COMPUTER VIRUS

COMPUTER VIRUS

      I belief every computer user know about Virus I guess 60% of computer users has being infected with it causing problems to our computer, the main problem is that many computer users don’t know exactly what they mean about Virus. That is why I decided to explain what viruses and are all about.

Meaning of Virus:

“A virus is a computer program that can replicate itself and spread from one computer to another and interfere with computer operations.” This means that the virus multiplies on a computer by making copies of itself. This replication is intentional; it is the part of the computer program. In most cases, if a file consists of a computer virus is executed or copied onto another computer, then that computer will also be “infected” by the same virus. Viruses will cause you a range of damage, from the very mild to the entire loss of your computer data.

Types of virus:

Not all viruses behave, replicate, or inject the same way. There are several different categories of viruses and malware. Below I will like to list and discuss the most common types of computer viruses.

Trojan Horse: A Trojan horse program has the appearance of having a useful and desired function. While it may advertise its activity after lunching, this information is not apparent to the user beforehand. Secretly the program performs other, undesired functions. A Trojan Horse neither replicates nor copies itself, but causes damage or compromise the security of the computer. A Trojan Horse must sent by someone or carried by another program and may arrive in the form of a joke program or software of some sort. The malicious functionality of a Trojan Horse may be anything undesirable for a computer user including data destruction or compromising a system by providing a means for a computer to gain access, thus bypassing normal access controls.

Worms: A worm is a program that makes and facilitates the distribution of copies of itself; for example, from one disk drive to another, or by copying it self using e-mail or another transport mechanism. The may do damage and compromise the security of the computer. It may arrive using via exploitation of system vulnerability or by clicking on an infected e-mail.

Boot sector Virus: A virus which attaches itself to the first part of the disk that is read by the computer upon boot up. These are normally spread by floppy disks.

Macro Virus: Macro viruses are viruses that use another application’s macro programming language to distribute themselves. They infect document such as MS Word and MS Excel and are typically spread to other similar documents.

Memory Resident Viruses: Memory resident Viruses reside in a computers volatile memory (RAM). They initiated from a Virus which runs on the computer and they stay in memory after its initiated program closes.

Rootkit Virus: A rootkit is an undetectable virus which attempts to allow someone to gain control of a computer system. The term rootkit comes from the Linux administrator root user. These Virus are usually installed by Trojans and are normally disguised as operating system file.

Polymorphic Viruses: A Polymorphic Virus not only replicate itself by creating multiples files of itself, but it also changes its digital signature every time it replicates. These makes it difficult for less sophisticated Anti-Virus software to detect it.

Logic Bombs/Time Bombs: These are Virus which are programmed to initiate at a specific date or when a specific event occurs. Some examples are Viruses which “deletes your photos on Halloween” or a virus which delete a database table if a certain employee get fired.

Multipartite Virus: These virus spread in multiple ways possible. It may vary in its action depending upon the operating system installed and presence of certain files.

FAT Virus: The file allocation table (FAT) is the part of the disk used to store all the information about the location files, available space, unusable space, etc

Directory Virus: Directory Virus also called(Cluster Virus/File System Virus) infect the directory of your computer by changing the path that indicates the location of a file with an extension .EXE or .COM that has been infected by a Virus, you are unknowingly running the virus program, while the original file and program is previously moved by the Virus. “Once infected it becomes impossible to locate the original files.

EXAMPLES OF VIRUS

   C-Brain: Amjad and Basit, two Pakistani brothers, developed this software in January 1986 to discourage people from buying illegal software at throw away prices.

 Macmag: This virus attack Macintosh computers only.

Jerusalem: Found in 1987 at Hebrew University, Jerusalem, this virus was design to activate only on Friday, January 13 and delete all the files executed on that day.

Cascade: This Virus attacked IBM PCs and compatibles

 Bomb: Is also known as “Logic Bomb” and “Time bomb”. An event triggered routine in a program that causes a program to crash is called “bomb”. Generally, “bomb” is a software inserted in a program by a person working in a company.

  Trojan.Lodear: A Trojan Horse that attempts to download remote files. It will inject a .dll file into the EXPLORER .EXE causing system instability.

Backdoor.Zagaban: A Trojan Horse that allows the compromised computer to be used as a covert proxy and which may degrade network performance.

W32/Zafi-B: A peer-to-peer (P2P) and email worm that will copy itself to the windows system folder as a randomly named .EXE file. This worm will test for the presence of an internet connection by attempting to connect to www.google.com or www.microsoft.com

W32/Mytob-AS, Mytob-BE, Mytob-C and Mytob-ER: This family of worm variations possesses similar characteristics in terms of what they can do. They are mass-mailing worms with backdoor functionality that can be control through the Internet Relay Chat (IRC) network. Additionally, they can spread through email and various operating system vulnerabilities such as the LSASS(MS04-011).

 W32/Netsky-D: A mass-mailing worm with IRC backdoor functionality which can also infect computers vulnerable to the LSASS (MS04-011) expoilt