|
 |
 |
Virus |
 |
|
|
|
|
|
Info: Biography, Pictures, Discography of all CDs & DVDs |
|
| However, the term "virus" is commonly used, albeit erroneously, to refer to many different types of malware programs.The original virus may modify the copies, or the copies may modify themselves, as occurs in a metamorphic virus.Internet, or by carrying it on a removable medium such as a floppy disk, CD, or USB drive.Additionally, viruses can spread to other computers by infecting files on a network file system or a file system that is accessed by another computer.Viruses are sometimes confused with computer worms and Trojan horses.Trojan horse is a file that appears harmless until executed.Some viruses are programmed to damage the computer by damaging programs, deleting files, or reformatting the hard disk.Others are not designed to do any damage, but simply replicate themselves and perhaps make their presence known by presenting text, video, or audio messages.Even these benign viruses can create problems for the computer user.Methods to avoid detection
3.Avoiding bait files and other undesirable hosts
3.Vulnerability and countermeasures
4.The vulnerability of operating systems to viruses
4.The role of software development
4.History
The Creeper virus was first detected on ARPANET, the forerunner of the Internet in the early 1970s.It propagated via the TENEX operating system and could make use of any connected modem to dial out to remote computers and infect them.It is rumored that the Reaper program, which appeared shortly after and sought out copies of the Creeper and deleted them, may have been written by the creator of the Creeper in a fit of regret.See the Timeline of notable computer viruses and worms for other earlier viruses.It was however the first virus to infect computers "in the home".This virus was originally a joke, created by a high school student and put onto a game.The disk could only be used 49 times.The game was set to play, but release the virus on the 50th time of starting the game.Only this time, instead of playing the game, it would change to a blank screen that read a poem about the virus named Elk Cloner.The computer would then be infected.The first PC virus was a boot sector virus called (c)Brain, created in 1986 by two brothers, Basit and Amjad Farooq Alvi, operating out of Lahore, Pakistan.The brothers reportedly created the virus to deter pirated copies of software they had written.However, analysts have claimed that the Ashar virus, a variant of Brain, possibly predated it based on code within the virus.Before computer networks became widespread, most viruses spread on removable media, particularly floppy disks.Some viruses spread by infecting programs stored on these disks, while others installed themselves into the disk boot sector, ensuring that they would be run when the user booted the computer from the disk.Traditional computer viruses emerged in the 1980s, driven by the spread of personal computers and the resultant increase in BBS and modem use, and software sharing.Bulletin board driven software sharing contributed directly to the spread of Trojan horse programs, and viruses were written to infect popularly traded software.Shareware and bootleg software were equally common vectors for viruses on BBS's.Within the "pirate scene" of hobbyists trading illicit copies of retail software, traders in a hurry to obtain the latest applications and games were easy targets for viruses.Most of these viruses are written in the scripting languages for Microsoft programs such as Word and Excel.These viruses spread in Microsoft Office by infecting documents and spreadsheets.Since Word and Excel were also available for Mac OS, most of these viruses were able to spread on Macintosh computers as well.Macro viruses pose unique problems for detection software.The virus behaved identically but would be misidentified as a new virus.If the recipient, thinking the link is from a friend (a trusted source) follows the link to the website, the virus hosted at the site may be able to infect this new computer and continue propagating.Replication strategies
In order to replicate itself, a virus must be permitted to execute code and write to memory.For this reason, many viruses attach themselves to executable files that may be part of legitimate programs.If a user tries to start an infected program, the virus' code may be executed first.Viruses can be divided into two types, on the basis of their behavior when they are executed.Nonresident viruses immediately search for other hosts that can be infected, infect these targets, and finally transfer control to the application program they infected.Resident viruses do not search for hosts when they are started.Instead, a resident virus loads itself into memory on execution and transfers control to the host program.The virus stays active in the background and infects new hosts when those files are accessed by other programs or the operating system itself.Nonresident viruses
Nonresident viruses can be thought of as consisting of a finder module and a replication module.Resident viruses
