Computer Viruses, Trojan Horses and Logic Bombs

Written by David M. Stone, University Laboratory High School, Urbana, IL

A number of different programs are written by malicious hackers with the intent of disruption or destruction of another individual's work efforts and computer files. The three most commonly encountered malicious programs - computer viruses, Trojan horses and logic bombs - are introduced in the following paragraphs.

Computer viruses get their name from their biological counterparts, true viruses. While a true virus replicates itself within a host species with variable impacts, a computer virus is "a specific type of malicious computer code that replicates itself or inserts copies or new versions of itself in other programs when executed within the infected program" (Fighting Computer Crime: A New Framework for Protecting Information, Don B. Parker, 1998). The virus can manifest itself in several ways including signs on the screen regarding its existence, erasure of memory or destruction of hard drive contents. Viruses can be written for all platforms, including PC, Macintosh and UNIX. Estimates of the total number of computer viruses vary dramatically. The majority of harmful viruses are written for PCs, since the code requirements to successfully execute a PC program are less exacting than those of Macintosh. Software companies responded to the virus problem by developing a number of anti-viral programs. Since the initial virus programs were written, a number of more sophisticated viral programs have been developed, requiring regular update of anti-viral software for best protection.

Trojan horse attacks are accomplished by inserting malicious code into other people's programs. When the user executes their program, they unintentionally execute the Trojan horse program. The Trojan horse programs are as variable as any other possible software program in their actions, and these Trojan horse programs may be used by criminals to commit fraud, embezzlement, sabotage and espionage. Software was the traditional source of Trojan horses, though many current web sites insert a small piece of code (a cookie) into your browser file, which may contain a Trojan horse.

A logic bomb is computer instruction that codes for a malicious act when certain criteria are met, such as a specified time in a computer's internal clock or a particular action, such as deletion of a program or file.

Ethical issues involving viruses, Trojan horses and logic bombs are virtually nonexistent. Each of these different types of code provide no benefit whatsoever, and are clearly the efforts of individuals (malicious hackers) whose primary interest is random harassment of individuals they will never encounter or know. Technological issues center around education and continued development and upgrade of anti-viral software. In a recent Champaign-Urbana News Gazette article entitled "Guarding Against Computer Viruses" (4/11/99), Mark Zinzow, University of Illinois Computer Virus Specialist, compares his mission against computer viruses and Trojan horses to worldwide efforts at controlling AIDS. In both cases, Zinzow makes clear the analogy between safe sex and safe computing, stating "Education about sex is the best defense against the AIDS virus, and education about computers is the best defense against cyberspace viruses." Numerous viruses have become known to the public during the last decade. In the early 1990s, the Michelangelo virus made its impact on March 6 - the artist's birthday. The virus erased the hard drive of affected computers upon turning on the machine. Most recently, the Melissa virus made international news in late March, 1999. This virus not only replicated itself in computer programs, it also mailed itself as an attachment to the last forty individuals who had been in electronic contact with the owner/user of the infected machine. An overview of the virus and its transmission can be found at http://www.uiuc.edu/ccso/us/pc/drsol/melissa.html and at http://www.idg.net/idg_frames/english/content.cgi?vc=docid_9-127083.html. In the end, the best defense is a strong offense through regular update and use of anti-viral software, as well as regularly performing the actions outlined below.

There are a number of ways to minimize potential for obtaining computer viruses, Trojan horses and logic bombs.

Individual Actions

1. Never accept disks or programs without checking them first using a current version of an anti-viral program.
2. Never use software or demos with doubtful origins.
3. If you lend a disk to anyone, check it when you get it back, BEFORE you use it again.
4. Never leave a floppy disk in the disk drive longer than necessary.
5. Never boot your machine with a disk in the disk drive, unless it is a known "Clean" bootable system disk.
6. Always scan any program or document download onto your machine before you open or read it.
7. Keep your anti-virus software up to date - upgrade on a regular basis.
8. Be aware of "cookies", files which are automatically transferred to users computers when they visit particular web sites. These cookies retain information about the users and browsing preferences, as well as a log of other sites visited since the last time the user accessed the site which initially left the cookie. Cookies invade an individual's privacy and have the potential to act as agents of virus and Trojan horse transfer. Delete cookie files on a regular basis, or select the "do not accept cookies option" in your browser preferences. Commercialization of the World Wide Web: The Role of Cookies (http://www2000.ogsm.vanderbilt.edu/cb3/mgt565a/group5/paper.group5.paper2.htm) is an excellent source of information for those who would like to pursue this area in further depth.

Network/School Actions

1. Schools need to use anti-virus software programs and pre-set network operating system software so that it will automatically scan each diskette prior to executing programs or opening files.
2. Schools need to clearly establish acceptable use policies, making clear appropriate and inappropriate actions to both students and staff.
   Schools may want to consider purchasing computers which lack floppy drives, significantly reducing likelihood of students unintentionally transferring viruses between their home computers, school computers and the WWW.
3. There are a number of network utilities which remove unauthorized files and programs based on a pre-set time frame. These utilities can effectively log, monitor and remove illegally possessed shareware and commercial software and other potential sources of computer viruses, Trojan horses or logic bombs, without any significant additional investment in network administrator time or effort.

AntiVirus Research Center (http://www.symantec.com/avcenter/vinfodb.html)
Produced by Symantec, the premiere producer of anti-viral software, this site is clearly one of the most informative and best presented on the WWW. Suitable for novices through expert computer users, individual sections include: 1) General Virus Information, 2) Viruses: The Threat is Real, 3) Types of Viruses, and 4) Macintosh Viruses.

Online Data Recovery, Antivirus Procedures and Methods Manual (http://comsecltd.com/manual.html)
An outstanding resource for intermediate/advanced users and network administrators. Includes: 1) A Primer On Computer Viruses, 2) Techniques Used by Computer Viruses, 3) Optimizing Your Anti-Virus Strategy, 4) Hard Disk Recovery, and 5) A Primer to Generic Antiviral Methods.

Computer Viruses (http://jaring.nmhu.edu/virus.htm)
Don't be misled by the generic name, this is an excellent list of links which relate to many different aspect of computer viruses including: software types, bulletins, virus list-servs and hoaxes.

Virus Information (http://www.commandcom.com/html/virus/virus.html)
Again, the name of the site doesn't do it justice in terms of the wealth of information available. This site , oriented toward advanced users and network administrators, provides valuable resources in its four sections: 1) Virus Databases, 2) Virus Links and Utilities, 3) Virus Research and 4) Writing on Security Issues.

Anti-Virus Resources on the Web (http://www.tju.edu/tju/dis/virus/resources.html)
Fairly generic in terms of its presentation of many websites, the main value of this page is clearly its links to electronic conferences, commonly used anti-viral resources (freeware, shareware and commercial) and anti-viral software comparisons.

The Regulation of Virus Research and the Prosecution for Unlawful Research (http://elj.warwick.ac.uk/jilt/compcrim/97_3kelm/default.htm)
An outstanding, well designed page introducing viruses and their impacts. Includes an excellent, though brief, bibliography.

Return to Educator's Guide to Computer Crime and Technology Misuse

Developed 3/5/99. Last modified 5/9/99.