Viruses and Worms are malicious programs that self-replicate on computers or via computer networks without the user being aware; each subsequent copy of such malicious programs is also able to self-replicate. Malicious programs which spread via networks or infect remote machines when commanded to do so by the “owner” (e.g. Backdoors) or programs that create multiple copies that are unable to self-replicate are not part of the viruses and worms subclass.
The mail characteristics used to determine whether or not a program is classified as a separate behavior within the viruses and worms subclass is how the program propagates (i.e. how the malicious program spreads copies of itself via local or network resources).
Most known worms are spread as files sent as email attachments, via a link sent to a web or FTP resource, via a link sent in an ICQ or IRC message, via P2P file sharing networks etc. Some worms spread as network packets; these directly penetrate the computer memory, and the worm code is then activated. Worms use the following techniques to penetrate remote computers and launch copies of themselves; social engineering (for example, an e-mail message suggesting the user opens an attached file), exploiting network configuration errors (such as copying to a fully accessible disk), and exploiting loopholes in operating system and application security.
Viruses can be divided in accordance with the method used to infect a computer.
- File viruses
- Boot sector viruses
- Macro viruses
- Script viruses
Any program within this subclass can have additional Trojan functions.
It should also be noted that many worms use more than one method in order to spread copies via networks. The rules for classifying detected objects with multiple functions should be used to classify these types of worms.
This subclass of malicious programs includes the following behaviors:
Example: Ransomware is a flavor of malware that encrypts your hard drive’s files and demands a payment, usually in Bitcoin, in exchange for the decryption key. Several high-profile malware outbreaks of the last few years, such as Petya, are ransomware. Without the decryption key, it’s mathematically impossible for victims to regain access to their files. So called scareware is a sort of shadow version of ransomware, it claims to have taken control of your computer and demands a ransom, but actually is just using tricks like browser redirect loops to make it seem as if it’s done more damage than it really has, and unlike ransomware can be relatively easily disabled.
How to protect yourself?
Now that you know the distinction between the most common kinds of malicious programs, what can you do to protect yourself against them? Following are some simple precautions you can take to ensure that you’re protected from these threats.
- Install good anti-virus software, preferably a licensed copy so they don’t miss out on updates after the trial period.
- Update your anti-virus definitions regularly, ideally on a daily basis. Anti-virus software these days allow Live update feature enabling the user to schedule the updates from vendor site.
- Configure your anti-virus software to automatically scan every e-mail message for potential viruses.
- Just as often, visit sites that document the latest threats to find out what subject lines and file-attachment names the newest viruses are using. For example: McAfee, Symantec, and Trend Micro are some of the sites providing up to date information on new threats.
- Never miss out on the latest OS patches/updates. If you are a Windows user, then use Microsoft Windows update to download and install critical security patches.
- E-mail is one of the popular medium of spreading viruses and worms. Be skeptical about e-mail attachments even from the known people. Look out for strange subject lines and if possible disable the preview feature.
- Do not accept, download or execute any software from unknown sites.
- Install Internet Connection Firewall (ICF) which blocks traffic that it considers being “normal”. Many attacking programs use “normal” ports to spread through or to compromise a computer. Firewalls are helpful, but like other programs, they are not all encompassing. They should be used as a part of a layered defense.
- For all instant messaging software users-my advice is to stay away from accepting any files unless it’s from a trusted source. Since IM’s do not check for viruses before downloading, there are greater chances of infecting your computer.
- Turn off any unwanted services on your computer.