Home: Internet » Web » Email » ISPs » DNS » Ecommerce » Search Engines » Browsers  
 
 

   » About Us
     
Computer Virus
Introduction

A computer virus is a computer program that is a potent threat to computer security. A computer virus attaches itself to a "healthy" computer file (body cell), typically modifies the file, and then replicates itself by inserting a copy of itself into another computer file. Computer viruses infect a host without the permission of the host. Therefore, a computer virus is defined by it's distinctive trait of self-replication and doing so without a host's consent. The term 'computer virus' was coined by Frederick Cohen in 1983, when he described a self replicating computer program. Computer viruses should not be confused with the term "gone viral": which describes how news is spread online.

The most common symptoms that indicate a computer has been infected with a virus are:

1. Files and data are corrupted or deleted.
2. The computer takes longer to load programs/applications.
3. Images on the screen are distorted and unusual images and text appears.
4. Unusual noises come from a keyboard, hard disk.
5. Hard disk operates excessively or is inaccessible.
6. Disk space and filenames change for no reason.
7. System tools such as Scandisk return incorrect values.

With at least one thousand types of computer virus, there is no standard way in which a virus attacks a host. Some viruses will attack how a computer's CPU, others will effect a hard disk, and some viruses will attack a computers boot sector. Generally speaking, the motive and aim of a virus will facilitate one of the following:

1. Steal data, be it personal, research or governmental data.
2. Disrupt or destroy the performance of a computer system.
3. Remotely control a computer to spam or attack other computer systems.
4. Highlight a security flaw to software developers.
5. To promote an 'idea' by leaving a message or ongoing message.
6. To satisfy personal ambition or amusement.

A virus may be defined as malware, and may install the following: adware, dialer, spyware, trojan horse and worm.

Types of Virus

A program is defined as a virus by it's ability to replicate itself, but in order to replicate a virus must be able to execute itself and write itself to computer memory. In order to execute itself, a virus normally has to exploit vulnerabilities in software programs. A virus may try to circumvent security features by attaching itself to a legitimate executable file. Viruses are usually defined into one of these broad categories:

  • Polymorphic Viruses
    • Polymorphic viruses are an encrypted virus that hides itself from anti-virus through encrypted (scrambled) data and then decrypts itself to beable to spread through the computer (sometimes through a back door). The thing that makes it hard for anti-virus software to detect polymorphic viruses is that the virus generates an entirely new decryption routine each time it infects a new executable file, making the virus signature different and difficult to detect.
  • Stealth Viruses
    • Stealth viruses hide the modifications made to files and boot records by modifying and forging the results of the boot sector functions. Therefore, programs believe they are reading the original file and not the modified file. A good anti-virus software will probably detect a stealth virus due to the fact that a stealth virus attempts to hide itself in memory when a anti-virus software is launched.
  • Slow Viruses
    • Slow viruses are difficult to detect due to the fact it only modifies and infects files when they have been modified or copied. Therefore, the original file will not be infected, it will be the copy of the file. A good way to protect yourself against slow viruses is by using an integrity checker or shell.
  • Retro Viruses
    • Retro viruses attack the anti-virus software designed to delete it. The retro virus usually attempts to attack the anti-virus data files such as the virus signature store which disables the ability of the anti-virus software to detect and delete viruses. Otherwise the retro virus attempts to alter the operation of the anti-virus software.
  • Multipartite Viruses
    • A Multipartite virus attempts to attack and infect both the boot sector and executable files at the same time.
  • Armored Viruses
    • Armored viruses attempt to protect itself from anti-virus software by trying to make anti-virus software believe it is located somewhere else. Therefore the Armored virus has made itself more difficult to trace, disassemble and understand.
  • Companion Viruses
    • Companion viruses create a companion file for each executable file the virus infects. Therefore, a companion virus may save itself as scandisk.com and everytime a user executes scandisk.exe, the computer will load scandisk.com and therefore infect the system.
  • Phage Viruses
    • Phage viruses are very destructive: they re-write a executable program with it's own code, rather than just attaching itself to a file. Therefore, a Phage virus will usually attempt to delete or destroy every program it infects.
  • Revisiting Viruses
    • Revisiting viruses are a worm virus, and attempt to copy itself within the computers memory and then copy itself to another linked computer using TCP/IP protocols. The Morris Worm virus in the late 1980's was the first major virus threat to hit the Internet. Could be viewed as a "brute force" virus.

Infection and Protection

Infection

How does a computer become infected with a virus? in the past the majority of computers were standalone computers which were not connected to a network (such as the Internet). Therefore, for the majority of computers, it was difficult for viruses to find a way to infect them. The first ever virus (Creeper) was spread across a computer network. In the past, viruses were mostly spread by removable media like floppy disk and CD's. Pirate software was stored on floppy disk and CD's: the ideal place to install a virus.

