Information Technology Reference
In-Depth Information
or bundled as an application named AStht_v06. When executed, this Trojan horse enables
the attacker to remotely access the user's iSight camera, log keystrokes, retrieve screen shots,
and manipulate file sharing settings.
34
A
logic bomb
is a type of Trojan horse that executes when specific conditions occur.
Triggers for logic bombs can include a change in a file by a particular series of keystrokes or
at a specific time or date.
A
rootkit
is a set of programs that enable its user to gain administrator level access to a
computer or network. Once installed, the attacker can gain full control of the system and
even obscure the presence of the rootkit from legitimate system administrators. The Mebroot
rootkit infects the master boot record, the first sector of the hard drive that the personal
computer views before loading the operating system, making it all but invisible to security
software and administrators. In an especially nefarious attack, hackers have created Web pages
that when visited by users with certain browsers, release the Mebroot malware to infect the
machine, a process known as a
drive-by download.
35
A
variant
is a modified version of a virus that is produced by the virus's author or another
person who amends the original virus code. If changes are small, most antivirus products will
also detect variants. However, if the changes are significant, the variant might go undetected
by antivirus software.
The Storm worm is a Trojan horse that infects personal computers running the
Microsoft operating systems. It began infecting computers via e-mail messages with a subject
line about weather disasters in Europe, hence the name. Over time, and as users became wiser,
the subject line of the malicious e-mail has changed several times. The e-mail contains an
attachment that if opened loads a “cocktail” of various malware programs onto a personal
computer. The result is that the computer is compromised and acts as a “zombie” computer
under control of other computers. Such “zombies” are often used to send spam. It is estimated
that as many as 40 million personal computers could have been infected by the Storm worm
between January 2007 and February 2008.
36
In some cases, a virus or a worm can completely halt the operation of a computer system
or network for days or longer until the problem is found and repaired. In other cases, a virus
or a worm can destroy important data and programs. If backups are inadequate, the data and
programs might never be fully functional again. The costs include the effort required to
identify and neutralize the virus or worm and to restore computer files and data, as well as
the value of business lost because of unscheduled computer downtime.
The F-Secure Corporation provides centrally managed security solutions, and its
products include antivirus, file encryption, and network security solutions for all major
platforms—from desktops to servers and from laptops to handhelds. F-Secure is headquar-
tered in Helsinki, Finland and provides real-time virus statistics on the most active viruses
in the world at its Web site,
www.f-secure.com/virus-info/statistics
.
McAfee Security for Consumers is a division of Network Associates Inc. that delivers
retail and online solutions designed to secure, protect, and optimize the computers of con-
sumers and home office users. McAfee's retail desktop products include premier antivirus,
security, encryption, and desktop optimization software. McAfee delivers software through
an Internet browser to provide these services to users online through its Web site
www.mcafee.com
,
one of the largest paid subscription sites on the Internet with over 2 million
active paid subscribers. McAfee provides a real-time map of where the latest viruses are in-
fecting computers worldwide at
http://us.mcafee.com/virusInfo/default.asp
.
See Figure 14.1.
The site also provides software for scanning your computer for viruses and tips on how to
remove a virus.
37
Using Antivirus Programs
As a result of the increasing threat of viruses and worms, most computer users and organi-
zations have installed
antivirus programs
on their computers. Such software runs in the
background to protect your computer from dangers lurking on the Internet and other possible
sources of infected files. Some antivirus software is even capable of repairing common virus
infections automatically, without interrupting your work. The latest virus definitions are
downloaded automatically when you connect to the Internet, ensuring that your PC's
antivirus program
Software that runs in the
background to protect your
computer from dangers lurking on
the Internet and other possible
sources of infected files.
