Worms and trojans, one of the biggest threats to desktop
security, have been in a lot of mailboxes lately. While worms are malicious
codes that mess up your machine, trojans are mainly used for hacking into other
machines. That’s why it’s important to understand their characteristics, and
ways to detect and prevent them.
Worms
Though worms have been around for a long time they have now
become widespread due to the increase in the usage of Internet and e-mail. They
don’t exactly come out of a vegetable, but computer worms do ‘crawl’ in a
similar fashion. They arrive inside an attachment with your mail and come out
the moment you open it. After that they keep themselves alive by spreading to
other machines via e-mail or over a network. Recent instances of the I Love You,
Lifestages, and Navidad worms have shown the rate at which worms are capable of
propagating and affecting PCs worldwide.
Navidad picks up a random e-mail from the infected user’s
mailbox and sends it across to all recipients. Melissa infected around 1.2
million PCs in hours, before the fix was finally released. That’s why it’s
even difficult for anti-virus software to keep up with the latest worms. In
fact, some anti-virus companies update their virus definitions everyday and put
it on their site for download.
Most worms use the in-built features of applications like
Word, Excel or Outlook. Macros, for instance, are commonly exploited for worm
replication. Outlook 2000 with its HTML support makes it even more vulnerable to
attacks by HTML-based content. Worms work on critical files like regedit.exe to
fiddle with your system registry and mess up your system. They can also put
themselves in autoexec. bat and start every time you reboot or start your
machine.
Protect yourself
Anti-virus with the latest update is the best protection from
worms. So you should always scan your mail attachments before executing them.
This is the most basic security you can use against worms. As most worms use
some sort of scripting, disabling Active Scripting in your e-mail client
prevents the malicious script to run and do damage. You can do this in Outlook
and Outlook Express by disabling Active Scripting in Internet Explorer.
Trojan horses
No, we’ll not discuss about the legendary Trojan horse that
led to the downfall of Troy in Homer’s Iliad. But we’ll talk about a program
that inherits its name from the legend. A trojan is a program that appears to do
something good, while it’s actually doing something nasty in the background.
This could be damaging the FAT on your hard disk, or stealing your personal
information and sending it elsewhere. Once under the control of such a program,
a hacker possessing the master or the server for the trojan can access your
machine. Machines thus controlled can be used for anything, which can be
dangerous. Technically, trojans have the same system rights as the user. So a
remote hacker can delete or edit files, install software, control peripherals,
etc. And more often than not, trojans are used to send passwords and other login
information to the hacker.
Recently, we saw reputed Internet sites susceptible to what
are called Distributed Denial of Service attacks. Hackers using trojans
mastermind these attacks. By having thousands of computers affected by trojans,
accessing the same site at the same moment, the site servers can sometimes
become overloaded and may no longer be able to process requests.
How they spread
Usually trojans are sent via e-mail attachments, disguised as
some legitimate software. When the recipient executes this attachment, the
trojan installs itself onto the system. Most of the time, there is no visible
indication that such a Trojan has been installed. Once installed, the system is
called a ‘zombie’ as it’s under the control of a hacker. Some of the
hackers duly put up lists of compromised machines under their control, on
Websites for helping fellow hackers. Or otherwise hackers can also use their
trojan server part to scan for compromised machines, which nicely send out their
readiness to listening ears. Trojans can also be passed through Websites similar
to the way cookies are placed.
Safeguard yourself
A simple and effective way of protection against trojans is a
personal firewall software. Password stealing and backdoor access trojans like
Back Orifice work under the control of a server. So, firewall software such as
ZoneAlarm or Norton Personal Firewall effectively prevent outbound connection
attempts by already installed trojans, and also prevent inbound connection
attempts by their servers.
However, if the trojan were designed to damage your files, it
would still work without any outside communication. In such cases, you need to
prevent their entry by keeping a tab on your e-mail. You can always double check
the e-mail from its sender. A simple solution is to save attachments and scan
them with your updated virus scanner before execution.
Network activity monitors can also detect unnatural network
broadcasts by machines and be used to single out the compromised ones. Other
software that work on behavior blocking can also monitor a program to find out
the kind of resources or outputs that an executed attachment is using.
Ashish Sharma