:: wikimiki.org ::

Zombie Computer

Zombie computer

A zombie computer (abbreviated zombie) is a computer attached to the Internet that has been compromised by a hacker, a computer virus, or a trojan horse. Generally a compromised machine is only one of many in a "botnet", and will be used to performs malicious tasks of one sort or another, under remote direction. Most owners of zombie computers would be unaware that their system was being used in this way. botnet Zombies have been used extensively to send e-mail spam; between 50% to 80% of all spam worldwide is now sent by zombie computers. [http://www.pcworld.com/news/article/0,aid,121381,00.asp] This allows spammers to avoid detection of the source of spam, and presumably reduces their bandwidth costs, since the owners of zombies pay for their computers' use of bandwidth. For similar reasons, zombies are also used to commit click fraud against sites displaying pay per click advertising. Zombies have also conducted distributed denial of service attacks, such as the attack upon the SPEWS service in 2003.

External links

- [http://antivirus.about.com/od/whatisavirus/a/zombiepc.htm Is Your PC a Zombie? on About.com]
- [http://tweezersedge.com/archives/2005/02/000534.html A detailed account of what a zombie machine looks like and what it takes to "fix"it]
- [http://www.spambutcher.com/spamzombies/ "Killing Spam Zombies Made Easy" - Locate and eliminate spam zombies using free open source software.]
- [http://www.tqmcube.com/zombies.php Data and graphics related to zombie originated spam.] Category:Computer security

Zombie

]] A zombie is traditionally an undead person in the Caribbean spiritual belief system of voodoo. Essentially a dead body re-animated by unnatural means, the zombie creates dread among the living. Zombies have become a staple of horror fiction, where they usually engage in the consumption of human flesh. The term "zombism" is sometimes used to refer to the condition or disease associated with being a zombie.

Zombies in voodoo

According to the tenets of voodoo, a dead person can be revived by a houngan or mambo. After resurrection, it has no will of its own, but remains under the control of the person who performed the ritual. Such resurrected dead are called "zombies". Zombi is also the name of the voodoo snake god of Niger-Congo origin; it is akin to the Kongo word nzambi, which means "god." In 1937, while researching folklore in Haiti, Zora Neale Hurston encountered the case of Felicia Felix-Mentor, who had died and been buried in 1907 at the age of 29. Villagers believed they saw her wandering the streets in a daze thirty years later [http://mywebpages.comcast.net/scottandrewh/zombie.html] (although this was subsequently found to be false [http://www.webster.edu/~corbetre/haiti/voodoo/mars-zombi.htm]). Hurston pursued rumours that the affected persons were given powerful drugs, but was unable to locate anyone willing to offer much information. She wrote: :"What is more, if science ever gets to the bottom of Voodoo in Haiti and Africa, it will be found that some important medical secrets, still unknown to medical science, give it its power, rather than gestures of ceremony."[http://www-hsc.usc.edu/~gallaher/hurston/hurston.html] Several decades later, Wade Davis, a Canadian ethnobotanist, presented a pharmacological case for zombies in two books - The Serpent and the Rainbow (1985) and Passage of Darkness: The Ethnobiology of the Haitian Zombie (1988). Davis travelled to Haiti in 1982 and, as a result of his investigations, claimed that a living person could be zombified by the ingestion of two special powders. The first, coup de poudre (french: 'powder strike' - a wordplay on coup de foudre, 'lightning-strike'), induced a 'death-like' state, the key ingredient of which was tetrodotoxin (TTX). The second powder of dissociative hallucinogens held the person in a will-less zombie state. Davis popularized the story of Clairvius Narcisse, who was claimed to have succumbed to this practice. (Tetrodotoxin is the lethal toxin found in the Japanese delicacy fugu, or pufferfish (Tetraodontiformes). At near-lethal doses (LD50 of 1mg), it is said to be able to leave a person in a state near death for several days, while the person continues to be conscious.) There remains considerable skepticism to Davis's claims, and opinions remain divided as to the veracity of his work. Others have discussed the contribution of the victim's own belief-system, possibly leading to compliance with the attacker's will, and causing quasi-hysterical amnesia, catatonia, or other psychological disorders, which are then later misinterpreted as a return from the dead. Scottish psychiatrist R. D. Laing further highlighted the link between social and cultural expectations and compulsion, in the context of schizophrenia and other mental illness, suggesting that schizogenesis may account for some of the psychological aspects of zombification.

Zombies in folklore

In the Middle Ages, it was commonly believed that the souls of dead could return to earth and haunt the living. The belief in revenants (someone who has returned from the dead) are well documented by contemporary European writers of the time. The "draugr" of medieval Norse mythology were also believed to be the corpses of warriors returned from the dead to attack the living.

Zombies in fiction

Prior to the mid-1950s, zombies were usually presented as mindless thralls controlled like puppets by mystical masters. Sometimes the zombies were reanimated corpses, and sometimes living humans, but never independently malevolent. This changed with the publication of I Am Legend by author Richard Matheson in (1954). The story of a future Los Angeles, overrun with undead cannibalistic/bloodsucking beings changed the genre forever. One man is the sole survivor of a pandemic of a bacterium that causes vampirism. Continually, he must fight to survive attacks from the rambling, slow-witted creatures. Although ostensibly a vampire story, it had enormous impact on the zombie genre, particularly the film maker George Romero. Zombies are regularly encountered in horror- and fantasy-themed fiction, films, video games and role-playing games. They are typically depicted as mindless, shambling, decaying corpses with a hunger for human flesh, and in some cases, human brains. Many works of fiction feature zombies who spread their affliction from one to another, in a viral fashion. More often than not, the condition is spread through means of a bite or scratch, and the victim will most likely die and mutate soon after. In others, however, the condition is only acquired after death. A common plot in zombie fiction is an outbreak of the zombie plague growing out of control, resulting in an apocalyptic scenario. The story then focuses around a small group of survivors attempting to either stop the plague, or merely survive and escape the destruction. In typical horror fashion, zombie fiction rarely has a happy ending, generally ending in a dark or ambiguous manner. Popular causes of zombie outbreaks in fiction include radiation or other toxic chemicals acting on the brains of the dead, evil magic or voodoo, aliens, the use of drugs, viral infection, and telepathic control. In fiction zombies can generally be disabled by dismemberment or destruction of the brain and/or upper spinal column. In a few cases the entire body of the zombie must be destroyed, generally by burning, as individual body parts continue to move after being severed from the body.

Zombies in literature

In the novel Perelandra, the zombie Professor Weston acts as the analog of the serpent in the Garden of Eden; this is a rare example of a zombie who can talk, as it is actually being controlled by a demon. In the Xanth series by Piers Anthony the zombies are re-animated by a magical talent held by the "Zombie Master" Jonathan. He can re-animate any creature, human or otherwise, and have it under his personal control. Even when he kills himself, he returns to life as a member of the undead. The zombies of Xanth can continually fall apart without losing any mass. The character of Reginald Shoe in Terry Pratchett's Discworld books becomes a zombie by refusing to stay dead after being shot and killed. He later forms a support group for other undead, claiming they are merely "differently alive". Several other Discworld zombies, including Mr. Slant, work as unsympathetic lawyers. In Harry Potter and the Half-Blood Prince by J. K. Rowling, an Inferius is essentially a zombie, a dead body controlled by a dark wizard's spells. In contemporary horror fiction, Leisure Books has published Brian Keene's debut novel The Rising and its sequel City of the Living Dead], which deal with a worldwide apocalypse of intelligent zombies, apparently caused by demonic possession. Walter Greatshell's novel Xombies is about a plague that turns women into the undead. Underpants of the Dead, a zombie satire co-authored by Bob Hinton and C.W. Prather, was serialized online from October 2003 through January 2005 on CountGore.com. Another work of zombie fiction that was initially published online, David Wellington's Monster Island, is scheduled to be available through Thunder's Mouth press in 2006.

