CLICK HERE

Monday, January 21, 2008

Definition Of Computer Viruses


What is a VIRUS? What differences between Viruses with worm?

A computer Virus is a piece of codes or more simple an unwanted program that was surreptitiously loaded into your computer system without your knowledge in order to corrupt and destroy your computer data.

In fact, viruses are programs that infect other programs by adding to them a virus code to get access at an infected file start-up. This simple definition discovers the main action of a virus infection. The level of destructions of computer viruses are more powerful than those the computer worm, however spreading speed of computer viruses is lower than those of computer worms.

The effect of computer viruses varies from different damage so that you are unaware your computer has been infected and damaged little by viruses that wiping out the entire contents of disks. Viruses come in many different forms, are manmade and most are intentionally designed to replicate themselves automatically. When the virus program runs it makes a copy of itself and adds itself to another computer program. Each time the infected program is run the virus is also run. If your system is infected, you can easily spread the virus to others through shared disks and email attachments.

Types of viruses

Boot viruses - These viruses infect floppy disk boot records or master boot records in hard disks. They replace the boot record program (which is responsible for loading the operating system in memory) copying it elsewhere on the disk or overwriting it. Boot viruses load into memory if the computer tries to read the disk while it is booting.
e.g.: Form, Disk Killer, Michelangelo, and Stone virus

Program viruses - These infect executable program files, such as those with extensions like .BIN, .COM, .EXE, .OVL, .DRV (driver) and .SYS (device driver). These programs are loaded in memory during execution, taking the virus with them. The virus becomes active in memory, making copies of itself and infecting files on disk.
e.g.: Sunday, Cascade

Multipartite viruses - A hybrid of Boot and Program viruses. They infect program files and when the infected program is executed, these viruses infect the boot record. When you boot the computer next time the virus from the boot record loads in memory and then start infecting other program files on disk.
e.g.: Invader, Flip, and Tequila

Stealth viruses - These viruses use certain techniques to avoid detection. They may either redirect the disk head to read another sector instead of the one in which they reside or they may alter the reading of the infected file’s size shown in the directory listing. For instance, the Whale virus adds 9216 bytes to an infected file; then the virus subtracts the same number of bytes (9216) from the size given in the directory.
e.g.: Frodo, Joshi, Whale

Metamorphic Viruses - A virus that can reprogram itself. Often, it does this by translating its own code into a temporary representation, edit the temporary representation of itself, and then write itself back to normal code again.

Polymorphic viruses - A virus that can encrypt its code in different ways so that it appears differently in each infection. These viruses are more difficult to detect by the anti-virus search engine.
e.g.: Involuntary, Stimulate, Cascade, Phoenix, Evil, Proud, Virus 101

Macro Viruses - A macro virus is a new type of computer virus that infects the macros within a document or template. When you open a word processing or spreadsheet document, the macro virus is activated and it infects the Normal template (Normal.dot)-a general purpose file that stores default document formatting settings. Every document you open refers to the Normal template, and hence gets infected with the macro virus. Since this virus attaches itself to documents, the infection can spread if such documents are opened on other computers.
e.g.: DMV, Nuclear, Word Concept.

Active X - ActiveX and Java controls will soon be the scourge of computing. Most people do not know how to control their web browser to enable or disable the various functions like playing sound or video and so, by default, leave a nice big hole in the security by allowing applets free run into their machine. There has been a lot of commotion behind this and with the amount of power that JAVA imparts; things from the security angle seem a bit gloom.

These are just few broad categories. There are many more specialized types. But let us not go into that. We are here to learn to protect our self, not write a thesis on computer virus specification.

Nowadays, Metamorphic Viruses & Polymorphic Viruses have been being the most deadly of malware for now. The table below show the differences between the Polymorphic Viruses and Metamorphic viruses.

The Differences Of The Polymorphic Viruses and Metamorphic Viruses.

POLYMORPHICS VIRUSES

METAMORPHIC VIRUSES

  • These kind of viruses encrypt it’s code to various codes every times when it replicate itself to infect a new file in order to keep being detected by the antivirus programs.
  • These viruse used the Mutation Engine (MtE) and random- number generator module to encrypt their codes in different form.
  • They are hard to found by the antivirus programs after the Metamorphic Viruses.
  • These kind of viruses hide themselves by rewrite them themselves completely each times they are to be infects a new executables.
  • Metamorphic Engine was needed to rewrite themselves.
  • Most of these kind of viruses are very large and complicated – almost 90% was it part of its Metamorphic Engine.
  • Very hard to search by the antivirus programs.

Based on the data above, Metamorphic Viruses are more effective than the Polymorphic Viruses. For present time, only 30% of the unknown Polymorphic Viruses can be detected by the best antivirus program search engine. How about the METAMORPHIC VIRUSES which were even more powerful?

No comments: