Article ID: 37
NOTE: What many people call an E-mail VIRUS is technically a WORM.
Q: What is a WORM and how is it different from a VIRUS?
A: Technically a VIRUS is computer code that attaches itself to another program and runs with the program. A WORM is a stand-alone computer program that runs on its own and that’s able to spread from one computer to another with little or no human interaction. Almost all E-mail viruses you’ve heard of are actually worms. However the use of the term "VIRUS" is becoming generic for both.
Q: What is a ZOMBIE?
A: "Zombie" is becoming the common term for a computer that has been effectively hijacked by someone else. A zombie might be used to relay spam, attack other computers, or simply share copyrighted files and programs (called warez). In many cases, these are the result of a virus, worm, or trojan horse, but once the computer has been turned into a zombie, there may be no trace of the original infection. It may take professional help or complete removal and reinstallation of the operating system to regain control of a computer that’s been made into a zombie.
Q: What is a TROJAN HORSE?
A: A Trojan horse is a program that tricks you into running it by being presented as something else. Most e-mail worms rely on a trojan horse, an attached file, to get into your computer.
Q: How can I keep from getting a virus or worm?
A: This is a long list…
Q: How do I tell if an e-mail attachment is a worm?
A: If you aren’t expecting that exact file, don’t open it until the sender confirms that it is legitimate. If the message looks like it’s from your Internet Provider or from some other official business and asks you to view an attached file, it probably is a worm.
Q: What software do I need to keep from getting a virus or worm?
A: Every computer should have Anti-Virus software installed and kept up-to-date. Many are available online and/or in retail stores. Rather than make suggestions here, you should ask friends for their recommendations or check reviews to find what’s right for you.
Q: How do I tell if my computer has a virus or worm?
A: Your typical worm or virus is designed to lay low and avoid detection until it has had time to spread. Some indications that should make you suspicious are if your computer is running slower than normal, your computer attempts to dial up spontaneously, or (if its monitored, as we do for DSL customers) higher than normal upload numbers. A complete system scan with up-to-date anti-virus software should detect any known worms or viruses.
Q: What will a virus or worm do to my computer?
A: Anything could happen. While most viruses and worms want to spread, they usually have some sort of payload. Whether this is to eventually wipe your hard drive, steal your password, or make your computer a spammer’s plaything can’t be said.
Q: What do I do if I get an e-mail with a worm?
A: Unless you’re adept at reading headers (see http://www.stopspam.org/email/headers.html), you should simply discard the message. Do not e-mail the address on the From line. It’s almost certainly NOT the actual owner of the infected machine. Forwarding the message to email@example.com will probably not result in meaningful action unless you’re getting dozens or hundreds of the same sort of message. There’s very little Infinity Internet’s staff can do about worms coming from outside our network that’s not already being done.
Q: What is Infinity Internet doing to protect me from E-mail worms?
A: Infinity Internet’s mail servers will not accept any e-mail that has an executable attachment or a filename known to be used by an active worm. See this page for the current list. We also do not accept messages directly from computers that have IP addresses that are known to be dynamically assigned (such as most dialup accounts). As worms have progressed to using encryption, actual filtering for viruses has been determined to be impractical.
Q: Where do viruses and worms come from?
A: Viruses and worms used to be little more than a nasty prank. Virus/Worm writers would often compete between each other to see who could get one to spread further, do the most damage, and get the most media attention. However, it is believed that many e-mail worms are being written in order to turn infected systems into "zombies" that can be used by the virus writer to relay mail (send spam) or participate in denial of service attacks.
Q: How do viruses and worms spread?
A: The earliest viruses spread by floppy disk. Someone would place their disk in an infected machine and the virus would append itself to any programs, or the disk’s boot sector. Then when that disk was used on another machine, the virus spread to it. Many worms, like Code Red, or MS Blast, were able to exploit security holes or software bugs to insert themselves onto other computers. Early versions of e-mail worms relied on a flaw in Microsoft Outlook and Outlook Express that cause the worm to activate as soon as the message was viewed. Many e-mail worms still try to exploit older, known security flaws, but most simply try to trick you by appearing to be from a friend, your ISP, or from some other official seeming source.
Q: How many worms and viruses are there?
A: The number of known worms and viruses is in the tens of thousands and more are produced every day. Some have been around for years, either getting into new machines that weren’t secured properly, or having gone undetected for who knows how long.