Computer Virus

Posted by iknow | 5:00 AM



Computer VIRUSES and ANTI-VIRUS


Virus - is the generic term that people are using these days to describe a group of wilfully

destructive computer programs.

- any program that replicates and destroy another program.


V - Vital

I - Information

R - Resources

U - Under

S - Siege


A program or piece of code that is loaded onto your computer without your knowledge and runs against your wishes. Viruses can also replicate themselves. All computer viruses are manmade. A simple virus that can make a copy of itself over and over again is relatively easy to produce. Even such a simple virus is dangerous because it will quickly use all available memory and bring the system to a halt. An even more dangerous type of virus is one capable of transmitting itself across networks and bypassing security systems.

Since 1987, when a virus infected ARPANET, a large network used by the Defense Department and many universities, many antivirus programs have become available. These programs periodically check your computer system for the best-known types of viruses.


Types of Viruses:


LOGIC BOMBS - just like a real bomb, a logic bomb will lie dormant until triggered by some event. The trigger can be a specific date, the number of times executed, a random number, or even a specific event such as deletion of an employee’s payroll record. When the logic bomb is triggered it will usually do something unpleasant. This can range from changing a random byte of data somewhere on your disk to making the entire disk unreadable. The changing of random data on disk may be the most insidious attack since it would do a lot of damage before it would be detected.


TROJANS - these are named after the Trojan horse, which delivered soldiers into the city of Troy. Likewise, a Trojan program is a delivery vehicle for some destructive code (such as a logic bomb or a virus) onto a computer. The Trojan program appears to be a useful program, but when a certain event occurs, it will attack your computer in some way.


WORMS - is a self-reproducing program that does not infect other programs as a virus will, but instead creates copies of itself, which in turn create even more copies. These are usually seen on networks and on multi-processing operating systems where the worm will create copies of itself, which are also executed. Each new copy will create more copies quickly clogging the system.


The three most destructive computer program are:


Worm - is a program that replicates itself. It creates an image of itself either in a file or at a particular location on the disk.


Trojan Horse - program acts like the Trojan Horse of Greek mythology. A malevolent program is hidden inside another, apparently useful program. While the “useful” program is running, the malevolent part does something nasty, like erase your FAT and directory.


Bomb - is a piece of code embedded in a program or the operating system itself that waits for a particular event to occur. When that event occurs, the logic bomb “goes off”, doing some kind of damage.



Classification of Viruses by their preferred habitat:

Parasitic viruses - viruses attached themselves to other programs.

- parasitic viruses start when the executable file to which they are attached is run.


Boot Sector Viruses - viruses prefer lodging in the boot sector of your floppy or hard disk.

- Boot sector generally prefer hard drives. Once the computer reads the boot sector,

the virus wakes up and springs into action.


CATEGORIES OF VIRUSES:

Computer viruses can be roughly classified into the following categories:


Macro Viruses

Macro viruses are perhaps the newest type of virus. The first macro virus, written in Microsoft’s Word macro language, was discovered in August, 1995. Currently, thousands of macro viruses are known to exist and include viruses written in the macro language of Microsoft’s Excel, Word and AmiPro applications.

Since a macro virus is written in the language of an application, not the operating system (OS), it is platform independent and can spread between DOS, Windows, Mac, and even OS/2 systems. That is, macro viruses can be spread to any machine that runs the application the virus was written in. Any machine running Word, for example, whether it is a PC, Mac or something else, is vulnerable to Word documents that contain a macro virus.

This in itself is revolutionary. Now add the ability to travel by email, plus the tremendous interconnections of networks, the World Wide Web and the increasing power of the Macro language (Word, Excel, etc.), and you’ve got yourself a real threat.


File Viruses (Parasitic Viruses)

File viruses attach themselves to executable files and are at least partially activated whenever the host file is run. File viruses are typically TSR (terminate-and-stay-resident), direct action or companion programs.

TSR viruses, which are among the most common of viruses, reside in memory and attach themselves to executable programs when they are run. It is in this way that TSR viruses spread to other programs on the hard drive, floppies or network.

A direct action virus loads itself into memory to infect other files and then unloads itself, while a companion virus acts to fool an executable file into executing from a .COM file. For example, a companion virus might create a hidden PGM.COM file so that when the PGM command is executed, the fake PGM.COM runs first. The .COM file invokes its virus code before going on to start the real PGM.EXE file.