Resident viruses contain a replication module that is similar to the one that is employed by nonresident viruses.Instead, the virus loads the replication module into memory when it is executed and ensures that this module is executed each time the operating system is called to perform a certain operation.For example, the replication module can be called each time the operating system executes a file.In this case, the virus infects every suitable program that is executed on the computer.Resident viruses are sometimes subdivided into a category of fast infectors and a category of slow infectors.Fast infectors are designed to infect as many files as possible.Fast infectors rely on their fast infection rate to spread.Slow infectors, on the other hand, are designed to infect hosts infrequently.For instance, some slow infectors only infect files when they are copied.The slow infector approach does not seem very successful, however.Vectors and hosts
Viruses have targeted various types of transmission media or hosts.Inhospitable vectors
It is difficult, but not impossible, for viruses to tag along in source files, seeing that computer languages are built for human eyes and experienced operators.With the notable exception of WMF, it is almost impossible for viruses to tag along in data files like MP3s, MPEGs, OGGs, JPEGs, GIFs, PNGs, MNGs, PDFs, and DVI files (this is not an exhaustive list of generally trusted file types).Even if a virus were to 'infect' such a file, it would be inoperative since there would be no way for the viral code to be executed.It is worth noting that some virus authors have written an .EXE extension on the end of .See Trojan horse (computing).Methods to avoid detection
In order to avoid detection by users, some viruses employ different kinds of deception.DOS platform, make sure that the "last modified" date of a host file stays the same when the file is infected by the virus.Cyclic Redundancy Codes on file changes.Some viruses can infect files without increasing their sizes or damaging the files.They accomplish this by overwriting unused areas of executable files.These are called cavity viruses.For example the CIH virus, or Chernobyl Virus, infects Portable Executable files.Because those files had many empty gaps, the virus, which was 1 KB in length, did not add to the size of the file.Some viruses try to avoid detection by killing the tasks associated with antivirus software before it can detect them.As computers and operating systems grow larger and more complex, old hiding techniques need to be updated or replaced.Defending a computer against viruses may demand that a file system migrate towards detailed and explicit permission for every kind of file access.Avoiding bait files and other undesirable hosts
A virus needs to infect hosts in order to spread further.In some cases, it might be a bad idea to infect a host program.Infecting such programs will therefore increase the likelihood that the virus is detected.Another type of host that viruses sometimes avoid is bait files.It is more practical to store and exchange a small, infected bait file, than to exchange a large application program that has been infected by the virus.This is especially useful when the virus is polymorphic.In this case, the virus can be made to infect a large number of bait files.The infected files can be used to test whether a virus scanner detects all versions of the virus.Since bait files are used to detect the virus, or to make detection possible, a virus can benefit from not infecting them.Viruses typically do this by avoiding suspicious programs, such as small program files or programs that contain certain patterns of 'garbage instructions'.Sometimes, sparse infectors do not infect a host file that would be a suitable candidate for infection in other circumstances.For example, a virus can decide on a random basis whether to infect a file or not, or a virus can only infect host files on particular days of the week.If a virus scanner finds such a pattern in a file, it notifies the user that the file is infected.The user can then delete, or (in some cases) "clean" or "heal" the infected file.Some viruses employ techniques that make detection by means of signatures difficult but probably not impossible.These viruses modify their code on each infection.That is, each infected file contains a different variant of the virus.Encryption with a variable key
A more advanced method is the use of simple encryption to encipher the virus.In this case, the virus consists of a small decrypting module and an encrypted copy of the virus code.If the virus is encrypted with a different key for each infected file, the only part of the virus that remains constant is the decrypting module, which would (for example) be appended to the end.In this case, a virus scanner cannot directly detect the virus using signatures, but it can still detect the decrypting module, which still makes indirect detection of the virus possible.Polymorphic code
Polymorphic code was the first technique that posed a serious threat to virus scanners.Just like regular encrypted viruses, a polymorphic virus infects files with an encrypted copy of itself, which is decoded by a decryption module.In the case of polymorphic viruses however, this decryption module is also modified on each infection.To enable polymorphic code, the virus has to have a polymorphic engine (also called mutating engine or mutation engine) somewhere in its encrypted body.See Polymorphic code for technical detail on how such engines operate.Some viruses employ polymorphic code in a way that constrains the mutation rate of the virus significantly.For example, a virus can be programmed to mutate only slightly over time, or it can be programmed to refrain from mutating when it infects a file on a computer that already contains copies of the virus.This will make it more likely that the detection by the virus scanner will be unreliable, and that some instances of the virus may be able to avoid detection.Metamorphic code
