ViruS ComPuTeR

Mac OS X: The First Virus

Throughout time, Windows has been known as the most virus-prone of all operating systems. Vulnerabilities in the Microsoft Windows Explorer web browser and the Windows system itself exposes this platform to a wide range of threats from viruses and worms to spyware. For this reason, more users have turned to other systems for an infection-free computing environment.

Up until recently, Windows was thought to be the only system capable of contracting viruses and other malware. However, Linux has also been infected and Apple's Mac OS X is the latest victim of the infamous malicious code.

The Virus Discovery

On February 16, 2006, SophosLabs announced the detection of the very first virus written for the Mac OS X platform. OSXLeap-A, often referred to as OSX/Oompa-A, is an infection that spreads via the Macintosh iChat instant messaging system. It operates by forwarding itself as a "LATESTPICS.TGZ" file to the contacts on the buddy list of an infected user. When the archived file is opened, its contents are disguised with a graphic icon in JPEG format, which attempts to trick the recipient into believing it is a harmless file. The virus uses the "OOMPA" text as a marker in the forks of the infected program which prevents it from compromising the same files.

Is it a Virus or Trojan?

Following word of the infection, several members of the Macintosh community stated that Leap was actually a Trojan horse and not a virus. Their reason being was that the infection required user intervention, which is receiving the file in iChat, choosing to manually open it and executing the payload. However, this is not how a Trojan functions. A Trojan is a seemingly useful program purposely designed to damage a computer or install other malicious applications. Additionally, a Trojan does not self replicate and includes no mechanisms that enables it to spread itself. In most cases, it is deliberately incorporated onto a website, accidently distributed by another user or sent via spam email. Aside from that, the malicious code of Trojan contains nothing that will allow it to be automatically distributed to other victims.

OSXLeap-A is specifically designed to use the iChat messaging system to propagate itself to other users. It also requires action by the user in order to be executed and further spread the infection, therefore it is aptly termed as a computer virus.

Staying Smart

While several Macintosh computer users once had the belief that their system was incapable of harboring viruses, Leap proves that the threat of malware on this platform is real. Security experts suggest that the Mac users can no longer live worry free, as caution must now be practiced at all times, just as if you were running a Windows operating system.

Experts also advise all Mac OS X computer users to practice safe computing by cautiously surfing the web and keeping their anti-virus software updated with the latest virus definitions.

Anti-Virus Solutions for the Mac OS X

- Norton Internet Security for Macintosh

- McAfee Virus Scan for Mac

- Sophos Anti-virus

- Intego Virus Barrier

- ClamXav

Threat of RFID Viruses

Viruses pose a threat to more than the Windows operating system. They are becoming more common on systems that once seemed impervious to infection, along with other devices such as cell phones and MP3 players. The most alarming presence is found in common products using RFID technology.

What is RFID?

RFID (Radio Frequency Identification) is one of the latest trends in computer miniaturization. An RFID transponder is a tiny, high-powered computer with limited resources. It contains an RFID tag, which is inductively powered by an external reading device. Once activated, the RFID tag decodes incoming queries and generates an accurate response using the energy of incoming radio waves, which powers the chip just long enough to respond. In general, an RFID tag has a limited amount of processing power and capacity at 1024 bits of storage.

RFID is useful in many different applications, including those for automated payments, supply chain management, counterfeit prevention, airline luggage management, and physical access control. RFID tags are also commonly implanted in various consumer goods, such as toll collection devices, public transportation passes, passports and much more. This technology has even been approved by the Food and Drug Administration with a product known as Veriship, a device deployed commercially and in the medical field.

The Viruses Attacking RFID

While RFID has revolutionized the world of computers, several malicious individuals have taken an interest in this technology as well. Members of the hacker community have learned to take advantage of RFID, causing these tags to behave in questionable ways by inserting viral codes. Below we have composed an example of just how scary this exploit can be.

