Flux rss
Reviews
 

Viruses - Introduction to viruses

Virus

A virus is a small computer program found within the body of another program which, when run, loads itself into the memory and carries out the instructions programmed by its author. The definition of a virus may be: 

« Any computer program which can infect another computer program
by seriously changing it, and which can reproduce itself.

The real name for viruses is self-propagating code, but by analogy with the field of medicine, the name "virus" has ben given to them.

Memory-resident viruses (also called TSR for Terminate and Stay Resident) load in the computer's RAM in order to infect executable files opened by the user. Non-resident viruses, once run, infect programs found on the hard drive.

The effects of a virus may range from simply displaying a ping-pong ball ricocheting across the screen to wiping out data, which is the most destructive kind of virus there is. As there is a broad range of viruses with widely varied effects, viruses are not classified based on what kind of damage they do, but on how they spread and infect computers.

For this reason, there are different types of viruses:

  • Worms are viruses which can spread over a network
  • Trojan horses (trojans) are viruses which create a security hole in the computer (generally for their designer to gain entry to the infect system and take control of it)
  • Logic bombs are viruses which can trigger on a specific event (like the system's date, or remote activation).

A new phenomenon has appeared in the past few years, that of hoaxes, i.e. notices received by e-mail (for example a report on the appearance of a new destructive virus or a chance to win a free mobile phone) along with a note telling the recipient to forward the message to everyone he or she knows. The purpose of this is to clog network traffic and spread misinformation.

Antivirus software

A antivirus program is software which can detect the presence of a virus on a computer and, to the best of its abilities, remove the virus. Eradicating a virus is the term used for cleaning out a computer.

There are several methods of eradication:

  • Removing the code in the infected file which corresponds to the virus;
  • Removing the infected file;
  • Quarantining the infected file, which involves moving it to a location where it cannot be run.

Detecting a virus

Viruses reproduce by infecting "host applications," meaning that they copy a portion of executable code into an existing program. So to ensure that they work as planned, viruses are programmed to not infect the same file multiple times. To do so, they include a series of bytes in the infected application, to check if has already been infected: This is called a virus signature.

Antivirus programs rely on this signature, which is unique to each virus, in order to detect them. This method is called signature scanning, the oldest method used by antivirus software.
This method is only reliable if the antivirus program's virus database is up-to-date and includes signatures for all known viruses. However, this method cannot detect viruses which have not been archived by the publishers of the antivirus software. What's more, virus programmers have often given them camouflage features, making their signature hard to detect, if not undetectable: These are "polymorphic viruses".

Some antivirus programs use an integrity checker to tell if the folders have been changed. The integrity checker builds a database containing information on the executable files on the system (date modified, file size, and possibly a checksum) That way, when an executable file's characteristics change, the antivirus program warns the machine's user.

The heuristic method involves analysing the behaviour of applications in order to detect actvity similar to that of a known virus. This kind of antivirus program can therefore detect viruses even when the antivirus database has not been updated. On the other hand, they are prone to triggering false alarms.

Types of viruses

Mutated viruses

In reality, most viruses are clones, or more precisely "mutated viruses" — viruses which have been rewritten by other users in order to change their behaviour or signature.

The fact that multiple versions of the same virus (called variants) exist makes dection all the more difficult, as antivirus software publishers then have to add these new signatures to their databases.

Polymorphic viruses

Since antivirus programs mainly detect viruses using their signature (the series of bits which identifies it), certain virus creators have thought to give them the ability to automatically change their appearance, like a chameleon, by giving the virus a signature encrypt-decrypt function, so that only the virus can recognise its own signature. This kind of virus is called a "polymorphic virus" (from the Greek for "which can take multiple forms").

Bounty hunters

A "bounty hunter" is a virus which can modify signatures stored by an antivirus program in order to render them inoperable.

Boot sector viruses

A "boot sector virus" (or boot virus) is a virus when can infect the boot sector of a hard drive (MBR, the master boot record). This sector is an area on the hard drive stores the operating system processes which are run when the computer starts up.

Macro viruses

With the increase in programs which use macros, Microsoft has developed a shared script language which can be inserted into most types of documents which can contain macros. It's called VBScript, a subset of Visual Basic. These viruses are currently able to infect macros in Microsoft Office documents, meaning that such a virus can be placed within an ordinary Word or Excel document and run a portion of code when the file is opened, so that the virus can both spread into files and access the operating system (generally Windows).

With more and more applications supporting Visual Basic, any one of them can potentially fall prey to a VBScript-based virus.
The dawn of the third millennium has been marked by the frequent appearance of Visual Basic scripts sent by email as attachments (marked by their extension .VBS) with an email subject encouraging the recipient to open the poisoned gift.

Once opened by a Microsoft email client, this "gift" can access the entire address book and self-propagate over the network. This kind of virus is called a worm.

Last update on Thursday October 16, 2008 02:43:16 PM.

This document entitled « Viruses - Introduction to viruses » from Kioskea (en.kioskea.net) is made available under the Creative Commons license. You can copy, modify copies of this page, under the conditions stipulated by the licence, as this note appears clearly.

