Viruses are malicious programs that spread by inserting copies of themselves into other programs. They infect computers through various means like shared files and email attachments. Every virus must have routines to search for and copy itself into new file targets. There are many types of viruses including boot sector, file, macro, and polymorphic viruses that change their code to avoid detection. Viruses can cause damage by deleting files or disrupting systems.
Viruses are malicious programs that spread by inserting copies of themselves into other programs. They infect computers through various means like shared files and email attachments. Every virus must have routines to search for and copy itself into new file targets. There are many types of viruses including boot sector, file, macro, and polymorphic viruses that change their code to avoid detection. Viruses can cause damage by deleting files or disrupting systems.
Viruses are malicious programs that spread by inserting copies of themselves into other programs. They infect computers through various means like shared files and email attachments. Every virus must have routines to search for and copy itself into new file targets. There are many types of viruses including boot sector, file, macro, and polymorphic viruses that change their code to avoid detection. Viruses can cause damage by deleting files or disrupting systems.
Viruses are malicious programs that spread by inserting copies of themselves into other programs. They infect computers through various means like shared files and email attachments. Every virus must have routines to search for and copy itself into new file targets. There are many types of viruses including boot sector, file, macro, and polymorphic viruses that change their code to avoid detection. Viruses can cause damage by deleting files or disrupting systems.
Copyright:
Attribution Non-Commercial (BY-NC)
Available Formats
Download as PDF, TXT or read online from Scribd
Download as pdf or txt
You are on page 1/ 5
Computer Viruses
Virus Definition
Viruses are malicious software programs that have been designed by other computer users to cause destruction and havoc on a computer and spread themselves to other computers where they can repeat the process. It is different from worms. A worm is structured as a complete stand alone program, a virus is a fragmented code embedded in a legitimate program. Viruses are a major problem to users of micro computer systems(single user systems). Multi user systems generally are not prone to viruses because the executable programs are protected from writing by the operating system. Programs must always have an extent of “COM”, “EXE”, or “SYS”.
Infection Sources It is often distributed through shareware, pirated software, e-mail, p2p programs, infected storage media or other programs where users share data.
The Functional Elements of a Virus
Every viable computer virus must have at least two basic parts, or subroutines, if it is even to be called a virus. Firstly, it must contain a search routine, which locates new files or new areas on disk which are worthwhile targets for infection. This routine will determine how well the virus reproduces. Secondly, every computer virus must contain a routine to copy itself into the area which the search routine locates. The copy routine will only be sophisticated enough to do its job without getting caught. Anti-detection routines can either be a part of the search or copy routines, or functionally separate from them.
Tools Needed for Writing Viruses
Viruses are written in assembly language. High level languages like Basic, C, and Pascal have been designed to generate stand-alone programs.
Number of Viruses There are currently over 50,000 known computer viruses and that number is growing rapidly. Fortunately, only a small percentage of these are circulating widely. There are more MS- DOS/Windows viruses than all other types of viruses combined (by a large margin).
UNIX and viruses
The computer virus problem is much less prevalent under the Unix platform, but that does not at all mean it is nonexistent. Unix viruses (though very few) do exist. (Name one Linux virus? Okay... Bliss.) That said, there are certainly (and not surprisingly) very few viruses in the wild viable under Unix. This is partly because of access restrictions in the environment. For example, if a user runs a file that is infected with a virus, it can only do what this user has privileges to do (under normal conditions-not much) so at very least, it cannot spread to other systems. But, if a superuser (or anyone with full permissions) runs a virus, it could possibly infect the whole system and travel to other systems... etc. Also, one must remember that viruses are much less prevalent under UNIX operating systems simply because those operating systems are not as widely used for home systems as DOS/Windows operating systems. If more people used UNIX operating systems at home, obviously more viruses would target them. The rise in popularity of the GNU/Linux operating system, has certainly shown this to be true.
