When you listen to the news, you hear about many different forms of electronic infection. The most common are:
• Viruses - A virus is a small piece of software that piggy-backs on real programs. For example, a virus might attach itself to a program like a spreadsheet program. Each time the spreadsheet program runs, the virus runs too, and it has the chance to reproduce (by attaching to other programs) or wreak havoc.
• Email viruses - An email virus moves around in email messages, and usually replicates itself by automatically mailing itself to dozens of people in the victim's email address book.
• Worms - A worm is a small piece of software that uses computer networks and security holes to replicate itself. A copy of the worm scans the network for another machine that has a specific security hole. It copies itself to the new machine using the security hole, and then starts replicating from there as well.
• Trojan Horses - A trojan horse is simply a normal computer program. The program claims to do one thing (e.g. - it claims to be a game) but instead does damage when you run it (e.g. - it erases your hard disk). Trojan horses have no way to replicate automatically.
The infections in the news right now are worms, so let's take a look at worms and then go into the details on all of the different types of infection.
Code Red
A worm called Code Red made huge headlines in 2001. Experts predicted that this worm could clog the Internet so effectively that things would completely grind to a halt. The Code Red worm attacks Windows NT 4.0 and Windows 2000 servers running Microsoft IIS (Internet Information Server) 4.0 or IIS 5.0. Microsoft has released a simple patch that fixes the security loophole used by the Code Red worm that you can access here.
What's a "Worm"?
A worm is a computer program that has the ability to copy itself from machine to machine. Worms normally move around and infect other machines through computer networks. Using a network, a worm can expand from a single copy incredibly quickly. For example, the Code Red worm replicated itself over 250,000 times in approximately nine hours on July 19, 2001.
Worms use up computer time and network bandwidth when they are replicating, and they often have some sort of evil intent. The Code Red worm slowed down Internet traffic (but not nearly as badly as predicted) when it began to replicate itself. Each copy of the worm scans the Internet for Windows NT or Windows 2000 servers that do not have the security patch installed. Each time it finds an unsecured server, the worm copies itself to that server. The new copy then scans also for other servers to infect. Depending on the number of unsecured servers, a worm could conceivably create hundreds of thousands of copies.
The Code Red worm is designed to do three things:
• Replicate itself for the first 20 days of each month
• Replace Web pages on infected servers with a page that declares Hacked by Chinese
• Launch a concerted attack on the White House Web server in an attempt to overwhelm it
No comments:
Post a Comment