What is computer virus
What is computer virus
1. What is
computer virus?
A virus is a piece of software
designed and written to adversely affect your computer by altering the way it
works without your knowledge or permission. In more technical terms, a virus is
a segment of program code that implants itself to one of your executable files
and spreads systematically from one file to another. Computer viruses do not
spontaneously generate: They must be written and have a specific purpose.
Usually a virus
has two distinct functions:
· Spreads itself from one file to
another without your input or knowledge. Technically, this is known as self-replication and
propagation.
· Implements the symptom or damage
planned by the perpetrator. This could include erasing a disk, corrupting your
programs or just creating havoc on your computer. Technically, this is known as
the virus payload, which can be benign or malignant at the whim of the virus
creator.
A benign virus is one that is
designed to do no real damage to your computer. For example, a virus that
conceals itself until some predetermined date or time and then does nothing
more than display some sort of message is considered benign.
A malignant virus is one that
attempts to inflict malicious damage to your computer, although the damage may
not be intentional. There are a significant number of viruses that cause damage
due to poor programming and outright bugs in the viral code. A malicious virus
might alter one or more of your programs so that it does not work, as it
should. The infected program might terminate abnormally, write incorrect
information into your documents. Or, the virus might alter the directory information
on one of your system area. This might prevent the partition from mounting, or
you might not be able to launch one or more programs, or programs might not be
able to locate the documents you want to open.
Some of the viruses identified are
benign; however, a high percentage of them are very malignant. Some of the more
malignant viruses will erase your entire hard disk, or delete files.
Some viruses are
programmed specifically to damage the data on your computer by corrupting
programs, deleting files, or erasing your entire hard disk. Many of the
currently known Macintosh viruses are not designed to do any damage. However,
because of bugs (programming errors) within the virus, an infected system may
behave erratically.
What Viruses Don't Do
Computer viruses don't
infect files on write-protected disks and don't infect documents, except in the
case of Word macro viruses, which infect only documents and templates written
in Word 6.0 or higher. They don't infect compressed files either. However,
applications within a compressed file could have been infected before they were
compressed. Viruses also don't infect computer hardware, such as monitors or
computer chips; they only infect software.
In addition, Macintosh viruses don't
infect DOS-based computer software and vice versa. For example, the infamous
Michelangelo virus does not infect Macintosh applications. Again, exceptions to
this rule are the Word and Excel macro viruses, which infect spreadsheets,
documents and templates, which can be opened by either Windows or Macintosh
computers.
Finally, viruses don't necessarily
let you know that they are there - even after they do something destructive. [1]
2. Types of Computer Viruses
Nowadays number of
viruses is about 55000. It increases constantly. New unknown types of viruses
appear. To classify them becomes more and more difficult. In common they can be
divided by three basic signs: a place of situating, used operation system and
work algorithms. For example according these three classifications virus Chernobyl can be classified as file infector and resident Windows virus. Further it will
be explained what it means.
2.1 A place of existence
2.1.1File Infectors
These are viruses that
attach themselves to (or replace) .COM and .EXE files, although in some cases
they can infect files with extensions .SYS, .DRV, .BIN, .OVL and .OVY. With
this type of virus, uninfected programs usually become infected when they are
executed with the virus in memory. In other cases they are infected when they
are opened (such as using the DOS DIR command) or the virus simply infects all
of the files in the directory is run from (a direct infector).
There are three groups of
file infectors.
Viruses of the first group are called overwriting viruses
because they overwrite their code into infected file erasing contents. But
these viruses are primitive and they can be found very quickly.
Other group is called parasitic or cavity
viruses. Infected file is capable of work fully or partly but contents of last
one are changed. Viruses can copy itself into begin, middle or end of a file.
They record their code in data known not to be used.
Third group is called companion viruses. They
don’t change files. They make double of infected file so when infected file is
being started a double file becomes managing, it means virus. For example
companion viruses working with DOS use that DOS firstly runs COM. file and
after if this file is not found runs EXE. file. Viruses make double file with a
same name and with extension COM and copies itself in this file. During start
of infected file DOS runs a COM. file with a virus firstly and then a virus
starts an EXE. file.
Sometime companion
viruses rename file will be infected and record their code in a double file
with old name. For example the file XCOPY.EXE is renamed into XCOPY.EXD and
virus record itself in file XCOPY.EXE. When this file is started computer runs
a virus code firstly and after virus starts original XCOPY, saved as XCOPY.EXD.
Viruses like this were found not only in DOS. They were found in Windows and
OS/2.
It is not only one way to
make double files. For example there is subgroup of companion viruses called path-companion
viruses. They use special feature of DOS - PATH: hierarchical record of file
location. Virus copies itself in file with the same name but situated one level
higher. In this case DOS will find file with virus. [2]
2.1.2Boot viruses
Boot Sector Infectors
Every logical drive, both
hard disk and floppy, contains a boot sector. This is true even of disks that
are not bootable. This boot sector contains specific information relating to
the formatting of the disk, the data stored there and also contains a small
program called the boot program (which loads the DOS system files). The boot
program displays the familiar "Non-system Disk or Disk Error" message
if the DOS system files are not present. It is also the program that gets
infected by viruses. You get a boot sector virus by leaving an infected
diskette in a drive and rebooting the machine. When the boot sector program is
read and executed, the virus goes into memory and infects your hard drive.
Remember, because every disk has a boot sector, it is possible (and common) to
infect a machine from a data disk. NOTE: Both floppy diskettes and hard drives
contain boot sectors.
Master Boot Record Infectors
The first physical sector
of every hard disk (Side Ш,
Track Ш, Sector 1) contains the disk's
Master Boot Record and Partition Table. The Master Boot Record has a small
program within it called the Master Boot Program, which looks up the values in
the partition table for the starting location of the bootable partition, and
then tells the system to go there and execute any code it finds. Assuming your
disk is set up properly, what it finds in that location (Side 1, Track Ш, Sector 1) is a valid boot sector.
On floppy disks, these same viruses infect the boot sectors. You get a Master
Boot Record virus in exactly the same manner you get a boot sector virus -- by
leaving an infected diskette in a drive and rebooting the machine. When the
boot sector program is read and executed, the virus goes into memory and infects
the MBR of your hard drive. Again, because every disk has a boot sector, it is
possible (and common) to infect a machine from a data disk. [3]
2.1.3 Multi-partite Viruses
Multi-partite viruses are
a combination of the viruses listed above. They will infect both files and MBRs
or both files and boot sectors. These types of viruses are currently rare, but
the number of cases is growing steadily.
2.1.4 Macro Viruses
Until recently, the macro languages
included with most applications were not powerful or robust enough to support
writing an effective virus. However, many of the more advanced applications
that are being developed today include built-in programming capabilities that
rival some of the larger development packages. This has recently been demonstrated
by the various strains of Microsoft Word viruses, including the so-called Word
Concept and Word Nuclear viruses. These viruses transport themselves through
Microsoft Word documents. When opened in Word, they perform various actions,
including spreading themselves into the user's installation of Word, thus
preparing to infect all future documents on the system.
An additional concern is that macro
viruses can be cross-platform. The Word Concept virus has the claim to fame of
being the first prominent cross-platform virus, because it can infect both
Windows and Macintosh systems.
Because most application macro
languages support passing execution to an external shell, such as COMMAND.COM
or CMD.EXE, the power of the macro virus is not limited to the constraints
of the macro language itself[4].
2.2 Used operation
system.
Any computer or net virus
can infect files of one or more operation systems: DOS, Windows, OS/2, Linux,
MacOS and others. It is a base of this way of classification. For example virus
BOZA working with Windows only is classified as Windows virus, virus BLISS – as
Linux virus.
2.3 Work
algorithms.
Viruses can be differed
by used algorithms making them danger and hard for catching.
Firstly viruses can be
divided on resident and nonresident.
Resident virus having
come in operation memory of computer doesn’t infect memory. They are capable of
copying when they are started only. We can call any macro virus resident. They
present in memory during application infected by them works.
Second viruses are
visible and invisible. To be invisible means that users and antivirus programs
can’t notice changes of infected file done by virus. Invisible virus catches
all requires of operation system to read file and to record in file and shows
uninfected version of file. So we can see only ‘clear’ programs during virus
works. One of first invisible file infectors was FRODO and boot infector –
BRAIN.
Almost any virus uses
methods of self-coding or polymorphism to escape antivirus programs. It means
that they can change itself. Changing itself helps virus to be able work.[5]
3. Conclusion
In conclusion I would like to say few
words about future of this classification. Nowadays computer technologies and
all software develop very quickly. It helps new types of computer viruses to
appear. Viruses are becoming more and more dangerous and ‘cleverer’. It means
that viruses can be found more and more hard. But I think that this
classification can be saved a long time thank for principles of work of computer.
It means that this classification will be changed when computers work by
principles that differ from principles of von Neiman. So this classification
can be change by adding new subtypes of basic types if virus makers have
created something new.
Buryat State University
The paper: Types of computer
viruses
Presented by Nefyodov Yuri
Scientific
advisor: Sodboyeva L.D.
Ulan-Ude
2003
Abstract
This paper is about the classification of computer
viruses. Firstly, the paper tells what a computer virus is, what viruses can do
and what they can’t do. Then there are basic ways of classification: a place of
situation, used operation system and work algorithms. In conclusion it’s said
about future of classification.
Аннотация
Этот доклад посвящён классификации компьютерных
вирусов. В начале рассказывается, что такое компьютерный вирус, что вирусы
могут делать и что не могут. Далее здесь описаны три основных способа
классификации: по среде обитания, используемой операционной системе и
алгоритму работы. В заключении говорится о будущем классификации.
Plan
1. What is a computer virus?
2. Types of computer viruses.
2.1 a place of existence
2.1.1 file infectors
2.1.2 boot viruses
2.1.3 multi-partite viruses
2.1.4 macro viruses
2.2 used operation system
2.3 work algorithms
3. Conclusion.
References:
1.
Могилёв, Хеннер, Пак
«Информатика» Издательство «Академия» 2000г
2.
Журнал «Наука и жизнь» №7
2000 год
3.
сайт WWW.SEMANTEC.RU
[1] WWW.SEMANTEC.RU
[2]
Наука и жизнь №7 2000 год стр. 100
[3] Могилёв, Пак ,Хеннер Информатика 2000 изд. «Академия»
[4] WWW.SEMANTEC.RU
[5] Наука и жизнь №7 2000 год стр. 101-102
|