Computer viruses and wormsComputer viruses are self-replicating software entities that attach themselves parasitically to existing programs. They are endemic to DOS, Macintosh, and other microcomputer systems. When a user executes an infected program (an executable file or boot sector), the viral portion of the code typically executes first. The virus looks for one or more victim programs to which it has write access (typically the same set of programs to which the user has access), and attaches a copy of itself (perhaps a deliberately modified copy) to each victim. Under some circumstances, it may then execute a payload, such as printing a weird message, playing music, destroying data, etc. Eventually, a typical virus returns control to the original program, which executes normally. Unless the virus executes an obvious payload, the user is unlikely to notice that anything is amiss, and will be completely unaware of having helped a virus to replicate. Viruses often enhance their ability to spread by establishing themselves as resident processes in memory, persisting long after the infected host finishes its execution (terminating only when the machine is shut down). As resident processes, they can monitor system activity continually, and identify and infect executables and boot sectors as they become available. Over a period of time, this scenario is repeated, and the infection may spread to several programs on the user's system. Eventually, an infected program may be copied and transported to another system electronically or via diskette. If this program is executed on the new system, the cycle of infection will begin anew. In this manner, computer viruses spread from program to program, and (more slowly) from machine to machine. The most successful PC DOS viruses spread worldwide on a time scale of months [Kephart and White1993]. Worms are another form of self-replicating software that are sometimes distinguished from viruses. They are self-sufficient programs that remain active in memory in multi-tasking environments, and they replicate by spawning copies of themselves. Since they can determine when to replicate (rather than relying on a human to execute an infected program), they have the potential to spread much faster than viruses. The Internet worm of 1988 is said to have spread to several thousand machines across the United States in less than 24 hours [Eichin1989, Spafford1989].
|