Imagine that a friend emails you some files he found on the Internet. You open them and trigger a virus that mails confidential documents to everyone in your address book including your competitors. Finally, imagine that you accidentally send another company, a report that carries a virus. Will they feel safe to do business with you again? Today new viruses sweep the planet in hours and virus scares are major news. A computer virus is a computer program that can spread across computers and networks by making copies of itself, usually without the user’s knowledge. Viruses can have harmful side effects. These can range from displaying irritating messages to deleting all the files on your computer.
A virus program has to be run before it can infect your computer. Viruses have ways of making sure that this happens. They can attach themselves to other programs or hide in code that is run automatically when you open certain types of files. The virus can copy itself to other files or disks and make changes on your computer. Virus side effects, often called the payload, are the aspect of mostinterest to users. Password-protecting the documents on a particular day, mailing information about the user and machine to an address somewhere are some of the harmful side effects of viruses. Various kinds of viruses include macro virus, parasitic or file virus, Boot virus, E-mails are the biggest source of viruses. Usually they come as attachments with emails.
The Internet caused the spreading of viruses around the globe. The threat level depends on the particular code used in the WebPages and the security measures taken by service providers and by you. One solution to prevent the viruses is anti-virus softwares. Anti-virus software can detect viruses, prevent access to infected files and often eliminate the infection.
Computer viruses are starting to affect mobile phones too. The virus is rare and is unlikely to cause much damage. Anti-virus experts expect that as mobile phones become more sophisticated they will be targeted by virus writers. Some firms are already working on anti-virus software for mobile phones. VBS/Timo-A, Love Bug,Timofonica,CABIR,aka ACE-? and UNAVAILABLE are some of the viruses that affect the mobile phones
BASIC CONCEPTS
What is a virus?
A computer virus is a computer program that can spread across computers and networks by making copies of itself, usually without the user’s knowledge. Viruses can have harmful side-effects. These can range from displaying irritating messages to deleting all the files on your computer.
Evolution of virus
In the mid-1980s Basit and Amjad Alvi of Lahore, Pakistan discovered that people were pirating their software. They responded by writing the first computer virus, a program that would put a copy of itself and a copyright message on any floppy disk copies their customers made. From these simple beginnings, an entire virus counter-culture has emerged. Today new viruses sweep the planet in hours and virus scares are major news
How does a virus infect computers?
A virus program has to be run before it can infect your computer. Viruses have ways of making sure that this happens. They can attach themselves to other programs or hide in code that is run automatically when you open certain types of files. You might receive an infected file on a disk, in an email attachment, or in a download from the internet. As soon as you launch the file, the virus code runs. Then the virus can copy itself to other files or disks and make changes on your computer.
Who writes viruses?
Virus writers don’t gain in financial or career terms; they rarely achieve real fame; and, unlike hackers, they don’t usually target particular victims, since viruses spread too indiscriminately. Virus writers tend to be male, under 25 and single. Viruses also give their writers powers in cyberspace that they could never hope to have in the real world.
Virus side effects(Payload)
Virus side-effects are often called the payload. Viruses can disable our computer hardware, Can change the figures of an accounts spreadsheets at random, Adversely affects our email contacts and business domain, Can attack on web servers…
Messages -WM97/Jerk displays the message ‘I think (user’s name) is a big stupid jerk!’ Denying access -WM97/NightShade password-protects the current document on Friday 13th. Data theft- Troj/LoveLet-A emails information about the user and machine to an address in the Philippines
. Corrupting data -XM/Compatable makes changes to the data in Excel spreadsheets. Deleting data -Michelangelo overwrites parts of the hard disk on March 6th.
Disabling Hardware -CIH or Chernobyl (W95/CIH-10xx)
attempts to overwrite the BIOS on April 26th, making the machine unusable.
Crashing servers-Melissa or Explore Zip, which spread via email, can generate so much mail that servers crash.
There is a threat to confidentiality too. Melissa can forward documents, which may contain sensitive information, to anyone in your address book. Viruses can seriously damage your credibility. If you send infected documents to customers, they may refuse to do business with you or demand compensation. Sometimes you risk embarrassment as well as a damaged business reputation. WM/Polypost, for example, places copies of your documents in your name on alt.sex usenet newsgroups.
