VIRUS
Virus can be defined as the weakness of a system.. virus makes a system more vulnerable to the attacker. viruses are made to threaten the target system.Virus is a kind of malicious program which is used to harm the target system. When virus is executed into the target system, generally it replicates itself in many copies and infects the target system. A computer virus infects data files or program or information stored into the target system.
Some viruses are designed in such way that they utilize the disk space and make it unavailable resulting into fragmentation. Viruses may harm the system in many ways like stealing personal information, infecting the documents and data stored, stealing boot records and many other possibilities are there.
Viruses contain the property to install themselves without the permission of user. However, hiding property in viruses differs according to their work and use.. Virus writers mainly code the virus for destructive purposes, generally to exploit system and infect the data stored. Sometimes a virus can also be used for pranking and fun.
Viruses have tendency to change their nature by automatically modifying their source code and sometimes this gives an advantage to their virus. It generally hides itself using encryption or using alternate data streams
Generally a computer virus, first get executed into the system and then starts infecting the target system. Once it replicates and successfully infects the target system, it starts performing the attacks on the target system. Ultimate sum of a computer virus is to corrupt the system. A virus may corrupt the whole system and make in un-accessible.
Working of Virus
2. Once the virus is deployed into the system. it starts infecting the system. Infecting includes replicating the virus,hiding inside data and making system quite slower. Once the desire infection is done attacking virus moves to next phase.
3. Once system is infected and comes under control of the virus, it starts attacking on the target system. It makes the system slower and corrupts the data. Some viruses allow the attacker to gain remote access of the system. At last the private and personal information is under risk of being disclosed to the attacker.
4. A working of virus may vary according the intention of the developer. there are many viruses which are used to defeat the security and compromise companies and take over the data of business personals whereas some viruses are used for fun prank purposes and are quite harmless.
Reasons to create a virus
2. Rompromise : One of the main reason behind the creation of virus is to compromise and take over the target system. Mostly the virus is developed for offensive purpose instead of defensive purposes.
3. Fun : Some harmless viruses are developed for fun and entrainment purpose. These kinds of virus are generally used for pranking. Their effect is temporary and the system can be restored to its normal phase easily without having any loss of data.
4. Tracking : Viruses developed in the form of spyware or keyloggers are used to track the activities of a target system. these are used to record the activity and sending the record to the attacker.
Characteristic of a Virus attack
2. If a software application takes more time in executing than in general, sometimes viruses are bind with particular executable file and when target opens that time, firstly virus get executed and this slower the execution of original application.
3. Freezing or unresponsive of system is one of the main characteristic of the virus. Virus makes the system unresponsive and corrupts the system.
4. Unresponsive behaviour of hardware drivers like disk-drive or usb port may be a result of virus attack. Some viruses infect the hardware which is used in daily activities like usb port.
5. Data loss or sudden disappearance of files from the system is characteristic of virus attack.
6. Sometimes shortcut folder are created as sub folders in the main folder which is also represents virus attack.
7. Unresponsive bios and booting issues.
These are some commonly shown characteristic by each and every computer virus.
Threats from virus attack
I. EFFECTS ON SOFTWARE PART :
- Slows down the system.
- Unresponsive behaviour of application.
- Increased system usage.
- Delay in booting the system.
- Unwanted deletion of data.
- Unauthorized activities in the system.
II. EFFECTS ON HARDWARE PART :
- Sudden power cuts or due to high system usage there may be damage to the hardware
- Unwanted keystrokes and type errors or change keyboard layout.
- drivers like USB drivers etc. become unresponsive.
- Unwanted crash of usb drivers.
- Damage of data stored in removable media.
These are some of the main effects of the computer hardware.
LIFE CYCLE OF A VIRUS
The first phase is development of virus which can perform the desired tasks in the target system. For the development of self-controlled virus whose behaviour can be changed as per requirement, one should have sufficient knowledge of programming languages like assembly, bash, c++ etc.
There are some virus construction kits are also available, which can create a virus with the pre fixed features. Thousand varieties of viruses can be created using construction kits.
2. Development & Replication :
Once the virus is developed, the main challenge is to deploy it into the target system. Virus may be sent within an attachment or can be transferred with a file shared deployed into the system, it starts replicating itself.
A virus have tendency to replicate itself. It replicated itself until it completely spread and infects the target system.
3. Execution & Attack :
After the replication, the virus spreads in the target system and completely infects the target system without any prior knowledge to the target. Now with the specified classes, when users performs or starts something, it automatically activates into the system causing the unwanted behaviour of system.
Attacker virus performs specified attacks such as corrupting the data, freezing the system or system failure. This is the main phase where the work of the virus is done and system and information may get vanished.
4. Detection & Removal :
when the target notices about the unwanted activities and unresponsiveness, target starts detecting the root cause. By using anti-viruses or anti-thefts targets start hunting for the root cause and tries to get rid of it.
General purpose viruses are easily detected by the anti-viruses and can be removed easily but there are some encryption algorithm like jump or shikata encryption which encrypt the virus and hence make it undetectable. Anti-viruses detect viruses as threat or potential risk and removes them immediately. Antu-virus is pre-configured to detect viruses on the basis of file types, behaviour and program source code.
An anti-virus easily detects the pressure of some pre-configured viruses whereas it took time to detect modified virus. Anti-virus makes classification on the basis of the behaviour and souce code impact and detect the virus.
WORMS
A worm does not require any kind of human involvement whereas a virus need some form of human involvement. This is the special property of worm. Worms can be considered as special type of viruses. Worms have ability to replicate itself in the system but they are not able to attach themselves to target program.
Worms can be spread over the infected network without any human involvement whereas a virus is not able to do so.
Hence, there are few things which a virus can't do but a worm can but ultimately the worm is special kind of virus
Types of Computer Worms
Spread via email messages. Typically the worm will arrive as email, where the message body or attachment contains the worm code, but it may also link to code on an external website. Poor design aside, most email systems requires the user to explicitly open an attachment to activate the worm, but "social engineering" can often successfully be used to encourage this; as the author of the "Anna Kournikova" worm set out to prove.
Once activated the worm will send itself out using either local email systems (e.g. MS Outlook services, Windows MAPI functions), or directly using SMTP. The addresses it sends to are often harvested from the infected computers email system or files. Since Klez.E in 2002, worms using SMTP typically fake the sender's address, so recipients of email worms should assume that they are not sent by the person listed in the 'From' field of e-mail message (sender's address).
2. Instant Messaging Worms
The spreading used is via instant messaging applications by sending links to infected websites to everyone on the local contact list. The only difference between these and email worms is the way chosen to send the links.
3.IRC worms
Chat channels are the main target and the same infection/spreading method is used as above — sending infected files or links to infected websites. Infected file sending is less effective as the recipient needs to confirm receipt, save the file, and open it before the infection will take place.
4. File-sharing networks worms
File-sharing worms copies itself into a shared folder which is most likely located on the local machine. The worm will place a copy of itself in a shared folder under a harmless name. Now the worm is ready for download via the P2P network and spreading of the infected file will continue.
5. Internet worms Internet worms
Are those that target low level TCP/IP ports directly, rather than going via higher level protocols such as email or IRC. A classic example is "Blaster" which exploited a vulnerability in Microsoft's RPC. An infected machine aggressively scans random computers on both its local network and the public Internet attempting an exploit against port 135 which, if successful, spreads the worm to that machine.
Always use a good Anti-virus to protect yourself from various virus and malware attacks.
1 Comments