Computer Virus

Introduction





execute

Working Principal
,
. External Media
. From Network
. From Email, Internet
. From soft wares
.
.
.
Infection targets and replication techniques
Resident vs. non-resident viruses
A memory-resident virus (or simply "resident virus") installs itself as part of the operating system
when executed, after which it remains in RAM from the time the computer is booted up to when it
is shut down. Resident viruses overwrite interrupt handling code or other functions, and when the
operating system attempts to access the target file or disk sector, the virus code intercepts the
request and redirects the control flow to the replication module, infecting the target. In contrast,
a non-memory-resident virus (or "non-resident virus"), when executed, scans the disk for targets,
infects them, and then exits (i.e. it does not remain in memory after it is done executing)
Macro viruses
Many common applications, such as Microsoft Outlook and Microsoft Word, allow macro programs
to be embedded in documents or emails, so that the programs may be run automatically when
the document is opened. A macro virus (or "document virus") is a virus that is written in a macro
language, and embedded into these documents so that when users open the file, the virus code
is executed, and can infect the user's computer. This is one of the reasons that it is dangerous to
open unexpected attachments in e-mails
Boot sector viruses
Boot sector viruses specifically target the boot sector/Master Boot Record (MBR) of the host's
hard drive or removable storage media (flash drives, floppy disks, etc.).

 Stealth strategies
Self-modification
Encrypted viruses
One method of evading signature detection is to use simple encryption to encipher
the body of the virus, leaving only the encryption module and a
cryptographic key in cleartext.[37] In this case, the virus consists of a small
decrypting module and an encrypted copy of the virus code. If the virus is
encrypted with a different key for each infected file, the only part of the virus
that remains constant is the decrypting module
Polymorphic code
Polymorphic code was the first technique that posed a serious threat to virus
scanners. Just like regular encrypted viruses, a polymorphic virus infects files
with an encrypted copy of itself, which is decoded by a decryption module. In
the case of polymorphic viruses, however, this decryption module is also
modified on each infection. A well-written polymorphic virus therefore has no
parts which remain identical between infections, making it very difficult to
detect directly using signatures.[38][39] Antivirus software can detect it by
decrypting the viruses using an emulator, or by statistical pattern analysis of
the encrypted virus body. To enable polymorphic code, the virus has to have a
polymorphic engine (also called mutating engine or mutation engine)
somewhere in its encrypted body. See polymorphic code for technical detail on
how such engines operate


Adware
Malware
Spam viruses
Spyware
Computer Worms viruses
Trojan viruses

Adware
Adware, or advertising-supported
software, is any software package which
automatically renders advertisements in
order to generate revenue for its author. The
advertisements may be in the user interface
of the software or on a screen presented to
the user during the installation process. The
functions may be designed to analyze which
Internet sites the user visits and to present
advertising pertinent to the types of goods
or services featured there. The term is
sometimes used to refer to software that
displays unwanted advertisements.

Malware
Malware, short for malicious software, is
software used to disrupt computer
operation, gather sensitive information, or
gain access to private computer systems.[1]
It can appear in the form of code, scripts,
active content, and other software.[2]
'Malware' is a general term used to refer to
a variety of forms of hostile or intrusive
software.[3] In all countries it is a serious
criminal offence to create and distribute
malware, but it continues to be produced
for various reasons, such as demonstrating
a capability or making money.

Spam viruses
Electronic spamming is the use of electronic
messaging systems to send unsolicited bulk
messages (spam), especially advertising,
indiscriminately. While the most widely recognized
form of spam is e-mail spam, the term is applied to
similar abuses in other media:
instant messaging spam, Usenet newsgroup spam,
Web search engine spam, spam in blogs, wiki spam,
online classified ads spam,
mobile phone messaging spam, Internet forum spam,
junk fax transmissions, social networking spam,
social spam, television advertising and file sharing
spam. It is named for Spam, a luncheon meat, by
way of a Monty Python sketch in which Spam is
included in almost every dish.

Spyware
Spyware is software that aids in gathering information
about a person or organization without their knowledge
and that may send such information to another entity
without the consumer's consent, or that asserts control
over a computer without the consumer's knowledge. [1]
"Spyware" is mostly classified into four types: system
monitors, trojans, adware, and tracking cookies. [2]
Spyware is mostly used for the purposes such as;
tracking and storing internet users' movements on the
web; serving up pop-up ads to internet users.
Whenever spyware is used for malicious purposes, its
presence is typically hidden from the user and can be
difficult to detect. Some spyware, such as keyloggers,
may be installed by the owner of a shared, corporate, or
public computer intentionally in order to monitor users.

Computer Worms viruses

A computer worm is a standalone
malware computer program that replicates
itself in order to spread to other computers.
[1] Often, it uses a computer network to
spread itself, relying on security failures on
the target computer to access it. Unlike a
computer virus, it does not need to attach
itself to an existing program.[2] Worms
almost always cause at least some harm to
the network, even if only by consuming
bandwidth, whereas viruses almost always
corrupt or modify files on a targeted
computer.

Trojan viruses
A Trojan horse, or Trojan, is a hacking program that is a
non-self-replicating type of malware which gains privileged
access to the operating system while appearing to
perform a desirable function but instead drops a malicious
payload, often including a backdoor allowing unauthorized
access to the target's computer.[1] These backdoors tend
to be invisible to average users, but may cause the
computer to run slowly. Trojans do not attempt to inject
themselves into other files like a computer virus. Trojan
horses may steal information, or harm their host computer
systems.[2] Trojans may use drive-by downloads or install
via online games or internet-driven applications in order to
reach target computers. The term is derived from the
Trojan Horse story in Greek mythology because Trojan
horses employ a form of social engineering, presenting
themselves as harmless, useful gifts, in order to persuade
victims to install them on their computers.

Antivirus
Antivirus, anti-virus, or AV software is
computer software used to prevent, detect and
remove malicious computer viruses. Most software
described as antivirus also works against other types
of malware, such as malicious Browser Helper Objects
(BHOs), browser hijackers, ransomware, keyloggers,
backdoors, rootkits, trojan horses, worms, malicious
LSPs, dialers, fraudtools, adware and spyware.[1]
Computer security, including protection from social
engineering techniques, is commonly offered in
products and services of antivirus software
companies.[2] This page discusses the software used
for the prevention, detection, and removal of malware
threats, rather than computer security implemented
by software methods.

Virus Detection &

Prevention

1. Do not open any files attached to an email from an unknown, suspicious or untrustworthy source.
2. Do not open any files attached to an email unless you know what it is, even if it appears to come
from a
dear friend or someone you know. Some viruses can replicate themselves and spread through email.
Better be safe than sorry and confirm that they really sent it.
3. Delete chain emails and junk email. Do not forward or reply to any to them. These types of email are
considered spam, which is unsolicited, intrusive mail that clogs up the network.
4. Exercise caution when downloading files from the Internet. Ensure that the source is a legitimate and
a
reputable one. Verify that an anti-virus program checks the files on the download site. If you're
uncertain,
don't download the file at all.
5. Update your anti-virus software regularly. Thousands of viruses are discovered each month, so you'll
want to be protected.
6. Back up your files on a regular basis. If a virus destroys your files, at least you can replace them with
your back-up copy. You should store your backup copy in a separate location from your work files, one
that is preferably not on your computer.
7. When in doubt, always err on the side of caution and do not open, download, or execute any files or
email attachments. Not executing the files is especially important. Check with your product vendors for
updates which include those for your operating system web browser, and email. One example is the
security site section of Microsoft located at http://www.microsoft.com/security.

8. Stay away from Bit torrent sites. Some of the more popular ones include Limewire, BitTorrent,
Frostwire and Pirate Bay. These are heavily laden with viruses, malware and spyware. Downloading
material from these websites is one of the easiest ways to become infected. Its in your best interest to
just avoid these websites completely.
9. Be careful when searching on the internet, the links that come up from your search engine may contain a
virus. Never go to sites that sound suspicious.
10. Due to the popularity of the social networking websites such as MySpace, Facebook, and Twitter, virus
makers target them more than any other website. Online gaming and gambling websites also are high risk
websites. Its best to avoid these kinds of websites altogether.
11. If you happen to see a popup message when on the internet about being infected and to buy their
software to protect yourself, do not fall for it! Most of the time these messages are easy to see as they
tend to have bad grammar and spelling errors. Common names are XP Antivirus, Security Tools,
ThinkPoint, Security Shield, Win 7 Security 2011, and similar variations. If do see one of these popups, do
not click on them, immediately shut down your computer. If you click on any part of those
windows you will give the virus permission to install and bypass your antivirus program.
12. If you see any suspicious pop-ups appear on your screen, do not click on them. If you do, it is very
likely you will infect your computer. Instead use the following keyboard command, which will allow you to
close the pop-up, without having the click on it or infecting yourself. The keyboard command is ALT + F4.
If that fails, then shut down the computer.
13. If you are in doubt about any potential virus related situation you find yourself in, please do not hesitate
to contact us here at Computer Resources. Our phone number is 719-471-9066 and we will answer any
question you may have.

Virus On Network
"network viruses", which refer to those viruses spreading
through networks. Security attacks can come from both
viruses and hacking programs. A network virus makes use
of networking protocols and/or applications to spread. We
surveyed several hundreds of computer viruses and
classified them based on their spreading and infecting
mechanisms. Virus intelligence is introduced to describe the
various levels of implementing complexity and infecting
abilities of network viruses. Network viruses make uses of
system network mechanisms, search local and remote
system information, monitor network traffic, take advantage
of system and network vulnerabilities, and build network
connections. Intensive network hacking techniques could be
borrowed in network virus implementations and both
system and network vulnerabilities could be taken
advantage of. There are advantages to incorporate hacking
abilities into viruses over hacking directly.