Vital Information Resource Under Siege
Introduction:
A VIRUS is a small, executable program with the ability to replicate itself, usually Without the permission or knowledge of the user. The word "virus" is the generic term for worm, viruses and Trojans. Computer viruses are called ‘viruses’ because they share some common characteristics of biological viruses. Computer viruses like the biological viruses are task specific. They are designed to infect a designated target. This can be a specific type of file or computer sub-system. It must piggy back on top of some other program to get executed. It passes from computer to computer like biological viruses pass from person to person. Fighting computer virus is like human intelligence fighting against itself. Virus-masters continuously upgrade their techniques to ensure their survival in the computing Environment. Computer virologists face the task of combating new viruses that have been developed by members of their own programming fraternity. Once they have found an anti-virus software to take care of an existing virus, virus-meisters invent a new string of viruses, which are even more difficult to decipher or crack.
Read more.....
Appearance of computer viruses is one of the most interesting developments in Technology in the twentieth century. Computer viruses are mysterious but fascinating at the same time. Every time a new virus hits, it makes the news. On the other hand they Show how sophisticated they have become in terms of technology, and it is precisely our dependence on technology that makes us so vulnerable. Coming back to viruses... virus can add its code anywhere in the host program and/or the system area of a hard disk or floppy disk. The host program is nothing but an executable file like .EXE, .COM, etc. Anywhere in the file means that the virus code can get appended in the beginning, end, in the middle or by simply placing a pointer to a different location on disk where the virus can find it. It is coded in such a way that the virus code gets executed first. Also, the code it appends to a file is normally not the complete source code of the virus. It is just the self-replicating part so that it can attack more number of programs. Difference between a computer virus and other programs Viruses are designed to self-replicate, usually without the knowledge of the user. They often contain “payloads”, action that the virus carries out separately from replication.
Viruses can be hidden in:
Programs available on floppy disks or CDs.
E-mail attachments
Material downloaded from the web
Payload of computer viruses
Payload is the malicious activity, in which the virus carrying it performs. In short, we can define payload as the extent of damage a virus is supposed to cause. A payload can be triggered by a number of conditions like:
Certain date of month or year, execution.
Execution of certain programs
A built-in counter
Example of what payload can do:
⇒ Delete files
⇒ Confidential information access and release
⇒ Ε-Mail – unauthorized mass e-mailing
⇒ File modification
⇒ Over writing security settings.
⇒ System instability
⇒ Degrading system performance – steals system cycles.
Virus Behavior:
In general, a virus has two phases, “infection phase” and “attack phase”. The first phase is the infection phase, where the virus reproduces widely and the second is the attack phase, where they do whatever damage they are programmed to do. Its presence can be felt only when they activate themselves.
Read more.....
Infection phase
Virus writers have to balance how and when their virus should infect against the possibility of being detected. Therefore the spread of infection may not be immediate.
This is the phase where the virus commences the acquisition of the system by first infecting the identified target, second taking charge of the target and lastly by installing its own command. These steps are coded in detail in the instruction code given to it by the author.
No one knows when exactly a virus will infect other programs or in simple words when it will activate itself. Some programs get executed each time they are executed, and some viruses will infect upon a Trigger. You can never be sure that your system is not infected by a virus after running an AV program a few times. This is because the virus would not have started its infection phase. The virus writer will want his program to spread as far as possible so that in the second phase, "The attack phase", the victim’s computer will have
a positive impact to the virus. Many viruses go resident on the memory. This provides an upper hand for the virus, as it can wait for an external event before it starts the infection and also the trigger used by the virus becomes hard to guess.
The resident virus frequently takes over portion of the system software to hide their presence. This technique is called stealth.
Attack phase
Not all viruses attack, but all use system resources and often have bugs. Most of the viruses do unpleasant things like deleting files or changing random data on your disk, slowing down your PC, stealing passwords from the system and mailing it to a remote email, etc. Viruses often delay revealing their presence by launching their attack only after they have had ample opportunity to spread. This means that the attack phase can start even after months of infection. This attack phase is optional. Many viruses simply reproduce themselves and have no trigger for an attack phase.
Classification of Computer viruses
Environment
File Viruses
♦ Overwriting virus
♦ Parasitic virus or Cavity (space-filler) virus
♦ Companion virus
♦ File worms
♦ Link viruses or cluster viruses
♦ Source code viruses (OBJ, LIB viruses)
♦ Tunneling viruses
♦ Camouflage virus
Boot viruses
♦ Parity boot
♦ Boot-and-file virus
♦ System sector virus
Macro Viruses
Network Viruses
VB worms
Operating system (OS)
Different algorithms of work
Terminate and stay resident (TSR) virus
Stealth Algorithm
Armored virus
Polymorphic or self-encrypting capabilities
Logic bombs
work on windows xp
No comments:
Post a Comment