Script & Macro Viruses

Script Viruses - Types and Habitats

Script viruses (sometimes called macro viruses) generally travel embedded in email and office automation documents, although they can be found in web pages as well.

Old fashioned program viruses are usually implemented in executable system code, whereas script viruses are usually written in a powerful high-level language that is compiled and run on the fly. They often have sophisticated functionality and direct interfaces to high level applications such as word processing, spreadsheet, email, and web programs, and can wreak considerable havoc. Since they first surfaced in office automation programs, they are sometimes also called "macro" viruses. Script viruses can also propagate through IRC protocols.

On Microsoft computers, turning on your script checking virus protection is essential. However, keep in mind that there may be an associated performance hit for some applications. Many applications on Windows are written in Visual Basic, and real-time script virus checking can double the time it takes for their usual functions to run. If you find that ordinary functions take an inordinate length of time to complete, you can try temporarily turning this feature off in your anti-virus checker -- but don't forget to turn it back on afterwards!

Active threats. The following types of script viruses are currently the most active and dangerous, on the Windows platform:

Visual Basic is a flexible and powerful programming environment for Microsoft Windows, Office, and Internet applications. Script viruses written in Visual Basic can run throughout the Microsoft architecture, giving them considerable reach and power, and making them the primary virus threat today.

The first widespread Visual Basic script virus was Melissa, which brought down several of the large international corporations for several days in March 1999. Melissa traveled in a Microsoft Word document and ran when the document was opened, then opened the associated Microsoft Outlook email program, read the user's email address book, and then sent email copies of itself to the first fifty names it found. It spread very quickly.

The Melissa virus architecture was quickly followed by many similar variants programmed by hackers around the world, including the ground breaking KAK, the first Visual Basic script virus that triggered as soon as an email was opened. KAK was then followed by BubbleBoy, which triggered if an email was even viewed in the preview pane. A steady stream of Visual Basic script viruses continue to circulate to this day. There are even automated, point and click programs like VBS Love Generator to help hackers produce additional variants. Script viruses which use email to send themselves to others are also a form of worm.

The term "macro virus" is used less often, and generally refers to a virus in an office automation application macro, most commonly a Visual Basic macro in a Microsoft Word or Excel document. Macro viruses can cross system boundaries from Windows to Macintosh computers with MS Office documents. Current versions of Microsoft Office contain strong anti-macro protections to guard against known attacks.
ActiveX is one of Microsoft's distributed application technologies that enable web pages to download programs on the fly with the full power of any executable running on your machine. This makes ActiveX modules especially efficient and powerful, but also a security risk since they can create, change, and delete files, add system programming code, or take any other action your user account is allowed on your computer.

To help mitigate the risk, Microsoft provides a network architecture of encrypted security certificates for ActiveX modules. This network gives you the option of refusing the download of unsigned ActiveX modules from unknown authors, and at least disclosing the signed identity of those modules that you do accept in case they later cause problems. However, this approach is not universally accepted by the general user and professional security communities, and is sometimes called "trust me now, try to catch me later". Users running Internet Explorer on Windows machines should make sure that their browser security settings are set to "disable" for unsigned ActiveX applets, and to "prompt" for signed applets.
Hypothetical threats. The following script viruses are largely theoretical, but illustrate that they can turn up wherever there is scripting code:

Java is a standard cross platform development environment, and is often used to download scripts to add functionality like a clock or chat room interface to a web page. Java was written with a strong security model which protects your computer's data and resources, and it has so far proved remarkably resistant to script virus infection. You can turn Java off in your browser if you want to be extra careful, but it will disable some useful functionality on some web pages.
JavaScript is the standard web programming language. JavaScript also has a well-defined security model that protects data and resources, and the few JavaScript viruses that have been discovered have been mainly theoretical in nature. You can turn JavaScript off in your browser settings if you want to be extra careful, but it will disable functionality on many web pages.
MIME. The first script virus that triggered as soon as an email was opened was a MIME virus that applied to older versions of Netscape Mail, Microsoft Outlook, and Eudora Mail. In a variation on an old hacker technique, the attached MIME file was given a very long name that triggered a bug which allowed the end of the name to be run as a series of instructions, which could then be written to run the virus. However, a fix for the bug was quickly developed for each vulnerable email program, and MIME viruses have so far remained hypothetical.
Others. Several other scripting environments have also had viruses, including Corel Draw, Hypertext Preprocessor, Windows Help, Windows installation files, and Windows registry files. Anywhere there is a script interpreter there is an opportunity for a script virus to run.