To avoid being detected by emulation, some viruses rewrite themselves completely each time they are to infect new executables.Viruses that use this technique are said to be metamorphic.To enable metamorphism, a metamorphic engine is needed.The vulnerability of operating systems to viruses
Just as genetic diversity in a population decreases the chance of a single disease wiping out a population, the diversity of software systems on a network similarly limits the destructive potential of viruses.The users of Microsoft software (especially networking software such as Microsoft Outlook and Internet Explorer) are especially vulnerable to the spread of viruses.Microsoft software is targeted by virus writers due to their desktop dominance, and is often criticized for including many errors and holes for virus writers to exploit.Although Windows is by far the most popular operating system for virus writers, some viruses also exist on other platforms.Some operating systems are less secure than others.The number of viruses for the older Apple operating systems, known as Mac OS Classic, varies greatly from source to source, with Apple stating that there are only four known viruses, and independent sources stating there are as many as 63 viruses.Virus vulnerability between Macs and Windows is a chief selling point, one that Apple uses in their Get a Mac advertising.Windows and Unix have similar scripting abilities, but while Unix natively blocks normal users from having access to make changes to the operating system environment, older copies of Windows such as Windows 95 and 98 do not.Bliss requires that the user run it explicitly (making it a trojan), and it can only infect programs that the user has the access to modify.Unlike Windows users, most Unix users do not log in as an administrator user except to install or configure software; as a result, even if a user ran the virus, it could not harm their operating system.The Bliss virus never became widespread, and remains chiefly a research curiosity.Its creator later posted the source code to Usenet, allowing researchers to see how it worked.The role of software development
Because software is often designed with security features to prevent unauthorized use of system resources, many viruses must exploit software bugs in a system or application to spread.The first, and by far the most common method of virus detection is using a list of virus signature definitions.This works by examining the content of the computer's memory (its RAM, and boot sectors) and the files stored on fixed or removable drives (hard drives, floppy drives), and comparing those files against a database of known virus "signatures".The second method is to use a heuristic algorithm to find viruses based on common behaviors.Users must update their software regularly to patch security holes.This way, if data is lost through a virus, one can start again using the backup (which should preferably be recent).For example, Linux requires specific software to write to NTFS partitions, so if one does not install such software and uses a separate installation of MS Windows to make the backups on an NTFS partition, the backup should remain safe from any Linux viruses.Recovery methods
Once a computer has been compromised by a virus, it is usually unsafe to continue using the same computer without completely reinstalling the operating system.However, there are a number of recovery options that exist after a computer has a virus.These actions depend on severity of the type of Virus.Virus removal
One possibility on Windows XP and Vista is a tool known as System Restore, which restores the registry and critical system files to a previous checkpoint.Often a virus will cause a system to hang, and a subsequent hard reboot will render a system restore point from the same day corrupt.Restore points from previous days should work provided the virus is not designed to corrupt the restore files.Some viruses, however, disable system restore and other important tools such as Task Manager and Command Prompt.An example of a virus that does this is CiaDoor.The virus modifies the registry to do the same, except, when the Administrator is controlling the computer, it blocks all users from accessing the tools.When an infected tool activates it gives the message "Task Manager has been disabled by your administrator."If your system is a Microsoft product and you have your 20 digit registration number, you can go to the Microsoft web site, and they will do a free scan and most likely remove any known virus such as Trojan win32.Operating system reinstallation
Reinstalling the operating system is another approach to virus removal.It involves simply reformatting the OS partition and installing the OS from its original media, or imaging the partition with a clean backup image (taken with Ghost, for example).Downsides include having to reinstall all other software as well as the operating system.User data can be backed up by booting off of a LiveCD or putting the hard drive into another computer and booting from the other computer's operating system.Prank starts 25 years of security woes.The anniversary of a nuisance.Macro Virus Identification Problems.Retrieved on September 9, 2007.Kaspersky Lab (July 24, 2006).Retrieved on August 19, 2006.McAfee discovers first Linux virus.Bliss, a Linux "virus".The external links in this article may not comply with Wikipedia's content policies or guidelines.The original paper published on the topic"