Zombies in film

Although the depiction of zombies in film has recently become much more varied, they were originally presented in White Zombie (Victor Halperin, 1932) as mindless, unthinking henchmen under the spell of an evil magician/overlord. This depiction continued through the 1930's until they started to move around more of their own accord, as in I Walked with a Zombie (Jacques Tourneur, 1943). Jacques Tourneur In 1968, George A. Romero's Night of the Living Dead premiered. Critics initially reacted negatively to its depiction of cannibalism, gore, and pessimism, but the film soon developed a strong following and is now considered a modern classic. Though cannibalism in horror was nothing new at the time, the movie standardised the practice of eating human flesh in zombies, and created new rules still in use today, such as a severe head injury being the only way to kill a zombie. Romero's even more successful sequel, Dawn of the Dead (1978), can be regarded as the father of the modern zombie movie subgenre. The third entry in the series was Day of the Dead (1985), followed two decades later by the fourth entry Land of the Dead (2005). Internationally, Dawn of the Dead was released under the name Zombi, inspiring Italian director Lucio Fulci to create Zombi II (1979), an unofficial sequel to Dawn of the Dead, which would be released in North America as Zombie and spawn its own series. In America, Dan O'Bannon's 1985 movie, Return of the Living Dead, took a more comedic approach to distinguish his movie from George Romero's; it had the zombies hunger specifically for brains instead of all human flesh. After the mid-1980s, the subgenre became mostly relegated to the underground. Although director Peter Jackson made a notable entry with the ultra-gory Braindead (1992), and Michele Soavi received rave reviews for Dellamorte Dellamore (1994), it was not until the next decade's box office successes (the Resident Evil movies (2002, 2004), 28 Days Later (2002), the Dawn of the Dead remake (2004), and homage/parody Shaun of the Dead (2004) ) that the zombie subgenre began to resurface, even allowing George Romero to create a fourth part to his zombie series. Although 28 Days Later director Danny Boyle claims it is not a zombie film (the 'Infected' are not dead), it shares all of the basic characteristics of a zombie movie, and references the genre. It was largely responsible for the creation of what has been referred to as the "MTV zombie": this modern variety is much faster than the shambling hordes of the earlier generation. It is a tradition that, within zombie films, the human characters never say the word "zombie", but use designations like "them", "those things", "creatures", "corpses", "bodies", "ghouls", etc. This formed the basis for the scene in Shaun of the Dead where Simon Pegg said "Don't say that" to Nick Frost when he used the aforementioned word. However, in Land of the Dead and the original Dawn of the Dead, a character from each film breaks this tradition once.

Zombies in gaming

Zombies are common foes in horror-themed computer and video games. Zombies are a staple of the survival horror genre of video games, such as Sega's Zombies Ate My Neighbors and the influential Resident Evil series. Many other genres, especially fantasy role-playing and adventure games, also prominently feature zombies as enemies. Some titles, such as Stubbs the Zombie, put the player into the role of the zombie itself. There is also an award-winning tile-based strategy boardgame entitled Zombies!!! in which players attempt to escape a zombie-infested city, or kill 25 zombies.

Zombies on the Internet

A number of Internet websites are also dedicated to the genre, notably [http://www.homepageofthedead.com/ Homepage of the Dead], [http://www.jimrage.com Jim Rage's Elite Zombie Hunting Squad] and [http://www.zombiehunters.org/ Zombie Squad]. An increasingly popular Internet meme is the use of online journal websites such as Livejournal to create a fictional account of an undead apocalypse; the most well-known of these are [http://www.livejournal.com/users/alpha_dog/ Alpha Dog] and [http://www.tacticalunderground.us/ Day By Day Armageddon], but other popular journals include:
- [http://www.livejournal.com/users/themagestorm/ Shattered Death]
- [http://www.livejournal.com/users/azpossecommand/ Life After Death]
- [http://www.livejournal.com/users/maninadeadworld/ Man In A Dead World]
- [http://www.underpantsofthedead.com Underpants of the Dead]
- [http://www.livejournal.com/users/scarecrowster/ End Times]
- [http://www.xanga.com/tim_sailor The Milledgeville Papers]

External links

- Howstuffworks: [http://people.howstuffworks.com/zombie.htm How Zombies Work] - discusses voodoo origins of zombies.
- Triple J's Dr Karl [http://www.abc.net.au/science/k2/moments/s1260445.htm explains the pharmacological way to make a zombie].
- [http://www.sothisisacomic.com/Zombie/zomb3.html Zombie Infection Simulator] (requires Java).
- [http://www.urbandead.com/ Urban Dead] A browser-based MMORPG dealing with a zombie apocalypse.
- [http://www.cobra.semnatstudios.com/cg The Combat Guide] A website with media and reading covering the survival of a "zompocalypse". Category:Corporeal undead Category:Film genres Category:Legendary creatures Category:Slavery Category:Vodun ja:ゾンビ

Internet

:For the more general networking concept, see internetworking. The Internet, or simply the Net, is the worldwide system of interconnected computer networks which makes information stored on it accessible. This information is transmitted by packet switching using a standardized Internet Protocol (IP) and many other protocols. It is made up of thousands of smaller commercial, academic, domestic and government networks. It carries various information and services, such as electronic mail, online chat, and the interlinked web pages and other documents of the World Wide Web.

Creation of the Internet

During the 1950s, several communications researchers realized that there was a need to allow general communication between users of various computers and communications networks. This led to research into decentralized networks, queuing theory, and packet switching. The subsequent creation of ARPANET in the United States in turn catalyzed a wave of technical developments that made it the basis for the development of the Internet. Contrary to popular myth, the DoD did not create the ARPANET so that they could communicate to the US Government after a nuclear war. The first TCP/IP wide area network was operational in 1984 when the United States' National Science Foundation (NSF) constructed a university network backbone that would later become the NSFNet. It was then followed by the opening of the network to commercial interests in 1995. Important separate networks that offered gateways into, then later merged into the Internet include Usenet, Bitnet and the various commercial and educational X.25 networks such as Compuserve and JANET. The ability of TCP/IP to work over these pre-existing communication networks allowed for a great ease of growth. Use of Internet as a phrase to describe a single global TCP/IP network originated around this time. The collective network gained a public face in the 1990s. In August 1991 CERN in Switzerland publicized the new World Wide Web project, two years after Tim Berners-Lee had begun creating HTML, HTTP and the first few web pages at CERN in Switzerland. In 1993 the Mosaic web browser version 1.0 was released, and by late 1994 there was growing public interest in the previously academic/technical Internet. By 1996 the word "Internet" was common public currency, but it referred almost entirely to the World Wide Web. Meanwhile, over the course of the decade, the Internet successfully accommodated the majority of previously existing public computer networks (although some networks such as FidoNet have remained separate). This growth is often attributed to the lack of central administration, which allows organic growth of the network, as well as the non-proprietary open nature of the Internet protocols, which encourages vendor interoperability and prevents any one company from exerting too much control over the network.

Today's Internet

FidoNets, FTP client, and Telnet client]] Apart from the complex physical connections that make up its infrastructure, the Internet is held together by bi- or multi-lateral commercial contracts (for example peering agreements) and by technical specifications or protocols that describe how to exchange data over the network. Indeed, the Internet is essentially defined by its interconnections and routing policies. In an often-cited, if perhaps gratuitously mathematical definition, Seth Breidbart once described the Internet as "the largest equivalence class in the reflexive, transitive, symmetric closure of the relationship 'can be reached by an IP packet from'". Unlike older communications systems, the Internet protocol suite was deliberately designed to be independent of the underlying physical medium. Any communications network, wired or wireless, that can carry two-way digital data can carry Internet traffic. Thus, Internet packets flow through wired networks like copper wire, coaxial cable, and fiber optic; and through wireless networks like Wi-Fi. Together, all these networks, sharing the same high-level protocols, form the Internet. The Internet protocols originate from discussions within the Internet Engineering Task Force (IETF) and its working groups, which are open to public participation and review. These committees produce documents that are known as Request for Comments documents (RFCs). Some RFCs are raised to the status of Internet Standard by the Internet Architecture Board (IAB). Some of the most used protocols in the Internet protocol suite are IP, TCP, UDP, DNS, PPP, SLIP, ICMP, POP3, IMAP, SMTP, HTTP, HTTPS, SSH, Telnet, FTP, LDAP, SSL, and TLS. Some of the popular services on the Internet that make use of these protocols are e-mail, Usenet newsgroups, file sharing, Instant Messenger, the World Wide Web, Gopher, session access, WAIS, finger, IRC, MUDs, and MUSHs. Of these, e-mail and the World Wide Web are clearly the most used, and many other services are built upon them, such as mailing lists and blogs. The Internet makes it possible to provide real-time services such as Internet radio and webcasts that can be accessed from anywhere in the world. Some other popular services of the Internet were not created this way, but were originally based on proprietary systems. These include IRC, ICQ, AIM, and Gnutella. There have been many analyses of the Internet and its structure. For example, it has been determined that the Internet IP routing structure and hypertext links of the World Wide Web are examples of scale-free networks. Similar to how the commercial Internet providers connect via Internet exchange points, research networks tend to interconnect into large subnetworks such as:
- GEANT
- Internet2
- GLORIAD These in turn are built around relatively smaller networks. See also the list of academic computer network organizations In network schematic diagrams, the Internet is often represented by a cloud symbol, into and out of which network communications can pass.

Internet culture

The Internet is also having a profound impact on work, leisure, knowledge and worldviews. worldviews]]

ICANN

The Internet Corporation for Assigned Names and Numbers (ICANN) is the authority that coordinates the assignment of unique identifiers on the Internet, including domain names, Internet protocol addresses, and protocol port and parameter numbers. A globally unified namespace (i.e., a system of names in which there is one and only one holder of each name) is essential for the Internet to function. ICANN is headquartered in Marina del Rey, California, but is overseen by an international board of directors drawn from across the Internet technical, business, academic, and non-commercial communities. The US government continues to have a privileged role in approving changes to the root zone file that lies at the heart of the domain name system. Because the Internet is a distributed network comprising many voluntarily interconnected networks, the Internet, as such, has no governing body. ICANN's role in coordinating the assignment of unique identifiers distinguishes it as perhaps the only central coordinating body on the global Internet, but the scope of its authority extends only to the Internet's systems of domain names, Internet protocol addresses, and protocol port and parameter numbers.

The World Wide Web

Through keyword-driven Internet research using search engines like Google, millions worldwide have easy, instant access to a vast and diverse amount of online information. Compared to encyclopedias and traditional libraries, the World Wide Web has enabled a sudden and extreme decentralization of information and data. Some companies and individuals have adopted the use of 'weblogs' or blogs, which are largely used as easily-updatable online diaries. Some commercial organizations encourage staff to fill them with advice on their areas of specialization in the hope that visitors will be impressed by the expert knowledge and free information, and be attracted to the corporation as a result. One example of this practice is Microsoft, via whose product developers publish their personal blogs in order to pique the public's interest in their work. For more information on the distinction between the World Wide Web and the Internet itself — as in everyday use the two are sometimes confused — see Dark internet where this is discussed in more detail.

Remote access

The Internet allows computer users to connect to other computers and information stores easily, wherever they may be across the world. They may do this with or without the use of security, authentication and encryption technologies, depending on the requirements. This is encouraging new ways of working from home, collaboration and information sharing in many industries. An accountant sitting at home can audit the books of a company based in another country, on a server situated in a third country that is remotely maintained by IT specialists in a fourth. These accounts could have been created by home-working book-keepers, in other remote locations, based on information e-mailed to them from offices all over the world. Some of these things were possible before the widespread use of the Internet, but the cost of private, leased lines would have made many of them infeasible in practice. An office worker away from his or her desk, perhaps the other side of the world on a business trip or a holiday, can open a remote desktop session into his or her normal office PC using a secure Virtual Private Network (VPN) connection via the Internet. This gives him or her complete access to all their normal files and data, including e-mail and other applications, while they are away.

Collaboration

This low-cost and nearly instantaneous sharing of ideas, knowledge and skills has revolutionized some, and given rise to whole new, areas of human activity. One example of this is the collaborative development and distribution of Free/Libre/Open-Source Software (FLOSS) such as Linux, Mozilla and OpenOffice.org. See Collaborative software.

File-sharing

A computer file can be e-mailed to customers, colleagues and friends as an attachment. It can be uploaded to a website or FTP server for easy download by others. It can be put into a "shared location" or onto a file server for instant use by colleagues. The load of bulk downloads to many users can be eased by the use of "mirror" servers or peer-to-peer networking. In any of these cases, access to the file may be controlled by user authentication; the transit of the file over the Internet may be obscured by encryption and money may change hands before or after access to the file is given. The price can be paid by the remote charging of funds from, for example a credit card whose details are also passed - hopefully fully encrypted - across the Internet. The origin and authenticity of the file received may be checked by digital signatures or by MD5 message digests. These simple features of the Internet, over a world-wide basis, are changing the basis for the production, sale and distribution of many types of product, wherever they can be reduced to a computer file for transmission. This includes all manner of office documents, publications, software products, music, photography, video, animations, graphics and the other arts. This in turn is causing seismic shifts in each of the existing industry associations, such as the RIAA and MPAA, that previously controlled the production and distribution of these products.

Streaming media and VoIP

Many existing radio and television broadcasters have provided Internet 'feeds' of their live audio and video streams (for example, the BBC). They have been joined by a range of pure Internet 'broadcasters' who never had on-air licences. This means that an Internet-connected device, such as a computer or something more specific, can be used to access on-line media in much the same way as was previously possible only with a TV or radio receiver. The range of material is much wider, from pornography to highly specialised technical web-casts. The simplest equipment can allow anybody, with little censorship or licencing control, to broadcast on a worldwide basis. Time-shift viewing or listening is not a problem as the BBC have shown with their Preview, Classic Clips and Listen Again features. Web-cams can be seen as an even lower-budget extension of this phenomenon. In this case the picture may update only slowly - perhaps once every few seconds or slower, but Internet users can watch animals around an African waterhole, ships in the Panama Canal or the traffic at a local roundabout live and in real time. Video chat rooms, video conferencing, and remote controllable webcams have become popular. Some people install webcams in their bedrooms that can be accessed by other voyeurs, often with two-way sound. VoIP stands for Voice over IP, where IP refers to the Internet Protocol that underlies all Internet communication. This phenomenon began as an optional two-way voice extension to some of the Instant Messaging systems that took off around the turn of the millennium. In recent years many people and organizations have made VoIP systems as easy to use and as convenient as a normal telephone. The benefit is that, as the actual voice traffic is carried by the Internet, VoIP is free or costs much less than an actual telephone call, especially over long distances and especially for those with always-on ADSL or DSL Internet connections anyway. The disadvantages are that it is still difficult to initiate a call with someone, unless they also have a VoIP phone or are at their computer and that there are still several competing standards that are mitigating against universal acceptance. In all of these cases, existing large organisations, that have grown accustomed to regular incomes for their services, are finding increased competition in their service areas, coming directly from the Internet. While newcomers strive to make these inroads, the traditional industries are having to adapt, adopt, complain or suffer. Meanwhile the consumer in each case most probably benefits from the increased range of services and possible price reductions. Some worry about censorship and control while others see a continuing globalisation of culture and norms.

Language

Main article: English on the Internet The most prevalent language for communication on the Internet is English. This may be due to the Internet's origins or to the growing role of English as an international language. It may also be related to the poor capability of early computers to handle characters other than those in the basic Latin alphabet (see Unicode). After English (32 % of web visitors) the most-requested languages on the world wide web are Chinese 13 %, Japanese 8 %, Spanish 6 %, German 6 % and French 4 %. (From [http://www.internetworldstats.com/stats7.htm Internet World Stats]) By continent, 33 % of the world's Internet users are based in Asia, 29 % in Europe and 23 % in North America.[http://www.internetworldstats.com/stats.htm] The Internet's technologies have developed enough in recent years that good facilities are available for development and communication in most widely used languages. However, some glitches such as mojibake still remain.

Cultural awareness

From a cultural awareness perspective, the Internet has been both an advantage and a liability. For people who are interested in other cultures it provides a significant amount of information and an interactivity that would be unavailable otherwise. However, for people who are not interested in other cultures there is some evidence indicating that the Internet enables them to avoid contact to a greater degree than ever before.

Censorship

Some countries, such as Iran and the People's Republic of China, restrict what people in their countries can see on the Internet, especially unwanted political and religious content. In the Western world, it is Germany that has the highest rate of censorship. Internet Service Providers are required by law to block some sites that contain child pornography or Nazi or Islamist propaganda. Censorship is sometimes done through government sponsored censoring filters, or by means of law or culture, making the propagation of targeted materials extremely hard. At the moment most Internet content is available regardless of where one is in the world, so long as one has the means of connecting to it.

