Virus. The word is enough to scare most home PC users into completely formatting their hard drive. It scares most MIS Directors (read as "geeks hired by big companies") to the point where they may need professional psychiatric help. What are these vicious little (usually less than 1K!) programs and where do they come from? I have spent the better part of my computer experience gathering information on viruses and noting how they spread from machine to machine and file to file. They are some of the most impressive programming in the computer world, designed by some of the most talented programmers and yet they seem to have no purpose other than to destroy your data or completely crash your computer. This begs the question "why?" so loudly that I sometimes think I can hear it ringing in my ears.

Internet.com's Webopaedia defines a Computer Virus as follows:

A program or piece of code that is loaded onto your computer without your knowledge and runs against your wishes. Most viruses can also replicate themselves. All computer viruses are manmade. A simple virus that can make a copy of itself over and over again is relatively easy to produce. Even such a simple virus is dangerous because it will quickly use all available memory and bring the system to a halt. An even more dangerous type of virus is one capable of transmitting itself across networks and bypassing security systems.

Now, despite what you may gather from that definition, neither Windows 98 nor Internet Explorer 4.0 and 5.0 are viruses, and neither is any other program that you install (or whose installation is required). No, when this definition says, "against your wishes" it means it. Viruses are, in their own right, impressive little suckers. They are typically very elegant and efficient little programs that are designed to do a job and exactly that job. If the software industry at large were as effective and efficient as the virus programmers are, there would be far less "down time" for the computers across the country and the world.

A question I am often asked is: "Who would want to make a virus and why?" Well, the "who" is easy. Typical virus makers are experienced and talented programmers. They are very good at what they do. There are many government agencies and large businesses that hire such people to aid with their own security. These virus programmers often lumped in with other members of the shadier side of the computer world and given the moniker "Hackers." Hackers are a widely diverse group ranging from those that show an absolute mastery of computers, such as computer security hackers and virus makers, to the more brute force and far less elegant members that do things like start email hoaxes, try and get AOL passwords, and try and steal free long distance (such a strange group that they have there own name "phreakers"). They, as a group, are a significant threat to your computer if left unchecked, but they are also a significant resource for the business and computer world at large. "Fight fire with fire," the old saying goes, and it applies perfectly here. Large businesses set up security systems for their computers and then invite expert hackers to try and break into it or to try and infect it with a virus (remember the movie Sneakers?). Many AntiVirus Companies hire virus programmers to help them understand how these programs work and the logic behind their programming. In essence, the "who" is comprised of the same people that are protecting your computer FROM viruses, not necessarily a comforting thought, but it should be. If you need to catch a crook, hire one, right?

So, that may answer the "who," but what about the "why?"

That's a far less obvious or simple answer. Why certain people create viruses varies widely from virus maker to virus maker. One of the most interesting reasons that some people make viruses is to infect other virus makers' computers. The virus makers of the world seem to have created a game amongst them where the whole point is to infect the machine of some rival maker. Competitive spirit is one thing, but this borders or too weird for my tastes. Another, far more obvious reason for creating viruses is revenge. Some of the viruses, and typically the ones that are most destructive, are created to extract revenge upon some entity; be it an ex-girlfriend or ex-employer. Before you start saying "Why not ex-boyfriends?" let me point out that the typical virus programmer, statistically, is a male between the ages of 15 and 23 and are typically very intelligent. As we all know that definition perfectly fits what the world knows as "nerds." While there is a lot of talent in the nerd world there are far more ex-girlfriends. Another, far less common reason is the need for some people to "push the envelope" and risk developing their own viruses. This typically includes those people that are out there looking for new ways to use their newfound programming skills for fun. Well, since planting a virus on a major corporations system can end up putting you in jail, the risk, in my mind is far outweighed by the consequences. So there's the what, who and why about viruses, but there's still a very important aspect of virus awareness that we all need to know: Virus Hoaxes.

Far more commonplace than the viruses themselves are viruses. There were 66 major hoaxes listed at the Symantec AntiVirus Research Center (SARC) and only 361 "viruses in the wild." From what I can gather from personal experience, you are about 50 times more likely to see one of these hoaxes than an actual virus at the very least! While there is nothing truly harmful about a hoax, the panic that they can create can cause almost as much of a loss in productivity and downtime as an actual virus. Typically a virus hoax takes the form of an email chain. Knowing the telltale signs of a hoax email can keep you from panicking needlessly. I have prepared a hypothetical email for us to tear apart, looking for the signs of a hoax.

