1. Computer Viruses are classes of programs intentionally written to cause some form of damage to computer systems of networks. However, all programs that are used to cause damage are not computer viruses. Other damaging types of programs are Trojan Horses, network worms, and logic bombs. These programs, along with computer viruses, are more properly referred to as malicious software. They are not all computer viruses because each replicate and do damage in different ways.
2. A Trojan horse is a program that seems to be useful, but contains a command procedure that is triggered by a hidden code. When the computer user inadvertently enters that code, the program performs some unwanted function. A simple example of a Trojan horse program can be seen in a program that is named CALCULATOR. When the computer user opens the program named CALCULATOR, the hidden code is triggered, and the Trojan horse then does something harmful to the disk, like deleting files etc.
3. Another type of malicious software is the network worm. Network worms are programs that spread through network connections, using usernames as passwords and commands to copy themselves into the system. Network worms are extremely dangerous because they can behave as computer viruses, implant Trojan horse programs, and perform any number of disruptive or destructive actio3s. Network worms replicate in many ways. They can replicate through a network mail facility and mail copies of themselves to other systems, or they can run copies of themselves on another system. An example of an actual network worm is the Internet Worm.
4. Logic bombs, otherwise known as time bombs, are another type of malicious Software that does some type of damage. Out of all malicious software, logic bombs are more annoying than harmful, and do the least amount of harm. Logic bombs are pieces of codes that are in programs or the operating systems of computers. They wait for particular events, such as certain words to detonate, causing (some form of) damage. An example of a logic bomb is the Fu Manchu virus. Whenever the words Reagan, Thatcher, of Botha are typed in, childish, obscene comments are made, or rather projected on the screen. Whenever a computer user tries to run a program, the Jerusalem-B virus just does minor annoying things to computer screens.
| Contact us to Get Immediate Call Back or Email From us to get an Answer for Your Queries. If any delay; Please Feel Free to Speak to 'ANALYST' at 09678069366 or 09988877963 (Roaming) or Call Customer Care at 09678070896. |
Friday, February 8, 2008
Computer Virus 3/3
Computer Virus- Part 2/3
1. TSR . (Terminate and stay resident ) A virus may or may not become resident in memory. If it does go TSR, then its chances of infecting files are greatly increased. Otherwise it can only do its stuff when an infected program is run. If the virus is in memory it can infect files any time it chooses. Partition table and boot sector infecting viruses are always TSRs.
2. Stealth . Some TSR viruses use a sophisticated technique called Stealth cloaking. What this means is the virus will fool the system so that everything appears to be normal. When a user does a directory listing the virus will intercept the disk read, and alter the data so that the file sizes appear to be unchanged, when in actuality they have increased in size. Boot sector infectors may use stealth so that when the user attempts to view the boot record, instead of showing the actual boot record, a copy of the old boot record is returned instead. Because of stealth techniques it may be impossible to detect a virus once it has become resident in memory. The only sure way to check for a stealth virus is to boot from a clean, write- protected floppy, then scan the hard drive. It is a good idea to prepare such a floppy disk ahead of time, and adding anti-virus software. Most anti-virus software allow the user to create an emergency boot disk, as does windows itself.
3. Activation criteria and effect. The other area that gives a virus its personality is the activation criteria, or what makes it go off. Some activate by the date, others activate when a certain program is run, and others will activate when they can't find any more files that haven't been infected yet. When a virus activates it will take a certain action. This is known as the activation effect.The effect may be as simple and harmless as is playing a message or as malicious as trashing the victim's hard drive.
Computer Virus - Part 1/3
1. A computer virus is a program that can make copies of itself. Most computer viruses do nothing more than this and are more of an annoyance than a danger. Some computer viruses may also harm data and programs stored on a computer.
2. A Virus is a small, executable program (Macros can be considered as executable) with the ability to replicate itself by adding its code to that of a host program and/or the system area of a hard or floppy disk. The user is generally unaware of the actions of a virus as it replicates and usually only becomes aware of its presence when the virus 'activates', which it does according to a given set of conditions and at which time it is often too late. However, once the user knows what signs to look for, it can be very obvious when viral activity occurs. Every virus has its own personality. Viruses differ in many ways, each having its own unique properties that make it different. Here are some ways that viruses differ from each other: -
a) Size . A virus can be as small as 66 bytes or less, or as large as 4096 bytes or more. Compared to most computer programs a virus must be very small.
b) Method of infection. A virus can infect the host program in
different ways. Below are three methods commonly used. They are by no means the only ways, but they are the most common. It is possible for a virus to use one or more of these methods:-
i) Overwriting. When a virus infects using this method, it will simply write a copy of itself over the beginning of the host program. This is a very simple method and is used by more primitive viruses. An infected file has been destroyed and must be restored from a backup disk. Overwriting tends to make the user suspicious because the host program no longer functions. This method of infection causes no change in the size of an infected program.
ii) Appending . This method is a bit more complex. The virus appends itself onto the end of the host program and also edits the beginning of the program. When the user runs the infected program it will jump to the end of the program where the virus is located, perform the functions of the virus, then return and continue to run the host program. To the user, the program is functioning normally. This method of infection causes infected programs to increase in size. Some appending viruses are unable to tell whether or not they have already infected a program and will continue to infect the program hundreds of times, causing it to grow considerably in size.
iii) Disk infectors . Other viruses will infect the boot record or partition table. This is an executable area of the disk that is automatically run every time you boot up from the disk. This means that as soon as the computer boots up, the virus is in memory.