File Viruses A File Virus example essay topic
Trojans. Worms. Conclusion... Diagrams Chris Ruc i ITM 280 Dr. Jeffries 14 Dec 2000 Computer Viruses Introduction If you buy a new computer these days, it's likely to be shipped with an anti-virus package. This fact, more than anything else, should convince us of how widespread viruses have become and how much the computer industry has come to accept their inevitability.
Just like its biological reference, computer virus acts like a biological virus, in which it first is infected into the body and then spread. Quite simply, viruses are a fact of computing life. What is a Computer Virus To be defined as a virus, a program must: + Replicate itself in order to carry out a mission + Be dependant on a host to carry out the mission + Create damage to the computer system infected. A computer virus is a piece of software that has been written to surreptitiously enter your computer system and "infect" your files.
Some viruses are benign and won't harm your system, while others are destructive and can damage or destroy your data. Typically a computer virus will replicate itself and try to infect as many files and systems as possible. If your system is infected, when you save a file to a disk you will probably infect the disk, and in turn whoever uses that disk will infect their system. As you can see, it's a vicious cycle, not unlike the viruses that plague us humans (Stewart). New computer viruses are being written all the time, and it' important to understand how your system can be exposed to them, and what you can do to protect your computer. How a Virus Infects Viruses work in different ways, but there is a basic process.
First, the virus appears on your system. It usually enters as part of an infected program file (COM, EXE, or boot sector). In the past viruses traveled almost exclusively through the distribution of infected floppy disks. Today, viruses are frequently downloaded from networks (including the Internet) as part of larger downloads, such as part of the setup files for a trial program, a macro for a specific program, or an attachment on an e-mail message. (Randall) The e-mail message itself cannot be a virus.
A virus is a program, and it must be run to become active. A virus delivered as an e-mail attachment does nothing until you run it. You run this kind of virus by launching the attachment, usually by double-clicking on it. One way to help protect you from this kind of virus is simply never to open attachments that are executable files (EXE or COM) or data files for programs, such as office suites, that provide macro-writing features. A graphics, sound, or other data file is safe (Randall).
A virus starts its life on your PC. It is hidden within another program or file and launches with that file. In an infected executable file, the virus has essentially modified the original program to point to the virus code and launch that code along with its own code. Typically, it jumps to the virus code, executes that code, and then jumps back to the original code. At this point the virus is active, and your system is infected. Once active, the virus either does its work immediately if it is a direct-action virus, or sits in the background as a memory-resident program, using the TSR (terminate and stay resident) procedure allowed by the operating system.
Most are of this second type and are called resident viruses (SARC 1). Given the vast range of activities allowed by TSR programs, everything from launching programs to backing up files and watching for keyboard or mouse activity (and much more), a resident virus can be programmed to do pretty much anything the operating system can do (SARC 1). Using a bomb, it can wait for events to trigger it, and then go to work on your system. One of the things it can do is scan your disk or (more significantly) your networked disks for other running (or executable) programs, then copy itself to those programs to infect them as well. History Of Viruses Traditional Computer Viruses were first widely seen in the late 1980's, and they came about because of several factors. The first factor was the spread of personal computers.
Prior to the 1980's, home computers were non-existent or they were toys. Real computers were rare and experts locked them away for use. During the 1980's, real computers started to spread to businesses and homes because of the popularity of the IBM PC (released in 1982) and the Apple Macintosh (released in 1984). By the late 1980's PCs were widespread in businesses, homes and college campuses (Slade). The second factor was the use of computer "bulletin boards". People could dial up a bulletin board with a modem and download programs of all types.
Games were extremely popular, and so were simple word processors, spreadsheets, etc. Bulletin boards led to the ancestor of the virus known as the Trojan horse. Trojan horses only hit a small number of people because they are discovered quickly. Either the bulletin board owner would erase the file from the system or people would send out messages to warn one another (Slade).