Types There are three major types of viruses, each very different from the other. • Boot Sector Infectors: Also sometimes called boot record infectors, system viruses, or boot viruses, these programs attack the vulnerable boot program that is stored on every bootable floppy disk or hard disk. This code is executed by the system when the PC is started up, by installing themselves here they guarantee that their code will be executed whenever the system is started up, giving them full control over the system to do what they wish. They are spread most commonly through infected bootable floppy disks. • File Infectors: These viruses directly attack and modify program files, which are usually .EXE or .COM files. When the program is run, the virus executes and does whatever it wants to do. Usually it loads itself into memory and waits for a trigger to find and infect other program files. These viruses are commonly spread through infected floppy disks, over networks, and over the Internet. • Macro Viruses: The newest type of virus, these clever programs make use of the built-in programming languages in popular programs such as Microsoft Word and Microsoft Excel. These programs allow users to create programs that automate tasks, called macros. As the macro languages have become more powerful, virus writers have created malevolent macros that, when opened unwittingly, duplicate themselves into other documents and spread just like a conventional virus would. These programs can cause just as much damage as regular viruses, despite the fact that they are very different: regular viruses are low-level machine language programs, while macro viruses are actually high- level interpreted BASIC programs! The most common type of macro virus right now infects Microsoft Word documents. In computing terminology, a macro virus is a virus that is written in a macro language: that is to say, a language built into a software application such as a word processor. Since some applications (notably, but not exclusively, the parts of Microsoft Office) allow macro programs to be embedded in documents, so that the programs may be run automatically when the document is opened, this provides a distinct mechanism by which viruses can be spread. This is why it may be dangerous to open unexpected attachments in e-mails. Virus types based on What they infect • System Sector Viruses These infect control information on the disk itself. • File Viruses These infect program (COM and EXE) files. • Macro Viruses • Companion Viruses A special type that adds files that run first to your disk. Companion viruses can be considered file infector viruses like resident or direct action types. They are known as companion viruses because once they get into the system they "accompany" the other files that already exist. In other words, in order to carry out their infection routines, companion viruses can wait in memory until a program is run (resident viruses) or act immediately by making copies of themselves (direct action viruses). Some examples include: Stator, Asimov.1539, Terrax.1069. • Directory viruses An operating system finds files by looking up the path (composed of the disk drive and directory) in which each file is stored. Directory viruses change the paths that indicate the location of a file. By executing a program (file with the extension .EXE or .COM) which has been infected by a virus, you are unwittingly running the virus program, while the original file and program have been previously moved by the virus. • Batch File Viruses These use text batch files to infect. The first line causes batch file commands to not display on the screen so you won't see what's going on. The second line is a label as far as the batch file is concerned. In reality, this label is what makes the whole thing work so, of course, we're not going to show any examples. The third line copies the batch file itself to an executable file named Q.COM in the root directory of the C: drive. The output of the COPY command is directed to the NUL device so you see nothing on the screen that indicates this copy took place. Finally, the fourth line executes the newly created Q.COM file. • Source Code Viruses These add code to actual program source code. Source code comes in many forms because of the many different types of compilers and languages available. This is one reason why source code viruses are not particularly common. The other is that so few people actually write programs it becomes difficult for a source code-only virus to find victims to infect. • Visual Basic Worms These worms use the Visual Basic language to control the computer and perform tasks.
Virus types based on How They Infect
• Polymorphic Viruses Viruses that change their characteristics as they infect. Viruses that try to actively hide themselves from anti-virus or system software. Polymorphic viruses encrypt or encode themselves in a different way (using different algorithms and encryption keys) every time they infect a system. This makes it impossible for anti viruses to find them using string or signature searches (because they are different in each encryption) and also enables them to create a large number of copies of themselves. Some examples include: Elkern, Marburg, Satan Bug, Tuareg. • Stealth: A stealth virus actively hides the changes it has made to the hard disk so that it appears that it has not infected the system. For example, a file infector might stay memory resident and misreport the size of infected files so they don't appear to be infected. Boot sector viruses can trap attempts to read the boot sector and return forged data that makes them appear to be "clean". • Multipartite Viruses Viruses that may fall into more than one of the top classes. • Cavity (Spacefiller) Viruses Viruses that attempt to maintain a constant file size when infecting. A cavity (spacefiller) virus attempts to install itself inside of the file it is infecting. This is difficult but has become easier with new file formats designed to make executable files load and run faster. Most viruses take the easy way out when infecting files; they simply attach themselves to the end of the file and then change the start of the program so that it first points to the virus and then to the actual program code. Many viruses that do this also implement some stealth techniques so you don't see the increase in file length when the virus is active in memory. • Tunneling Viruses Viruses that try to "tunnel" under anti-virus software while infecting. Some viruses will attempt to tunnel under anti-virus monitoring programs in order to bypass their monitoring functions. • NTFS ADS Viruses Viruses that ride on the alternate data streams in the NT File System. And, in a special category, one might include: Programs that place viruses onto your system but themselves may not be viruses (a special form of Trojan). Hoaxes are not viruses, they are false messages sent by e-mail, warning users of a non-existent virus. The intention is to spread rumors causing panic and alarm among users who receive this kind of information.
Protection Strategies
● Keep your computer up-to-date with the latest patches: We know this sounds obvious but, we are still amazed at the number of machines we deal with that don't have the most recent patches on them. These patches seal up security holes that viruses take advantage of, so it's in your best interest to stay as recent as possible with patches. ● Update AV Software. ● Safe Boot Disk. ● Hard Disk Boot. Change your boot sequence so that the hard disk is the first boot disk instead of the floppy disk. ● Use RTF Not DOC. Consider Alternate Software. In the politest sense this would be a recommendation to switch to software that is not as likely to be affected by viruses/worms. For many offices a switch away from Word, Excel, and Outlook/Outlook Express would be difficult as these programs came as standard software on many systems. But it's worth consideration. ● Don't Open Attachments. ● Disable Scripting. Turn off the Windows Scripting Host if you don't need it. Scripts are just fancy macros that can apply across programs and are a major vehicle for worms. Instructions here. ● Show Extensions. Set all programs to show you the full file name, particularly E-mail programs. If your program drops the extension you don't really know if the attachment is executable or not. ● Be smart in the websites you choose to visit: There are a lot of bad websites out there that actually have viruses programmed right into the website. Through a process called malicious scripting, viruses can be installed onto your computer just by visiting a website. ● Protect Floppies. ● Backup. Finally, but most importantly: backup, backup, backup!
References:
The Little Black Book of Computer Viruses, Electronic Edition, by Mark Ludwig http://www.virusportal.com/com/training/train_dat3.shtml http://www.essentialcomputersecurity.com/Viruses.html http://www.pcguide.com/care/data/virus/bgTypes-c.html http://www.cknow.com/vtutor
Joby K James Roll No.13 S4 MCA, RIT Computer Viruses
