Computer programs Essay

Computer programs that reside in a host computer’s memory and control its functionality, in order to obtain information residing on the host computer, are known as hostile code. Viruses like the Melissa, The Love Bug, Hybris, and CIH are the best examples of hostile code. The development of the internet has helped the release, transmission and effectiveness of hostile code and its rapid development (Robert J. Bagnall, March 14, 2001). Hostile code has been classified into three categories, namely, Viruses which are computer programs usually hidden within other seemingly harmless programs. These malicious programs reproduce and get embedded in other programs with the intention of performing some harmful action (Merriam-Webster OnLine, n. d). They spread from file to file on the same computer and not to other computers from that computer (Symantec, n. d). Worms, which are self contained programs that spread copies of it to other computer systems, via networks connections like the IRC or as email attachments. They replicate like viruses, but spread from computer to computer. They are much more dangerous than viruses because they spread faster and affect entire computer networks. Trojan Horses, which contain hidden commands within code resembling a useful program. They make the computer do what was not intended to be done by the user. They erase specific files; format hard disk drives, steal passwords and install server programs onto the infected computer in order to permit remote access. In order to tackle hostile code attacks, forensics use intrusion detection and incident response. Intrusions are suspicious computer activity these are dealt with by the following step wise procedure, preparation, detection, investigation, eradication, recovery and follow up. That such an attack is taking place can be assumed whenever, there are service slowdowns or malfunctions, web defacements, anonymous tips, etc. The aim will be to isolate and contain the attacker by setting up a so called victim machine or target subnet on the network. Once the IP Address is determined, then the source of the attacks can be determined. A few of the methods used in this process are the ping and traceroute facilities, suppose the IP Address is known but it is not in quad format then one can use the ping or traceroute detect the IP Address in the normal quad format. In case the domain name is known but not the IP Address or vice versa, then one can use the nslookup tool. This tool works with UNIX, Windows NT and Windows 2000. While, registering the domain name it is essential to furnish details of name and contact address. The whois utility is used to obtain contact information on a specific domain to obtain the contact details of all persons registered with them. One of the more well known of such utilities are provided by the Sam Spade Web site (http://samspade. org) and the one provided by Network Solutions. After the contact information is obtained a traceroute is run to determine the route that the data packets are following. In this manner the source of the hostile code can be determined (Heiser and Kruse, 2001). Sources Bagnall, Robert J.Computer Viruses & Security WARNING: Visual Basic, Active X, Java and other Mobile Code, Retrieved March 29, 2006 from http://membrane. com /security /java_and_cookies/notes/mobile_code_malware. html Merriam-Webster OnLine. Retrieved March 29, 2006, from the World Wide Web: http://www. m-w. com/cgi-bin/dictionary? virus Symantec. Retrieved March 29, 2006, from the World Wide Web: http://www. symantec. com/avcenter/virus. backgrounder. html Heiser, Jay G. and Kruse II, Warren G. Computer Forensics: Tracking an Offender. Addison – Wesley Professional. Boston MA.