The third factor that led to the creation of viruses was the floppy disk. In the 1980's programs were small and you could fit the operating system, a word processor (plus several other programs) and some documents onto a floppy disk or two (Slade). Many computers did not have hard disks, so you would turn on your machine and it would load the operating system and everything else off of the floppy disk. Virus Types Virus authors are constantly experimenting with new ways to infect your system, but the actual types of virus remain few. These are boot, file, multi-partite, polymorphic viruses. There are different names for these types and some subtypes, but the idea remains the same.
File Viruses A File Virus is the most common kind of virus. These kinds of viruses usually infect. EXE and. COM files, which are the main component of a program or application.
A file virus can insert its own code into part of the file, so that when the infected program file is run, the virus is executed first. Most file viruses are memory resident. Because of this, they can easily attach themselves to other programs that are being run and start to infect that file. A simple virus will overwrite and destroy a host file, immediately letting the user know that there is a problem because the software will not run.
Because the computer immediately senses these viruses, they have a less chance to spread. More complex written viruses will cause more damage, spread easier, and are harder to be detected (SARC 1). An example of a file virus would be the Friday the 13th virus. This virus cases damage if the date matches Friday the 13th when the virus is executed. If so, then all the. EXE files will be deleted.
Boot Virus Boot sector viruses infect hard drives and floppy disks by putting itself on the boot sector of the disk, which has the code that is run at boot up. Booting up from an infected floppy, allows the virus to jump from the floppy to the hard drive. These viruses are loaded first, and gain control of the system before MS-DOS could be loaded. Since the virus is run before the operating system, it is not MS-DOS-specific and can infect any PC operating system. These viruses, stay in the RAM and infects every disk that is read by the computer until the computer is rebooted. After reboot the virus is removed from memory (Dr. Solomon 1).
The Michelangelo virus is an example of a Boot virus. On March 6, Michelangelo's birthday, this virus activates and writes garbage throughout the whole drive. Another Example would be the Anti-tel Virus. On the 400th system boot, displays the message "VIRUS ANTI TELEFONICA (BARCELONA) " and overwrites the first two hard disks with random data (Dr. Solomon 1).
Multi-Partite Multi-Partite Viruses are the worse of both file and boot sector viruses. They can infect the host software components. These viruses spread like a file virus, but still insert itself into a boot sector or partition table. Because of this, they are difficult to remove. An example of this type of virus is the Tequila virus. This virus displays a crude Mandelbrot (fractal) set on screen and prompts the user to execute.
It then displays a text message giving the name T. Tequila, a Swiss P.O. box number and the text 'Loving thoughts to L.I.N.D.A. BEER and TEQUILA forever!' (USDPC). Polymorphic Viruses Most of the viruses that exist today are Polymorphic. Recently a Mutation Engine was released. This software ensures that polymorphic viruses will only grow over the next few years (Dr. Solomon 2). Like the human AIDS virus, polymorphic viruses grows fast to escape detection by anti-virus programs.
Special encrypted code within this virus allows the virus to hide from detection. There are a limited number of kinds of polymorphic viruses. Because of this, they are easier to notice. An example of this type of virus would be the Win 32/Marburg Polymorphic virus.
This highly polymorphic virus infects Windows-95 executable files. When the infected file is run it searches for executable files to infect in the current directory, the Windows directory and the System directory. The virus does not go memory-resident - instead it is a direct action virus. The infected files always grow in size (Dr. Solomon 2). Virus Prevention There are a number of ways to provide useful protection.
Here are a few: Rule 1 Always make back up copies. Keep good backups (more than one) of everything you do not want to lose. This will not only protect you from serious damage caused by viruses, but is also necessary in the case of a serious hardware failure. Never boot a computer with a hard disk from a diskette because that is the only way the hard disk could become infected with a boot sector virus. Should you, by accident, have left a non-bootable diskette in drive A: when you turn the computer on, the message Not a system disk. may appear. If the diskette was infected with a virus, it will now be active, but may not have infected the hard disk yet.
