Skip to main content

Viruses

Viruses:

Computer viruses have the capacity to create havoc in personal as well as professional computers. Virus is a self-replication program that produces its own copy by attaching himself to a carrier file i.e., (.EXE) files in the windows. .EXE is a file extension generally used for executable files. Like real virus computer virus is also contagious and can infect other files available in computer.
Virus is generally transmitted through the file downloads, infected drives and the E-mail attachments.
Phases of Virus Infection:
  1. Infection Phase: In the infection phase, virus infects a file according to its function or coding. In this phase, only infection takes place and we can see its effect of infection in the next phase that is attack phase. Some viruses infect programs each time the program is executed, whereas other viruses infect only upon a certain trigger.
  2. Attack Phase: Virus is in attack phase when it gets into action. For example, it will delete files, change random data on your disk or slow down the computer. Other kinds of viruses do less harmful things, such as play music, create messages or animation on your screen. This might not seem to be a virus but be aware of these kinds of behavior. Once a virus infects a computer - by e-mail, disk, or any other method - it first remains dormant. Once the program to which the virus is attached has to be executed to trigger the virus into action.
Characteristics of Viruses:
  • Every virus works as per coding done for the virus script.
  • Destructive function of virus can be carried out by triggering any internal event like any command or any unique entry from the keyboard.
  • Viruses perform tasks such as self-replication by attaching to the executable code.
  • Some viruses reside in the memory of the computer only until the program is closed.
  • Viruses are not usually effective against Linux operating systems because executable files are not there in Linux. Generally, for virus infection these executable files are required.
Types of Viruses

Resident Virus
This type of virus will permanently reside in the RAM memory. Once it resides in RAM memory, it can overcome and interrupt all of the operations executed by the system. It can corrupt files and programs that are opened, closed, copied, renamed etc. Examples include: Randex, CMJ, Meve and MrKlunky.
Direct Action Virus
The main purpose of this virus is to replicate and take action when it is executed. When a specific condition is met, the virus will go into action and infect files in the directory or folder that it is in and in directories that are specified in the AUTOEXEC.BAT file PATH. This batch file is always located in the root directory of the hard disk and carries out certain operations when the computer is booted.
Overwrite Virus
Virus of this kind is characterised by the fact that it deletes the information contained in the files that it infects, rendering them partially or totally useless once they have been infected. The only way to clean a file infected by an overwrite virus is to delete the file completely, thus losing the original content. Examples of this virus include: Way, Trj.Reboot, Trivial.88.D.
Boot Virus
This type of virus affects the boot sector of a floppy or hard disk. This is a crucial part of a disk, in which information on the disk itself is stored together with a program that makes it possible to boot (start) the computer from the disk. The best way of avoiding boot viruses is to ensure that floppy disks are write-protected and never start your computer with an unknown floppy disk in the disk drive. Examples of boot viruses include: Polyboot.B, AntiEXE, Form, Disk Killer, Michelangelo and Stone virus
Macro Virus
Macro viruses infect files that are created using certain applications or programs that contain macros (Macros are generally successive commands which are stored and recalled with a single command). These mini-programs make it possible to automate series of operations so that they are performed as a single action, thereby saving the user from having to carry them out one by one. Examples of macro viruses: Relax Melissa.A, Bablas and O97M/Y2K.
Directory Virus
Directory viruses change the paths that indicate the location of a file. By executing a program (file with the extension .EXE or .COM) which has been infected by a virus, you are unknowingly running the virus program, while the original file and program have been previously moved by the virus. Once infected it becomes impossible to locate the original files.
File Infector
This type of virus infects programs or executable files (files with an .EXE or .COM extension). When one of these programs is run, directly or indirectly, the virus inactivated, producing the damaging effects it is programmed to carry out. The majority of existing viruses belongs to this category and can be classified depending on the actions that they carry out.
Companion Virus
Companion virus can be considered as file infector virus like resident or direct action types. They are known as companion viruses because once they get into the system they accompany the other files that already exist. In other words, in order to carry out their infection routines, companion viruses can wait in memory until a program is run (resident viruses) or act immediately by making copies of themselves (direct action viruses). Some examples include: Stator, Asimov. 1539 and Terrax. 1069
Polymorphic Virus
Polymorphic viruses encrypt or encode themselves in a different way (using different algorithms and encryption keys) every time they infect a system. This makes it impossible for anti-viruses to find them using string or signature searches (because they are different in each encryption) and also enables them to create a large number of copies of themselves. Examples include: Elkern, Marburg, Satan Bug and Tuareg.


Comments

Post a Comment

thank you for visiting :)

Popular posts from this blog

The Seven-Step Model of Migration

Irrespective of the migration approach adopted, the Seven-step Model of Cloud Migration creates a more rational point of view towards the migration process and offers the ability to imbibe several best practices throughout the journey Step 1: Assess Cloud migration assessments are conducted to understand the complexities in the migration process at the code, design and architectural levels. The investment and the recurring costs are also evaluated along with gauging the tools, test cases, functionalities and other features related to the configuration. Step 2: Isolate The applications to be migrated to the cloud from the internal data center are freed of dependencies pertaining to the environment and the existing system. This step cuts a clearer picture about the complexity of the migration process. Step 3: Map Most organisations hold a detailed mapping of their environment with all the systems and applications. This information can be used to distinguish between the ...
Post a Comment
Read more

Special Permissions in linux

The setuid permission on an executable file means that the command will run as the user owning the file, not as the user that ran the command. One example is the passwd command: [student@desktopX ~]$ ls -l /usr/bin/passwd -rw s r-xr-x. 1 root root 35504 Jul 16 2010 /usr/bin/passwd In a long listing, you can spot the setuid permissions by a lowercase s where you would normally expect the x (owner execute permissions) to be. If the owner does not have execute permissions, this will be replaced by an uppercase S . The special permission setgid on a directory means that files created in the directory will inherit their group ownership from the directory, rather than inheriting it from the creating user. This is commonly used on group collaborative directories to automatically change a file from the default private group to the shared group, or if files in a directory should be...
Post a Comment
Read more

RequestsDependencyWarning: urllib3 (1.24.1) or chardet (3.0.4) doesn't match a supported version

import tweepy /usr/lib/python2.7/dist-packages/requests/__init__.py:80: RequestsDependencyWarning: urllib3 (1.24.1) or chardet (3.0.4) doesn't match a supported version!   RequestsDependencyWarning) Traceback (most recent call last):   File "<stdin>", line 1, in <module>   File "/usr/local/lib/python2.7/dist-packages/tweepy/__init__.py", line 14, in <module>     from tweepy.api import API   File "/usr/local/lib/python2.7/dist-packages/tweepy/api.py", line 12, in <module>     from tweepy.binder import bind_api   File "/usr/local/lib/python2.7/dist-packages/tweepy/binder.py", line 11, in <module>     import requests   File "/usr/lib/python2.7/dist-packages/requests/__init__.py", line 97, in <module>     from . import utils   File "/usr/lib/python2.7/dist-packages/requests/utils.py", line 26, in <module>     from ._internal_utils import to...
Post a Comment
Read more

tag