Article: "How Computer Viruses Work"
Article: "Are 'Good' Computer Viruses Still a Bad Idea?"This page was last modified 23:31, 7 January 2008."This feature works only with new browsers.Download the latest virus removal tools from McAfee Security.These tools automatically perform virus detection and removal tasks for specific viruses.If your system is infected, the tools will remove the virus and repair any damage.Find out which viruses are infecting PCs in your neighborhood and around the world.Be prepared for the next scheduled virus payloads strike with the help of this comprehensive calendar.Definitions
What is a Virus?Computer Worms are viruses that reside in the active memory of a computer and duplicate themselves.Trojans are not viruses since they do not replicate, but Trojan horse programs can be just as destructive.Look up more definitions in our Virus Glossary.McAfee VirusScan Plus Keep your PC safe.Viruses depend on the host cells that they infect to reproduce.When found outside of host cells, viruses exist as a protein coat
or capsid, sometimes enclosed within a membrane.The capsid encloses
either DNA or RNA which codes for
the virus elements.While in this form outside the cell, the virus is
metabollically inert; examples of such forms are pictured below.Viral micrographs : To the left is an electron micrograph of a
cluster of influenza viruses, each about 100 nanometers (billionths of a meter)
long; both membrane and protein coat are visible.On the right is a micrograph of the virus that causes tobacco mosaic
disease in tobacco plants.When it comes into contact with a host cell, a virus can insert its genetic
material into its host, literally taking over the host's functions.Some viruses may remain dormant inside host cells for
long periods, causing no obvious change in their host cells (a stage known
as the lysogenic phase).The diagram below at right shows a virus that attacks
bacteria, known as the lambda bacteriophage, which measures
roughly 200 nanometers.Viruses cause a number of diseases in eukaryotes.AIDS are examples
of viral diseases.Viruses themselves have no fossil record, but it is quite possible that they
have left traces in the history of life.It has been hypothesized that viruses
may be responsible for some of the extinctions seen in the fossil
record (Emiliani, 1993).This theory is hard to test but seems unlikely, since a given virus
can typically cause disease only in one species or in a group of related
species.Even a hypothetical virus that could infect and kill all
dinosaurs,
65 million years ago, could not have infected the ammonites or
foraminifera
that also went extinct at the same time.On the other hand, because viruses can transfer genetic material between
different species of host, they are extensively used in genetic
engineering.Viruses also carry out natural "genetic engineering":
a virus may incorporate some genetic material from its host as it is
replicating, and transfer this genetic information to a new host,
even to a host unrelated to the previous host.The image of influenza virus was provided by the
Department
of Veterinary Sciences
of the Queen's University of Belfast.The tobacco mosaic virus picture was
provided by the
Rothamstead Experimental Station.Both servers have extensive archives of virus images.The Institute
for Molecular Virology of
the University of Wisconsin has a lot of excellent information on viruses,
including news, course notes, and some magnificent
computer images and animations of viruses.Tagline:
Life on earth is in for a shock.Plot Outline:
Seeking refuge from a typhoon, the crew of an American tugboat boards a top secret Russian research vessel and finds it infected by an alien life form which regards humans as a virus which must be destroyed at any cost!Plot Synopsis:
This plot synopsis is empty.Complete credited cast) Jamie Lee Curtis ...Captain Robert EvertonJoanna Pacula ...The entire shot has been mirrored for some reason, as the mechanical parts fused to the torso have also switched sides.Thank you, your vote will be counted and appear on this page within 24 hours.OK, by the half way mark Virus is turning into a pretty
typical
aliens are here to destroy us movie, but till then it's a reasonably