Internet access

Germany Common methods of home access include dial-up, landline broadband (over coaxial cable, fiber optic or copper wires), Wi-Fi, satellite and cell phones. Public places to use the Internet include libraries and Internet cafes, where computers with Internet connections are available. There are also Internet access points in many public places like airport halls, in some cases just for brief use while standing. Various terms are used, such as "public Internet kiosk", "public access terminal", and "Web payphone". Many hotels now also have public terminals, though these are usually fee based. Wi-Fi provides wireless access to computer networks, and therefore can do so to the Internet itself. Hotspots providing such access include Wi-Fi-cafes, where a would-be user needs to bring their own wireless-enabled devices such as a laptop or PDA. These services may be free to all, free to customers only, or fee-based. A hotspot need not be limited to a confined location. The whole campus or park, or even the entire city can be enabled. Grassroots efforts have led to wireless community networks. Apart from Wi-Fi, there have been experiments with proprietary mobile wireless networks like Ricochet, various high-speed data services over cellular or mobile phone networks, and fixed wireless services. These services have not enjoyed widespread success due to their high cost of deployment, which is passed on to users in high usage fees. New wireless technologies such as WiMAX have the potential to alleviate these concerns and enable simple and cost effective deployment of metropolitan area networks covering large, urban areas. There is a growing trend towards wireless mesh networks, which offer a decentralized and redundant infrastructure and are often considered the future of the Internet. Broadband access over power lines was approved in 2004 in the United States in the face of stiff resistance from the amateur radio community. The problem with modulating a carrier signal onto power lines is that an above-ground power line can act as a giant antenna and jam long-distance radio frequencies used by amateurs, seafarers and others. Countries where Internet access is available to a majority of the population include Germany, India, China, Chile, Iceland, Finland, Sweden, Greece, Italy, Australia, Denmark, the United States, Canada, the United Kingdom, The Netherlands, Japan, Singapore, Taiwan, Thailand, South Korea and Norway. The use of the Internet around the world has been growing rapidly over the last decade, although the growth rate seems to have slowed somewhat after 2000. The phase of rapid growth is ending in industrialized countries, as usage becomes ubiquitous there, but the spread continues in Africa, Latin America, the Caribbean and the Middle East. However, there are still problems for many. ADSL and other broadband access are rare or nonexistent in most developing countries. Even in developed countries, high prices, mediocre performance and access restrictions often limit its uptake. Within individual countries, wide differences may exist between larger cities (often having multiple providers of broadband access) and some rural areas, where no broadband access may be available at all. The expansion of the availability of Internet access is a way to bridge the so-called digital divide.

Capitalization conventions

In formal usage, Internet is traditionally written with a capital first letter. The Internet Society, the Internet Engineering Task Force, the Internet Corporation for Assigned Names and Numbers, the World Wide Web Consortium, and several other Internet-related organizations all use this convention in their publications. In English grammar, proper nouns are capitalized. Most newspapers, newswires, periodicals, and technical journals also capitalize the term. Examples include the New York Times, the Associated Press, Time, The Times of India, Hindustan Times and Communications of the ACM. In other cases, the first letter is often written small (internet), and many people are not aware of any convention of using a capital letter. Some argue that internet is the correct form. Since 2000, a significant number of publications have switched to using internet. Among them are The Economist, the Financial Times, the London Times, and the Sydney Morning Herald. As of 2005, most publications using internet appear to be located outside of North America although one American news source, Wired News, has adopted the lowercase spelling.

Leisure

The Internet has been a major source of leisure since before the World Wide Web, with entertaining social experiments such as MOOs being conducted on university servers, and humor-related USENET groups receiving much of the main traffic. Today, many Internet forums have sections devoted to neta; short cartoons in the form of Flash movies are also popular. The pornography and gambling industries have both taken full advantage of the World Wide Web, and often provide a significant source of advertising revenue for other Web sites. Although many governments have attempted to put restrictions on both industries' use of the Internet, this has generally failed to stop their widespread popularity. One main area of leisure on the Internet is multiplayer gaming. This form of leisure creates communities, bringing people of all ages and origins to enjoy the fast-paced world of multiplayer games. These range from MMORPG to first-person shooters, from role-playing games to online gambling. This has revolutionized the way many people interact and spend their free time on the Internet. Online gaming began with services such as GameSpy and MPlayer, which players of games would typically subscribe to. Non-subscribers were limited to certain types of gameplay or certain games. With the release of Diablo by Blizzard Entertainment, gamers were treated to a built in online game service that was free of charge. With Blizzard's next game, StarCraft, the gaming world saw an explosion in the numbers of players using the Internet to play multi-player games. StarCraft may have been the first non-MMO game in which most players utilized the online gameplay as opposed to the single-player gameplay. Online gaming has progressed so much in the last 10 years that gamers earn a living from being a professional at the subject by winning tournaments and prizes as well as signing sponsor deals. Because there is a large support for certain online games, a new community has been born for people modding games, where users edit games to add a whole new element to it. This is how games such as Counter-Strike were born from the Half-Life Gaming Engine. Cyberslacking has become a serious drain on corporate resources; the average UK employee spends 57 minutes a day surfing, according to a study by Peninsula Business Services[http://news.scotsman.com/topics.cfm?tid=914&id=1001802003].

A complex system

Many computer scientists see the Internet as a "prime example of a large-scale, highly engineered, yet highly complex system" (Willinger, et al). The Internet is extremely heterogeneous. (For instance, data transfer rates and physical characteristics of connections vary widely.) The Internet exhibits "emergent phenomena" that depend on its large-scale organization. For example, data transfer rates exhibit temporal self-similarity.

Marketing

The Internet has also become a big market, and the biggest companies today have grown by taking advantage of the efficient low-cost advertising and commerce through the Internet. It is the fastest way to spread information to a vast community of people all at once. The Internet has revolutionized shopping –– a person can order a CD online and receive it in the mail within a couple of days, or download it directly in some cases.

Criticism

Many hyperlinks are outdated as time takes its toll on the existence of URL weblinks. These weblinks are often times defunct and are retained as hyperlinks for extended timeframes as a result of laziness or being busy enough to be sidetracked away from updating webpages. This is a common hoax for people who are fans in the field of what those links provide them with/to.

External links

General

- [http://www.channel101.com/ Internet TV Stations]
- [http://www.isoc.org/ The Internet Society (ISOC)]
- [http://www.techterms.org/internet.php Internet Dictionary] - Definitions of Internet-related terms
- [http://www.experienced-people.co.uk/1099-webmaster-glossary/ The Alternate Internet Glossary] (Humor)
- A [http://www.illusivecreations.com Calgary Web Design] company that has put together over 300 articles about the internet and web development. You can view them by going [http://www.illusivecreations.com/articles/ here].
- [http://www.clickz.com/stats/sectors/geographics/article.php/5911_151151 Internet access stats]
- [http://www.sharpened.net/glossary/ Glossary of Computer and Internet Terms]
- [http://scoreboard.keynote.com/scoreboard/Main.aspx?Login=Y&Username=public&Password=public Internet Health Report] from Keynote
- [http://www.internetworldstats.com/stats.htm Internet World Stats]

Articles

- [http://www.iht.com/articles/2005/09/29/business/net.php "EU and U.S. clash over control of the Net" - International Herald Tribune article by Tom Wright]
- [http://www.wired.com/wired/archive/13.08/intro.html "10 Years that changed the world" - WiReD looks back at the evolution of the Internet over last 10 years]
- [http://www.fourmilab.ch/documents/digital-imprimatur/ John Walker: The Digital Imprimatur]
- [http://www.addressingtheworld.info addressingtheworld.info] - website accompanying a book (ISBN 0742528103) on the history of DNS
- [http://computer.howstuffworks.com/internet-infrastructure.htm How Stuff Works explanation of the Infrastructure of the Internet]
- [http://www.searchandgo.com/articles/internet/net-explained-1.php Internet Explained] Seven part article explaining the origins to the present and a future look at the Internet.
- [http://www.wired.com/news/culture/0,1284,64596,00.html?tw=wn_tophead_7 "It's Just the 'internet' Now" - Wired.com article by Tony Long]

History

- [http://www.isoc.org/internet/history/brief.shtml The Internet Society History Page]
- [http://www.internetvalley.com/archives/mirrors/cerf-how-inet.txt How the Internet Came to Be]
- [http://www.zakon.org/robert/internet/timeline/ Hobbes' Internet Timeline v7.0]
- [http://www.ciolek.com/PAPERS/e-scholarship2000.html Futures and Non-futures for Scholarly Internet. ]
- [http://www.lk.cs.ucla.edu/internet_history.html History of the Internet links]
- [http://www.ietf.org/rfc/rfc801.txt RFC 801, planning the TCP/IP switchover]
- [http://www.archive.org/ Internet Archive] - A searchable database of old cached versions of websites dating back to 1996
- A list of lectures, some of which relate to the Internet, from the Massachusetts Institute of Technology is available [http://ocw.mit.edu/OcwWeb/Comparative-Media-Studies/CMS-930Media--Education--and-the-MarketplaceFall2001/VideoLectures/index.htm here]. Of particular interest is lecture #3 The Next Big Thing: Video Internet which is delivered in Real Player format. The lecture gives a brief history of networking; discusses convergence between the internet/telephone/television networks; the expansion of broadband access; makes predictions about the future of delivery of video over the internet.

