You’re probably familiar with computer viruses and the unpleasant consequences they can have for users, but are you aware of the serious implications that an infection could have for your company?
Computer viruses are extremely prevalent and can compromise sensitive information, destroy data, harm hardware and waste copious amounts of time, resources and energy. User-downloaded viruses are responsible for 2,000,000 to 5,000,000 attacks per day. Some notorious viruses have resulted in billions of dollars worth of damages. The most expensive computer virus of all time, dubbed MyDoom, caused $38 billion in damages and was estimated to impact 25% of all emails in 2004.
This past July, a ‘Shipping Informaton” phishing scam targeted over 3,000 small businesses. The fraudulent email claimed to contain UPS shipping information, and instructed recipients to click on a seemingly innocent link to track a package. In reality this was a malware link, which released a virus onto the target’s computer.
Because the majority of computer viruses are delivered via email, an effective email security strategy is critical in protecting your business from viruses, malware and other serious digital threats. With the rapid evolution of modern, sophisticated email threats such as zero-day exploits and ransomware, traditional antivirus software is insufficient in protecting users against dangerous and costly attacks. For effective email protection, this technology must be implemented as part of a multi-layered email security gateway solution which provides comprehensive, real-time protection in the context of today’s complex and ever-evolving email threat landscape.
What are Computer Viruses and How Do They Work?
A computer virus is a specific type of malware designed to replicate and spread by modifying other computer programs and inserting its own code. When this replication succeeds, the affected programs are referred to as “infected” with a computer virus. The sole purpose of any virus is to replicate and spread itself, and damage to the host system is often a consequence of infection.
Email viruses, which constitute the majority of computer viruses, can be activated when a user either clicks on a link, downloads an attachment or interacts in some other way with the body of an infected email.
Email viruses are usually programmed to be sent to everyone in the victim's address book once his or her computer has been infected, and tend to proliferate very quickly as a result.
Viruses are commonly linked to phishing attacks, in which threat actors send out fraudulent emails that appear as if they have been sent from authorized sources with the goal of deceiving users into sharing sensitive information. Spam and malware emails are also very effective at infecting systems and compromising networks.
Some viruses capitalize on nothing but user naivety. Have you ever forwarded a chain letter, a virus warning or a desperate plea for help? If so, you probably fell for a hoax and helped to spread a virus. In these scenarios, the virus is the email itself. Collectively, these emails clog up mail servers and inboxes and frequently result in denying service to legitimate users while the system processes these bulk messages.
History of Computer Viruses
The first computer virus, named “Creeper system” was an experimental self-replicating virus released in 1971. It filled up a computer’s hard drive until the computer was unable to operate.
“The Morris Worm” was the first computer virus to spread extensively in the wild in 1988. It was written by Robert Morris as a method for determining the size of the Internet. His approach exploited weak passwords and security holes in sendmail and other Unix applications, but due to a programming mistake it spread too fast and started to interfere with the normal operation of the computers that it infected. “The Morris Worm” infected roughly 15,000 computers in 15 hours, which constituted the majority of the Internet at the time.
Since this outbreak, the number of new viruses introduced each year is growing exponentially. So many infamous viruses have been unleashed over the past thirty years that it is difficult to list the ones that have done the most damage; however, some of the most notorious viruses to date include Melissa, iloveyou, Code Red, Sobig, CryptoLocker, Locky, Mirai and WannaCry, among many others.
Types of Computer Viruses
There are many different forms of computer viruses which infect systems in different ways. To make things even more complex, the modern threat landscape is anything but stagnant and zero-day viruses are rapidly emerging. Some types of viruses are more dangerous than others. A few of the most threatening types of computer viruses include:
- Boot sector viruses: For the majority of users, this type of virus is one of the most dangerous types that exist. These viruses spread on the master boot record, making them very difficult to remove and frequently resulting in a full system reformat.
- Direct action viruses: This type of virus is one of the two main types that infect files. These viruses work through files that they attach to, rather than hiding in a computer’s memory or installing themselves. When a user clicks on an infected file, the attached virus is activated and continues to spread. Although direct action viruses make files inaccessible, they don’t affect a system’s performance.
- Resident viruses: Like direct action viruses, resident viruses infect files. However, this type of virus installs itself on a PC. These viruses are especially dangerous because they can persist even after the primary source of the virus is removed.
- Multipartite viruses: This type of virus can spread in various ways and can behave in a different manner depending on factors such as a PC’s operating system. These viruses can infect the boot sector as well as files on a computer, and can spread extremely rapidly and be very difficult to remove as a result.
- Polymorphic viruses: This type of virus changes its signature when it reproduces, masquerading as a different and seemingly harmless file. These viruses are especially threatening because antivirus programs have a very hard time detecting them. Because traditional antivirus software can only blacklist a single virus variant, many programs take months to identify a single polymorphic virus.
Polymorphic Viruses and Pattern Avoidance
Polymorphic viruses are those which have code in them that changes how they operate, thus defeating detection by normal methods. These complex and especially dangerous viruses employ various tactics to modify themselves during each infection. They vary their physical file makeup by encrypting their codes and using different encryption keys generated by mutation engines each time that they infect a device. This technique allows the majority of polymorphic viruses to remain undetected by antivirus software which is engineered to recognize a static, unchanging code.
