What Is a Virus?

advertisement
What Is a Virus?
A computer virus attaches itself to a program
or file enabling it to spread from one computer
to another, leaving infections as it travels. A
computer virus can range in severity: some may
cause only mildly annoying effects while others
can damage your hardware, software or files.
What Is a Worm?
A worm is similar to a virus by design and is
considered to be a sub-class of a virus. Worms
spread from computer to computer, but unlike a
virus, it has the capability to travel without any
human action. A worm takes advantage of file
or information transport features on your
system, which is what allows it to travel
unaided.
What Is a Trojan Horse?
The Trojan Horse, at first glance will appear
to be useful software but will actually do
damage once installed or run on your
computer. Those on the receiving end of a
Trojan Horse are usually tricked into opening
them because they appear to be receiving
legitimate software or files from a legitimate
source.
What Are Blended Threats?
Added into the mix, we also have what is called
a blended threat A blended threat is a more
sophisticated attack that bundles some of the worst
aspects of viruses, worms, Trojan horses and
malicious code into one single threat. Blended
threats can use server and Internet vulnerabilities to
initiate, then transmit and also spread an attack.
The Common Types of Computer Virus

Boot viruses
These types of computer virus are left to infect
only the master boot records of the hard disk. The
boot record program loads the operating system in
the memory at startup. These viruses replace the
boot record and move it to a different part of the
hard disk, or simply overwrite it. Once the virus is in
the memory, it is free to do whatever it was
programmed to do.

Program viruses
These types of computer virus will infect only
executable files (with extensions like .BIN, .COM,
.EXE, .OVL, .DRV, and .SYS). Once executed,
these programs load into memory, along with the
virus contained within them. Once in the memory,
the scenario repeats – the virus is free to act and
infect other files or simply deliver its payload.

Multipartite viruses
These computer viruses are hybrids. They infect
executable files. When it is executed, it infects the
master boot records. Once you boot your operating
system, the virus is loaded into the memory, from
where it is free to infect other programs and
replicate itself, ultimately delivering the payload.

Stealth viruses
They specialized in avoiding detection. Most of
them simply redirect the hard disk head, forcing it to
read another memory sector instead of their own.
Some of them also alter the reading of the file size
shown when listing the directory

Polymorphic viruses
The polymorphic viruses will always change
their source code from one infection to another.
Each infection is different, and this makes detection
very hard.

Macro viruses
This virus is relatively new and it infects macros
within a template or document. When you open a
word processing document, it activates the virus.
The virus infects the Normal.dot template, which is
a general file used by all the documents. So,
whenever you open an uninfected document, by
referring to the Normal.dot file, it gets infected as
well.

Active X viruses
Most people do not know how to configure
ActiveX and Java controls, unconsciously leaving a
security hole. Applets are then allowed to run freely
on the machine, delivering all ActiveX viruses. By
simply turning off some ActiveX and Java controls
in the browser, a user can efficiently protect their PC
from this type of computer virus.
THE HISTORY OF COMPUTER
VIRUSES
• Computer worms developed as benevolent
creations.
Modern-day worms come from a benevolent
creation of engineers at Xerox Palo Alto
Research Center.
In 1979, engineers created a worm program
to look for idle processors on a network and
utilize them for more efficient computer use.
• The Creeper infected ARPANET in the early
70s.
ARPANET was the predecessor to the
Internet. In 1971, Bob Thomas wrote The
Creeper as an experimental self-replicating
program.
• The first Apple virus appeared in 1982.
The first Apple virus was written by a highschool student as a joke in 1982. This virus was
called "Elk Cloner." The virus attacked the
Apple DOS operating system, and it spread via
floppy disk.
• The first PC virus arrived in 1986.
"The Brain" is arguably the first real
computer virus to hit IBM PC users in the mid1980s. In 1986, Pakistani programmers
unleashed "The Brain," which was a virus that
attacked the boot sector.

The first worm spread in 1988.
In 1988, a young programmer named Robert
Morris created a worm designed to infect ARPANET
computers.
• Macro viruses began to evolve.
When the Windows operating system came
out, a new computer virus category wasn't far
behind.
These weren't the old boot sector viruses,
though, or even worms; with the introduction of
Windows, macro viruses were born.
•
Viruses infected government systems.
With all the viruses attacking private
systems, it wasn't long before something
came along specifically aimed at government
sectors. Solar Sunrise was the first virus to
infect the Sun Solaris operating system, and it
successfully infiltrated more than 500
government and military computers.
1999 heralded the modern age of virus
awareness.
In 1999, the "Melissa" computer virus
attacked thousands of computers and caused
nearly $80 million in damage.