References

- Walter Willinger, Ramesh Govindan, Sugih Jamin, Vern Paxson, and Scott Shenker. (2002). Scaling phenomena in the Internet. In Proceedings of the National Academy of Sciences, 99, suppl. 1, 2573 – 2580. Category:Communication Category:Digital media Category:Internet Category:Digital Revolution Category:Technology Category:Computer networks Category:Networks ko:인터넷 ms:Internet ja:インターネット simple:Internet th:อินเทอร์เน็ต fiu-vro:Internet

Computer virus

In computer security technology, a virus is a self-replicating program that spreads by inserting copies of itself into other executable code or documents. A computer virus behaves in a way similar to a biological virus, which spreads by inserting itself into living cells. Extending the analogy, the insertion of a virus into the program is termed as an infection, and the infected file (or executable code that is not part of a file) is called a host. Viruses are one of the several types of malicious software or malware. In a common parlance, the term virus is often extended to refer to worms, trojan horses and other sorts of malware, however, this can confuse computer users, since viruses in the narrow sense of the word are less common than they used to be, compared to other forms of malware. This confusion can have serious consequences, because it may lead to a focus on preventing one genre of malware over another, potentially leaving computers vulnerable to future damage. However, a basic rule is that computer viruses cannot directly damage hardware, but only software. While viruses can be intentionally destructive (for example, by destroying data), many other viruses are fairly benign or merely annoying. Some viruses have a delayed payload, which is sometimes called a bomb. For example, a virus might display a message on a specific day or wait until it has infected a certain number of hosts. A time bomb occurs during a particular date or time, and a logic bomb occurs when the user of a computer takes an action that triggers the bomb. However, the predominant negative effect of viruses is their uncontrolled self-reproduction, which wastes or overwhelms computer resources. Today (as of 2005), viruses are somewhat less common than network-borne worms, due to the popularity of the Internet. Anti-virus software, originally designed to protect computers from viruses, has in turn expanded to cover worms and other threats such as spyware.

Definition

A virus is a type of program that can replicate itself by making (possibly modified) copies of itself. The main criterion for classifying a piece of executable code as a virus is that it spreads itself by means of 'hosts'. A virus can only spread from one computer to another when its host is taken to the uninfected computer, for instance by a user sending it over a network or carrying it on a removable media. Additionally, viruses can spread to other computers by infecting files on a network file system or a file system that is accessed by another computer. Viruses are sometimes confused with worms. A worm, however, can spread itself to other computers without needing to be transferred as part of a host. Many personal computers are now connected to the Internet and to local-area networks, facilitating their spread. Today's viruses may also take advantage of network services such as the World Wide Web, e-mail, and file sharing systems to spread, blurring the line between viruses and worms. Viruses can infect different types of hosts. The most common targets are executable files that contain application software or parts of the operating system. Viruses have also infected the executable boot sectors of floppy disks, script files of application programs, and documents that can contain macro scripts. Additionally, viruses can infect files in other ways than simply inserting a copy of their code into the code of the host program. For example, a virus can overwrite its host with the virus code, or it can use a trick to ensure that the virus program is executed when the user wants to execute the (unmodified) host program. Viruses have existed for many different operating systems, including MS-DOS, AmigaOS, Mac OS and even Linux; however, the vast majority of viruses affect Microsoft Windows. A legitimate application program that can copy itself as a side-effect of its normal function (e.g. backup software) is not considered a virus. Some programs that were apparently intended as viruses cannot reliably self-replicate, because the infection routine contains bugs. For example, a buggy virus can insert copies of itself into host programs, but these copies never get executed and are thus unable to spread the virus. Self-replicating programs that have very limited spreading capabilities because of bugs should not be considered legitimate viruses.

Use of the word "virus"

The term "virus" was first used in an academic publication by Fred Cohen in his 1984 paper Experiments with Computer Viruses, where he credits Len Adleman with coining it. However, a 1972 science fiction novel by David Gerrold, When H.A.R.L.I.E. Was One, includes a description of a fictional computer program called "VIRUS" that worked just like a virus (and was countered by a program called "ANTIBODY"); and John Brunner's 1975 novel The Shockwave Rider describes programs known as "tapeworms" which spread through a network for deleting data. The term "computer virus" with current usage also appears in the comic book "Uncanny X-Men" No. 158, published in 1982. Therefore, we may conclude that although Cohen's use of "virus" may, perhaps, have been the first "academic" use, the term had been used earlier. Westworld is often cited as containing an early usage of the term, though the exact phrase is not actually used in the film. The term "virus" is often used in common parlance to describe all kinds of malware (malicious software), including those that are more properly classified as worms or trojans. Most popular anti-virus software packages defend against all of these types of attack. The English plural of "virus" is "viruses". Some people use "virii" or "viri" as a plural, although computer professionals seldom use these words. For a discussion about whether "viri" and "virii" are correct alternatives for "viruses", see plural of virus.

History

A program called "Elk Cloner" is credited with being the first computer virus to appear "in the wild" -- that is, outside the single computer or lab where it was created. Written in 1982 by Rich Skrenta, it attached itself to the Apple DOS 3.3 operating system and spread by floppy disk. The first PC virus was a boot sector virus called (c)Brain, created in 1986 by two brothers, Basit and Amjad Farooq Alvi, operating out of Lahore, Pakistan. The brothers reportedly created the virus to deter pirated copies of software they had written.[http://www.brain.net.pk/aboutus.htm] Before computer networks became widespread, most viruses spread on removable media, particularly floppy disks. In the early days of personal computers, many users regularly exchanged information and programs on floppies. Some viruses spread by infecting programs stored on these disks, while others installed themselves into the disk boot sector, ensuring that they would be run when the user booted the computer from the disk. As bulletin board systems and online software exchange became popular in the late 1980s and early 1990s, more viruses were written to infect popularly traded software. Shareware and bootleg software were equally common vectors for viruses on BBSes. Within the "pirate scene" of hobbyists trading illicit copies of commercial software, traders in a hurry to obtain the latest applications and games were easy targets for viruses. Since the mid-1990s, macro viruses have become common. Most of these viruses are written in the scripting languages for Microsoft programs such as Word and Excel. These viruses spread in the Microsoft Office monoculture by infecting documents and spreadsheets. Since Word and Excel were also available for Mac OS, most of these viruses were able to spread on Macintosh computers as well. Numerically, most of these viruses did not have the ability to send infected e-mail. The ones that did usually worked by accessing the Microsoft Outlook COM interface. Some versions of Word have had bugs in the calls by which macros replicate themselves, causing occasional replication errors, which has sometimes resulted in actual evolution by natural selection. Also, again closely analogous to biological viruses, sometimes when a system gets infected with two Word macro viruses at the same time, recombination can produce a new virus (much as an animal host infected with multiple strains of influenza can produce a novel strain of influenza). [http://www.people.frisk-software.com/~bontchev/papers/macidpro.html] A computer virus may also be transmitted through instant messaging. A virus may send a web address link as an instant message to all the contacts on an infected machine. If the recipient, thinking the link is from a friend (a trusted source), goes to the website, the virus hosted at the site may be able to infect this new computer and continue propagating.

Why people create computer viruses

Unlike biological viruses, computer viruses do not simply evolve by themselves, except in the cases where copying errors and recombination have led to actual evolution of computer viruses; however, these cases are very rare compared to the rapid generation of new malware by human programmers. They cannot come into existence spontaneously, nor can they be created by bugs in regular programs. They are deliberately created by programmers, or by people who use virus creation software. Virus writers can have various reasons for creating and spreading malware. Viruses have been written as research projects, pranks, vandalism, to attack the products of specific companies, to distribute political messages, and financial gain from identity theft or spyware. Some virus writers consider their creations to be works of art, and see virus writing as a creative hobby. Additionally, many virus writers oppose deliberately destructive payload routines. Some viruses were intended as "good viruses". They spread improvements to the programs they infect, or delete other viruses. These viruses are, however, quite rare, still consume system resources, may accidentally damage systems they infect, and, on occasion, have become infected and acted as vectors for malicious viruses. Moreover, they normally operate without asking for permission of the owner of the computer. Since self-replicating code causes many complications, it is questionable if a well-intentioned virus can ever solve a problem in a way which is superior to a regular program that does not replicate itself. Releasing computer viruses (as well as worms) is a crime in most jurisdictions. See also [http://news.bbc.co.uk/1/hi/technology/3172967.stm BBC News' Why people write computer viruses]

Replication Strategies

In order to replicate itself, a virus must be permitted to execute code and write to memory. For this reason, many viruses attach themselves to executable files that may be part of legitimate programs. If a user tries to start an infected program, the virus' code may be executed first. Viruses can be divided into two types, on the basis of their behavior when they get executed. Nonresident viruses immediately search for other hosts that can be infected, infect these targets, and finally transfer control to the application program they infected. Resident viruses do not search for hosts when they are started. Instead, a resident virus loads itself into memory on execution and transfers control to the host program. The virus stays active in the background and infects new hosts when those files are accessed by other programs or the operating system itself.

