The Virus Hunters

Who are these mythical people who track down viruses and how do they manage to keep one step ahead? If it were not for the dedicated activities of these virus hunters the whole internet would grind to a halt as would most of our computers.

Although we all have (at least we all should have) antivirus software installed on our computers, this is only effective if the latest viruses are spotted and the virus databases that lie at the heart of our antivirus software are kept up to date. This is essential if our computers are to be immunised against virus attack.

Just as the creators of computer viruses use many clever tricks in order to propagate their malware, their opposite numbers, the computer security experts also have a few tricks up their sleeve. In order to detect an imminent virus attack these virus hunters have developed an early warning system that consists of two major prongs, these are so-called ‘honeypot' computers and ‘network telescopes'.

Honeypot computers are computers and computer networks that are connected to the internet but have no security protection. The honeypots attract viruses and worms so that they can be unencrypted and their code analysed. Essentially they are virus traps. Sometimes they contain decoy information that is designed to appear that it is worthwhile to the intruding malware; for instance is might appear that the honeypot is an entry point to a network thus prompting the intruder to use brute force tactics to gain passwords in order to penetrate it. This kind of information is an invaluable way of discovering the capabilities and payloads of the intruders.

Network telescopes are collections of very large numbers of internet addresses all of which are routed to a specific computer. These internet addresses are essentially dummies, and there is no reason for anybody to connect to them unless in error. Most of the traffic targeting these internet address collections comes from illegitimate sources. There is generally a background noise, a bit like the background radiation count of a Geiger counter, but should any significant event occur, such as the release of a rapidly replicating worm, then there will be an increased level of activity which this network telescope will detect. These collections of bogus internet addresses are sometimes referred to somewhat romantically as ‘the darknet'.

There is a continual cat and mouse game played between virus creator and virus hunter. Currently the virus hunter is in the ascendancy however there is no space for complacency and vigilance must be maintained.

The experts at k7 computing will help you prevent and cure any threats to your computer with internet security software