Consumers brace for the new computer virus
onslaught.
Starting in 2000, worries about computer viruses
have been an annual occurrence, and they pose a
daily issue for millions of computer users. Viruses
like the "I Love You" virus, DDOS, the Code Red
worm and an endless succession of ongoing viruses
continue to attack computer users in all sectors.
Why Do People Create Computer
Viruses?
-To take control of a computer and use it for specific
tasks
-To generate money
-To steal sensitive information (credit card numbers,
passwords, personal details, data etc.)
-To prove a point, to prove it can be done, to prove
ones skill or for revenge purposes
-To cripple a computer or network
• To take control of a computer and use it for
specific tasks
This is the most common type of virus,
which is better classified as a trojan. These
types of viruses are usually downloaded
unknowingly by the computer user thinking that
the file is something else, such as a file sent
from a instant messenger friend or email
attachment.
• To generate money
These types of infections often masquerade
as free spyware or virus removal tools (known
as rogueware). Once ran, these fake
applications will “scan” your computer and say it
found has someviruses (even if there arent any)
and in order to remove them, you must pay for
the full version of the application.
• To steal sensitive information
These types of viruses can sniff the traffic
going in or out of a computer for interesting
information such as passwords or credit card
numbers and send it back to the virus creator.
These types of viruses often use keylogging as
a method of stealing information where it
maintains a record of everything that is typed
into the computer such as emails, passwords,
home banking data, instant messenger chats
etc..

