Flux rss
They need your help
 

Viruses - Introduction to viruses

Hoax
Bookmark Bookmark & Share
Virus - Introduzione ai virus Vírus - Introdução aos vírus Virus – Einleitung der Viren Virus - Introduction aux virus Virus - Introducción a los virus

Virus

A virus is a small computer program found within the body of another program which, when run, loads itself into the memory and carries out the instructions programmed by its author. The definition of a virus may be: 

« Any computer program which can infect another computer program
by seriously changing it, and which can reproduce itself.

The real name for viruses is self-propagating code, but by analogy with the field of medicine, the name "virus" has ben given to them.

Memory-resident viruses (also called TSR for Terminate and Stay Resident) load in the computer's RAM in order to infect executable files opened by the user. Non-resident viruses, once run, infect programs found on the hard drive.

The effects of a virus may range from simply displaying a ping-pong ball ricocheting across the screen to wiping out data, which is the most destructive kind of virus there is. As there is a broad range of viruses with widely varied effects, viruses are not classified based on what kind of damage they do, but on how they spread and infect computers.

For this reason, there are different types of viruses:

  • Worms are viruses which can spread over a network
  • Trojan horses (trojans) are viruses which create a security hole in the computer (generally for their designer to gain entry to the infect system and take control of it)
  • Logic bombs are viruses which can trigger on a specific event (like the system's date, or remote activation).

A new phenomenon has appeared in the past few years, that of hoaxes, i.e. notices received by e-mail (for example a report on the appearance of a new destructive virus or a chance to win a free mobile phone) along with a note telling the recipient to forward the message to everyone he or she knows. The purpose of this is to clog network traffic and spread misinformation.

Antivirus software

A antivirus program is software which can detect the presence of a virus on a computer and, to the best of its abilities, remove the virus. Eradicating a virus is the term used for cleaning out a computer.

There are several methods of eradication:

  • Removing the code in the infected file which corresponds to the virus;
  • Removing the infected file;
  • Quarantining the infected file, which involves moving it to a location where it cannot be run.

Detecting a virus

Viruses reproduce by infecting "host applications," meaning that they copy a portion of executable code into an existing program. So to ensure that they work as planned, viruses are programmed to not infect the same file multiple times. To do so, they include a series of bytes in the infected application, to check if has already been infected: This is called a virus signature.

Antivirus programs rely on this signature, which is unique to each virus, in order to detect them. This method is called signature scanning, the oldest method used by antivirus software.
This method is only reliable if the antivirus program's virus database is up-to-date and includes signatures for all known viruses. However, this method cannot detect viruses which have not been archived by the publishers of the antivirus software. What's more, virus programmers have often given them camouflage features, making their signature hard to detect, if not undetectable: These are "polymorphic viruses".

Some antivirus programs use an integrity checker to tell if the folders have been changed. The integrity checker builds a database containing information on the executable files on the system (date modified, file size, and possibly a checksum) That way, when an executable file's characteristics change, the antivirus program warns the machine's user.

The heuristic method involves analysing the behaviour of applications in order to detect actvity similar to that of a known virus. This kind of antivirus program can therefore detect viruses even when the antivirus database has not been updated. On the other hand, they are prone to triggering false alarms.

Types of viruses

Mutated viruses

In reality, most viruses are clones, or more precisely "mutated viruses" — viruses which have been rewritten by other users in order to change their behaviour or signature.

The fact that multiple versions of the same virus (called variants) exist makes dection all the more difficult, as antivirus software publishers then have to add these new signatures to their databases.

Polymorphic viruses

Since antivirus programs mainly detect viruses using their signature (the series of bits which identifies it), certain virus creators have thought to give them the ability to automatically change their appearance, like a chameleon, by giving the virus a signature encrypt-decrypt function, so that only the virus can recognise its own signature. This kind of virus is called a "polymorphic virus" (from the Greek for "which can take multiple forms").

Bounty hunters

A "bounty hunter" is a virus which can modify signatures stored by an antivirus program in order to render them inoperable.

Boot sector viruses

A "boot sector virus" (or boot virus) is a virus when can infect the boot sector of a hard drive (MBR, the master boot record). This sector is an area on the hard drive stores the operating system processes which are run when the computer starts up.

Macro viruses

With the increase in programs which use macros, Microsoft has developed a shared script language which can be inserted into most types of documents which can contain macros. It's called VBScript, a subset of Visual Basic. These viruses are currently able to infect macros in Microsoft Office documents, meaning that such a virus can be placed within an ordinary Word or Excel document and run a portion of code when the file is opened, so that the virus can both spread into files and access the operating system (generally Windows).

With more and more applications supporting Visual Basic, any one of them can potentially fall prey to a VBScript-based virus.
The dawn of the third millennium has been marked by the frequent appearance of Visual Basic scripts sent by email as attachments (marked by their extension .VBS) with an email subject encouraging the recipient to open the poisoned gift.

Once opened by a Microsoft email client, this "gift" can access the entire address book and self-propagate over the network. This kind of virus is called a worm.

Last update on Thursday October 16, 2008 02:43:16 PM.This document entitled « Viruses - Introduction to viruses » from Kioskea (en.kioskea.net) is made available under the Creative Commons license. You can copy, modify copies of this page, under the conditions stipulated by the licence, as this note appears clearly.

Viruses - Introduction to viruses Virus A virus is a small computer program found within the body of another program which, when run, loads itself into the memory and carries out the instructions programmed by its author. The definition of a virus may be: « Any computer... en.kioskea.net/contents/virus/virus.php3
The LovSan/Blaster virus Introduction to the LovSan virus Appearing in the summer of 2003, LovSan (also known as W32/Lovsan.worm, W32/Lovsan.worm.b, W32.Blaster.Worm, W32/Blaster-B, WORM_MSBLAST.A, MSBLASTER, Win32.Poza, Win32.Posa.Worm, and Win32.Poza.B) is the first... en.kioskea.net/contents/virus/lovsan-blaster.php3
Utilities for Removing Common Viruses and Worms What is a virus removal tool? A virus removal tool is a small executable file for cleaning a machine which has been infected by a particular virus. Each removal tool is therefore uniquely capable of eradicating a particular kind of virus, or a... en.kioskea.net/contents/virus/desinfection.php3
How to remove the virus CONFICKER / DOWNADUP / KIDO?How to remove the virus CONFICKER / DOWNADUP / KIDO What is the Conficker? How to avoid being infected by Conficker? Disinfect a computer affected by Conficker Preliminary Remove infection What is the Conficker? Conficker (also... en.kioskea.net/faq/sujet-2035-how-to-remove-the-virus-conficker-downadup-kido
[Virus] System Volume Information[Virus] System Volume Information The System Volume Information folder is used by Windows XP for storing data on system configuration and is also used by the System Restore tool to store information and restore points. Restore points... en.kioskea.net/faq/sujet-750-virus-system-volume-information
The First Steps to Virus/Spyware/Adware RemovalThe First Steps to Virus/Spyware/Adware Removal Step 1: Delete Temporary Files How to delete Temporary Files? How to delete Temporary Internet Files? Step 2: Get a good all in one Antivirus/Anti Spyware/ Anti Adware... en.kioskea.net/faq/sujet-205-the-first-steps-to-virus-spyware-adware-removal
Results for Viruses Introduction to viruses
New Virus Hijacks Browser & Disables Update (Solved)Hello,I am writing to express gratitude for Morphine on this forum for solving my problem. This invasive "virus/malware/painintheass" seems to be diffrent on every machine and it may take several tries to find the solution as I discovered. I also... en.kioskea.net/forum/affich-66315-new-virus-hijacks-browser-disables-update
How to delete virus "autorun.inf" for suHello, To whom who might help me (Mr. Ali ?) It seems that I have succeeded to get rid of virus "autorun.inf" by downloading, updating, and running AVG 8.0. But I can still not open hidden files or folders, and I can still not open my C or D drive... en.kioskea.net/forum/affich-22846-how-to-delete-virus-autorun-inf-for-su
System security 2009 virusHello, i have the system security2009 virus on my pc. how can i remove it? it wont let access my anti-virus program or even the task manager. en.kioskea.net/forum/affich-97591-system-security-2009-virus
Results for Viruses Introduction to viruses
Download Clean Virus MSNViruses meet hereafter a bit on the net by all thinkable means everywhere. After mails , supporting they attack instantaneous freight forwarding. Clean Virus MSN is a tool which discerns automatically the viruses which circulate on MSN Messenger.... en.kioskea.net/telecharger/telecharger-992-clean-virus-msn
Download Clean Virus MSNThe viruses meet henceforth a little everywhere on the Net by all the conceivable means. After the emails virus diseases, now they attack with the instant messaging. Clean Virus MSN is a tool which automatically detects the viruses which circulate on... en.kioskea.net/telecharger/telecharger-1438-clean-virus-msn
Results for Viruses Introduction to viruses
Koobface virus making rounds on Facebook: McAfeeA new variant of a virus known as Koobface is making the rounds on the Facebook social network, a security software firm warned this week. A new variant of a virus known as Koobface is making the rounds on the Facebook social network, a security... en.kioskea.net/actualites/koobface-virus-making-rounds-on-facebook-mcafee-11036-actualite.php3
Microsoft to offer free anti-virus softwareMicrosoft has announced plans to offer free anti-virus software to PC users starting next year. Microsoft has announced plans to offer free anti-virus software to PC users starting next year. The Redmond, Washington-based software giant said the... en.kioskea.net/actualites/microsoft-to-offer-free-anti-virus-software-10959-actualite.php3
Results for Viruses Introduction to viruses
The Nimda virusIntroduction to the Nimda virus Le Nimda virus (code name W32/Nimda) is a worm which spreads by email. It also has four other ways to spread: The web Shared folders Microsoft IIS security holes File transfer At particular risk are users of... en.kioskea.net/contents/virus/nimda.php3
The Bad Trans virusIntroduction to the BadTrans virus The BadTrans virus (code name W32.BadTrans.B or W32/Badtrans-B) is a worm which spreads by e-mail. It also uses another method to spread: Microsoft Internet Explorer security flaws The BadTrans.B virus... en.kioskea.net/contents/virus/badtrans.php3
Results for Viruses Introduction to viruses