Network Viruses
Network viruses make extensive use of networking protocols and capabilities of local and global access networks to multiply. The main operating principle of the network virus is its capability to transfer its code to a remote server or workstation on its own.
It is wrong to think that any viruses spreading across a computer network is a network virus. In that case virtually all the viruses are to be considered as network-viruses, even the most primitive ones: a usual nonresident virus when infecting files obviously can not tell whether it is as a local drive or on a network drive. And a result such a virus is able to infect within a network, but it cannot be referred to as a network virus.
Network viruses of the late 1980s became most popular, sometimes they are called network worms. These are the Morris virus, “Christmas Tree” and “Wank Worm” viruses. They made use of erratic and undocumented functions of global access networks of the time to propagate; viruses transferred copies of themselves from one network server to another and started their execution. In case of the Morris virus multiple global access networks in the U.S. fell victim to it.
Network viruses of the past spread themselves across a computer network, and as a rule, like companion viruses, did not change files or sectors on disks. They infiltrated computer memory from network, calculated network addresses of other computers and sent copies of themselves to those addresses. These viruses also sometimes created temporary files on system disks, but were not able to touch computer resources at all (excluding RAM).
The problem of network viruses rose once again only in late 1997 with the appearance of “Macro.Word.ShareFun” and “Win. Homer” viruses. The first one utilizes MS Mail’s capabilities – it creates a new message containing document file, then selects 3 random addresses from MS Mail addressee list and sends infected letters to the selected addresses.
This virus is an illustration of the first type of a modern network virus, combining the usage of the Basic language built into Word/Excel, with e-mail protocols and features, with auto start functions necessary to spread the virus further.
There is a large number of combinations – for example file-boot viruses infecting both files and boot sectors on disks. As a rule these viruses have rather complicated algorithms of work, often use unusual methods of intrusion into the system.
The target operating system (namely the OS specific objects prone to attack) is the second level of division of viruses into classes. Each file or network virus infects files of one particular or several OS – DOS, OS/2 etc. Macro viruses infect the Word, Excel etc. Boot viruses are also format oriented, each attacking one particular format of system data in boot sectors of disks.
On their destructive capabilities viruses can be divided as follows:
- harmless, that is having no effect on computing (except for some lowering of free disk space as a result of propagation);
- not dangerous, limiting their effect to lowering of free disk space and a few graphical, sound or other FX);
- dangerous viruses, which may seriously disrupt the computer’s work;
- very dangerous, the operating algorithms of which intentionally contain routines which may lead to losing data, data destruction, erasure of vital information in system areas, and even according to one of the unconfirmed computer legends inflict damage to the moving mechanical parts.
But even if no destructive branches can be found in the algorithm of a virus, one cannot be perfectly sure that this virus is harmless, because its infiltration into a computer may prove to be unpredictable and sometimes have catastrophic consequences. This is due to the fact that any virus like any program may contain errors, which may damage both files and disk sectors (for example, seemingly harmless “DenZuk” virus works rather correctly with 360K diskettes but can destroy information on high-capacity diskettes. There still are viruses which determine whether the file is COM or EXE not according to the internal structure of the file but according to its extension. And of course if the format of the file does not match the file extension, this file becomes unusable after it has been infected.