However, it is fair to say that during that era - 1970's and 1980's - virus creation was a "cottage industry" and a hobby of software writers. Only by the late 1980's and early 1990's did computer users slowly begin to use computers networks - like the Internet - on a daily basis. Computer networks provide far more opportunities for virus infection, and far more opportunities to steal important private information like financial details.

The popularity of the Internet, and the services provided by the Internet, has given virus writers many "vehicles" by which to spread their work. Email attachments are a common route by which a computer can become infected by a virus. The World Wide Web is another prominent Internet service where users can become infected with a virus: a growing number of websites have been unwittingly comprised, and viruses embedded into their content: for example, infected ActiveX elements.

It is difficult to classify how a virus infects a computer system: some viruses will infect executable files (.exe); some viruses will infect the hard disk boot sector; and other viruses will infect data files (wordprocessor files). Likewise, some viruses will reside in the memory (ram) of a computer system, whereas other viruses will only remain in the memory (ram) of a computer system until it has found a file to infect. Viruses also attempt to hide themselves from anti-virus detection, some basic stealth strategies are: not increasing the size of the file, and, ensuring the modification date of the file remains the same.

Protection

So, how does a user protect their computer system against a virus? the first step is to install an anti-virus program. When a virus attaches itself to a file or program, and modifies that file it leaves a signature. Anti-virus software scans each file to detect the signature of a virus; therefore, anti-virus software is good for detecting virus signature's it knows, but has no protection against viruses it does not know, or for new viruses. Therefore, it is important to install the latest update for an anti-virus program: so that it's database of virus signature's is as extensive as possible. To recap, a user should try to:

  1. Install anti-virus software to quarantine and remove any viruses.
  2. Keep anti-virus software up-to-date.
  3. Install a personal firewall.
  4. Use Windows / Apple / Linux updates. (patch security holes)
  5. Install the latest version of a web browser. (patch security holes)
  6. Keep any program which connects to the Internet up-to-date. (patch security holes)

How a user operates their computer will also dictate the likelihood of their computer being infected with a virus. If a user does not connect to computer networks - like the Internet - and only installs software from trusted software vendors: then the likelihood of being infected by a virus is virtually nonexistent. If a user only uses Internet services they have verified can be trusted, then the likelihood of downloading a file which contains a virus is low. However, if a user visits websites they have not verified are secure, they download files from unknown sources, and install questionable plugins and programs: then the likelihood of being infected by a virus are increased exponentially.

Viruses and Operating Systems

The vast majority of viruses tend to attack vulnerabilities in the Windows operating system: as it's the most widely used platform. The first virus which attacked the Windows operating system is believed to be WinVir (Windows 3.0). Security experts are usually in agreement that other operating systems - Unix, Linux and MacOS - are more secure than Windows and have a more robust and standarised environment. However, it may be the case that the vulnerabilities in these operating system have not been explored because virus writers are primarily focused on writing viruses to infect the Windows operating system.

Computer viruses have an extensive history, and it is believed that John von Neumann first outlined a theory for computer viruses in an article named "The theory of self-reproducing automata" in 1949. The first computer virus is believed to be Creeper, which was released in 1971. The Creeper virus infected ARPANET; which was one of the first computer networks to use packet switching and the first computer network to use TCP/IP. The technological underpinning of ARPANET is used on the Internet (TCP/IP). ARPANET was a computer network which connected nodes (computers) using a variety of operating systems. The Creeper virus tended to attack ARPANET nodes which used the TENEX, TOPS-20, TOPS-10, ITS and WAITS operating systems.

The Unix operating system was infected in 1988 by the first computer worm; a worm is similar to a virus. The Morris worm infected computers that ran the BSD UNIX operating system; Berkeley Software Distribution of Unix, also referred to as Berkeley Unix. During 1988, the Ping-Pong virus infected computers running the MS-DOS operating system, and the Festering Hate virus infected computers running the ProDOS operating system (Apple version of DOS). However, by the 1990's, and the release of Windows, the majority of viruses infected computers running Windows; one such example being the Happy99 virus.

In 2004, out of all the viruses identified by McAfee, only a handful targeted the Macintosh platform. However, there has been some notable viruses which have attacked the Macintosh platform, such as: INIT-29-B and Hypercard HC-9507. One of the first viruses to target an Apple operating system was Elk Cloner, which was created by Richard Skrenta in 1982. The most famous Apple Macintosh virus/worm is AutoStart - which originated in Asia in 1998. AutoStart was first identified on Hong Kong computer systems, and then spread across global computer systems. AutoStart used QuickTime's AutoStart function, and infected any PowerPC system that ran MacOS. The AutoStart virus added invisible files to every disk partition and also overwrote data files with random data. The fallout caused by the AutoStart virus led to John Norstad shutting down Disinfectant: a shareware program, which was a popular alternative to commercial anti-virus packages.

Therefore, while viruses tend to focus on security "holes" within the Windows operating system, it should not be assumed that other operating systems are immune to viruses.

 


Terms and Conditions - Contact Us - Disclaimer - Privacy Policy
Copyright © 2002-2017 Internet-Guide.co.uk