VIRUS

“VIRUS (VITAL INFORMATION RESOURCES UNDER SEIZE)”

A virus is a computer program that executes when an infected program is executed. Therefore only executable files can be infected. On MS-DOS systems, these files usually have the extensions .EXE, .COM, .BAT or .SYS another class of files called overlay files can also be infected. These files often have the extension .OVL, although other extensions such as .OV1 are sometimes used. By definition, a virus infects other programs with copies of itself. It has the ability to clone itself, so that it can multiply, constantly seeking new host environments. The most harmless viruses do only that, simply replicating and spreading to new systems. Or the virus program may damage other programs and/or alter data, perhaps self-destructing when done. The only evidence viruses like this leave is the destruction they have inflicted on the infected system. This makes it very difficult to develop defenses against the virus.

Virus programs, like the infectious microorganisms that are their namesakes, are often small. Only a few lines of program code are required to write a simple virus. The implication is clear: viruses can be easily hidden in healthy software and therefore prove very difficult to find. Viruses can infect any computer, from a small laptop to a multi-million dollar mainframe. Anyone who owns a personal computer can create a virus program.

definition of computer virus, protection

Figure: Virus

This means virus development tools are widely available. Once written, a virus can be transmitted over telephone lines or distributed on infected disks to other systems, where it can reproduce in microseconds to damage the biggest systems thousands of miles away. These two facts make it virtually impossible to trace any virus back to the person who originally wrote it.

“Virus always needs a trigger to execute itself and after execution they leave the memory part.”

Computer viruses may be benign and result only in amusement or slight annoyance. The best known examples of such a virus are some versions of the  Stoned‘ virus which simply write ―Your computer is stoned on the monitor. Other viruses are more malignant and malicious, destroying or altering data. Once a virus is active in a host computer, the infection can spread rapidly throughout a network to other systems. A virus may attach itself to other programs and hide in them. Or it may infiltrate the computer‘s operating system. All computer operating systems, (for example, MS- and PC- DOS, UNIX and Macintosh OS) are vulnerable, some more than others.

Viruses enter computer systems from an external software source. Just as flowers are attractive to the bees that pollinate them, virus host programs are deliberately made attractive to victims. Often the attraction will be a new game made available for downloading from a computer bulletin board. Or it may be disguised as an executable file attached to an electronic mail message from a friend or
business associate.

Viruses can become destructive as soon as they enter a system, or they can be programmed to lie dormant until activated by a trigger. This trigger may be a predetermined date or time. The well- known Michelangelo virus, for example, has a trigger set for Michelangelo‘s birthday (March 6). Another type of triggering mechanism watches for a specific, common sequence of keystrokes. For example, some older viruses were set to go off when  123‘ was typed. Since many systems used that sequence to start Lotus 1-2-3, any infected computer on which Lotus was regularly used was likely to have trouble with this virus. And it can be even worse. Even if a contaminated system appears to have been disinfected, there is a pernicious form of virus that can reappear to create fresh problems.

TYPES OF VIRUS-

  • Boot Sector Viruses

Boot sector viruses are those that infect the boot sector(or master boot record) on a computer system. They first move or overwrite the original boot code, replacing it with infected boot code. They will then move the original boot sector information to another sector on the disk, marking that sector as a bad spot on the disk so it will not be used in the future. Boot sector viruses can be very difficult to detect since the boot sector is the first thing loaded when a computer is starts. In effect, the virus takes full control of the infected computer.

About three out of every four virus infections reported are boot sector viruses. The only way that a system can become infected with a boot sector virus is to boot using an infected floppy disk. This is most commonly done when a user leaves a floppy disk in a drive and reboots the system(with the drive door closed). Good anti-virus software will look for an infected floppy disk when a user boots from the floppy drive and before the boot strap is loaded.

  • Polymorphic viruses

Polymorphic viruses change their appearance with each infection. Such encrypted viruses are usually difficult to detect because they are better at hiding themselves from anti-virus software. That is the purpose of the encryption. Polymorphic viruses take encryption a step further by altering the encryption algorithm with each new infection. Some polymorphic viruses can assume over two billion different guises. This means anti-virus software products must perform algorithmic scanning, as opposed to standard string- based scanning techniques that can find simpler viruses.

  • Stealth viruses

Stealth viruses attempt to hide from both the operating system and anti-virus software. To do this, they must stay in memory so they can intercept all attempts to use the operating system (system calls). The virus can hide changes it makes to file sizes, directory structures, and/or other operating system aspects. Since part of the virus is memory resident, there will be less memory available to users. The virus must hide this fact as well as from both users and anti-virus software. Stealth  vruses must be detected while they are in memory. Once found, they must be disabled in memory before the disk-based components can be corrected.

  • Multi-partite viruses

Multi-partite viruses are those that infect both boot sectors and executable files. They are the worst viruses of all because they can combine some or all of the stealth techniques, along with polymorphism to prevent detection.

  • Macro Virus.

    Appearing in the form of a word document which seemingly links the user to pornographic websites, Melissa is one of the most known Micro Virus. Going one step further, this virus not only exploits the user but also his/her friends by mailing the copies of the infected virus document to the contact list.

  • File Infector Virus.

    Although the word “file” in its name might suggest otherwise, this virus does not take the help of files every time. In fact, the file is only the starting point as the file infector dwarfs the first file after which it re-writes the file.

  •  Polymorphic Virus.

    One of the factors that epitomize the usefulness of this virus is its ability to evade. The Antivirus programs that are enabled on our computers detect the presence of any virus by detecting its code.

    Polymorphic virus has exploited this limitation beautifully as it changes its code every time the infected file is executed. Thus, it becomes nearly impossible for any ordinary antivirus to track it down.

  •  Direct Action Virus.

    Similar to the Vienna virus which shocked computers in 1998, this virus comes into action after you have executed the file. The load is delivered to your computer and the virus becomes active.

    However, this virus has a limitation. It takes no action unless the file which is infected gets implemented again.

  •  Resident Virus.

    After inserting itself directing into the memory of your system, this virus has the capability to take a number of actions. One of its more troublesome features is its ability to run away. Leaving behind the file which was originally infected, this virus has the ability to run on its own.

  •  Web Scripting Virus.

    Similar to the hyperlinks that we used in Microsoft Word, many websites rest on codes to provide engaging content to their users. For example, since the trends of watching videos online have now become very popular – more than 2 Billion Videos are streamed on Facebook every day, these videos also execute a specific code.

    These codes can be exploited and it is very troublesome to note that this exploitation has taken place on some very notable sites. All the hackers have to do it to leave a comment in the Comments Section of the website which contains that code. Thus, even without the Webmaster knowing it, the code gets exerted into the site.

     

     HOW VIRUSES SPREAD-

Here are four common scenarios that spread viruses:

  • A user brings a game to work that his child downloaded from a local computer BBS. Without thinking, the user runs the game on the company network to show fellow workers how cool it is. Unbeknownst to this user, the game program was infected with a virus. Now the entire company network is infected, too.
  • Software purchased from a retailer in shrink wrap is infected because the store re-wrapped some returned software without checking the disks for viruses. Unfortunately, the original buyer had tried the software out on an infected machine.
  • An instructor distributes disks to students so they can complete a class assignment. One student decides to do his homework in the office at night. Unfortunately, the instructor was not vigilant and distributed infected disks to the entire class.
  • A friend gives you a disk so you can try out a new graphics program. The infection on your friend‘s machine spreads to yours when you run the program for the first time. (The nifty graphics available don‘t quite compensate for the three weeks you spend reconstructing your lost data files.)