Polymorphic viruses are usually spread via spam email, malware or infected websites. VIRLOCK, one of the most notorious polymorphic viruses, evolved to combine file infection and ransomware, making it especially difficult to detect and remove.
How are Viruses Detected?
As computer viruses have become increasingly problematic, methods of detection have evolved to combat them. There are several different methods that antivirus programs employ to identify viruses, malware and other computer threats. These methods include:
- Signature-based detection: Traditional antivirus software relies heavily on signature-based detection to identify viruses and malware. In this method, each time a new malware variant is discovered and arrives in the hands of an antivirus company, a signature of the file is extracted and added to the signatures database of the antivirus software. This approach has its limitations, as threat actors have tried to outsmart signature-based antivirus software by creating advanced viruses which modify themselves as a method of disguise to avoid matching existing virus signatures.
- Heuristics: Heuristic analysis is a popular and effective method for detecting previously unknown viruses, as well as new variants of viruses already in the wild by examining code for suspicious properties. This technique determines the susceptibility of a system to a particular threat using various weighing methods or decision rules. Heuristics analysis is one of the few methods capable of identifying polymorphic viruses.
- Real-time protection: Real-time protection refers to the automatic protection provided by many antivirus and anti-malware programs, which monitors systems for suspicious activity.
- Sandbox detection: This behavior-based detection technique runs programs in a virtual environment, logging programs’ actions and behaviors. Depending on the actions logged, antivirus engines that utilize this technique can determine whether a program is malicious or not. This technique has proven to be highly effective, but is rarely used in end-user antivirus solutions due to its slowness.
- Data mining techniques: In this relatively new approach to virus and malware detection, data mining and machine learning algorithms are used to classify the behavior of a file and determine whether it is malicious or benign depending on a series of features that are extracted from the file.
Regardless of the techniques that it utilizes to detect viruses and other threats, antivirus software has its limitations. For instance, antivirus programs are often ineffective in detecting zero-day viruses. Even those that use non-signature-based methods frequently fall short. Virus designers test the new viruses that they create on established antivirus applications to ensure that they are not detected before releasing these viruses into the wild.
Best Practices for Recognizing Viruses and Preventing Them from Infecting Devices and Networks
Knowing how to recognize an email virus, as well as implementing basic email security best practices, is imperative in protecting yourself and your company from infection. Here are some tips for identifying viruses and preventing infection:
- Refrain from clicking through links embedded in email messages
- Avoid opening potentially dangerous attachments that are included in emails from unknown senders
- Scan all attachments for malware
- Keep an eye out for phishing emails
- Keep your mail client, operating system and web browser updated and patched
- Do not open any executable files included as email attachments - attackers often name these files with two extensions in an effort to disguise them
- Ensure that your mail program is set to not automatically download and open attachments or display HTML content
- Verify the source of any suspicious email that you receive
- Avoid forwarding emails unless you have verified that they are legitimate
- Be cautious when sharing your email address - if it gets in the wrong hands, it can be used to send a convincing email containing a virus your way
- Get a text preview in your email service - content previews give you a glance at the content in an email without having to click on the email
- Close pop-up ads by right-clicking on them in your task bar - not by clicking the “X” in the corner
- Implement a comprehensive, fully-managed email security gateway solution that provides complete end-to-end control of your email
- Always remember: act smart, not fast!
How to Protect Against Computer Viruses
Antivirus software plays an important role in protecting against email viruses; however, this technology must be implemented as an element of a comprehensive, multi-layered email security gateway solution to effectively combat advanced attacks.
Defense in depth is imperative to a successful email security approach. No one single security feature or piece of antivirus software is sufficient in protecting against today’s sophisticated email threats like ransomware, spear phishing and zero-day attacks. Look for an email security gateway solution comprised of multiple layers of protection which work harmoniously to prevent the potential harm and inconvenience that can result from email viruses or other malicious emails reaching the inbox.
How Guardian Digital Can Help
Guardian Digital EnGarde Email Security Gateway provides highly effective, multi-tiered protection against viruses, malware, spam email and the other dangerous attacks that threaten email users every day. Benefits of choosing EnGarde to secure your business email include:
- Multi-layered architecture, where individual layers of security work in concert to provide complete, resilient protection
- Fully-managed, end-to-end control of your email, preventing malicious messages from reaching the inbox
- Adaptive antivirus engines and advanced heuristics technologies capable of detecting the most advanced polymorphic viruses and malware variants
- Secure endpoint encryption using strong cryptography
- Tighter security, flexible implementation and eliminated risk of vendor lock-in through the use of a transparent, collaborative development approach
- Centrally managed cloud-based administration
- Exceptional 24x7x365 customer support, conveniently providing you with the peace of mind to focus on aspects of running your business besides email security
Want to learn more about viruses and how to prevent them from infecting your devices and networks?
Do you have any questions or concerns about computer viruses and how to protect against them that haven’t been addressed in this article? Please do not hesitate to contact us. We would love to help!