Boot & Program Viruses

Boot & Program Viruses - Types and Habitats

Boot and program viruses were the first viruses. They are generally made of executable code that hides inside device boot programs and application programs, and are usually targeted for a specific computer operating system. These were the earliest types of computer viruses, and remained relatively common in the wild until overtaken in 1998 by script and macro viruses.
Boot viruses. Boot viruses hide in the boot code for a media device, such as a disk or CD, and run automatically when the media is loaded since boot programs are always the first code loaded from any device. Boot viruses proliferated on floppy disks and even CD's into the late 1990's, but aren't seen as often these days with the decline in importance of transferable, bootable media.
The first computer boot virus was built by a 15 year old kid namedRich Skrenta in 1982 for Apple II computers. Called “Elk Cloner”, it would activate whenever a floppy disk was booted on a computer, install itself on the computer, and then infect other disks used later. Once every 50 times an infected floppy was inserted in a computer it would display the following message.

Elk Cloner: The program with a personality

It will get on all your disks
It will infiltrate your chips
Yes it's Cloner!

It will stick to you like glue
It will modify ram too
Send in the Cloner!

Skrenta launched the virus into the wild in early 1982 by infecting his school’s computer and giving out disks at a computer club. Since viruses were not yet known and there were no safegaurds, it spread around the country and continued to pop up on Apple II computers for years afterwards.
The first boot virus to infect Microsoft computers was called Brain, created in 1986 by two Pakistani brothers, and displayed the phone number of their computer repair business.
Program viruses. Program viruses can travel on media like a CD or across the Internet by email attachment. They hide in an apparently useful program and then run when the program is opened. They are often called trojan horse viruses, after the hollow wooden horse containing soldiers that Ulysses and the Greeks gave to Minerva during the Trojan war, and from which the soldiers emerged that night to open the gates of the city of Troy to the Greek armies, thereby causing the city's downfall.

Program viruses may be deliberately hidden in a program by the developer, or surreptitiously attached after the fact at some point along its travels from computer to computer. Program viruses are also sometimes the vector of infection for boot viruses and worms.
Virus infection. A greeting card program emailed to you from a friend might display a holiday animation and song, while at the same time installing a remote access virus program that gives a distant hacker control over your computer whenever you're connected to the Internet. Similarly, a shareware program downloaded and emailed to you by another friend might have been infected with a virus on his computer or the server where it was stored.

The first thing a boot or program virus often does is insert commands and settings in the operating system so that they can operate freely, undetected, and unaudited, without warning messages or access log records. Some of them even change the Basic Input Output System (BIOS) that interfaces between the computer's hardware and software to help mask their activities.

The most sophisticated program viruses include "stealth viruses", which encrypt their contents to try and avoid detection by virus protection software, and "polymorphic viruses", which alter their content every time they replicate to try and avoid detection, which exhibits behavior just like real viruses. Most anti-virus programs can still catch most of these types of viruses.

What is IP Address? What is DNS?

For one computer to connect to another computer and transfer information, the IP address of that computer should be known. This IP Address is made of numbers. The 32 Bit IP address is divided into 4 sections of 8 bits each separted by a ‘.’ (dot). Each 8 bit is called an Octet. The value of each Octet will vary between 0 to 255.

For example, 203.116.56.34 is an IP address. As you can see there are four sections each separated by a dot.

Name Vs Number

If someone asks you whose phone number is 98343453 you may not know it. But instead if someone asks you whether you know ‘John peters’ immediately you will remember your friend. The reason is names are easier to remember than numbers. This is human nature.

In internet, there is a need to connect to a lot of different computers daily. If you have to remember the IP address of each computer in the internet, it is impossible. Because IP Address is made of numbers.

That’s why, computer scientists decided to give a name to each of these IP addresses. These computer names that represent IP addresses are called ‘Domain Names’. For example, www.yahoo.com is a domain name. It is easy to remember a name. Isn’t it?

Every computer that connects to the internet has a unique IP Address. Most of the computers especially servers will have a domain name.

DNS – Domain Name System

If you need to connect to a computer in the internet, you can use the IP address of that computer or the Domain Name of that computer.