From: yourfriend@thierISP.net (or more appropriately…and far more common…yourfriend@aol.com)
cc: Everyone else you know online plus some people you've never heard of).
Subject: Virus Warning!

Friends,

There is a virus going around. It'll wipe out everything on your hard drive and actually damage it! AOL is aware of the virus and sent out some warnings. A friend of mine sent this letter over. I thought you'd like to know. Don't download ANYTHING unless it comes from one of your friends.

Original Message follows

>Dear All,
>For your reference, take necessary precautions.
>If you receive an email with a file called
>California, do not open the file. The file
>contains WOBBLER virus.

>WARNING

>This information was announced yesterday morning
>from IBM; AOL states that this is a very
>dangerous virus, much worse than "Melissa", and
>that there is NO remedy for it at this time.
>Some very sick individual has succeeded in using
>the reformat function from Norton Utilities
>causing it to completely erase all documents
>on the hard drive. It has been designed to work
>with Netscape Navigator and Microsoft Internet
>Explorer. It destroys Macintosh and IBM
>compatible computers. This is a new, very
>malicious virus and not many people know about it.

Thats it, guys,

(Your friend's name here)

Ok, so we've all received these letters before. Some of us find them terribly annoying and some of us read them two or three times to make sure that we're not missing anything. So, lets take a close look at it, piece by piece and see what's wrong with it.

First, let's look at the source of the letter. This letter comes from a friend, which, I'm sorry to say, is NOT the best way to ensure that your source is legitimate. As a matter of fact, it's usually a good indicator that the source is NOT legitimate. More than 99% of the time, virus warnings from friends and co-workers are hoaxes. I'm not sure why, but my experience has been that nearly ALL of these hoaxes pass through an AOL address of some kind. This is partially because America Online is a HUGE Internet community and has very high rate of communication between it's users. So if you see a whole slew of "@aol.com" in you letter address block (and in the cc block), then be skeptical. Don't discount it completely yet, but be skeptical.

Now let's look at the letter your friend sent, this can usually be a good indicator of how much your friend knows about viruses, which can in turn be a good indicator as to how much you should trust this email (i.e., how much you should panic). This first warning sign that this is a hoax that your friend has heard about comes in the second sentence. The phrase that makes the Hoax hairs on the back of my neck go "woo woo woo" is "....hard drive and actually damage it!" There are less than 10 of the more than 40,000 known virii (it's the correct original plural AND a very cool word) in the world that can damage the hardware in your computer. Maybe one of these are "in the wild," meaning that they are all contained within computer testing labs and have not been found in a computer outside of that environment. If you hard drive is making funny noises, it is NOT a virus, it's the hard drive. They do go from time to time, after all. So this is yet another reason to be skeptical.

Another one is "AOL...sent out some warnings." This is a big lie used in lots of hoaxes. AOL seldom sends any mail to its customers. In the 6+ years I have been involved with AOL I have received some welcome letters, replies to customer support questions, and a few notices to not give out my AOL password to anyone. All other mail claiming to be from AOL was confirmed with them via their tech support email and found to be bogus, this includes official "requests" from AOL staff for me to enter my user information again because they had a problem and lost it. This may not be a virus, but it's damn annoying for most people and one hell of a problem to change passwords and cancel credit cards.

Last but not least in the body of your friends letter is "Don't download anything unless it comes from one of your friends." This statement is wrong on two counts, making this more suspicious by the minute.

1. By saying "ANYTHING" it makes the reader infer that all files can carry viruses. This is simply not correct. Viruses can only be carried in runable programs (.COM and .EXE files) and Word, Excel and Access files. they can be carried in the email itself, but so far that is limited to one, that's right one, virus, actually a trojan known as BubbleBoy (See the Dirt on BubbleBoy under the News for November 15)! They typically can only be sent as an attachment. ZIP files may contain a file that is infected, but extracting that file from the zip WILL NOT infect your computer. There are extraordinarily rare cases where certain Java class files, downloaded when you access certain web pages, can act virus-"like." But again, these are not very common. You could download pictures of your granddaughter or nephew all day long and never fear of infecting yourself. The second reason this "ANYTHING" is a bad sign is that most internet users get their files from two sources: large companies web sites and friends (which I'll get two in my second point). Company sites (like Microsoft, Intel, Yahoo, WinFiles.com, etc) are carefully screened to protect themselves. Though it is POSSIBLE that a virus may slip by, it is about as likely that I'll be crowned Lord Emperor of America.
2. The letter infers that letters and attachments from friends are safe. This, unfortunately is not the case. As a matter of fact, this is how most viruses are spread. This does not mean you should become so paranoid that you stop reading any mail from your friends (see no. 1 above). This means you should be careful. As of late September 1999, Joe Well's Wild List (THE site for virus information) reported that the most common virus "in the wild" is a virus called Happy99 (Technically not a virus, known as a "worm." But only a handful of people know the difference or care). The Happy99 virus alters a couple of files on your computer that allow it to attach itself to your emails. You never know you sent it. You simply send you email normally. Happy99 does all the work. Your friend gets a nice letter from you with a small attachment (That letter says nothing about the attachment by the way, hint hint). He or she downloads it and runs it, gets a little fireworks show wishing you a "Happy 1999!" and that's it. Unfortunately they are now infected in the same way you are. They ran the program you sent them and that's all it took.

