What's a Computer Virus and different types of viruses?

Go down

What's a Computer Virus and different types of viruses?

Post by sinchuz on Fri Jan 04, 2008 8:57 pm

Before discussing about Anti virus,Let's make some idea about Computer Virus.

How it spreads and how much disaster it can create if it got into a network or an individual system?

Actually what is a computer virus?

Computer viruses are small malicious software programs that are designed to spread from one computer to another by first infecting executable files or the system areas of hard and floppy disks and then making copies of itself. Viruses usually operate without the knowledge or desire of the computer user.

History of Virus

I know for sure just that there were no viruses on the Babbage machine, but the Univac 1108 and IBM 360/370 already had them ("Pervading Animal" and "Christmas tree"). Therefore the first virus was born in the very beginning of 1970s or even in the end of 1960s, although nobody was calling it a virus then.
Mr Cohen created his first virus when studying for a PhD at the University of Southern California in 1983.Codings written in C language.Others had written about the potential for creating pernicious programs but Mr Cohen was the first to demonstrate a working example. In the paper describing his work he defined a virus as "a program that can 'infect' other programs by modifying them to include a ... version of itself". Mr Cohen added his virus to a graphics program called VD that was written for a make of mini-computer called a Vax. The virus hid inside VD and used the permissions users had to look at other parts of the Vax computer to spread around the system.In all the tests carried out by Mr Cohen the virus managed to grab the right to reach any part of the system in less than an hour. The fastest time was five minutes.The creation of the virus gave rise to such consternation that other tests were banned, but Mr Cohen did manage to demonstrate a similar virus working on other computer systems. In the paper Mr Cohen prophetically wrote: "they can spread through computer networks in the same way as they spread through computers, and thus present a widespread and fairly immediate threat to many current systems."

Soon after this pioneering work viruses written for the IBM personal computer, which had only just been created, started to appear.

The first of these is widely acknowledged to be the "Brain" virus that emerged in 1986 from Pakistan and was, apparently, written to help its creators monitor piracy of their computer programs.The first computer virus for Microsoft DOS was apparently written in 1986 and contains unencrypted text with the name, address, and telephone number of Brain Computer Services, a store in Lahore, Pakistan. This virus infected the boot sector of 5¼ inch floppy diskettes with a 360 k byte capacity. Robert Slade, an expert on computer viruses, believes the Brain virus was written as a form of advertising for the store in Pakistan.

A variant of the Brain virus was discovered at the University of Delaware in the USA during Oct 1987 where the virus destroyed the ability to read the draft of at least one graduate student's thesis.

Before computer networks became widespread, most viruses spread on removable media, particularly floppy discs. In the early days of the PC, many users regularly exchanged information and programs on floppies. Some viruses spread by infecting programs stored on these disks, while others installed themselves into the disk boot sector, ensuring that they would be run when the user booted the computer from the disk.

Naming Viruses?

Computer viruses are assigned names according to a convention adopted by the Computer Anti virus Research Organization (CARO) in 1991. The CARO Naming Convention is the result of a committee consisting of virus experts Fridrik Skulason, Alan Solomon, and Vesselin Bontchev. Anti virus companies use the same basic convention, though they have tacked on their own prefixes and suffixes
What kind of files can spread viruses?
Viruses have the potential to infect any type of executable code, not just the files that are commonly called 'program files'. For example, some viruses infect executable code in the boot sector of floppy disks or in system areas of hard drives. Another type of virus, known as a 'macro' virus, can infect word processing and spreadsheet documents that use macros. And it's possible for HTML documents containing JavaScript or other types of executable code to spread viruses or other malicious code. Since virus code must be executed to have any effect, files that the computer treats as pure data are safe. This includes graphics and sound files such as .gif, .jpg, .mp3, .wav, etc., as well as plain text in .txt files. For example, just viewing picture files won't infect your computer with a virus. The virus code has to be in a form, such as an .exe program file or a Word .doc file, that the computer will actually try to execute.

What Viruses Don't Do?