suspenseful, not badly written, well cast and well acted film.Was the above comment useful to you?You may report errors and omissions on this page to the IMDb database managers.Internet Movie Database Inc.Terms and Privacy Policy under which this service is provided to you.Enter a word for a definition...Viruses can also replicate themselves.All computer viruses are manmade.Even such a simple virus is dangerous because it will quickly use all available memory and bring the system to a halt.An even more dangerous type of virus is one capable of transmitting itself across networks and bypassing security systems.Since 1987, when a virus infected ARPANET, a large network used by the Defense Department and many universities, many antivirus programs have become available.Some people distinguish between general viruses and worms.Provides businesses with network IPS protection and performance against worms, viruses, trojans, DDoS attacks, and Microsoft vulnerabilities.Get Peace of Mind today.Provides links to downloadable software for virus scanning.The site provides users with information from a variety of sources, including experts at security product and services firms, and the consultants who follow the security industry.This page displays company news and product information, as well as links to virus descriptions and online technical support.The Symantec Antivirus Research Center offers a wealth of information on viruses.It begins with a list of hot topics (new virus and virus products), and also provides links to virus alerts, an information database, references, submit virus samples, Macintosh viruses, and Symantec virus product information.Webopedia's "Did You Know...CIAC Virus Myth and Hoaxes SiteCreated as a public service by the Computer Incident Advisory Capability (CIAC) to educate people about virus myths and hoaxes.Computer Virus MythsContains information about the newest hoaxes as well as background on computer viruses and myths, opinions and editorials, and recommended books and Web sites.Virus Info DatabaseThis is Symantec's Virus Info Database.You can search for a virus by name or refer to general virus information.Maintenance free network Hhardware.Spam, Sends Daily Report on False Positives with Easy White List and Black List Function.Copyright 2008 Jupitermedia Corporation All Rights Reserved.The Big Picture Book of Viruses is intended to serve as both a catalog of virus pictures on the Internet and as an educational resource to those seeking more information about viruses.There are several ways to access the information in the Big Picture Book of Viruses.All viruses are listed according to the family to which they have been assigned by the International Committee on Taxonomy of Viruses (ICTV).The images and other data can be obtained by the routes listed at the left.On this page, several types of information about viruses can be found.First and foremost, we show you what they look like, either by electron microscopy or by computerassisted imaging.The viral images are listed by their taxonomic groups.Images listed have been gathered from several well known sources on the web.Line Courses) about the viruses, and links to other WWW sites (All the Virology on the WWW) with additional information.The full table of contents of this site's parent with links to all the virology web sites.If you know of a virus picture that is not listed here, or would like to update the listing of a site, please use our virology site submission form or email me with the address.We are counting on a continuation of community support to keep this site up to date.Are you interested in more information, or assistance with your organization's Web site?Learn about computer virus myths, hoaxes, urban legends, hysteria, and the implications if you believe in them.This site is NOT sponsored by computer security companies.Hoaxes, myths, urban legends
Hoax virus alerts
Publicity stunt virus alerts
Corporate shenanigans gone awry...Joke virus alerts (not considered hoaxes)
Misconceptions about genuine threats
Overblown computer security threats
It exists, but it won't destroy the Internet as predicted...VB2002 part 3: whole economies might die with the Internet
The world's most prestigious virus conference took place in New Orleans.Did Mother Nature give the virus experts a better perspective?These do not have to be declared unless overriding a default.In computers, a virus is a program or programming code that replicates by being copied or initiating its copying to another program, computer boot sector or document.Some viruses wreak their effect as soon as their code is executed; other viruses lie dormant until circumstances cause their code to be executed by the computer.Some viruses are benign or playful in intent and effect ("Happy Birthday, Ludwig!"Generally, there are three main classes of viruses:File infectors.Some file infector viruses attach themselves to program files, usually selected .Some can infect any program for which execution is requested, including .When the program is loaded, the virus is loaded as well.These viruses infect executable code found in certain system areas on a disk.They attach to the DOS boot sector on diskettes or the Master Boot Record on hard disks.When your operating system is running, files on the diskette can be read without triggering the boot disk virus.However, if you leave the diskette in the drive, and then turn the computer off or reload the operating system, the computer will look first in your A drive, find the diskette with its boot disk virus, load it, and make it temporarily impossible to use your hard disk.These are among the most common viruses, and they tend to do the least damage.Macro viruses infect your Microsoft Word application and typically insert unwanted words or phrases.Unless the warning is from a source you recognize, chances are good that the warning is a virus hoax.The computer virus, of course, gets its name from the biological virus.The word itself comes from a Latin word meaning slimy liquid or poison.Do you have something to add to this definition?A, Mike Chapple explains how IPS...Web sites, events and magazines. |
 |
 |
|
|
|
|
|