Results for Viruses Introduction to viruses

Viruses - Introduction to viruses A virus is a small computer program found within the body of another program which, when run, loads itself into the memory and carries out the instructions programmed by its author. The definition of a virus may be: « Any computer program which can... en.kioskea.net/virus/virus.php3
Viruses - Blaster / LovSan Appearing in the summer of 2003, LovSan (also known as W32/Lovsan.worm, W32/Lovsan.worm.b, W32.Blaster.Worm, W32/Blaster-B, WORM_MSBLAST.A, MSBLASTER, Win32.Poza, Win32.Posa.Worm, and Win32.Poza.B) is the first virus to exploit the security hole in... en.kioskea.net/virus/lovsan-blaster.php3
Viruses - Worms A worm is a self-reproducing program which can travel over networks using networking mechanisms, without requiring any software or hardware support (such as a hard drive, a host program, a file, etc.) to spread; a worm is therefore a network virus. ... en.kioskea.net/virus/worms.php3

Results for Viruses Introduction to viruses

The First Steps to Virus/Spyware/Adware RemovalThe First Steps to Virus/Spyware/Adware Removal Step 1: Delete Temporary Files How to delete Temporary Files? How to delete Temporary Internet Files? Step 2: Get a good all in one Antivirus/Anti Spyware/ Anti Adware... en.kioskea.net/faq/sujet-205-the-first-steps-to-virus-spyware-adware-removal
MSN/ Windows Live Messenger virusesMSN/ Windows Live Messenger viruses How do I know if this is a virus and not a file sent by one of my contacts? What do I do if I accepted the file? To remove ‘IM-Names’ and PIC1234(1)(1)(1)(1)(1).exe virus Even MSN/WLM program... en.kioskea.net/faq/sujet-151-msn-windows-live-messenger-viruses
A Jpeg file can contain a virus?A Jpeg file can contain a virus? Truth: Links: ==Myth:== A Jpeg file can contain a viru Truth: A JPEG is a file can get infected. However, in order to activate the virus, the file must be run. As the JPEG file is an image file, it... en.kioskea.net/faq/sujet-384-a-jpeg-file-can-contain-a-virus
More answers

Results for Viruses Introduction to viruses

Wich anti-virus (Solved)Hello, iam suffering please help me i want a good Anti virus en.kioskea.net/forum/affich-3841-wich-anti-virus
Best Anti Virus/ Firewall (Solved)Hello guys! I was wondering what you all thought was the best anti virus and firewall? What I mean is what has the best protection and uses the least amount of resources? Thanks in advance.... en.kioskea.net/forum/affich-1104-best-anti-virus-firewall
Unable to install Anti-virus and awtqo.dll foHi, I need help in my computer which I am unable to complete the installation of Anti-virus. Everytime I on the computer, SpyGuard will pop up and said detected 'awtqo.dll'. If I choose remove BHO, it will still pop-up again. I've... en.kioskea.net/forum/affich-1025-unable-to-install-anti-virus-and-awtqo-dll-fo
More answers

Results for Viruses Introduction to viruses

Download AVG Anti-Virus FreeAVG Antivirus free is an free antivirus : Easy to use, low system resource Automatic update functionality Real-time protection as files are opened and programs are run Full e-mail protection AVG’s Virus Vault for the safe handling of... en.kioskea.net/telecharger/telecharger-64-avg-anti-virus-free
Download Clean Virus MSNViruses meet hereafter a bit on the net by all thinkable means everywhere. After mails , supporting they attack instantaneous freight forwarding. Clean Virus MSN is a tool which discerns automatically the viruses which circulate on MSN Messenger.... en.kioskea.net/telecharger/telecharger-992-clean-virus-msn
Download Clean Virus MSNThe viruses meet henceforth a little everywhere on the Net by all the conceivable means. After the emails virus diseases, now they attack with the instant messaging. Clean Virus MSN is a tool which automatically detects the viruses which circulate on... en.kioskea.net/telecharger/telecharger-1438-clean-virus-msn
More answers

Results for Viruses Introduction to viruses

Phone viruses to spread as telecom, computer worlds merge, say expertsTwo people talk on their mobile phones in Hong Kong. Viruses and hacking on mobile phones are still rare but attacks are a looming danger as increasing numbers of people access the Internet and download files with their handsets, experts say. Viruses... en.kioskea.net/actualites/phone-viruses-to-spread-as-telecom-computer-worlds-merge-say-experts-10118-actualite.php3
Mobile phone viruses are rare, but concern high: surveyTwo people talk on their mobile phones in Hong Kong, 2002. A survey showed that viruses on mobile phones are still rare but nearly three-quarters of mobile phone users in developed countries are worried about security on their handsets. Viruses on... en.kioskea.net/actualites/mobile-phone-viruses-are-rare-but-concern-high-survey-10105-actualite.php3
Pro-Tibet groups bombarded with abusive calls, virusesTibetan demonstrators protest in front of the EU headquarter in Brussels on March 18. Pro-Tibet activists said Wednesday they have been bombarded with abusive phone calls and virus emails as they try to contact witnesses in Tibet and nearby amid a... en.kioskea.net/actualites/pro-tibet-groups-bombarded-with-abusive-calls-viruses-10215-actualite.php3
More answers

Results for Viruses Introduction to viruses

Viruses - Removal tools A virus removal tool is a small executable file for cleaning a machine which has been infected by a particular virus. Each removal tool is therefore uniquely capable of eradicating a particular kind of virus, or a particular version of a virus. The... en.kioskea.net/virus/desinfection.php3
Viruses - Sasser Appearing in May 2004, the Sasser virus (also known as the W32/Sasser.worm, W32.Sasser.Worm, Worm.Win32.Sasser.a, Worm.Win32.Sasser.b or Win32.Sasser) is a virus which exploits a security hole in the LSASS (Local Security Authority Subsystem Service,... en.kioskea.net/virus/sasser.php3
Viruses - Nimda Le Nimda virus (code name W32/Nimda) is a worm which spreads by email. It also has four other ways to spread: The web Shared folders Microsoft IIS security holes File transfer At particular risk are users of Microsoft Outlook in Windows 95, 98,... en.kioskea.net/virus/nimda.php3
More answers