Computer viruses can not infect write protected disks or infect written documents. Viruses do not infect compressed files, unless the file was infected prior to the compression.[Compressed files are programs or files with its common characters, etc. removed to take up less space on a disk.] Viruses do not infect computer hardware, such as monitors or computer chips; they only infect software.
In addition, Macintosh viruses do not infect DOS / Window computer software and vice versa. For example, the Melissa virus incident of late 1998 and the ILOVEYOU virus of 2000 worked only on Window based machines and could not operate on Macintosh computers.

How do viruses spread?

When you execute program code that's infected by a virus, the virus code will also run and try to infect other programs, either on the same computer or on other computers connected to it over a network . And the newly infected programs will try to infect yet more programs. When you share a copy of an infected file with other computer users, running the file may also infect their computers; and files from those computers may spread the infection to yet more computers. If your computer is infected with a boot sector virus, the virus tries to write copies of itself to the system areas of floppy disks and hard disks. Then the infected floppy disks may infect other computers that boot from them, and the virus copy on the hard disk will try to infect still more floppies. Some viruses, known as 'multipartite' viruses, can spread both by infecting files and by infecting the boot areas of floppy disks

What is a Trojan horse program?

A type of program that is often confused with viruses is a 'Trojan horse' program. This is not a virus, but simply a program (often harmful) that pretends to be something else. For example, you might download what you think is a new game; but when you run it, it deletes files on your hard drive. Or the third time you start the game, the program E-mails your saved passwords to another person. Note: simply downloading a file to your computer won't activate a virus or Trojan horse; you have to execute the code in the file to trigger it. This could mean running a program file, or opening a Word/Excel document in a program (such as Word or Excel) that can execute any macros in the document.

Types of viruses

Boot viruses: These viruses infect floppy disk boot records or master boot records in hard disks. They replace the boot record program (which is responsible for loading the operating system in memory) copying it elsewhere on the disk or overwriting it. Boot viruses load into memory if the computer tries to read the disk while it is booting.

Examples: Form, Disk Killer, Michelangelo, and Stone virus

Program viruses: These infect executable program files, such as those with extensions like .BIN, .COM, .EXE, .OVL, .DRV (driver) and .SYS (device driver). These programs are loaded in memory during execution, taking the virus with them. The virus becomes active in memory, making copies of itself and infecting files on disk.

Examples: Sunday, Cascade

Multipartite viruses: A hybrid of Boot and Program viruses. They infect program files and when the infected program is executed, these viruses infect the boot record. When you boot the computer next time the virus from the boot record loads in memory and then starts infecting other program files on disk.

Examples: Invader, Flip, and Tequila

Stealth viruses: These viruses use certain techniques to avoid detection. They may either redirect the disk head to read another sector instead of the one in which they reside or they may alter the reading of the infected file’s size shown in the directory listing. For instance, the Whale virus adds 9216 bytes to an infected file; then the virus subtracts the same number of bytes (9216) from the size given in the directory.

Examples: Frodo, Joshi, Whale

Polymorphic viruses: A virus that can encrypt its code in different ways so that it appears differently in each infection. These viruses are more difficult to detect.The first polymorphic virus called "Chameleon" became known in the early '90s, but the problem with polymorphic viruses became really serious only a year after that, in April 1991, with the worldwide epidemic of the polymorphic virus "Tequila"

Examples: Involuntary, Stimulate, Cascade, Phoenix, Evil, Proud, Virus 101

Macro Viruses: A macro virus is a new type of computer virus that infects the macros within a document or template. When you open a word processing or spreadsheet document, the macro virus is activated and it infects the Normal template (Normal.dot)-a general purpose file that stores default document formatting settings. Every document you open refers to the Normal template, and hence gets infected with the macro virus. Since this virus attaches itself to documents, the infection can spread if such documents are opened on other computers.

Examples: DMV, Nuclear, Word Concept.


Number of posts : 5
Registration date : 2007-12-21

View user profile

Back to top Go down

Back to top

- Similar topics

Permissions in this forum:
You cannot reply to topics in this forum