Boot Viruses

Infects the boot sector and related areas on a hard or floppy disk. Every disk has a boot sector and so is potentially vulnerable to infection. Once the hard disk of a machine has been contaminated, the virus will be activated every time the machine is powered on. It will install itself in the memory and turn control over to the normal boot code. The virus subsequently infects any floppy that is inserted into the machine.

Boot-sector viruses, the most common type of virus, move or overwrite a disk’s original boot sector data and replace it with an infected boot code of their own design. Floppies and hard drives are the most susceptible to being overwritten by a boot sector virus. Then, whenever the infected system is powered on (boots up), the virus loads into memory where it can gain control over basic hardware operations. From its place in memory, a boot virus can quickly spread to any of the other drives on the system (floppy, network, etc.).


Multi-partite Viruses

Multi-partite viruses share some of the characteristics of boot sector viruses and file viruses: they can infect .COM and .EXE files, and the boot sector of the computer’s hard drive.

On a computer booted up with an infected floppy, a typical multi- partite virus will first make itself resident in memory and then infect the boot sector of the hard drive. From there the virus may infect a PC’s entire environment.

Not many forms of this virus class actually exist. They do, however, account for a disproportionately large number of infections.


Polymorphic or Mutation Viruses

Polymorphic (mutation) viruses are unique in that they are designed to elude detection by changing their structure after each execution--with some polymorphic viruses, millions of permutations are possible. Of course, this makes it harder for normal antivirus programs to detect or intercept them. It should be noted that polymorphic viruses do not, strictly speaking, constitute a separate category of virus; they usually belong to one of the categories described above.


Stealth Viruses

Stealth viruses, or Interrupt Interceptors, as they are sometimes called, take control of key DOS-level instructions by intercepting the interrupt table, which is located at the beginning of memory. This gives the virus the ability to do two important things: 1) take control of the system by redirecting the interrupt calls, and 2) hide itself to prevent detection.


Network viruses

Network Virus use protocols and commands of computer network or email to spread themselves.

In DESTRUCTIVE CAPABILITIES viruses can be divided as follows:

  • harmless, that is having no effect on computing (except for some lowering of free disk space as a result of propagation);

  • not dangerous, limiting their effect to lowering of free disk space and a few graphical, sound or other FX);

  • dangerous viruses, which may seriously disrupt the computer's work;

  • very dangerous, the operating algorithms of which intentionally contain routines which may lead to losing data, data destruction, erasure of vital information in system areas, and even according to one of the unconfirmed computer legends inflict damage to the moving mechanical parts by causing resonance in some kinds of HDDs.


How Viruses Spread

There are many ways for a virus to enter your system:


  • Email attachments

  • Database replications

  • Shared network files and network traffic in general

  • World Wide Web (WWW) sites

  • FTP traffic from the Internet (file downloads)

  • Floppy disks brought in from outside the organization

  • Electronic bulletin boards (BBS)

  • Pirated software

  • Demonstration software

  • Computer labs


The most likely virus entry points are email, Internet and network connections, floppies; modems or other serial or parallel port connections. In today’s increasingly interconnected workplace (the Internet, intranet, shared drives, removable drives and email), virus outbreaks now spread faster and wider than ever before.



VIRUS PREVENTION GUIDELINES:


  • You can only get a virus by executing an infected program or booting from an infected diskette. Any diskette can be infected by a boot sector virus, even non-bootable diskettes.


  • You cannot get a virus simply by being on a bulletin Board Service (BBS), the Internet, or an online service. You will only become infected if you download an infected file and execute that file.


  • Most viruses are transferred by booting from an infected diskette (e.g. Stoned, Form, Stealth-B, AntiExe, Monkey). Always boot your Computer with a VIRUS- free DOS disk. .Remove diskettes from you’re a drive as soon as you are through with the diskette. If your CMOS permits it, change your order to boot from your hard disk first. If you don’t know what CMOS is, check the manual for your computer; there is normally an option when you boot your computer to hit a specific key to enter CMOS setup. This allows you to change many options on your computer.


  • Make sure you have at least two backups for all of your files. Backups are essential not only to safely recover from virus infections, but also to recover from the other threats to your data.


  • Be sure to check all new software for viruses. Even shrink-wrapped software from a major publisher may contain a virus.


  • Purchase and use an ANTI-VIRUS programs.
    Do not loan your original program Disk to the other users.
    Do not loan your Computer System to the other users.
    Write protect your Diskette.


0 comments

Post a Comment

Subscribe to: Post Comments (Atom)