Viruses/Worms

Summary

There are frequent, serious attacks on the infrastructure of the Internet through the medium of self-replicating code. The potential impact of these is very high. Effects range from trashing individual users' files to abusing users' machines so as to damage Internet infrastructure. These attacks have also disabled non-Internet based systems such as ATM networks. The accompanying publicity potentially affects overall views of the Internet and its usefulness. Perpetrators are seldom traced.

Mechanism

In biology, a virus is an inert particle containing a piece of DNA - nature's way of representing information on how cells should function and reproduce - which tries to make as many copies of itself as possible by using the cells of a host organism. Computer viruses [Worms and viruses differ in their mechanism of using their computer hosts. While viruses insert themselves into pre-existing harmless programs on the host computer, worms run independently of other programs. The biological analogy is with tapeworms. Worms and viruses have the same effects and are not distinguished in this analysis.] are a close analogy to this. They comprise a program - a set of instructions to a computer - which tries to copy itself into any computers it encounters. A "successful" computer virus consumes large quantities of computer and Internet resources through unchecked replication, and human time in the efforts required to fight it. However, computer viruses sometimes also maliciously delete or publish computer files, or use commandeer computers for other noxious purposes such as sending spam or attacking third parties.

The threat from viruses is greater than that from hacking or cracking because of the way in which the undesirable program replicates itself automatically. While the effects of hacking may be more insidious, they are limited to what one or a few individuals can accomplish in a limited timeframe. The magnitude of the impact of a virus attack is in principle limited only by the number of machines available.

Cause

Viruses are written by individuals. Sometimes they create new viruses from scratch, sometimes modifying an existing one, or sometimes using a virus creation kit available from the Internet. The authors of many widespread viruses have never been identified. Those that have been caught have often been found only because they boasted about it. Typically they are young men who claim they wish to demonstrate security weaknesses, and who do not seem to accept responsibility for the impact of their demonstration. Many countries have now passed laws under which virus writers may be prosecuted. Prison sentences have been handed down for some who have been convicted under these laws.

Computer viruses gain entry to computers by exploiting weaknesses in software or by tricking humans into bypassing security. Exploiting software weaknesses is relatively easy. Security holes are continually being discovered in widely-installed software. Although responsible vendors issue fixes for these problems, there is always a delay between the discovery of a problem and the fix. Even when fixes are issued many users do not download and apply them.

Tricking people into running attachments is also relatively easy. Some viruses such as "I Love You" entice recipients to find out more by clicking the attachment. Others claim to be from authority figures such as ISPs.

Example Mitigations

Improved patching of software

Software vendor product liability for security holes

More prosecution of malefactors

Email 'stamps'

'Walled gardens' - i.e. filter everything unusual at ISPs

Anti-virus software

"Hardening" systems