HOME : ABOUT THE BOOK : FAQ : BONUS MATERIAL : ABOUT THE AUTHOR : ERRATA

Frequently Asked Questions For
Information Security Intelligence: Cryptographic Principles & Applications

What are viruses, worms and Trojan horses? Can you explain three ways that a virus might infect a computer system, or three ways that a worm can spread from machine to machine.

Viruses – A set of instructions that, when executed inserts a copy of itself into other programs (this can also include instructions in e-mail that cause malicious code to be sent in e-mail to other users when executed).

Worms - A program that replicates itself by installing copies of itself on other machines across a network.

Trojans – Instructions hidden inside an otherwise useful program that are malicious. The difference between a Trojan and a virus is that the malicious instructions are added to the Trojan at the time that it is produced and a virus alters an already existing file.

The three are all considered “digital pests”.

3 ways that a virus might infect a computer system are:

  1. They can infect a floppy disk boot sector and use a jump command to alter the normal execution of the boot process to include malware and then jump back to the calling instruction plus one.
  2. Simply running the virus infected program triggers the malicious instructions which can then search the active process lists and infect those programs. This can include TSR type activities in which the program you ran with the virus terminates and stays resident and continues the infection.
  3. Via macros such as the Melissa virus the virus is incorporated into the application program (i.e. Word) as a macro. When you open the document the macro runs and you are infected.

3 ways that a worm can spread from machine to machine are:

  1. Worms can spread by actually logging into a machine by guessing usernames and passwords then installing itself. Essentially the worm is exploring the network looking for targets.
  2. Via e-mail by grabbing the user's directory and re-mailing itself to the list.
  3. By causing buffer overflows on a target machine and being inadvertently run
  4. (Optional) via mobile agents from web sites that we visit.

Many of the answers to FAQs are from lectures presented at JWU.