2005 Revised and Updated

Educator's Guide to
Computer Crime and Technology Misuse

Curriculum, Technology, and Education Reform
Prof. Nicholas Burbules, University of Illinois at Urbana-Champaign
EPS 415: Ethical & Policy Issues in Information Technologies

Authors: Amy Benish, Cheryl Cheifetz, Kim Darche, Pat Reed, Max Uhls
Introduction
Credit Card Fraud
Identity Theft
Digital Piracy
 Copyright Infringement
Hacking
Worms, DDos, & Cyber-Terrorism
Computer Viruses, Trojan Horses & Logic Bombs
Phishing
Counterfeiting
General Security
Enforcing Acceptable Use Policies
Online Harassment
Online Bullying
White Papers on Technology Issues for Educators
Educational Policy Studies 415
Prof. Nicholas Burbules
University of Illinois at Urbana-Champaign
Curriculum, Technology, and Education Reform Online Masters Program
Contact Information:
Amy Benish
Cheryl Cheifetz
Kim Darche
Pat Reed
Max Uhls
 

 

 

 

Computer Viruses, Trojan Horses and Logic Bombs

Revised and Updated by Max Uhls, Highland High School, Highland, IL (2005)

Original Written by David M. Stone, University Laboratory High School, Urbana, IL

Introduction
A form of malicious code that is potentially disruptive is called a virus. It is usually transferred from one computer to another unknowingly. The term “virus” includes macro-viruses, Trojans, and Worms, and Logic Bombs (or Time Bombs), but all programs such as this are classified as a “virus.” The three most commonly encountered malicious programs - computer viruses, Trojan horses and Logic Bombs - are described in the following paragraphs.

Computer viruses get their name from their biological counterparts, true viruses. While a true virus replicates itself within a host species with variable impacts, a computer virus is "a specific type of malicious computer code that replicates itself or inserts copies or new versions of itself in other programs when executed within the infected program" (Fighting Computer Crime: A New Framework for Protecting Information, Don B. Parker, 1998). Viruses are often small. Only a few lines of program code are needed to write a simple virus. Because they can be hidden easily in healthy software, they prove very difficult to find.

For both organization and individual computer users, viruses are a very real problem. Because the programming language used by large computers is not the same as what is used to write virus code, there are very few viruses that affect them. Viruses, therefore, are a problem predominantly for users of PCs and servers.

Viruses tend to fall into 3 groups:

Dangerous: (e.g. 'Resume' and 'Loveletter') These viruses do real, sometimes permanent damage to a computer's system files and the programs and data held on the computer's storage media; they may also be inserted to attempt to steal and transmit user ID and password information

Childish: (e.g. 'Yeke', 'Hitchcock', 'Flip', and ‘Diamond’) These virus types do not generally corrupt or destroy data, programs, or boot records, but limit themselves to irritating activities such as displaying foolish messages, playing sounds, altering the screen, or displaying animated images.

Ineffective: (e.g.'Bleah') This type appears to do nothing at all except reproduce itself, or attach itself to files in the system, causing the storage media to clog up with needless clutter. Some of these viruses are useless because of poorly written code. They should do something, but the virus writer didn't get it quite right.

Viruses can be written for all platforms, including PC, Macintosh and UNIX. Estimates of the total number of computer viruses vary dramatically, but the most recent estimate from Symantec.com (July 2005) puts the total at approximately 70,000. Fortunately, most of these are branded as 'rare' and usually appear only in virus research center files. However, nearly 5,000 viruses, classified as 'common', still roam the world's computer networks, so there is absolutely no room for complacency.

The majority of harmful viruses are written for PCs, since the code requirements to successfully execute a PC program are less exacting than those of Macintosh. Software companies responded to the virus problem by developing a number of anti-viral programs. Since the initial virus programs were written, a number of more sophisticated viral programs have been developed, requiring regular update of anti-viral software for best protection.

