|
A self-replicating piece of software
designed to cause damage to computers or inconvenience to their users.
Historically transmitted by floppy disks, the internet has greatly increased
the threat posed by virus as it provides a much-improved distribution
network for infected files. Some imaginative virus writers have
harnessed the internet features if business software to create especially
awkward and intrusive programs.
The first widespread example was the
Melissa virus, which achieved worldwide fame in early 1999 when it forced
several companies, including Microsoft, to shut down their e-mail
networks. Unlike many other types of virus, Melissa does not destroy data on
a computer's hard disk; instead, it infects Microsoft Word documents with a
macro written in Microsoft's Visual Basic language. When a curious recipient
opens an infected document which arrives as an e-mail attachment, the
virus copies itself rapidly by hijacking the local Microsoft Outlook-based
e-mail system and mailing itself to the first 50 entries it finds in the
address book. What stars as a small ripple of outgoing messages quickly
becomes an overwhelming flood, severely overloading mail servers and,
if traffic is heavy enough, causing them to fail.
Melissa's fame stemmed in part from prurient interest from
newspapers and magazines, intrigued by the list of pornographic websites
contained in the infected word document. Less attention has been paid to the
fact that anyone with an up-to-date copy of Microsoft office (many tens of
millions of people) and a modicum of programming talent can write similar
virus without any need for advanced development tools. They have inevitably
done so. As many as 1 in 200 emails were infected with a virus of some kind
in 2002, twice as many as in the preceding year. Melissa has inspired
hundreds of more dangerous macro-based viruses, which have caused much
trouble to individuals and businesses alike. In 2000, I Love You, a
variation on the Melissa theme, destroyed music and graphics files on hard
disks. A rash of other such viruses appeared shortly afterwards, most aiming
to exploit security holes in the windows operating system in general
and Microsoft Outlook in particular. Other examples include Klez, which
spoofs e-mail addresses and is thus hard to trace, and Code Red, which
attacked many thousands of web servers in 2001, causing widespread chaos.
Many companies now produce anti-virus software and most new pcs
are sold with some sort of virus protection installed, but virus writers
work hard to keep one step ahead. Virus protection software is well
developed and most commercial products include databases of thousands of
virus signatures (small fragments of code that uniquely identify each
infective agent) which are checked against incoming files. But new viruses
spread so quickly that it is difficult to keep these databases current. By
the time a pc is up and running, many new virus may already be active
and widespread on the internet. The burden of responsibility for updating
the software inevitably lies with the users, who do not always understand
the need for rigorous downloading of updates and may leave their machines
open to attack. In any case, the damage may be done long before the
anti-virus companies are notified of a new threat. Many virus writers
routinely build countermeasures into their creations, some of which can
detect and disable anti-virus software before it has a chance to do its
work. |