Nonresident viruses

Nonresident viruses can be thought of as consisting of a finder module and a replication module. The finder module is responsible for finding new files to infect. For each new executable file the finder module encounters, it calls the replication module to infect that file. For simple viruses the replicator's task is to: # Open the new file # Check if the executable file has already been infected (if it is, return to the finder module) # Append the virus code to the executable file # Save the executable's starting point # Change the executable's starting point so that it points to the start location of the newly copied virus code # Save the old start location to the virus in a way so that the virus branches to that location right after its execution. # Save the changes to the executable file # Close the infected file # Return to the finder so that it can find new files for the replicator to infect.

Resident viruses

Resident viruses contain a replication module that is similar to the one that is employed by nonresident viruses. However, this module is not called by a finder module. Instead, the virus loads the replication module into memory when it is executed and ensures that this module is executed each time the operating system is called to perform a certain operation. For example, the replication module can get called each time the operating system executes a file. In this case, the virus infects every suitable program that is executed on the computer. Resident viruses are sometimes subdivided into a category of fast infectors and a category of slow infectors. Fast infectors are designed to infect as many files as possible. For instance, a fast infector can infect every potential host file that is accessed. This poses a special problem to anti-virus software, since a virus scanner will access every potential host file on a computer when it performs a system-wide scan. If the virus scanner fails to notice that such a virus is present in memory, the virus can "piggy-back" on the virus scanner and in this way infect all files that are scanned. Fast infectors rely on their fast infection rate to spread. The disadvantage of this method is that infecting many files may make detection more likely, because the virus may slow down a computer or perform many suspicious actions that can be noticed by anti-virus software. Slow infectors, on the other hand, are designed to infect hosts infrequently. For instance, some slow infectors only infect files when they are copied. Slow infectors are designed to avoid detection by limiting their actions: they will not slow down a computer noticeably, and will at most infrequently trigger anti-virus software that detects suspicious behaviour by programs. The slow infector approach doesn't seem very successful however. Viruses that are common in the wild are mostly relatively fast to extremely fast infectors.

Host types

Viruses have targeted various types of hosts. This is a non-exhaustive list:
- Binary executable files (such as COM-files and EXE-files in MS-DOS, Portable Executable files in Microsoft Windows, and ELF files in Linux)
- Boot sectors of floppy disks and hard disk partitions
- The master boot record of a harddisk
- General-purpose script files (such as batch files in MS-DOS and Microsoft Windows, and shell script files on UNIX platforms).
- Application-specific script files (such as Telix-scripts)
- Documents that can contain macros (such as Microsoft Word documents, Microsoft Excel spreadsheets, AmiPro documents, and Microsoft Access database files)

Methods to avoid detection

In order to avoid detection by users, some viruses employ different kinds of obfuscation. Some old viruses, especially on the MS-DOS platform, make sure that the "last modified" date of a host file stays the same when the file is infected by the virus. This approach does not fool anti-virus software, however. Some viruses can infect files without increasing their sizes or damaging the files. They accomplish this by overwriting unused areas of executable files. These are called cavity viruses. For example the CIH virus, or Chernobyl Virus, infects Portable Executable files. Because those files had many empty gaps, the virus, which was 1 KB in length, did not add to the size of the file. Recent viruses avoid any kind of detection attempt by attempting to forcefully kill the tasks associated with the virus scanner before it can detect them. As computers and operating systems grow larger and more complex, old hiding techniques need to be updated or replaced.

Avoiding bait files and other undesirable hosts

A virus needs to infect hosts in order to spread further. In some cases, it might be a bad idea to infect a host program however. For example, many anti-virus programs perform an integrity check of their own code. Infecting such programs will therefore increase the likelihood that the virus is detected. For this reason, some viruses are programmed not to infect programs that are known to be part of anti-virus software. Another type of hosts that viruses sometimes avoid is bait files. Bait files (or goat files) are files that are specially created by anti-virus software, or by anti-virus professionals themselves, to be infected by a virus. These files can be created for various reasons, all of which are related to the detection of the virus:
- Anti-virus professionals can use bait files to take a sample of a virus (i.e. a copy of a program file that is infected by the virus). It is more practical to store and exchange a small infected bait file, than to exchange a large application program that has been infected by the virus.
- Anti-virus professionals can use bait files to study the behaviour of a virus and evaluate detection methods. This is especially useful when the virus is polymorphic. In this case, the virus can be made to infect a large number of bait files. The infected files can be used to test whether a virus scanner detects all versions of the virus.
- Some anti-virus software employs bait files that are accessed regularly. When these files are modified, the anti-virus software warns the user that a virus is probably active on the system. Since bait files are used to detect the virus, or to make detection possible, a virus can benefit from not infecting them. Viruses typically do this by avoiding suspicious programs, such as small program files or programs that contain certain patterns of 'garbage instructions'. A related strategy to make baiting difficult is sparse infection. Sometimes, sparse infectors do not infect a host file that would be a suitable candidate for infection in other circumstances. For example, a virus can decide on a random basis whether to infect a file or not, or a virus can only infect host files on particular days of the week.

Stealth

Some viruses try to trick anti-virus software by intercepting its requests to the operating system. A virus can hide itself by ensuring that a request of anti-virus software to read an infected file is passed to the virus, instead of to the operating system. The virus can then return an uninfected version of the file to the anti-virus software, so that it seems that the file is "clean". Modern anti-virus software employs various techniques to counter stealth mechanisms of viruses. The only completely reliable method to avoid stealth is to boot from a medium that is known to be clean.

Self-modification

Most modern antivirus programs try to find virus-patterns inside ordinary programs by scanning them for so-called virus signatures. A signature is a characteristic byte-pattern that is part of a certain virus or family of viruses. If a virus scanner finds such a pattern in a file, it notifies the user that the file is infected. The user can then delete, or (in some cases) "clean" the infected file. Some viruses employ techniques that make detection by means of signatures difficult or impossible. These viruses modify their code on each infection. That is, each infected file contains a different variant of the virus.

Simple self-modifications

In the past, some viruses modified themselves only in fairly simple ways. For example, they regularly exchanged subroutines in their code. This poses no problems to a somewhat advanced virus scanner however.

Encryption with a variable key

A more advanced method is the use of simple encryption to encode the virus. In this case, the virus consists of a small decrypting module and an encrypted copy of the virus code. If the virus is encrypted with a different key for each infected file, the only part of the virus that remains constant is the decrypting module. In this case, a virus scanner cannot directly detect the virus using signatures, but it can still detect the decrypting module, which still makes indirect detection of the virus possible. Mostly, the decryption techniques that these viruses employ are fairly simple and mostly done by just xoring each byte with a randomized key that was saved by the parent virus. The use of XOR-operations has the additional advantage that the encryption and decryption routine are the same (a xor b = c, c xor b = a.)

Polymorphic code

Polymorphic code was the first technique that posed a serious threat to virus scanners. Just like regular encrypted viruses, a polymorphic virus infects files with an encrypted copy of itself, which is decoded by a decryption module. In the case of polymorphic viruses however, this decryption module is also modified on each infection. A well-written polymorphic virus therefore has no parts that stay the same on each infection, making it impossible to detect directly using signatures. Anti-virus software can detect it by decrypting the viruses using an emulator, or by statistical pattern analysis of the encrypted virus body. To enable polymorphic code, the virus has to have a polymorphic engine (also called mutating engine or mutation engine) somewhere in its encrypted body. Some viruses employ polymorphic code in a way which constrains the mutation rate of the virus significantly. For example, a virus can be programmed to mutate only slightly over time, or it can be programmed to refrain from mutating when it infects a file on a computer that already contains copies of the virus. The advantage of using such slow polymorphic code is that it makes it more difficult for anti-virus professionals to obtain representative samples of the virus, because bait files that are infected in one run will typically contain identical or similar samples of the virus. This will make it more likely that the detection by the virus scanner will be unreliable, and that, as a result of this, some instances of the virus may be able to avoid detection.

