By whatever name, viruses spell trouble

The damages caused by a worm virus that paralyzed the Internet last week have been maintained and systems are back to normal. However, most experts in the field warn of a more powerful virus yet to come. They say that there is a possibility of a more compound “super worm” appearing, which could cause serious problems. The term “computer virus” is said to have first been used by Dr. Fred Cohen in November 1983. He defined a computer virus as “a program that can infect other programs by modifying them to include a ... version of itself.” Before that, viral programs were called by a number of different names, such as “garbage programs.” Other viruses, such Trojans, worms, droppers and hoaxes also damage data and cause users much inconvenience but are slightly different as they do not infect other files. In Korea, these viral programs are referred to altogether as “computer viruses.” Dr. Lee Hui-jo of Ahnlab Inc., a company specializing in anti-viruses, said, “Recently, combined programs including features of viruses, worms and Trojans have been detected.” A Trojan, or often called a “backdoor,” is a program that opens a port on a machine that allows attackers to connect and do harmful things on it. Trojans are not capable of self duplication and do not attach to other programs. The Back Orifice, which started spreading and causing trouble in August 1998, is an example of a Trojan. A worm is a viral program that copies itself and proliferates through networks. The first case of damage by a worm was on November 2, 1988, known as the Morris Worm Incident. Robert T. Morris, a graduate student in computer science at Cornell University, using a defect in the UNIX system made and spread through the Internet a worm capable of copying and transmitting itself via networks. The program stopped more than 6,200 server systems causing great confusion and approximately $1 million in damage. A dropper is a program that installs a computer virus or a Trojan on a system without the user noticing. Droppers cannot copy themselves but are especially hazardous and must be removed for they assist the transfer of computer viruses. A hoax, which is self-explanatory, is a false virus. Frequently hoaxes come in the form of a warning of danger in the computer system, using mostly technical terms and claiming to be from a publicly reliable organization. Recently there have been increases in viruses that spread via e-mail like the different variations of the Klez worm. Chun Wan-geun, a researcher at the Korea Information Security Agency, said, “In the early stages, e-mail viruses were of relatively simple structures but now they come with different titles, texts and attachments, making it difficult for users to distinguish them from other mail.” There also exists viruses specifically designed to attack vaccine programs. Viruses like Duni or Warga attack systems and delete or paralyze vaccine-related programs. Compound worm viruses, which includes Trojans or other worms in a single file, have been discovered. Elkern, Tecata and MTX are some examples. Mr. Chun, the researcher, said, “MTX, which appeared in 2001, caused only limited damage due to defects in the worm but was equipped with features of a worm and a Trojan. A largely destructive “super worm” with combined features like MTX but without defects may be coming soon.” Dr. Lee Hui-jo from Ahnlab said, “The worm that knocked out systems over the weekend technically was a very simple program. Had it been a virus not attacking SQL servers but directly attacking main or domain servers, the damage would have been much more serious.” Jo Seok-il of Coconut Inc., an information security service firm, said, “More companies need to establish a fundamental system to mange security related information, measures, solutions and operations.” He added that for small and mid-sized businesses or small offices and home offices, where building a security system is difficult, government support should be provided to assist in installing a security system. For individual PC users, experts say that following simple security basics is the best that can be done. There is no way to 100 percent stop hacking and viruses but precautions on the part of individuals can help reduce damage, they say. by Choi Ji-young