Digital Virus
Author: Vinodh Senthil.T
Monday, 02 February 2004, 17:12 GMT
Reader Comments | Add your opinion
A Virus is a basically a piece of code that is programmed by a Advanced User who makes a executable file that is designed to infect documents, it is known for copying itself to various locations of the system and also to avoid its presence. To avoid detected, the virus embeds itself or can be other way said as it disguises itself to other regular program.
Generally viruses are designed to corrupt or delete data on the Hard disk & other external storage devices however there are some viruses programmed that do not do any destructive working. Generally the hard disk system that are attacked with easy are FAT (File Allocation Table, 16 bit), FAT-32 (yeah, This symbolizes the 32 bit systems) and the NTFS (New technology File System), however there are good programmers who even code viruses for Mac, apple and *nix Systems.
Types of Viruses:
- Boot Sector Viruses
- File Viruses
- Multipartite Viruses
- Stealth Viruses
- Polymorphic Viruses
- Macro Viruses
- Batch File Viruses
Boot Sector Viruses
Boot Sector viruses can be easily created without any difficulty, they infect the master boot record (MBR) of the storage devices like Hard Disk or the Floppy. Master boot record (MBR) is the boot record that is situated in the first sector of a Floppy or the Hard disk that describes the disk type, sector, partition table, cluster size and file system of the device. The boot record is responsible for all the booting operations of the Operating system. The work of this Boot Sector virus is that it alters, edits or replaces itself to the Boot record. It boots up when the computer accesses the infected floppy in the boot up process .Once the system is affected the virus loads itself into the RAM or the memory and starts to infect the other files.
File Viruses
Nowadays, Most of the files downloaded from undedicated websites are viruses in disguise when executed they run behind the program, which acts like a skin showing a soft appearance with thorns underneath .They generally affect the file with extensions DRV, SYS, EXE, COM and BIN. These viruses start replicating as soon as they are loaded into the memory. File viruses destroy or affect the file that are currently used by the system, therefore on Elimination or Removal of such viruses manually or with some anti-virus scanners removes the Virus but still the files that got corrupted by them are left as it is, so they need to be Re-Installed or Repaired. Nowadays, most of the files are embedded with powerful and difficult to detect Trojan Horses.
Multipartite Viruses
These are a different type of virus that can be other way described as a mixture of both Boot Sector Viruses and the File viruses. Therefore they infect both the Files as well as the master boot record, they are generally very hard to detect and difficult to remove. The peculiar feature of these viruses are that they do not stop infecting once the boot sector is infected. They load into the memory and start infecting the other program files too. They infect program files and when the infected program is run they start infecting the master boot record too.
Stealth Viruses
They are viruses that are programmed with the ultimate aim that the are to be hidden and are stealthy to avoid detection however there are efficient anti-virus scanners available nowadays that can even detect them. They are programmed with the idea behind the concept like , They redirect the disk header to point some other sector instead of the original sector that is to be read. some of the prominent viruses in this cases Disguises the increase in the length of the infected file and display the original length. They are generally difficult to detect. Stealth viruses also are nowadays embedded with Trojan horses by hackers to trace all the activities of the victim users.
Polymorphic Viruses
They can be declared as the most difficult to detect viruses. The Working of Anti-Virus Scanners are that they search for a particular piece of code in the affected file and tries to match them with the database of various virus codes and identify the virus. The database maintained by these Anti-virus Scanners are called as Virus Signatures. But in this case of polymorphic viruses they are very difficult to be detected because of the intelligent idea of the virus programmer with the idea of changing the code in the infected file every time they are started, therefore generally the size of these viruses or the files that are affected with these viruses are large. There are new viruses that are developed almost daily, therefore to be a step ahead of these we need to have the updates of virus signatures that are provided by the Anti-Virus companies , they also provide a easy type of updater called Automatic updater which synchronizes with the database of them without our knowledge. These viruses create a new unique encryptic code, which is developed due to a new unique algorithm.
Macro Viruses
Before we go into this we need to know about a Macro. Macros allow a particular task to be performed by the user again and again, in other words they can be described as a set of automated instructions which helps the user to be more faster and easier. Macros are not related with the buffer memory of the systems. Generally, Macro Viruses are Visual Basic Application codes that embeds with the regular code, these viruses include many event handlers of VB, once they are compiled they cause the harm that is programmed in. The main reason of polymorphic viruses are difficult to detect is that they use a idea called check sum, that is the file size of the files are compared before and after they are infected, and if the size of the files are equal they are left or else they are scanned with the virus signatures from the database. Therefore they escape from the vision of Anti-Virus scanners that use the idea of check summing. So nowadays , the famous Anti-Virus Companies use a idea called Heuristics. The idea behind these type of scanners are that they scan the system for both the codes and the behavior of the viruses that we discussed, the negative point about this type of scanning is that it detects some regular good working programs also to be viruses.
Batch File Viruses
These are generally the easiest way of creating viruses, this method of creation of viruses is that the user needs to have the idea of DOS commands and the use of those commands. Generally, commands are written and are executed from the terminal mode to do some desired operations , the same set of commands are written in a sequence line after the other in any text editor and are saved with .bat extensions, And once the batch file is executed the set of commands stored are executed one after the other. we have to know that the terminals are more powerful than GUI based systems because anything could be done till the interior of the system including networking. Even assembly programming could be written in a .bat file using the debug tool of DOS. We also can edit the windows registry values from DOS. In addition to it any kind of system registers can be modified from DOS.
Any Suggestions or Comments, feel free to mail me at:
 Add IT Observer Reviews to your
RSS newsreader or
Reader Comments:
No comments. Post your comment here
|
|
