It's flu season, but many students are worried about a different kind of infection -- a computer virus.

Hayley Somerville (senior-chemical engineering) said she encounters these viruses every day.

"In the past month I've probably gotten an average of two viruses a day sent to my mailbox," she said.

Gerry Santoro, assistant professor of information sciences and technology, said there are more than 40,000 computer viruses in existence, although some are old and are not used anymore.

"Many estimates are lower than that, but some are even higher," Santoro said. "For example, the McAfee [a creator of antivirus software] Web site says over 62,000 viruses exist today."

Virus vs. worm

One of the most problematic viruses for Penn State students and faculty recently has been the "Klez" virus or the "Klez" worm, Santoro said.

He explained that the word "virus" is commonly used to describe any destructive software. While viruses and worms are similar, there are differences between the two.

"A virus is a sub-routine of a program," he said. "It is not a complete program, and it can't run on its own, so it is attached to another program or document."

Santoro said a computer virus is similar to a biological virus.

"Biological viruses are pieces of DNA code," he said. "They are not living creatures on their own."

A worm, on the other hand, is a complete program that operates on computers that are multi-tasking systems, such as PCs, he said.

"When you start your computer, many programs or processes are already working," Santoro said.

He said a worm is a program that is written to hide itself in a multi-tasking computer, where it will make copies of itself and possibly be distributed to other computers through network connections.

Klez can be classified as both a virus and a worm, Santoro said.

"It's a virus because it's attached through e-mail, but it has the properties of a worm as well," he said. "If you run the program or document it is attached to, it will attempt to send itself to the addresses in your mailbox."

Origins

Viruses like Klez can appear in a student's mailbox from a number of senders, including other people on the Penn State network.

"I received a virus a week or two ago from a guy that I TA'ed for," Catherine Hofstetter (graduate-biochemistry) said.

But sometimes the recipient does not even know the sender. Students often receive viruses from e-mail addresses and user IDs they do not recognize.

Santoro said this happens because viruses have the ability to "forge" the identity of the sender. When a virus enters a mailbox, it will look up all e-mail addresses that have ever been associated with that mailbox. This can include any address on an e-mail list or any of the previous recipients of a forwarded e-mail. The virus inserts one particular address into the "from" line of an infected e-mail, so it appears to have been sent from that address.

The infected e-mail can then be sent to any number of the e-mail addresses associated with that mailbox, Santoro said. Klez and similar viruses have spread through Penn State's network in this manner.

"This process is called 'spoofing' because it fools people who don't know enough to protect themselves," he said.

Prevention

If all students and faculty followed three rules to shield their computers from viruses, the problem would be minimized, he said.

"First, always have back-ups of data files," Santoro said.

He said the effects of viruses can range from simple annoyances to irreparable damage.

"Some viruses just make the computer run slower, but others scramble crucial data on the hard drive," he said. "It may be impossible to repair the damage, so you'd have to re-install everything, which is why back-ups are so important."

Santoro added that students should always be aware of security threats, and they can do so by frequently checking for new virus warnings on antivirus Web sites, such as www.Symantec.com and www.McAfee.com.

"Second, install and keep current antivirus software," he said.

He recommended Norton AntiVirus since it is available for free to Penn State students, faculty and staff.

"And third, never accept any attachments unless you know what they are," Santoro said.

He added that he tells his students not to send him attachments at all, and if they must, he only accepts them if he has received a separate note from the sender saying exactly what the attachment is.

Student Hayley Somerville said the only time her computer actually became infected with a virus was when she opened an attachment.

"I will never do that again," she said.

New viruses

Not all viruses come from e-mail attachments, Santoro said. Recent virus alerts warned of a new worm called "Friendgreet" that comes in the form of an e-card, or electronic greeting card.

"When you click on a URL, you have no control over what's being loaded [onto your computer]," he said. "It can download [programs] without your knowledge."

With Friendgreet, an e-mail is sent with an apparent link to an online greeting card, but if the recipient clicks on the Web site, it installs the worm
before the card loads, Santoro said.

He said the recipient of a virus might not realize his or her system has been infected until weeks or even months later, which is why it is important to be aware of security threats and to have current antivirus software updated and running at all times.

"I consider the issue with viruses [to be as serious as] the issue with drinking and driving, because it is the responsibility of the user to help protect the community," Santoro said.

Terrorism

He also said he would not be surprised to see legislation passed in the near future that would require people to have antivirus software because security issues have been brought to the forefront in light of recent events.

For instance, an attack on the Internet's 13 servers occurred several weeks ago, causing nine of them to shut down. Santoro said some experts viewed this as an early terrorist strike.

"We do not yet know of any terrorist virus activities, but there is a unit in the U.S. Department of Defense studying this issue as an offensive tactic," he said.

Santoro said there are three types of individuals who create viruses.

"The most common is the rogue programmer," he said. "This is usually a kid who is learning programming and trying to impress the hacker community."

He said some people do it to make a political statement, such as the group in eastern Europe that became known as the Bulgarian Virus Factory.

"The least common is the person who either wants revenge on a company or product, or who just wants notoriety," Santoro said.

He said an example of this was the creator of the Melissa virus, which disrupted networks all over the world and caused millions of dollars in damages, especially to company and Web servers, when it spread through e-mail in 1999.

"The only benefit to virus creators is [the knowledge that they will] create a hassle," he said.

Santoro also said to be aware of virus hoaxes, which have become more widespread in the past two or three years.

He explained that a virus hoax is an e-mail that appears to contain a virus but actually does not. The goal of a hoax creator, or "hoaxer," is not to actually infect recipients' computers, but simply to cause them to worry that their computers have been infected.

"This is a hassle too because it results in lost productivity and a good deal of time spent over worrying about the virus and trying to fix it," Santoro said. "Hoaxers take advantage of people's limited knowledge of the technology they are using."