Internet Related

Brief introduction on Computer Virus

Virus imageWhat is a Virus?
A virus is a self replicating code that produces its own code by attaching copies of itself into other executable codes and operates without the knowledge or desire of a computer user. Virus was discovered in early 1980s. Viruses require human activity such as booting a computer, executing an autorun on a CD, or opening an email attachment.

In day today life most of computers get attacked or infected with the viruses or worms. 4% attacks are due to viruses and worms are reported,  rest are due to human error (53%) and so on. But that 53% also includes viruses and worms which get attached to our system due to human error. So, whatever be the matter , every computer user should at least know the basics of viruses and worms and how one can try to avoid such stuffs from the system.

There are three basic ways viruses propagate through the computer world: Master boot record: This is the original method of attack.. It works by attacking the master boot record of floppy disks or the hard drive. This was effective in the days when everyone passed around floppy disks.

  • Document Virus: A slightly newer form of virus that relies on the user to execute the file.. Extensions, such as .com and .exe, are typically used. Some form of social engineering is normally used to get the user to execute the program. Techniques include renaming the program or trying to mask the .exe extension and make it appear as a graphic or .bmp.
  • Macro Virus: The most modern type of virus began appearing in the 1990s. Macro viruses exploit scripting services installed on your computer. Most of you probably remember the I Love You virus, a prime example of a macro infector.

Viruses must place their payload somewhere so that  they can overwrite a portion of the infected file. Most virus writers want to avoid detection for as long as possible One way the virus writer can accomplish this is to place the virus code either at the beginning or end of the infected file. 

Prependers infect programs by placing their viral code at the beginning of the infected file. Appenders infect files by placing their code at the end of the infected file.. This leaves the file intact while the malicious code is added to the beginning or end of the file or append at both sides.

Component/Working of a Virus: Working of VirusViruses that can spread without human intervention are known as worms. ->The search routine is responsible for locating new files, disk space, or RAM to infect -> Infection Routine is responsible for copying the virus and attaching it to a suitable host. ->Trigger Routine: is to launch the pay-load at a given date and time. The trigger can be set to perform a given action at a given time.

Characteristics of Virus

  • Virus resides in the memory and replicates itself.
  • It does not reside in the memory after completing its task
  • It may transform itself into other programs to hide its identity

Reason for the creation of Viruses:

  • It may be created for research purpose
  • May be to play pranks with friend and foes what we usually do J
  • Someone may intentionally wish to harm others computer i.e. vandalism
  • To gain over some companies content for financial or threat purpose i.e extortion
  • To have an eye over the people say in a computer lab or on any product distribution i.e Spyware.
  • For spreading threats and terrors at the people through internet by thefting others identity and misusing that and many more may be the reason.

Symptoms that computer get an attack

  • System will work in unmannered way
  • Process may take more time that its expected.
  • floppy drive or disk drive suddenly get opened
  • Hang up at the starting time.
  • Computer name gets changed.
  • Drive names get changed
  • Firefox or other browsers not working properly
  • Getting sudden restart or freezes fast on warning
  • Other gets vulgar messages what you have not sent to them and so on.

Basic Difference between Virus  and worm:

  • A worm is a special kind of virus that can replicate itself and use memory, but don’t attach itself to other programs what a virus does.
  • A worm spread through the infected network automatically but virus does not.

Types of Viruses:

What they infect

  • Boot virus: infects disk boot sectors and records.
  • File Virus: infects executables files in OS file system.
  • Macro Virus: infects documents, data sheets etc like word, excel
  • Network Virus: spread through email using command and protocols of computer network.
  • Source Code Virus: override host codes by adding Trojan code in it

How they infect

  • Parasitic Virus: attach itself to executable files and replicates itself
  • Memory resident Virus: resides and do changes in main memory
  • Stealth Virus: which can hide itself from anti-virus programs
  • Polymorphic Virus: A virus that mutates and changes accordingly.
  • Cavity Virus: overwrites a host file with constant null but with the same size and functionality
  • Famous Viruses and Worms: I love you which is a win-32 email based worm
  • Melissa Virus: it’s a Microsoft word macro virus
  • JS.spth: It’s a JavaScript internet worm which spreads through e-mail, p2p networks etc.
  • Klez virus: its an email attachment that automatically runs when viewed with MS word and uses its own SMTP engine to spread mail
  • Slammer/Sapphire worm: it was the fastest worm in history which doubles itself within 9 seconds. others are top rated viruses in 2008 detnat,  netsky,  mytob , bagle, mywife, virut, Zafi, mydoom, Lovegate and bagz.

Always remember Prevention is better than cure so don’t accept strange files, don’t do double click on everything, try to check file’s extension and learn little bit batch file commands.

Install good antivirus(Nod32, AVG, McAfee, Bitdefender , Kaspersky etc.) and regulary scan your whole sytem, always try to check processes and all.

For more information check Wikipedia, , Ec-council CEH guide and don’t forget to google to get latest news and stuffs related to this topic. This was just an introduction!

Comments are closed.