Viruses and the Internet

August 20, 1998 Sophos Press Release

The Internet brings a new dimension to the virus problem. Before, viruses generally spread from system to system on physical media, often the floppy disk. This is a fundamentally slow way for viruses to spread; if they are bad at reproduction or they are too obvious, then they are unlikely to become widespread this way. The Internet changes all this.

Conventional viruses

Most of the danger on the Internet currently comes from old viruses exploiting new paths for transmission. There are basically two ways they can do this: innocent and malicious distribution.

Innocent virus distribution

Sharing software over the Net is simple and easy; a simple mouse click attaches a program to an email, and it is just as easy to detach and run it. People can place a program on their web page almost as simply, and this can be downloaded by anyone anywhere. Any one of these programs could be infected.

What kinds of viruses could these practices spread? Purely boot sector viruses are out. Parasitic file viruses work well in this environment, although many (but no means all) users are cautious about obtaining programs from places they do not trust.

The viruses that really win in the Internet environment are the macro viruses. They are attached to data, not code, making them harder to avoid. An increasing number of documents on the Net are available as Word files, for example, with no alternative format, and Word documents are frequently exchanged via email.

The only solution here is to obtain viewer programs which read the data in the file but ignore the macros. Such programs are available for Word and Excel among others. Never open a file you do not trust with the application that created it.

Malicious virus distribution

Viruses may also be spread by malicious individuals, knowingly passing on infected programs. Virus authors and others find the Internet perfect for giving a new virus a start in life, by means of hundreds of unsuspecting Internet users; by infecting an attractive-looking file that then gets placed in a public download area, the virus can spread far in a short time.

As before, caution is your protection here. Although less common than innocent distribution, maliciously distributed viruses are more likely to be new, maybe even previously unknown. Do not download programs unless you completely trust the source, and do not view documents in the creating application - use a viewer.

Java

Programs written in Java have one of two forms: applets or applications.

Java applets

Java applets are run by another application (e.g. a web browser) which is responsible for executing them in a secure environment from which they cannot escape.

This requires a flawless, bug-free Java environment, which is unlikely to exist yet. Faults have already been found (and fixed), and more probably lurk undetected. Some of the known flaws have been serious, allowing the applet to escape completely and do everything a normal program could, although such flaws have been fixed quickly.

Java applets generally flow in one direction; from server to client, where they stop. Users do not generally give Java applets to their friends; instead, they tell them where to go and see them. Java applets do not get saved to local disk, except as web cache. They are not good candidates for infection; if an applet escaped from the cage Java is meant to keep it in, there would be no point in it trying to infect other applets, since they would never spread.

A harmful Java applet is likely to be in the form of a Trojan horse instead; an intentionally malicious piece of code masquerading as an innocent one. Given the speed with which Sun Microsystems, Netscape and other Java vendors have fixed security problems once they have been discovered, any such applet is unlikely to work for long.

Java applications

In contrast to Java applets, Java applications can do the things that you would expect applications to do, such as saving files to the disk. They could therefore perform operations that could compromise security.

See The first Java virus for more information.

Cookies

Cookies have also been the subject of a number of uninformed scares. In reality, the only problem with them is a privacy issue; they cannot do any damage to your system. Cookies enable sites to remember you, and keep track of your visits. Some people do not want them to do this, and prefer the greater anonymity they used to have. This is the only real problem with cookies.

Email viruses

There have been an increasing number of hoaxes and scares stories about email viruses in recent years. See Hoaxes section for the latest examples of these.

With current email technology, it is not possible to become infected with a virus simply by reading an email, as many of the hoaxes claim.

A virus could be carried within a file attached to an email, but this could only be spread by detaching the file and executing it or (if it contains macros) opening it with an application that could execute the viral macros.

However, some new email software, such as MS Outlook, does provide a mechanism for automatically executing macros whenever an email is read, so there is the possibility of email viruses in the future.