June 2014: Computer Viruses and Worms

Originally, antivirus companies would learn of a new virus, study it, and update software to detect and stop the virus once found. As the amount of new viruses increased, companies created automatic ways of categorizing and detecting these harmful programs which has greatly increased the effectiveness of the antivirus software.

In order for antivirus programs to work, the software must be updated to include a way to detect any known viruses. The problem comes when the antivirus software companies has yet to see a particular virus. This leaves computers vulnerable until the detections is made and the programs are updated to eliminate the new threat.

However, hackers have a relatively new method of ensuring that antivirus programs do not detect their programs. A new black market “crypting service” is utilized to obscure the virus’ code so that it is undetectable. The service runs the virus through a series of checks, and when it finds that a particular brand of antivirus software is able to detect it, it encrypts its code further until it believes it undetectable. The virus is then given back to the hacker ready to deploy. This method of altering a known virus can dramatically increase the amount of time that even older viruses can work and do considerable damage.

The best defense against viruses in general is to have multiple layers of security. Antivirus programs are still extremely important, but ideally will be just one part of a multi-leveled approach to security. Always keep in mind, however, that the single greatest security measure continues to be an aware and diligent end-user.

<-Read more back-issues of the Security Awareness eNewsletter