No this is not a course in how to write a virus, but to make you clear what it is, the impact on society, and some of the historical aspects of viruses.
| How infection occurs
In order to infect a computer, a virus has to have the chance to execute its code.
Viruses usually ensure that this happens by behaving like a parasite, i.e. by modifying another item so that the virus code is executed when the legitimate item is run or opened.
Good vehicles for viruses include the parts of a disk which contain code executed whenever that disk is booted, and documents which contain macros executed whenever that document is opened with the relevant application.
As long as the virus is active on the computer, it can copy itself to
other files or disks that are accessed.
The successful spread of a virus depends on how long it can replicate unnoticed, before its presence is made known by the activation of side-effects. Viruses use two main methods of disguise:
* Encrypting (scrambling) their code to avoid recognition.
As well as self-replicating code, a virus normally contains a 'payload'. The former is like the propulsion unit of a missile; the latter is like the warhead it delivers. The payload can be programmed to have malicious side-effects.
These effects can range from harmless messages to data corruption or
Infections spread from machine to machine, and from organisation to organisation, in a number of ways.
Viruses can be transmitted by:
* Booting a PC from an infected medium.
Common routes for virus infiltration include:
* Floppy disks or other media that users can exchange.
The fight against computer viruses involves five kinds of counter-measure:
Preparation includes making backups of all software (including operating systems) and making a contingency plan.
Prevention includes creating user awareness, implementing hygiene rules, using disk authorisation software, or providing isolated 'quarantine' PCs.
Detection involves the use of anti-virus software to detect, report and (sometimes) disinfect viruses.
Containment involves identifying and isolating the infected items.
Recovery involves disinfecting or removing infected items, and recovering or replacing corrupted data.
|Basically, a virus is a computer program that is able, with
your help and by attaching itself to other documents, (programs, e-mail,
web pages etc.) to move from computer to computer. Typically, these programs
are often harmful and not beneficial; even if the virus has no payload (the
part of a virus that contains code to either multiply itself and or to destroy
something) it is an unwelcome visitor and takes up system resources.
A virus is not the only way you can experience problems with your computer. For most people, hardware or software problems are far more common. This document contains a detailed discussion of some of the most common viruses.
There are several classes of code often grouped under the name "virus." But not all are viruses in the classic meaning of the term. Some of these are: worm, Trojan Horse, logic bomb, and others.
The thing to remember is that a virus moves from computer to computer by attaching itself to a document. Such a document could be an executable program, e-mail you have received or any piece of information that resides on you computer. Including the small program that exists in the boot sector of every floppy or hard disk, bootable or not.
For most viruses, when the program with the virus attached is run, the viral code goes into memory and stays there for as long as the computer is turned on. In some cases even if you warm boot the computer with Ctrl-Alt-Del the virus stays in memory
To spread itself, a virus first attaches itself to other programs, documents with macros, e-mail or other disks as they are accessed. Then, if the circumstances are correct for a particular virus, it activates and does whatever damage it was designed to do. This may range from a simple message on your screen to complete erasure of your disk, or just nothing at all but still being a nuisance.
Bootsector viruses are the classics under the viruses. A Bootsector virus settles itself onto a floppy's or hard disk Bootsector, a specific track on a disk where the operating system finds the information to start your machine's operating system or make itself known to you machine (ID). During the 80's a Bootsector virus was a real pest on Amiga and Commodore 64 computers. Easy to remove but a nuisance, and very virulent sometimes too. When a Bootsector virus had infected your disk the machine either froze or the floppy was no longer usable until you removed the virus. Sometimes even the spare Bootsector was overwritten and then your info could only be salvaged with the help of a recovery program,
A polymorphic virus is a virus that can change itself to elude detection. Or change its working. For example in stead of wiping your hard disk it locks your keyboard when specific keys are pressed in a particular sequence. Very hard to detect.
A binary virus is a virus that needs a second component to become activated and do whatever it was designed to do. It is nearly impossible to detect un incomplete virus.
A macro virus most often exposes itself in Microsoft Office documents like Excel and Word or Outlook and works its havoc. The code is easy to detect and to deactivate.
As long as you can speak of a standard virus. Contemporary viruses are hybrids that even contain their own mail engine!
A standard virus resides in memory. Were its payload executes like a three stage rocket:
More advanced viruses are scoring your hard disk for other programs or executables and attach itself to any available one. Than look for other hard disks, inclusive network disks, and do the same thing over.
Even more advanced viruses try to attack domains of other users on the network by cracking the passwords and repeat the process
Some viruses are only specialized at cracking firewalls, deleting files, shut down virus protecting programs, sending hundreds of thousands of mails, steel addresses from your mailbox and send them to a secret recipient. Or burning out you display. But mind you not all viruses are malignant, none are benevolent either be it only to take up CPU time and disk space.
Virus spreading patterns lately (at the time of updating this document)
would suggest that MS software is extremely buggy. Yes the software security
is pretty weak, as is other software as well. The reason that
other operating systems less attacked by viruses is that over
98% of the desktop machines run the MS operating system. And programming
viruses is relatively easy. That can be done at home. With the availability
of tools on the Internet, or subculture circles, it takes from a
few days to weeks to build one. Even without much knowledge of networks,
firewalls, disk systems, mail deployment mechanisms, password encryption,
security measures and so on. People like that are often called "script
Will a microcomputer virus work on other types of machines? Not many do. But considering the connection ratio between micro's and "Big Irons" it could travel very well with ordinary documents shared over the network. The end users always have some kind of MS windows and PC combination on their desk. Thus prime targets for viruses.
The spread of viruses often is accelerated because of the behavior of computer users. The Kournikova virus was a prime example of this. By using the human curiosity, to entice users in opening mail with promising pictures or other material is something a virus protection program can not guard against. However it is not only by e-mail that viruses get spread. The classic file attachments, macro code inside documents, or extensibles to binary programs are somewhat under-represented in the realm of Trojans and viruses, but they are out there!
Oh yes there are discussions that virus protection companies themselves create viruses to keep them in business. And there are rumors that during the cold war most viruses came from countries like Bulgaria and Rumania. And that the virus SoBig.F escaped from an American laboratory of cyber warfare. Well undoubtedly where there is smoke there is fire. But what is thru and what is propaganda?
|Last Update 15 March, 2013||For suggestions please mail the editors|
|2||top picture: http://www.fas.harvard.edu/computing/antivirus/|
|3||The computervirus protection handbook; colin Haynes; sybex; 1990|
|4||Virus!; Allan Lundell; Contemporary books Chicago; 1990|
|5||Das Grosse Computer Viren Buch, Ralf Burger, Data Becker 1990|
|6||Use of virus functions, Gunn, ACM 1974|
|7||Computer viruses, theory and experiments; Cohen; 1983-84|
|8||Computable, many issues 1999, 2000, 2001, 2002, 2003|
|9||Computer idee 23/03|
|11||an open proxie is a server that sends or relais email messages|
|13||http://www.sophos.com/virusinfo/articles/ last accessed 8 June 2005|
|14||Iain Thomson, vnunet.com 07 Oct 2005|
This is wonderful news for those who are looking for 350-001 test and 70-685 testking . We are the best online shop for 648-232 practice test along with 70-412 at affordable prices. In addition, find best quality 70-649 passguide here