Trojan horse attacks are accomplished by inserting malicious code into other people's programs. When the user executes their program, they unintentionally execute the Trojan horse program. The Trojan horse programs are as variable as any other possible software program in their actions, and these Trojan horse programs may be used by criminals to commit fraud, embezzlement, sabotage and espionage. Software was the traditional source of Trojan horses, though many current web sites insert a small piece of code (a cookie) into your browser file, which may contain a Trojan horse.

Within all types there are some which activate on the basis of a 'triggered event' – usually a date such as April 1st, or October 31st, or a time such 3:10 p.m. each day when the 'Tea Time' virus was activated (Nov. 1989). These types of viruses are called Logic Bombs. Logic Bombs are a different type of virus because the logic bomb executes once, or at periodic intervals, whereas the action of a virus is usually ongoing. Disgruntled workers have been known to program logic bomb code into computer programs before leaving their employment as a way to get revenge on a company. (See Historic Logic Bombs for examples.)

Issues
Ethical issues involving viruses, Trojan horses and Logic Bombs are virtually nonexistent. Each of these different types of code provides no benefit whatsoever, and is clearly the efforts of malicious hackers whose primary interest is random aggravation of those they will never encounter or know. Technological issues center around education and continued development and upgrade of anti-viral software.

Minimizing Potential for Introducing Computer Viruses, Trojan Horses and Logic Bombs
There are a number of ways to minimize potential for obtaining computer viruses, Trojan horses and logic bombs. Always install an antivirus utility and be especially selective about which email attachments you choose to open. No matter which antivirus utility you choose, keeping it updated with the latest virus definitions is the best way to ensure you’ll be safe from attack. In most cases, viruses arrive as email attachments that can only infect your system if you open them. So, unless it’s one you’re expecting to receive, check every attachment carefully with your virus scanner and in particular avoid opening any file with an .exe, .doc, .scp or .bat extension.

Never accept disks or programs without checking them first using a current version of an anti-viral program. Never use software or demos with doubtful origins. If you lend a disk to anyone, check it when you get it back, BEFORE you use it again. Always scan any program or document download onto your machine before you open or read it.

Be aware of "cookies," files which are automatically transferred to users’ computers when they visit particular web sites. These cookies retain information about the users and browsing preferences, as well as a log of other sites visited since the last time the user accessed the site which initially left the cookie. Cookies invade an individual's privacy and have the potential to act as agents of virus and Trojan horse transfer. Delete cookie files on a regular basis, or select the "do not accept cookies option" in your browser preferences.

Network/School Actions

  1. Schools need to use anti-virus software programs and pre-set network operating system software so that it will automatically scan disks prior to executing programs or opening files.
  2. Schools need to clearly establish acceptable use policies, explaining to students and staff what actions will take place. Schools may want to consider replacing computers with floppy drives, significantly reducing the likelihood of students unintentionally transferring viruses between their home computers, school computers and the Internet.
  3. There are a number of network utilities which remove unauthorized files and programs based on a pre-set time frame. These utilities can effectively log, monitor and remove illegally possessed shareware and commercial software and other potential sources of computer viruses, Trojan horses or Logic Bombs, without any significant additional investment in network administrator time or effort.

Annotated Web Sites

(http://www.symantec.com/avcenter/vinfodb.html) Antivirus Research Center produced by Symantec, the premiere producer of anti-viral software, this site is clearly one of the most informative and best presented on the Internet. Suitable for novices through expert computer users, individual sections include: 1) General Virus Information, 2) Viruses: The Threat is Real, 3) Types of Viruses, and 4) Macintosh Viruses.

http://securityresponse.symantec.com/avcenter/download.html Symantec’s Security Response page. Lists the current total number of viruses detected and links for downloading security updates.

http://www.learnthenet.com/english/html/37virus.htm A site dedicated to educating those wanting to protect themselves while using computers. Virus infection warning signs are given, as well as knowing how to inoculate your computer. A list of virus prevention guidelines highlights this site. (Last update: Jan. 2005)

http://vmyths.com/ This site introduces its viewer to computer virus myths, hoaxes, urban legends, and hysteria. It is not sponsored by any antivirus company, but it gives updated news about virus truths and myths.

 

Last Updated: 08/02/2005