188 Chapter 8 ■ Trojans, Viruses, Worms, and Covert Channels
■ A logic bomb is designed to lie in wait until a predetermined event or action occurs.
When this event occurs, the bomb or payload detonates and carries out its intended
or designed action. Logic bombs have been notoriously difficult to detect because they
do not look harmful until they are activated—and by then, it may be too late. In many
cases, the bomb is separated into two parts: the payload and the trigger. Neither looks
all that dangerous until the predetermined event occurs.
■ File or multipartite viruses infect systems in multiple ways using multiple attack
vectors; hence the term multipartite. Attack targets include the boot sector and
executable files on the hard drive. What makes such viruses dangerous and powerful
weapons is that to stop them, you must remove all of their parts. If any part of the
virus is not eradicated from the infected system, it can reinfect the system.
■ Shell viruses are another type of virus where the software infects the target application
and alters it. The virus makes the infected program into a subroutine that runs after
the virus itself runs.
■ Cryptoviruses hunt for files or certain types of data on a system and then encrypt it.
Then the victim is instructed to contact the virus creator via a special e-mail address or
other means and pay a specified amount (ransom) for the key to unlock the files.
A hoax is not a true virus in the sense of the others discussed here, but we need to cover
this topic because a hoax can be just as powerful and devastating as a virus. Hoaxes are
designed to make the user take action even though no infection or threat exists.
The following example is an e-mail that actually is a hoax:Please Forward this Warning Among Friends, Family and Contacts:You should be alert during the next days: Do not open any message with an attached
filed called “Invitation” regardless of who sent it. It is a virus that opens an Olympic Torch
which “burns” the whole hard disk C of your computer. This virus will be received from
someone who has your e-mail address in his/her contact list. That is why you should
send this e-mail to all your contacts. It is better to receive this message 25 times than to
receive the virus and open it. If you receive an e-mail called “Invitation,” though sent by a
friend, do not open it and shut down your computer immediately.This is the worst virus announced by CNN; it has been classified by Microsoft as the most
destructive virus ever. This virus was discovered by McAfee yesterday, and there is no
repair yet for this kind of virus. This virus simply destroys the Zero Sector of the Hard
Disk, where the vital information is kept. SEND THIS E-MAIL TO EVERYONE YOU KNOW,
COPY THIS E-MAIL AND SEND IT TO YOUR FRIENDS AND REMEMBER: IF YOU SEND IT
TO THEM, YOU WILL BENEFIT ALL OF US.