But the computers need just the IP addresses. For our own convenience we use domain names. Therefore when we use the domain name, for example www.yahoo.com, our computer will first find out the IP address of this domain name and then uses the IP address to connect to it.

Let us assume that the IP address of the computer that you want to connect to is 123.232.231.132 and the domain name of this computer is www.xyz.com .

Now you connect to Internet, open your browser and key in the IP address 123.232.231.132 in the address bar and ‘Enter’. The browser will immediately connect to the computer because the computer knows how to use the IP address.

Now imagine that you typed the domain name www.xyz.com instead of the IP address in the browser. What the computer needs is the IP address not the domain name. Therefore the browser will try to find the IP address for the domain www.xyz.com . For this purpose it will contact the DNS (Domain Name System) server. The DNS server will find the IP address of that domain and will return the IP address to your browser. Then your computer will use that IP address to connect to that computer.

If you type the IP address, the browser will access that site immediately. If you type the domain name, there will be slight delay because the browser has to connect to DNS server first to determine the IP address. If for some reasons this DNS server is down or there is not DNS entry for that domain, then that domain name or website address will not be accessible.

Which Internet Connection plan to choose?

Internet has become part and parcel of our lives. Not only for individuals but even for a country’s economic growth, scientific growth, organizations’ success, Internet is very essential. The companies that offer these internet connections are called ISPs (Internet Service Providers). These ISPs offer many different internet connection plans. How to select the best connection plan for home use or for offices? The following tips will give you an overview of different types of internet connections, their advantages and disadvantages.

PSTN Dialup

Public Switched Telephone Network (PSTN) dialup uses your phone connection to connect your computer to the internet. You need a modem, phone line and a computer for a PSTN dial up connection.

Advantages of PSTN dial up

1. This is the basic internet connection and all the ISPs provide this type of dial up.
2. To install PSTN dialup and to use it is very cheap and affordable.

Disadvantages of PSTN dial up

1. The speed of a typical PSTN modem is 56KBPS. Therefore the speed of the internet connection will be slower than this.
2. During the time you are connected to the internet, you have to pay the telephone charges.
3. While you are connected to the internet you cannot use your telephone to call anyone because you are using that phone line for connecting to the internet. You also will not receive any calls from outside during this time.

ISDN dialup

Integrated Services Digital Network (ISDN) dialup uses a higher end digital telephone line to dial up. To use this type of connection you need ISDN telephone line, computer and a ‘Terminal Adapter’.

Advantages of an ISDN dialup

1. While you are connected to internet using ISDN dialup connection you can use your ISDN phone to make phone calls simultaneously.
2. When you are making phone calls while connected to the internet then the speed of internet will be 64KBPS.
3. If you are using the ISDN phone line just for internet then the speed of internet will be 128KBPS.

Disadvantages of ISDN dialup

1. Not every place has ISDN connection.
2. Even if your place has this facility, it is expensive to get an ISDN dialup connection from your ISP.
3. Not all the ISPs provide ISDN dialup plan.

Leased Line Internet Plan

In both ISDN dialup and PSTN dialup you need to dial up from your computer before getting connected to the internet. And you close this connection when you no longer need internet connection. If you need a continuous connection 24 hours of the day and 7 days a week then you need a ‘Leased Line’ also known as ‘dedicated line’. This type of permanent connection is called ‘Always On’.

Advantages of Leased Line

1. You get ‘Always on’ connection 24 hours every day.
2. The speed of the internet ranges from 2.4 KBPS to 2G based on your subscription.

Disadvantages of Leased Line

1. The disadvantages of a leased line is that it is very expensive.
2. Since your computer is always connected to the internet your computer is exposed to many vulnerabilities such as viruses and spywares. So you may need to secure your computer using firewall and Antivirus software

DSL

1. Digital Subscriber Line (DSL) also uses a normal PSTN phone line. But using DSL you can use both internet and phone simultaneously. Therefore many prefer DSL to PSTN dial up.

Advantages of DSL

1. The speed of DSL connection is fast. 64 KBPS, 512 KBPS, 1.5MBPS and higher speed can be achieved in DSL connections.
2. DSL also provides ‘Always On’ connection 24 hours a day always.
3. You can also use your phone while using internet

Disadvantages of DSL

1. More expensive
2. You need an ADSL modem to connect but the distance between this modem and your computer cannot be more than 18,000 feet