Overwriting Virus

Posted: Kamis, 29 April 2010 by VIruS Of WinDoWS in Label:
0

Beware of the Overwriting Virus

Computer viruses come in numerous forms with many different functions. Some are rather simplistic and can be detected by the average user while others are complex and go unseen for sometime. The most common viruses fall under the classification of file infectors, which operate by infecting executable files. They achieve this by inserting their malicious code into an area of the original file, allowing it to be executed whenever the file is accessed. Some of them are able to completely overwrite a file, rendering an entire program useless.

Considering their destructive nature, overwriting viruses have been identified as the most dangerous of them all. They have been known to exploit a wide range of operating systems including Linux, Macintosh, Windows and DOS platforms. Once a victim file has been infected, it is then overwritten with a malicious code from the virus. If a user does not spot the infection in time, an overwriting virus can inflict irreversible damage to numerous files. A system that has been compromised by this type of infection can easily become unstable and eventually inoperable. Files that have been corrupted by the overwriting virus cannot be disinfected. Instead they must be completely deleted and restored from a backup source.

Well-Known Overwriting Viruses

Grog.377 - Known as a non-memory resident virus, it interprets a random sector of a hard disk in search of special instructions. If instructions exist, it overwrites that part of the sector with a malicious code. When launched, the infection can inflict considerable damage on system BIOS and prevent a computer from booting up.

Grog.202/456 - Two of the most dangerous overwriting viruses. They seek out COM. files in the current directory, quickly deleting and replacing the content with malicious code. If no COM. files are found in that particular directory, the GROG virus dials a random phone number over the user's modem in search of interconnected network computers. Both of these infections are also considered to be non-memory overwriting viruses.

Loveletter - Perhaps the most complex overwriting virus. Like other variants, it's main intend is to seek out files and overwrite them with malicious code. What makes this virus different is that it acts as file infector, an email worm and a Trojan horse capable of downloading other types of malware.

Overwriting viruses were initially deployed because of their effectiveness; a way for the infection to infuse itself with an innocent file. This corrupts the original file in such a way that it can't be disinfected. Many of them are able to escape the scanner of an anti-virus program, making no alterations to the victim file so changes aren't detected.

While they were very effective, most malicious codes do not write this type of virus anymore. Many tend to focus on tempting users with genuine Trojan horses and distributing malware via email. At the same time, you must keep your computer protected from all probable threats at all times. Your best bet would be installing a quality anti-virus program and conducting frequent scans for suspicious activity.

0 komentar: