VIRUS Computer - Impact on IT systems
Computer Viruses – from an Annoyance to a Serious Threat by : F-Secure
Corporation
The
damage caused by viruses and worms can be divided into two categories: intentional
damage and unintentional damage. Intentional damage, or harmless effects, is
caused explicitly by the payload routine. Unintentional damage may be caused as
a side effect when the virus replicates.
It
is a common misconception that all viruses are malicious by nature. As a matter
of fact, many common viruses lack a payload altogether. It is natural that a
virus that does not harm its hosts spreads much more efficiently than a
destructive virus. The virus is dependent on the host and harming it also
reduces the virus’ chances to replicate.
The
term harmless virus is sometimes used to describe a virus that lacks a payload routine,
or has a payload routine that only contains non-malicious effects. However,
this term is misleading as most viruses are likely to cause some kind of unintentional
damage.
Several
of the groups listed here apply to all viruses, especially the unintentional PR
damages and IT support workload. Many viruses also contain a single or multiple
intentional effects.
Harmless effects
These
effects are always produced by the payload routine, but they are not malicious.
The effect may be a picture, animations or video, music or sounds, interactive
functions, political messages etc. These effects usually give you an idea about
the virus author’s way of thinking, age or nationality. These effects may be
funny or annoying and may distract or disturb the user, but they do not cause
any permanent damage.
Compatibility problems
Individuals
make viruses and worms and they do not have resources to test their creations
on a wide range of computer systems. Nor do they develop the viruses according
to quality control systems and guidelines. This makes it likely that they cause
compatibility problems when run on systems that differ from the one on which
they were developed. These problems can occur as error messages, crashes, inability
to access certain functions etc. These problems are grouped as unintentional
damage.
Compromising
system integrity
Intentional
damage is often caused by erasure or modification of data. Erasing files is
perhaps the most obvious way to cause damage. Erasing files, however, is a
clumsy way and modern, well maintained, systems can usually recover from backups.
Modifying data is a much more sophisticated strategy. Small changes are made to
the system now and then. The backup routine stores partially corrupted data
until the virus is detected. Restoring the data is hard or impossible as
several generations of backups are compromised. The last correct backups may be
too old and it may even be hard to tell which backups are or are not
valid.
High-level
viruses, such as macro viruses, do not have to operate on binary data as previous
viruses did. The macro languages provide powerful functions for modifying data
in documents. This enables viruses to perform sinister modifications that are
critical but hard to detect. For example, it is possible for a macro virus to
alter the text of a document before printing, but show the correct form on
screen.
Usage
of corrupted data may lead to severe damage. An Excel sheet may, for example,
be used to calculate the amount of concrete needed for a bridge, or calculate how
much fuel a jumbo jet needs to cross the Pacific.
Granting unauthorized access
Viruses
may plant backdoors in the system, or steal passwords. These functions can
later be used by hackers to access the system. Damage caused by such hacking activities
is hard to predict. Unauthorized usage of the system may, for example, continue
unnoticed for a long time.
Disclosure of confidential data
Viruses
and worms have access to the same communication methods as the user, and even
use them to replicate. A payload routine may easily locate documents that match
certain criteria and send them to anyone on the Internet. Some email worms also
cause disclosure of data as a part of replication. The worms that replicate when attached to a document, such as
Melissa, send this document to recipients
to whom the user had no intention of sending the document.
The
following example illustrates this. A company asks for offers from several vendors. One of the vendors is infected with
Melissa. The offer is mailed to the buyer as a document infected with Melissa.
The buyer opens the document and becomes infected immediately. The Melissa worm
examines the address book and send itself to the first 50 addresses on the
list. The document that is sent is the offer from the infected vendor, and the
list of recipients probably contains the competitors.
Computer resource usage
Viruses
and worms can disturb computer systems by spending resources, either intentionally
or unintentionally. Some viruses contain payloads that deliberately eat system
resources, but resource consumption is probably unintentional in most cases.
Unintentional resource consumption may be caused by errors in the virus or the
replication. Code Red is an example of this. Searching for new hosts to spread to
requires both network traffic and CPU resources. This load was obvious in the slower
response time from the infected web servers or even in the total inability to serve
users.
Another
type of intentional resource usage is known as denial-of-service or DOS. This
is typically performed using distributed technology where a large number of computers
run so-called ‘zombies’. All these zombies are programmed to connect to the
same computer simultaneously. This does not significantly harm the systems that
run the zombies, but the target system is usually blocked due to an overloaded
Internet connection.
Human resource usage
Cleaning
virus infections means extra work for the IT support staff. This damage, and
the downtime for the user, may result in great expense unless the viruses are stopped
properly using anti-virus software.
Even
if viruses are successfully stopped using anti-virus software, the cost of maintaining
this system may be seen as a cost caused by viruses.
PR aspects
The
attitude towards viruses is negative. The problem is well known and all business
users know the severity. Sending a virus to a customer or business partner is
not good for the company’s image. This may be especially dangerous if the incident makes it to the headlines. This
is not at all impossible, especially if the virus was included in a
mass-produced software product.
No comments:
Post a Comment