VIRUSES AND VIRUS LIKE PROGRAMMES
Trojan horses
Trojan horses are programs that do things that are not described in their specifications The user runs what they think is a legitimate program, allowing it to carry out hidden, often harmful, functions. For example, Troj/Zulu claims to be a program for fixing the ‘millennium bug’ but actually overwrites the hard disk. Trojan horses are sometimes used as a means of infecting a user with a computer virus.
Backdoor Trojans
A backdoor Trojan is a program that allows someone to take control of another user’s PC via the internet. Like other Trojans, a backdoor Trojan poses as legitimate or desirable software. When it is run (usually on a Windows 95/98 PC), it adds itself to the PC’s startup routine. The Trojan can then monitor the PC until it makes a connection to the internet. Once the PC is on-line, the person who sent the Trojan can use software on their computer to open and close programs on the infected computer, modify files and even send items to the printer. Subseven and Back Orifice are among the best known backdoor Trojans.
Worms
Worms are similar to viruses but do not need a carrier (like a macro or a boot sector).They are subtype of viruses. Worms simply create exact copies of themselves and use communications between computers to spread. Many viruses, such as Kakworm (VBS/Kakworm) or Love Bug (VBS/LoveLet-A), behave like worms and use email to forward themselves to other users.
Boot sector viruses
Boot sector viruses were the first type of virus to appear. They spread by modifying the boot sector, which contains the program that enables your computer to start up. When you switch on, the hardware looks for the boot sector program – which is usually on the hard disk, but can be on floppy or CD – and runs it. This program then loads the rest of the operating system into memory. A boot sector virus replaces the original boot sector with its own, modified version (and usually hides the original somewhere else on the hard disk). When you next start up, the infected boot sector is used and the virus becomes active. You can only become infected if you boot up your computer from an infected disk, e.g. a floppy disk that has an infected boot sector. Many boot sector viruses are now quite old.
Those written for DOS machines do not usually spread on Windows 95, 98, Me, NT or 2000 computers, though they can sometimes stop them from starting up properly. Boot viruses infect System Boot Sectors (SBS) and Master Boot Sectors (MBS). The MBS is located on all physical hard drives. It contains, among other data, information about the partition table (information about how a physical disk is divided into logical disks), and a short program that can interpret the partition information to find out where the SBS is located. The MBS is operating system independent. The SBS contains, among other data, a program whose purpose is to find and run an operating system. Because floppy diskettes are exchanged more frequently than program files boot viruses are able to propagate more effectively than file viruses.Form -A virus that is still widespread ten years after it first appeared.
The original version triggers on the 18th of each month and produces a click when keys are pressed on the keyboard. Parity Boot - A virus that may randomly display the message ‘PARITY CHECK’ and freeze the operating system. The message resembles a genuine error message displayed when the computer’s memory is faulty.
Parasitic virus (File virus)
Parasitic viruses, also known as file viruses, attach themselves to programs (or ‘executables’) and Acts as a part of the program .When you start a program infected with a file virus, the virus is launched first. To hide itself, the virus then runs the original program. The operating system on your computer sees the virus as part of the program you were trying to run and gives it the same rights. These rights allow the virus to copy itself, install itself in memory or release its payload. these viruses Infects over networks.
The internet has made it easier than ever to distribute programs, giving these viruses new opportunities to spread.
Jerusalem- On Friday 13th deletes every program run on the computer.
CIH (Chernobyl) - On the 26th of certain months, this virus will overwrite part of the BIOS chip, making the computer unusable. The virus also overwrites the hard disk.
Remote Explorer - WNT/RemExp (Remote Explorer) infects Windows NT executables. It was the first virus that could run as a service, i.e. run on NT systems even when no-one is logged in. Parasitic viruses infects executables by companion, link, overwrite, insert, prep end, append techniques
a) Companion virus
A companion virus does not modify its host directly. Instead it maneuvers the operating system to execute itself instead of the host file. Sometimes this is done by renaming the host file into some other name, and then grant the virus file the name of the original program. Or the virus infects an .EXE file by creating a .COM file with the same name in the same directory. DOS will always execute a .COM file first if only the program name is given, so if you type “EDIT” on a DOS prompt, and there is an EDIT.COM and EDIT.EXE in the same directory, the EDIT.COM is executed.
b) Linking Virus
A link virus makes changes in the low-level workings of the file system, so that program names do no longer point to the original program, but to a copy of the virus. It makes it possible to have only one instance of the virus, which all program names point to.
No comments:
Post a Comment