Metamorphic code

To avoid being detected by emulation, some viruses rewrite themselves completely each time they are to infect new executables. Viruses that use this technique are said to be metamorphic. To enable metamorphism, a metamorphic engine is needed. A metamorphic virus is usually very large and complex. W32/Simile consisted of over 14000 lines of assembly code, for example. 90% of it is part of the metamorphic engine.

Viruses and legitimate software

The vulnerability of operating systems to viruses

Another analogy to biological viruses: just as genetic diversity in a population decreases the chance of a single disease wiping out a population, the diversity of software systems on a network similarly limits the destructive potential of viruses. This became a particular concern in the 1990s, when Microsoft gained market dominance in desktop operating systems and office suites. Users who still use Microsoft software (especially networking software such as Microsoft Outlook and Internet Explorer) are especially vulnerable to the spread of viruses, since Microsoft software often includes many errors and holes. Integrated applications, applications with scripting languages with access to the file system (for example Visual Basic Script (VBS), and applications with networking features) are also particularly vulnerable. Microsoft's software is also targeted by virus writers because of their desktop dominance. Although Windows is by far the most popular operating system for virus writers, some few viruses also exist on other platforms. It is important to note that any operating system that allows third-party programs to run can theoretically run viruses. However, some operating systems are less secure than others. Unix-based OSes (and NTFS-aware applications on Windows NT based platforms) only allow their users to run executables within their protected space in their own directories. Unix systems are inherently secure against viruses by virtue of the underlying secure architecture. According to Newsweek's [http://www.msnbc.msn.com/id/9863957/site/newsweek/ Stephen Levy], "Symantec's security team has yet to find a single Mac virus; by contrast, it spotted almost 11,000 new Windows viruses in the first half of 2005 alone." The fact that Symantec has found no viruses for Mac indicates that there is little if any reason to even bother running anti-virus software on computers running Mac OS X or Linux. It also indicates a vulnerability to viruses that is fundamental to the design of Microsoft Windows that is absent from Unix based operating systems such as Linux. Windows and Unix have similar scripting abilities, but while Unix natively blocks normal users from having access to make changes to the operating system environment, Windows does not. Thus, any programs and scripts, even if written by a third-party, are harmless to the Unix system when executed by users who are not running as root, the superuser of the system. More recently, Microsoft's Outlook (but not Outlook Express) e-mail client has developed similar features when dealing with executable file types that Outlook may download as attachments. Windows users would do well to patch their operating systems and e-mail clients to try prevent viruses and worms from reproducing through security "holes" which prudence and virus scanners are unable to prevent.

The role of software development

Because software is often designed with security features to prevent unauthorized use of system resources, many viruses must exploit software bugs in a system or application to spread. Software development strategies which produce large numbers of bugs will generally also produce potential exploits. Closed-source software development as practiced by Microsoft and other proprietary software companies is seen by many as a security weakness. Open source software such as Linux, for example, allows all users to look for and fix security problems without relying on a single vendor. Some advocate that proprietary software makers practice vulnerability disclosure to ameliorate this weakness.

Anti-virus software and other countermeasures

Many users install anti-virus software that can detect and eliminate known viruses after the computer downloads or runs the executable. Some virus scanners can also warn a user if a file is likely to contain a virus based on the file type; some antivirus vendors also claim the effective use of other types of heuristic analysis. Some industry groups do not like this practice because it often increases the number of false positives the anti-virus software detects. They work by examining the contents of the computer's memory (its RAM, and boot sector) and the files stored on fixed or removable drives (hard drives, floppy drives), and comparing those files against a database of known virus "signatures". Some anti-virus programs are able to scan opened files in addition to sent and received emails 'on the fly' in a similar manner. This practice is known as "on-access scanning." Anti-virus software does not change the underlying capability of host software to transmit viruses. There have been attempts to do this but adoption of such anti-virus solutions can void the warranty for the host software. Users must therefore update their software regularly to patch security holes. Anti-virus software also needs to be regularly updated in order to gain knowledge about the latest threats and hoaxes.

External links

Anti virus

- [http://www.softpanorama.org/Malware/index.shtml Softpanorama (slightly skeptical) Viruses, Worms and Spyware Defense Strategy]
- [http://www.all.net/books/virus/part5.html Fred Cohen's 1984 paper]
- [http://www.sophos.com/virusinfo/explained/ Virus glossary and best practice]
- [http://librenix.com/?inode=80 An editorial on beneficial viruses (con)]
- [http://www.windowsecurity.com/articles/Protecting_Email_Viruses_Malware.html Email Viruses] - an article about how to protect your email from viruses
- For a thorough, hypothetical pro discussion, see: [http://vx.netlux.org/lib/avb02.html "Are Good Viruses still a Bad idea?"]
- [http://www.pcvirus.org/links Malicious Code & Viruses - Articles, Links, and Whitepapers]
- [http://www.wildlist.org The Wildlist] List of viruses and worms 'in the wild' (i.e. regularly encountered by anti-virus companies)
- [http://www.digitalcraft.org/iloveyou/index.htm I love you [rev.eng] exhibition]
- [http://www.virusbtn.com/ Virus Bulletin] (Same owner as Sophos)
- [http://softwaremart.biz/virus/threats/ Latest Virus Threats] — Real-time listing of the latest Virus threats from McAfee and Symantec.
- [http://www.theglobeandmail.com/servlet/story/RTGAM.20050519.gtwvirus19/BNStory/Technology/ The Globe and Mail: Cellphone acting sick? Might be a virus] (free registration required)
- [http://securityresponse.symantec.com/avcenter/vinfodb.html Symantec's Virus Database]
- [http://www.antisource.com Computer Virus Alerts, News, and Help]
- [http://www.nerdhelp.com/ Computer Tech Support] — Free online knowledge base for everything from hardware problems to virus fixes.

Pro virus

- [http://www.totallygeek.com/vscdb/ Virus Source Code Database]
- [http://vx.netlux.org/ VX Heaven - Sources & Guides]
- [http://www.hackpalace.com/virii/indexe.shtml Hackpalace Virii] Virus Virus als:Computervirus ko:컴퓨터 바이러스 ja:コンピュータウイルス th:ไวรัสคอมพิวเตอร์

Botnet

Botnet is a jargon term for a collection of software robots, or bots, which run autonomously. A botnet's originator can control the group remotely, usually through a means such as IRC, and usually for nefarious purposes. A botnet can comprise a collection of cracked machines running programs (usually referred to as worms, Trojan horses, or backdoors) under a common command and control infrastructure. Individual programs manifest as IRC "bots". Often the command and control takes place via an IRC server or a specific channel on a public IRC network. A bot typically runs hidden, and complies with the RFC 1459 standard. Generally, the perpetrator of the botnet has compromised a series of systems using various tools (exploits, buffer overflows, as well as others; see also RPC). Newer bots can automatically scan their environment and propagate themselves using vulnerabilities and weak passwords. Generally, the more vulnerabilities a bot can scan and propagate through, the more valuable it becomes to a botnet owner community. A Botnet can also be a group of IRC Eggdrops. Botnets have become a significant part of the Internet, albeit increasingly hidden. Due to most conventional IRC networks taking measures and blocking access to previously-hosted botnets, owners must now find their own servers. Oftentimes, a botnet will include a variety of connections, ranging from dial-up, DSL, cable, educational, and corporate. Sometimes, an owner will hide an IRC server installation on an educational or corporate site, where high-speed connections can support a large number of other bots. Exploitation of this method of using a bot to host other bots has proliferated only recently, as most script kiddies do not have the knowledge to take advantage of it.

How It is created

Object Oriented programming languages are the preferred method for making a Botnet. For the windows platform, it's easy for people to download programs from the internet without knowing exactly what is in the program. Instead of paying $19 for the official version of the software, there might be another free version of the software that promises the same functionality. This piece of software may contain a bot. Once the bot is installed, the bot can scan your network, file structures, propogate, etc...

Purpose

script kiddie Botnets serve various purposes, including Denial-of-service attacks, creation or misuse of SMTP mail relays for spam, click fraud, and the theft of application serial numbers, login IDs, and financial information such as credit card numbers. The botnet owner community features a constant and continuous struggle over who has the most bots, the highest overall bandwidth, and the largest amount of "high-quality" infected machines (commonly university, corporate, and even government machines).

