Viruses and trojan programs are malicious applications intended to give third parties some form of
control over remote computer systems.
Viruses are one of the most publicized aspects of the modern computing world.
Reporters love to write articles about them and people love to ooh and ah over the
concept. Even the least technologically savvy people on the planet seem to be puzzled
and naturally curious about the fact that computers can get sick, too.
Of course, the rest of us know computers do not get sick; they simply inadvertently
download small and pesky programs that have been written with malicious intent.
These programs have historically been known as a trojan or a virus. Today, the
differences between these types of malicious programs have blurred. Most scanning
software on the market claims to address both problems with equal proficiency. The
fact remains that viruses and trojans, although lumped together, perform different
functions for the attackers who create them.
A virus is a small program that is designed to infect one or more of a computer’s
files. As it spreads, it may cause a variety of serious or benign problems. Sometimes the goal is to annoy and sometimes the goal is to destroy. Sometimes a virus will
delete files or even format an entire hard drive. In other cases, a virus may display
messages across the screen merely to make itself known. In almost all cases however,
a virus will render an operating system unstable, often due to its exploitative
To meet the definition of a virus, a program must meet two criteria:
A malicious virus might have a payload program that deletes critical files from a hard
drive. Some viruses are highly destructive, some are just annoyances or spread
harmlessly, and most fall somewhere in between.
- It must execute itself. To accomplish this it will often place its own code in
the path of execution of another program.
- It must replicate itself. For example, it may replace other executable files
with a copy of the virus-infected file. Viruses are capable of infecting any
machine on a network, whether categorized as a workstation or a server.
Once a system has been infected with a virus, the virus can execute its payload.
Viruses present themselves in a variety of ways with a variety of purposes.
Computer history has revealed five officially recognized categories of viruses. They
are as follows:
File Infector Viruses: File infector viruses infect program files. These viruses
normally infect executable code, such as .com and .exe files. They can infect
other files when an infected program is run from a floppy, hard drive, or
from the network. Many of these viruses are memory resident. After
memory becomes infected, any non-infected executable that runs becomes
(Master) Boot Sector Viruses: Boot sector viruses infect the system area of
a disk—that is, the boot record on floppy disks and hard disks. These
viruses are always memory resident in nature. Boot sector viruses are
seldom seen today because they were designed to exploit Disk Operating
System (DOS) systems. Once the boot record of an infected disk is
accessed, the virus remains in memory, and all floppy disks that are not
write protected will become infected when the floppy disk is accessed.
Multi-partite Viruses: Multi-partite (or polypartite as they are sometimes
called) viruses infect both boot records and program files. As a result, it is
not easy to repair the damage caused by these viruses. If the boot area is
cleaned, but the files are not, the boot area will become infected again.
Macro Viruses: These types of viruses infect data files. The damage done by
these viruses has had the most direct impact on corporate Information
Technology (IT) departments in recent years. The sidebar describes this
pest in greater detail.
Trojans serve a different purpose.
Their goal is not to spread, or
even to annoy. A typical trojan application
is cleverly disguised as another
program, so as to not be
detected. Because it cannot replicate
itself, a trojan needs to be invited
in to a system, much like the
original gift from Troy. Once invited,
it contains a hidden surprise that
will give the enemy (malicious cyber
criminals) a tremendous battle advantage,
thus the assignment of the
A trojan is often extremely difficult
or even impossible to detect.
They are designed to leave little or
no digital paper trail. When a user
inadvertently executes a trojan program,
it buries itself into the operating
system, residing undetected for
potentially infinite periods of time. It
can delete log files that the operating
system may create, thus destroying
any record of its functions. The
purpose of a trojan is often to give
an external user total backdoor control of a system, without the user’s permission or
knowledge. Scared yet? Don’t panic; keep reading to learn the best way to deal with
these problematic devils.
A virus with a trojan as its payload creates a particularly dangerous combination.
The virus can get into systems and replicate itself, leaving little trojans in its wake.
Within a short while, a vast network of machines will be under the virus creator’s
control. These machines are called zombies; a large collection of zombies under
centralized command is called a zombie-net. These zombie-nets are often used to
launch untraceable, massive distributed Internet assaults such as a Denial of Service
For every crime a law has been written, and for every criminal a cop is out there
looking to bag the bad guy. Computer viruses scanner (anti-virus) applications are
analogous to police, as they have always focused on identifying, catching, and eliminating
the latest viruses in circulation. Most recently they have also set their sights
on trojan applications, despite the fact that these programs are extremely difficult to
The above information is the start of a chapter in "Network Security Illustrated," published by McGraw-Hill and available from amazon.com, as well as your local bookstore. The book goes into much greater depth on this topic. To learn more about the book and what it covers, click here.
Below, you'll find links to online resources that supplement this portion of the book.