virus is a small piece of software embedded in a larger, legitimate program or
attached to a document. A computer virus spreads from computer to computer in
similar ways to how a biological virus spreads from person to person, although
the analogy is not exact.
biological virus is not a living thing. It is a fragment of genetic code, DNA,
that lives inside a protective jacket and infects living cells by injecting that
rogue DNA into the cell environment. The viral DNA uses the cell's existing machinery
to reproduce itself.
the computer virus is code that must attach itself to another program or document
to infect a machine. For instance, the virus might attach itself to a word processing
program and reproduce each time the user opens that program. When a computer user
opens an infected program, the virus loads itself into the computer's memory and
searches for other programs to infect. The code embeds itself in the new program
and is relaunched when the computer user opens the new program, creating a vicious
were originally designed to infect the boot sector -- the first part of the operating
system that loads when you turn your computer on. The boot sector tells the computer
how to load the rest of the operating system. By putting code in the boot sector,
the virus is executed every time you turn the computer on. Most operating systems
are now designed with special boot sector protections.
the past, viruses spread via floppy discs or documents uploaded to bulletin boards.
More recently, creators program the virus to attach itself to e-mail messages
and the virus replicates by going through a person's address book and sending
duplicates across the Internet.
viruses are created to cause destruction, which is launched in what is called
the attack phase. Viruses are designed to wait for a trigger such as a specific
date, or the number of times the virus has reproduced. When the trigger activates
the virus, it opens a small program that performs a task -- anything from writing
a cute message on your screen to erasing all of the data on the hard drive.
Worms are small
pieces of software that exploit security holes to spread via computer networks.
The worm scans the computers on a network to see if there are other computers
with the same security flaws.
get into a network, a worm author releases the worm "into the wild"
-- onto a networked machine that can then lead to a server and other networks.
Machines infected by the worm swiftly spam the Internet with randomly addressed
traffic -- often a request for information similar to a database inquiry -- hitting
other vulnerable servers. The worm often uses randomly selected IP addresses to
insert itself into other computers by exploiting a flawed buffer overflow function.
A buffer overflow is when the string of data entering a program is written into
memory without regard to its length. If the string is too long, the tail end of
the data overwrites the program's own code.
the case of the Slammer worm, for example, the data string spilled over into the
computer's stack. According
to the Wired article "Slammed!" by Paul Boutin, the "stack"
is "an orderly list of information the computer shuffles to remind itself
what to do next, like tidy paperwork on a desk." The infected computer then
overwrote its own stack with the rogue Slammer code, disguised as routine code,
thus reprogramming itself without realizing it.
targeted other computers on the Internet by looking up the number of milliseconds
that elapsed since the computer was booted and translating the system clock into
an IP address. The worm then pointed to its own code as the data to be sent to
the new computer through a protocol disguised as a request for information from
well-designed worm replicates so quickly it creates huge packets of requests that
can overwhelm entire Internet server farms and disrupt Internet access for millions
of computers in a matter of hours.
By Leah Clapman, Online NewsHour