Organization

Botnet servers will often liaise with other botnet servers, such that a group may contain 20 or more individual cracked high-speed connected machines as servers, linked together for purposes of greater redundancy. Actual botnet communities usually consist of one or several owners who consider themselves as having legitimate access (note the irony) to a group of bots. Such owners rarely have highly-developed command hierarchies between themselves; they rely on individual friend-to-friend relationships. Often conflicts will occur between the owners as to who owns the individual rights to which machines, and what sorts of actions they may or may not permit.

Types of Attacks

Main article: Denial of Service Attacks

Preventive Measures

If a machine receives a Distributed Denial of Service attack from a botnet, few choices exist. Given the general geographic dispersal of botnets, it becomes difficult to identify a pattern of offending machines, and the sheer volume of IP addresses does not lend itself to the filtering of individual cases. Passive OS Fingerprinting can identify attacks originating from a botnet: network administrators can configure newer firewall equipment to take action on a botnet attack by using information obtained from Passive OS Fingerprinting. Botnets typically use free DNS hosting services such as DynDns.org, No-IP.com, & Afraid.org to point a subdomain towards an IRC server that will harbor the bots. While these free DNS services do not themselves host attacks, they provide reference points, often hard-coded into the botnet executable. Removing such services can cripple an entire botnet. Recently, these companies have undertaken efforts to purge their domains of these subdomains. The botnet community refer to such efforts as "nullrouting", because the DNS hosting services usually direct the offending subdomains to an inaccessible IP address. The botnet server structure mentioned above has inherent vulnerabilities and problems. For example, if one was to find one server with one botnet channel, often all other servers, as well as other bots themselves, will be revealed. If a botnet server structure lacks redundancy, the disconnection of one server will cause the entire botnet to collapse (at least until the owner(s) decides on a new hosting space). However, more recent IRC server software includes features to mask other connected servers and bots, so that a discovery of one channel will not lead to much harm.

External links

- http://swatit.org/bots/gallery.html - A gallery of botnet structure
- http://www.nanog.org/mtg-0410/kristoff.html - John Kristoff's NANOG32 Botnets presentation
- http://www.honeynet.org/papers/bots/ - German honeynet research paper Category:Computer security Category:Spamming

E-mail spam

Email spam is a subset of spam that involves sending nearly identical messages to thousands (or millions) of recipients. Perpetrators of such spam ("spammers") often harvest addresses of prospective recipients from Usenet postings or from web pages, obtain them from databases, or simply guess them by using common names and domains. By definition, spam occurs without the permission of the recipients.

Overview

As the recipient directly bears the cost of delivery, storage, and processing, one could regard spam as the electronic equivalent of "postage-due" junk mail. However, the Direct Marketing Association will point to the existence of "legitimate" e-mail marketing. Most commentators classify e-mail-based marketing campaigns where the recipient has "opted in" to receive the marketer's message as "legitimate". Spammers frequently engage in deliberate fraud to send out their messages. Spammers often use false names, addresses, phone numbers, and other contact information to set up "disposable" accounts at various Internet service providers. They also often use falsified or stolen credit card numbers to pay for these accounts. This allows them to move quickly from one account to the next as the host ISPs discover and shut down each one. Spammers frequently go to great lengths to conceal the origin of their messages. They do this by spoofing e-mail addresses (much easier than Internet protocol spoofing). The email protocol (SMTP) has no authentication by default, so the spammer can easily make a message appear to originate from any email address. To prevent this, some ISPs and domains require the use of SMTP-AUTH, allowing positive identification of the specific account from which an e-mail originates. Spammers cannot completely spoof e-mail delivery chains (the 'Received' header), since the receiving mailserver records the actual connection from the last mailserver's IP address. To counter this, some spammers forge additional delivery headers to make it appear as if the e-mail had previously traversed many legitimate servers. But even when the fake headers are identified, tracing an email message's route is usually fruitless. Many ISPs have thousands of customers, and identifying spammers is tedious and generally not considered worth the effort. Spammers frequently seek out and make use of vulnerable third-party systems such as open mail relays and open proxy servers. The SMTP system, used to send email across the Internet, forwards mail from one server to another; mail servers that ISPs run commonly require some form of authentication that the user is a customer of that ISP. Open relays, however, do not properly check who is using the mail server and pass all mail to the destination address, making it quite a bit harder to track down spammers. Increasingly, spammers use networks of virus-infected Windows PCs (zombies) to send their spam. Zombie networks are also known as Botnets. Spoofing can have serious consequences for legitimate email users. Not only can their email inboxes get clogged up with "undeliverable" emails in addition to volumes of spam, they can mistakenly be identified as a spammer. Not only may they receive irate email from spam victims, but (if spam victims report the email address owner to the ISP, for example) their ISP may terminate their service for spamming.

Legality

Sending spam violates the Acceptable Use Policy (AUP) of almost all Internet Service Providers, and can lead to the termination of the sender's account. Many jurisdictions, such as the United States of America, which regulates via the CAN-SPAM Act of 2003, regard spamming as a crime or as an actionable tort. Accessing privately owned computer resources without the owner's permission counts as illegal under computer crime statutes in most nations. Deliberate spreading of computer viruses is also illegal in the United States and elsewhere. Thus, some of spammers' most common behaviors are criminal quite independently of the legal status of spamming per se. Even before the advent of laws specifically banning or regulating spamming, spammers have been successfully prosecuted under computer fraud and abuse laws for wrongfully using others' computers.

Avoiding spam

Computer users can avoid e-mail spam in several ways:
- End-users can use automated e-mail filtering on their own computers.
- System administrators can use appropriate tools to trap e-mail spam at the mail server level, either by use of software or special appliances.
- Spam can be reported to appropriate ISP so that the spamming can be stopped.
- End-users can take precautions to avoid needlessly publicising their e-mail addresses or protect them from e-mail harvesting. Anti-spam programmers have released several tools—intended for both end users and for systems administrators—which automate the highlighting, removal or filtering of e-mail spam by scanning through incoming and outgoing e-mails in search of traits typical of spam. Modern anti-spam systems are usually very effective at protecting you from spam. Like other forms of theft, spam should be reported to the appropriate people so that it can be stopped. Services, such as spamcop, make this easy to do. While this may not immediately decrease the amount of spam you receive significantly, it will reduce the amount of spam that everyone receives. One way to avoid spam involves avoiding making one's email address available to spammers, directly or indirectly. Basic computer literacy should include an understanding of the basics of spamming and spam avoidance. One should never reply to a spam email, or click an "opt-out" link (this simply confirms that an email address is "live"). Users should not reveal their e-mail addresses on porn, warez and other shady sites. If a web site requests registration in order to allow useful operations, such as posting in Internet forums, a user may give a temporary disposable address—set up and used only for such a purpose—periodically deleting such temporary email accounts from their e-mail servers. (Users should notify such forums of the new replacement addresses if they wish to continue interaction for valid purposes.) See also: stopping e-mail abuse

Avoiding sending spam

Anti-spam ISPs and technicians have published a number of resources to help systems and e-mail users avoid sending spam inadvertently or through misunderstanding the e-mail system — such as the MAPS [http://www.mail-abuse.com/support/an_listmgntgdlines.html Guidelines for Mailing List Management]. These guidelines aim to help legitimate users of bulk e-mail who wish not only to comply with anti-spam laws, but also to avoid appearing to customers or Internet partners as spammers. Broadly, such guidelines promote the idea that e-mail recipients must grant permission before others may send them bulk e-mail. In effect, senders must not send bulk e-mail to users who have not opted in to receive it. This contrasts with the view of e-mail promoted by many bulk e-mailers, who claim that senders should feel free to send to any user who has not opted out of receiving it. Many spammers, however, do not even comply with an opt-out régime. Although U.S. and other laws require that commercial e-mailers cease sending to recipients who have opted out, many spam messages contain fraudulent opt-out instructions. In some cases, spammers have used the opt-out function as a way of confirming that someone actually read a spam message. In 2004 some spam messages turned out to contain malware for Microsoft Windows which victims triggered by clicking an opt-out link.

Cost-based methods

A number of persons have proposed "email postage" systems, under which email senders would be required to pay money, perform a resource-intensive computation, or post a bond, for each message sent. Evangelists include Microsoft's Bill Gates. The intention of email postage is to deter spam by making it too expensive to send a large number