If this happens, turn the computer off, or press the reset button. It is important to note that pressing Ctrl-Alt-Del will not be sufficient, as a few viruses can survive that. If the computer has no hard disk, but is booted from a diskette, you should always use the same diskette, and keep it write-protected. Rule 2 Keep all diskettes write-protected unless you need to write to them.
When you obtain new software on a diskette, write-protect the diskette before you make a backup copy of it. Be really careful regarding your sources of software. In general, shrink-wrapped commercial software should be "clean", but there have been a few documented cases of infected commercial software. Public Domain, Freeware and Shareware packages do not have to be any more dangerous - it all depends on the source. If you obtain software from a BBS, check what precautions the SysOp takes against viruses. If he does not screen the software made available for downloading, you should find another source.
Rule 3 Check all new software for infection before you run it for the first time. It is even advisable to use a couple of scanners from different manufacturers, as no single scanner is able to detect all viruses. Obtain Shareware, Freeware and Public-Domain software from the original author, if at all possible. Rule 4 Make sure u always run your anti-virus software on a timely basis. Also since there are so many viruses out there producing everyday, always update you anti-virus software for maximum results.
Virus Statistics The effects of computer viruses are very large, although some viruses can be deleted and information restored without too much damage, there still is a threat that is very large. The National Center for Computer Crime Data in Los Angeles estimates that American business have lost as much as $550 million from unauthorized access to computers yearly. The amount of lost time may be incalculable (USDPC). The Guinness World Book of Records recorded in May 2000 that the Melissa Virus was the worst spread virus ever.
This Virus infected over 3.1 million computers. This virus, after only 4 days of detection, mutated into 3 different generations (Guinness). Trojans These files are not viruses, but Trojan Horses. Trojan Horses are files that impersonate as helpful programs, but turn out to malicious code. Trojan Horses do not replicate (Coffee). Just recently there was a huge Virus spread.
This virus was the fastest virus spread ever. The virus was named Melissa. The Melissa virus spread so fast that causes servers to melt down. This virus came as an E-mail attachment with the subject line Here is the document you asked for. The document attached was the virus, which looks for an Outlook or Outlook Express address on your computer and sends a copy of the E-mail to everyone on the mailing list (MV).
Worms Computer worms are reproducing programs that run independently and travel across network connections. The main difference between viruses and worms is the method in which they reproduce and spread. A virus is dependent upon a host file or boot sector, and the transfer of files between machines to spread, while a worm can run completely independently and spread of its own will through network connections (Coffee). An example of a worm would be the Happy 99. exe worm alias Trojan. Happy 99 and I-Worm. Happy.
This is a worm program, not a virus. The program file is usually sent as an e-mail attachment or an article attachment. When executed, the program shows a fireworks display as it copies itself as SKA. EXE and extracts a DLL that it carries as SKA. DLL into the Windows System directory. It also modifies WSOCK 32.
DLL and copies it into WSOCK 32. SKA. This allows the worm routine to be triggered when a connect or send activity is detected. When such online activity occurs, the modified code loads the worm's SKA.
DLL. This DLL creates a new e-mail or a new article with UU ENCODED HAPPY 99. EXE inserted into the e-mail or article. It then sends this e-mail or posts this article (Qualls) Conclusion
Bibliography
1. Can ell, Michael. Science World, Computer Viruses, October 19, 1999 2.
Coffee, Peter, Eweek, Trojan Horse, Viruses, or Worm 3. Dr. Solomon 1, How Boot Sector Viruses Infect and Spread web 4. Dr. Solomon 2, The Future Impact Of Viruses, web 5. Guiness, Guinness World Book Of Records, 3.1 Million Computers Infected, May 1, 2000 6.
MV, web 7. Qualls, John, Business Economics, Viruses (or is it V ), October 1999.
8. Randall, Neil, PC Magazine, How Viruses Work 9. SARC, Symantec Antivirus Research Center, Computer Viruses-an Executive Brief 10. Slade, Robert M., History Of Computer Viruses, 1992.