From both of these points you we can gather that the sender of this letter does not know much about viruses or about how they work. Knowing the reliability of your source is very important in determining that this letter may be a hoax, and combined with the other evidence, this letter certainly seems to be a hoax.

As it turns out, it is. This sample email is based upon one of several copies of an actual hoax, named "California" or "Wobbler," that swept through the mailboxes of the world a few months ago. I personally received this warning from five…that's right five…of the members of my online family. According to SARC there are 66 Virus Hoaxes as of the time of this writing. More occur every day and some disappear forever. It's always best to be careful and methodical if you suspect a virus. Panicking never accomplishes anything and more often than not makes things worse.

OK, so now we all know what viruses are, who made them and a ton of information about how to spot hoaxes, but what if it's not a hoax and what do we do if we're infected already? Here is a quick list of things you can do to protect yourselves from a nasty infection or recover if you are infected.

1. Purchase an AntiVirus Software Package: Software such as Dr. Solomon's, Norton's or McAfee's AntiVirus. Though each there are many anti-viral packages available, these three are the most reliable and each can provide you with free definitions (lists of viruses and their computer codes) that allow your computer to always find even the newest of viruses. These updates are usually downloaded from the internet. I recommend Norton's AntiVirus. This step is essential to playing it truly safe. I have 3 versions of the dreaded Chernobyl and the very dangerous Gwar-Messev virus on my home computer and they have never, ever gotten out or activated.
2. Play it safe: If a file is emailed to you don't think that you have a virus just by reading the mail it's attached to. If you know that the file is a virus (i.e. HAPPY99.EXE) just delete the email. That's it. It can't get you anymore. If you don't know if a file is dangerous or not and you'd like to be sure download the file to a location on your hard drive. If you're using Norton AntiVirus you can then scan that specific file simply by right-clicking on it and selecting Scan with Norton AntiVirus from the pop-up Menu. If the file scans ok, you'll be ok 99% of the time. If a virus is detected, delete it from your computer and empty your Recycle Bin immediately.
3. Practice preventative medicine: Only download files from the internet from major companies' sites. Downloading a file from Joe Blow's Great Big Internet File Collection is nowhere near as safe as downloading from WinFiles.com or IBM. Big companies screen their files to protect them from getting sued, which in turn benefits us all.
4. Scan Your computer completely for viruses every month. This may take some time, but it's worth it.
5. Create a set of Emergency rescue disks from your anti-virus software. These disks are considered clean and will scan your system and clean it of nasty viruses that infect the hidden and mysterious boot sectors of your hard drive.
6. Get to Know Us: The staff at BeVar Systems are all experts at removing viruses and saving the data from your hard drive that is capable of being saved.
7. If you're infected, be thankful if you don't lose everything. Viruses can destroy large amounts of data or erase entire hard drives. If you get away with your data intact, be thankful.

The unfortunate truth of things, my friends, is that there are people on the internet who live spend great amounts of time trying to create these bugs and when they "accidentally" get loose into the wild they feel some brief surge of power. We cannot now, nor can we ever, hope to stop virus makers from practicing their art. We can, however, practice safe computing and keep our computer and our data safe from these annoying little predators. For your convenience, I have provided below a list of the most common internet viruses found active "in the wild as well as a list of the most common hoaxes. This information was provided, in part, from both the Symantec AntiVirus Research Center and Joe Well's Wild List. I'd like to send special thanks to both of these excellent sites for their help in the creation of this work.

Below is a list of the top 19 (19? Who came up with that number?) viruses "in the wild." The important thing to know about this list is that any viruses not on this list are extremely rare in the wild. I have seen every one of these viruses active on a computer at least once.