients.

What: What exactly is a virus anyway?

For the purposes of this writeup, let’s just refer to a ‘virus’ as Malware. The collective at Wikipedia defines Malware as:

Malware: short for malicious (or malevolent) software, is software used or programmed by attackers to disrupt computer operation, gather sensitive information, or gain access to private computer systems. It can appear in the form of code, scripts, active content, and other software. ‘Malware’ is a general term used to refer to a variety of forms of hostile or intrusive software.

Malware includes computer viruses, ransomware, worms, trojan horses, rootkits, keyloggers, dialers, spyware, adware, malicious BHOs, rogue security software and other malicious programs; the majority of active malware threats are usually worms or trojans rather than viruses

Who: So, who writes these things?!

Well, McAfee, Norton and AVG of course! I mean, without ‘viruses’ those companies wouldn’t exist now would they? Hmmm.

OK, all joking and conspiracy theories aside. Malware is written by people, really smart computer nerd, hacker type people. These people can work individually or collectively. For themselves or for corporations, agencies, governments, or organizations.

Remember the I LOVE YOU email virus that was distributed back in 2000? It was written by two college students in the Philippines.

And how about the Stuxnet back in 2010? That one was written by programmers deep within the echelons of the U.S. and Israeli Governments.

Why: Why write a virus?

In the early days, viruses were usually written and distributed just to prove that they could be. Nowadays, the reason is predominantly for financial or political gain.

Some malware is designed simply to track your habits and throw pop-up ads at you all day long.

Some are designed to log your keyboard and mouse input with the goal of stealing passwords and account numbers. Once the hacker has obtained your passwords and account numbers they can sell the information on the black market or try and hack into your accounts themselves.

Some are designed to cripple computer networks and in some cases cause physical damage. The Stuxnet worm effectively crippled Iran’s uranium enrichment capabilities by changing centrifuge rotational speeds which lead to premature and permanent failure.

Some are for revenge. The recent DDOS attacks launched against Spamhaus (worlds largest anti-SPAM organization) were in response to Spamhaus blocking email traffic from certain networks known to be sending SPAM.

How: How did my computer become infected?

Funny sidebar. Back in the late 90’s, during a long and cold winter, somewhere in dingy call center, I had 3 users 100% convinced that their PC’s were getting viruses due to a flu epidemic that was going around. “You see these fans? They suck in the outside air and blow straight on the PC’s processor, I said. ” With so much sneezing and so many germs flying around…” (you get the picture). Ahhh the 90’s.

So, “how did I get this virus!?” That’s a tricky one to answer precisely. We’re often asked by customers to tell them exactly how they got a particular malware infection. There are hundreds of ways a machine can become infected with malware and without knowing exactly what the user did to contract the virus, the return on investment of forensically diagnosing the root cause often doesn’t make sense.

Any computer connected to any network is at risk of contracting an infection, just as we humans are at risk when interacting with one another. As humans, we can lock ourselves in a clean room and never interact with anyone, or take the proper precautions. Same goes for your PC. Since a disconnected PC is pretty much useless, we need to make sure precautions are in place to protect the connected PC.

In general terms, machines contract malware infections by just innocently browsing the internet, opening and eMail or downloading a file from a sharing network. Entire websites or even a single image on a website can contain malicious code which can infect your computer. And like any good organic virus, cyber viruses replicate themselves through any vehicle willing to transport them.

A better question might be, “What did I neglect to do to protect myself?”

95% of the time, we find that the user: 1) did not have a firewall and/or an anti-malware client. 2) Has not been keeping their PC up to date with Windows security and 3rd party application updates.

If you do both of the above, your chances of contracting a virus are reduced significantly. And there are further simple steps that you can take to limit your exposure to malware.

Stay tuned for a deeper look at malware distribution methods and what you can do to protect your PC’s, devices and most importantly your data and identity