Advertisment

Of Worms and Trojans

author-image
PCQ Bureau
New Update

Worms and trojans, one of the biggest threats to desktop

security, have been in a lot of mailboxes lately. While worms are malicious

codes that mess up your machine, trojans are mainly used for hacking into other

machines. That’s why it’s important to understand their characteristics, and

ways to detect and prevent them.

Advertisment

Worms

Though worms have been around for a long time they have now

become widespread due to the increase in the usage of Internet and e-mail. They

don’t exactly come out of a vegetable, but computer worms do ‘crawl’ in a

similar fashion. They arrive inside an attachment with your mail and come out

the moment you open it. After that they keep themselves alive by spreading to

other machines via e-mail or over a network. Recent instances of the I Love You,

Lifestages, and Navidad worms have shown the rate at which worms are capable of

propagating and affecting PCs worldwide.

Navidad picks up a random e-mail from the infected user’s

mailbox and sends it across to all recipients. Melissa infected around 1.2

million PCs in hours, before the fix was finally released. That’s why it’s

even difficult for anti-virus software to keep up with the latest worms. In

fact, some anti-virus companies update their virus definitions everyday and put

it on their site for download.

Advertisment

Most worms use the in-built features of applications like

Word, Excel or Outlook. Macros, for instance, are commonly exploited for worm

replication. Outlook 2000 with its HTML support makes it even more vulnerable to

attacks by HTML-based content. Worms work on critical files like regedit.exe to

fiddle with your system registry and mess up your system. They can also put

themselves in autoexec. bat and start every time you reboot or start your

machine.

Protect yourself

Anti-virus with the latest update is the best protection from

worms. So you should always scan your mail attachments before executing them.

This is the most basic security you can use against worms. As most worms use

some sort of scripting, disabling Active Scripting in your e-mail client

prevents the malicious script to run and do damage. You can do this in Outlook

and Outlook Express by disabling Active Scripting in Internet Explorer.

Advertisment

Trojan horses

No, we’ll not discuss about the legendary Trojan horse that

led to the downfall of Troy in Homer’s Iliad. But we’ll talk about a program

that inherits its name from the legend. A trojan is a program that appears to do

something good, while it’s actually doing something nasty in the background.

This could be damaging the FAT on your hard disk, or stealing your personal

information and sending it elsewhere. Once under the control of such a program,

a hacker possessing the master or the server for the trojan can access your

machine. Machines thus controlled can be used for anything, which can be

dangerous. Technically, trojans have the same system rights as the user. So a

remote hacker can delete or edit files, install software, control peripherals,

etc. And more often than not, trojans are used to send passwords and other login

information to the hacker.

Recently, we saw reputed Internet sites susceptible to what

are called Distributed Denial of Service attacks. Hackers using trojans

mastermind these attacks. By having thousands of computers affected by trojans,

accessing the same site at the same moment, the site servers can sometimes

become overloaded and may no longer be able to process requests.

Advertisment

How they spread

Usually trojans are sent via e-mail attachments, disguised as

some legitimate software. When the recipient executes this attachment, the

trojan installs itself onto the system. Most of the time, there is no visible

indication that such a Trojan has been installed. Once installed, the system is

called a ‘zombie’ as it’s under the control of a hacker. Some of the

hackers duly put up lists of compromised machines under their control, on

Websites for helping fellow hackers. Or otherwise hackers can also use their

trojan server part to scan for compromised machines, which nicely send out their

readiness to listening ears. Trojans can also be passed through Websites similar

to the way cookies are placed.

Safeguard yourself

Advertisment

A simple and effective way of protection against trojans is a

personal firewall software. Password stealing and backdoor access trojans like

Back Orifice work under the control of a server. So, firewall software such as

ZoneAlarm or Norton Personal Firewall effectively prevent outbound connection

attempts by already installed trojans, and also prevent inbound connection

attempts by their servers.

However, if the trojan were designed to damage your files, it

would still work without any outside communication. In such cases, you need to

prevent their entry by keeping a tab on your e-mail. You can always double check

the e-mail from its sender. A simple solution is to save attachments and scan

them with your updated virus scanner before execution.

Network activity monitors can also detect unnatural network

broadcasts by machines and be used to single out the compromised ones. Other

software that work on behavior blocking can also monitor a program to find out

the kind of resources or outputs that an executed attachment is using.

Ashish Sharma

Advertisment