Virus Evolution History Part 2 – Melissa and other executable worms

The powerful file interpreter scripts included in Microsoft Office gave to the virus creators an opportunity to be armed with the characteristics of worms. An example of this was Melissa worm, a Word macro virus with the characteristics of a worm, which infected documents created with the 97 and 2000 versions of Word. This worm automatically sends itself as an attachment in an email, in the first 50 contacts to be found in the address book in Outlook, on the infected computer. This technique, which unfortunately has become very popular today, was first used in this virus which in 1999 caused one of the biggest epidemics in computer history, within a few days. In fact, large companies like Microsoft, Intel and Lucent Technologies had to block their connections to the Internet due to the action of Melissa.

The technique applied for the first time in the Melissa virus was developed subsequently by viruses like VBS / Freelink who, on the contrary to its predecessor, sent itself to all contacts recorded in the address book of an infected PC. This was the beginning of a new generation of worms, that were able to send themselves to all the contacts found in the address book in Outlook of the infected computer. From all those worms, the one that really stands out is the VBS / LoveLetter, widely known as I love You Virus, which first appeared in May 2000 and caused an epidemic with losses estimated at 10,000 million euros. To attract the attention of users and to contribute to its spread, this worm sent itself via an e-mail message with ILOVEYOU title and an attachment named LOVE-LETTER-FOR-YOU.TXT.VBS. When the user opens the attachment, the computer was infected.

Besides Melissa, in 1999 another type of virus appeared, which was also a milestone in the history of viruses. In November of that year the VBS / BubbleBoy virus (written in VB Script) was created: a new type of worm which spread over the Internet, without the user clicking on an attachment. To automatically run itself when the user opened or displayed a message, the virus took advantage of a security problem in Internet Explorer 5. Successor of this worm in 2000 was the JS / Kak.Worm, which spread by exploiting the automatic signature of Microsoft Outlook Express, which enabled it to infect computers without requiring the execution of a file from the user. These were the first samples of a series of worms that were subsequently enriched with new members – worms that could attack computers while users were browsing the Internet.

Virus Evolution History – Part 1

In this article we will examine how the growth of Windows and Visual Basic affected the evolution of computer viruses, since along with the development of those two technologies we had the appearance of global virus epidemics, like the virus Melissa in 1999.

While Windows were evolving as an application designed to facilitate the management of the DOS in a 32-bit operating system, the virus developers returned to using assembly as the main programming language to create viruses. Versions 5 and 6 of Visual Basic (VB) were, together with the Borland Delphi (Pascal language environments for Windows), the preferred development tool for creators of worms and Trojan horses. Then Visual C came into play, which offered a powerful application programming language for Windows. Quickly C was adopted by the creators of viruses, Trojan horses and worms. Viruses based on the Visual C language acquired unprecedented power, supplanting all other types of viruses. Although the characteristics of worms have changed with time, all have the same goal: to spread to as many computers in the shortest possible time.

Over time, Visual Basic became extremely popular and Microsoft implemented it as part of the functionality of a separate tool: an “interpreter” capable of executing script files that contained code with similar syntax.
Simultaneously, with the establishment of the 32-bit Windows platform, the first script file viruses were born: These were hostile software hidden inside a plain text file. Script file viruses showed that the executable files (files with extensions. EXE and. COM) were not the only ones that could carry viruses. As we have already seen with BAT files for viruses, there are other means of spreading a virus, fully justifying the assumption that everything that can be executed either directly or through an interpreter, may contain a hostile software. Specifically, the first viruses that could infect the macros contained in the applications of Microsoft Office came into the scene. As a result, Word, Excel, Access and PowerPoint have become vehicles for the spread of lethal weapons, which destroy data even when users simply open a document.

Which are the biggest companies in the Antivirus arena

Everyone in the United States has heard of the leading antivirus vendors such as Mcafee, Trend Micro, Symantec, Computer Associates etc. These companies have market-leading presence in the United States.

Microsoft, as well, has plans to become a key player in this market. Microsoft acquired intellectual property and technology from GeCad software in 2003, a company based in Bucharest, Romania. They also acquired Pelican Software, which had a behavior based security as well as Giant Company Software for spyware and Sybari Software, which manages virus, spam, and phishing filtering.

A lot of discussion has centered on whether Microsoft will come to own a dominant position in the antivirus market by simply bundling its technologies with its operating systems at no charge. This is a similar technique applied in other markets such as word processing and Internet browsers. This started to happen in Windows Vista edition with the built-in windows defender to some extend.

Of course there are a number of other antivirus vendors who also play in this market. There are many companies with great market presence in other countries that are beginning to become more widely known. These vendors include:

  • GriSoft out of the Czech Republic
  • Sophos in the united Kingdom
  • Panda Software out of Spain
  • Kaspersky in Russia
  • SoftWin in Romania
  • F-Secure in Finland
  • Norman in Norway
  • Arcabit in Poland
  • VirusBuster out of Hungary, and
  • AhnLab in South Korea.

It is not clear where the industry is heading and everyone in this market faces a rapidly changing landscape. The amount of effort to find and provide fixes for viruses is staggering. Malicious programs are getting more complex and the number of them is increasing. Many companies may find themselves without the resources to match the efforts of those truly bent on creating havoc. Some virus companies are getting of hundreds of new samples a day! Moreover, the new viruses are getting “smarter” in that they propagate themselves quickly and they often hide themselves and are smart enough to move around in a system by renaming themselves in an effort to make it hard to remove them.

Computer Password Best Practices

Passwords provide the first line of defence in computer systems and must be considered one of the top elements to protect and secure. They offer the main access control mechanism in computers and with some good security practices can provide a big obstacle to intruders.

Following are some best security practices for using on your computer passwords:

  • Use at least 8 characters.
  • Use both alphabetic and numeric characters together with special letters (such as !@%$ etc).
  • Don’t use consecutive letters (e.g abcd123 is not a strong password).
  • Use PassPub.com for generating a random strong password.
  • Try to use a phrase as a password instead of just a word.
  • Don’t use passwords that can be found in dictionaries, or passwords that are dates or names of people.
  • Change your password at least once a month.
  • Don’t use the same password in two different accounts.
  • Don’t use the “Remember Password” feature found in various accounts.
  • Don’t send your password anywhere in clear text format (e.g in an email).

If you follow the above best practices you can be sure that you are in the right path to provide a strong access control for your computer system.

Use always two antispyware – Best Free antispyware software

From my experience, the use of just one antispyware software to protect your home computer is never enough. Sometimes, antivirus suites include also an antispyware engine but I prefer to use my antivirus software for virus protection only and have dedicated antispyware tools specifically for their intended purpose. Especially since you can find excellent antispyware tools for free, thats another reason to download two different antispyware flavors for better protection.

I have researched and found the best free antispyware tools in my opinion and provide their URLs below:

  1. Spyware Terminator (www.spywareterminator.com)
  2. AVG Antispyware (free.avg.com)
  3. Threatfire (www.threatfire.com)
  4. Spybot Search and Destroy (www.safer-networking.org)

Of course make sure to have only one realtime antispyware guard protection turned on to avoid conflicts.

Virus Types

Viruses are generally distinguished by the way they spread and propagate or the target they attack. The following virus types do not necessarily indicate a strict division. A file infector for example may also be a system infector. A script virus that infects other script files may be considered also to be a file inspector. There are also difficulties in drawing a hard distinction between macro and script viruses. Nevertheless, the virus types that I describe in this post provide a pretty good classification of computer viruses as researched by security scientists. Continue reading “Virus Types”