To Prove a Point, To Prove it Can Be Done, To Prove
Ones Skill or For Revenge Purposes
A perfect example of this type of virus was the famous
MS.Blaster virus (aka Lovesan) which infected hundreds of
thousands of computers back in August 2003.
One was “I just want to say LOVE YOU SAN!!” which
is why the virus is sometimes called Lovesan, and the other
message was “billy gates why do you make this possible ?
Stop making money and fix your software!!”
It is believed that purpose of this virus was to prove
how easily exploitable a Windows system is.
• To Cripple a Computer or Network
The worst type of computer crippling viruses
were back in the days of the 486 computers
where the virus would overwrite the Master
Boot Record (MBR) of the computer which
would often prevent the computer from starting
up at all.
The Spread of Computer Viruses
Computer viruses usually spread in one of
three ways: from removable media; from
downloads off the Internet; and from e-mail
attachments.
Although the Internet gets a bad rap as a
source of viruses, you're no more likely to
contract a virus from the Web than you are from
packaged software. Still, scan everything you
download, and update your antivirus software
regularly.
E-mail is not the virus breeding ground it's
made out to be, either. In fact, it's nearly
impossible for a virus to be transmitted by plaintext e-mail. Most viruses can only spread via
attachments - either rich-text e-mail or attached
applications-. Using antivirus software, scan
attachments from people you know, and never
open attachments from people you don't.
Computer viruses have been around for a
long time. In the past they used to spread
whenever people shared floppy disks. Before
the internet, the sharing of programs and data
on floppy disks was very common.
Nowadays most viruses are spread through
the internet. The net has made viruses spread
much quicker and what once took days now
takes hours. Computer viruses can replicate
themselves and infect other files on your
computer. This means that if your PC is infected
with a virus then whatever files you share with
other people could contain the virus.
How Do I Know I’ve Got Virus in My
Computer?
You may not notice that your computer is
under attack until you realize something is
missing or wrong when you open an attachment
or a program with virus.
Here is couple of signs which may show you
that your computer is under attack.
• Your computer work slower than it was.
• Your computer freezes frequently or doesn’t open
properly
• Your computer restarts in every couple minutes.
• Your system doesn’t work properly and restarts itself
• Applications in your computer doesn’t work properly.
• You cannot reach to discs and drivers
• You cannot print
• You are seeing unusual errors
• You see messed up-shaped menus
Stealth Strategies
In order to avoid detection by users, some viruses
employ different kinds of deception. Some old viruses,
especially on the MS-DOS platform, make sure that the
"last modified" date of a host file stays the same when the
file is infected by the virus. This approach does not fool
antivirus software, however, especially those which
maintain and date cyclic redundancy checks on file changes.
Some viruses can infect files without increasing their
sizes or damaging the files. They accomplish this by
overwriting unused areas of executable files. These are
called cavity viruses. For example, the CIH virus, or
Chernobyl Virus, infects Portable Executable files. Because
those files have many empty gaps, the virus, which was
1 KB in length, did not add to the size of the file.
Some viruses try to avoid detection by killing the
tasks associated with antivirus software before it can
detect them.
As computers and operating systems grow larger
and more complex, old hiding techniques need to be
updated or replaced. Defending a computer against
viruses may demand that a file system migrate
towards detailed and explicit permission for every
kind of file access.
Countermeasures
• Antivirus software
Many users install antivirus software that can detect and
eliminate known viruses when the computer attempts
todownload or run the executable (which may be distributed as
an email attachment, or on USB flash drives, for example).
Some antivirus software blocks known malicious web sites that
attempt to install malware. Antivirus software does not change
the underlying capability of hosts to transmit viruses. Users
must update their software regularly to patch security
vulnerabilities ("holes"). Antivirus software also needs to be
regularly updated in order to recognize the latest threats.
Other commonly used preventative measures include
timely operating system updates, software updates, careful
Internet browsing, and installation of only trusted
software. Certain browsers flag sites that have been reported to
Google and that have been confirmed as hosting malware by
Google.
There are two common methods that an antivirus software application
uses to detect viruses, as described in the antivirus software article. The
first, and by far the most common method of virus detection is using a list
of virus signature definitions. This works by examining the content of the
computer's memory (its RAM, and boot sectors) and the files stored on fixed
or removable drives (hard drives, floppy drives, or USB flash drives), and
comparing those files against a databaseof known virus "signatures". Virus
signatures are just strings of code that are used to identify individual viruses;
for each virus, the antivirus designer tries to choose a unique signature
string that will not be found in a legitimate program. Different antivirus
programs use different "signatures" to identify viruses. The disadvantage of
this detection method is that users are only protected from viruses that are
detected by signatures in their most recent virus definition update, and not
protected from new viruses (see "zero-day attack").
A second method to find ,viruses is to use a heuristic algorithm based
on common virus behaviors. This method has the ability to detect new
viruses for which antivirus security firms have yet to define a "signature", but
it also gives rise to more false positives than using signatures. False
positives can be disruptive, especially in a commercial environment.
Recovery Strategies and Methods
One can also reduce the damage done by viruses
by making regular backups of data (and the operating
systems) on different media, that are either kept
unconnected to the system (most of the time), readonly or not accessible for other reasons, such as using
different file systems. This way, if data is lost through a
virus, one can start again using the backup (which will
hopefully be recent). If a backup session on optical
media like CD and DVD is closed, it becomes readonly and can no longer be affected by a virus (so long
as a virus or infected file was not copied onto the
CD/DVD). Likewise, an operating system on
a bootable CD can be used to start the computer if the
installed operating systems become unusable.
Backups on removable media must be carefully
inspected before restoration. The Gammima virus, for
example, propagates via removable flash drives.
• Virus removal
Many websites run by antivirus software companies
provide free online virus scanning, with limited cleaning facilities
(the purpose of the sites is to sell antivirus products). Some
websites—like Google subsidiary VirusTotal.com—allow users
to upload one or more suspicious files to be scanned and
checked by one or more antivirus programs in one
operation. Additionally, several capable antivirus software
programs are available for free download from the Internet
(usually restricted to non-commercial use). Microsoft offers an
optional free antivirus utility called Microsoft Security
Essentials, a Windows Malicious Software Removal Tool that is
updated as part of the regular Windows update regime, and an
older optional anti-malware (malware removal) tool Windows
Defender that has been upgraded to an antivirus product in
Windows 8.

Operating system reinstallation
Microsoft's System File Checker (improved in Windows 7 and later)
can be used to check for, and repair, corrupted system files.
Restoring an earlier "clean" (virus-free) copy of the entire partition
from a cloned disk, a disk image, or a backup copy is one solution—
restoring an earlier backup disk image is relatively simple to do, usually
removes any ma,lware, and may be faster than disinfecting the computer—
or reinstalling and reconfiguring the operating system and programs from
scratch, as described below, then restoring user preferences.
Reinstalling the operating system is another approach to virus removal.
It may be possible to recover copies of essential user data by booting from
a live CD, or connecting the hard drive to another computer and booting
from the second computer's operating system, taking great care not to infect
that computer by executing any infected programs on the original drive. The
original hard drive can then be reformatted and the OS and all programs
installed from original media. Once the system has been restored,
precautions must be taken to avoid reinfection from any restored executable
files.
Resources
•
•
•
•
•
•
•
•
www.windows.microsoft.com
www.spamlaws.com
www.allaboutcookies.org
www.wikipedia.com
www.microsoft.com
www.allbusiness.com
www.home.mcafee.com
www.discountgeeks.com
Download