Several airports have been in discussion with plans to expedite luggage handling by attaching RFID-supported labels to bags as they are checked in. This will make labels much easier to read from a greater distance than the bar-coded labels currently in use. Now consider this - a shady airline traveler attaches a virus-inserted RFID tag to the luggage of a random victim just before they check in. When the airline's RFID reader scans the tag to determine where it should be routed, it responds with the virus, which infects the entire baggage database. From there, all subsequent passengers checking in their luggage may also be infected.

Just being infected is a mild example. An RFID virus may contain a payload that could completely wipe out a database, causing luggage to be re-routed and possibly aid the process of drug smuggling. What's even more troubling is the fact that many State Departments have began to distribute RFID-supported passports. Considering where this technology is being deployed, RFID becomes both a computer security and economic concern. So why are these vulnerabilities being so openly publicized? According to researchers, revealing the threat of RFID viruses and worms will eventually teach consumers antivirus efforst that will prevent them from spreading.

RFID infections seem inevitable as many computer systems are vulnerable to viruses. At the same time, we still use them regardless of the lingering threat which will is bound to be the case with RFID-supported items. Let's just hope that this new research will prompt the industry to enhance the security of readers, tags and back-end systems before RFID viruses evolve from theory to a dreadful reality.

Recovering from a Worm or Virus Infection

How do you know if your network has been infected by a malicious program such as a worm or virus? Unfortunately, there are no identifying standards, but there are a number of telling symptoms. You may have noticed performance issues with your computer. Perhaps your web browser keeps crashing. Maybe some of your files or programs will not open. When these conditions occur, it's time to investigate and trace the route of the problem.

More often than not, worms and viruses have some type of impact on your computer, whether it's subtly impacting the normal functions or completely erasing files. The best way to learn if you've truly been infected is to run an anti-virus scanner, which will alert you of malicious codes. If harmful items are detected, you need to take immediate action to minimize the damage, get on the road to recovery and stay protected.

What You Should Do to Recover from an Infection

If the infection occurs in a network setting, you should instantly contact the IT department or system administrators. The sooner the investigation begins, the sooner your computer and other machines in the network can be restored. If the infection occurs at home, immediately disconnect your laptop or desktop computer from the internet. This will prevent viruses and intruders from accessing data and making changes to the system, essentially giving you a bit of control.

After taking the first step, you must work on ridding the system of infection. If an anti-virus program is installed on your computer, you should manually perform a full-system scan. In some cases, a worm or virus can have such an impact that it renders anti-virus software useless.

If the program cannot detect or remove the infection, you may need to completely reinstall the operating system, a move that is liable to erase every file and program on your computer. After reinstalling the operating system, be sure to implement another anti-virus program along with patches for all known system vulnerabilities. Furthermore, your anti-virus solution should be kept current with the latest updates in order to protect the latest threats.

Limiting the Chance of Another Infection

Dealing with the recovery efforts caused by a worm or virus can be very frustrating. These troublesome infections can cost your business a lot of time, money and sensitive data. The following precautions can be taken to protect yourself against future infections:

Change all passwords - Regardless if you lost any sensitive data or not, your original passwords may have been compromised during the time of infection. For this reason, you should immediately change every system password including those corresponding to web sites.

Put up a firewall - A firewall will help to prevent many infections by restricting access from malicious traffic. When installing a program, be sure that your firewall is always turned "ON."

Use anti-spyware program - Your anti-virus program may protect you from worms and viruses, but what about other threats? Since malicious programs such as spyware have the ability to download viruses and other infections, it's wise to implement additional technology.

Last but not least, you can take extra precautions by backing up sensitive data on an external storage medium. This will enable you to rebound quickly if worms or viruses happen to strike again.

Good Computer Viruses: The Future?

Even with all the damage viruses have inflicted over the years, a handful of experts believe that computer viruses could actually be used for good one day. How is this possible? Similar to the ethical worm, these viruses would mainly be used to distribute network patches to repair vulnerabilities. Here is a bit more on the theory.

The Function of a "Good" Computer Virus

First of all, the virus would have to exclude the primary function of a typical virus, which is running on a victimized machine without authorization. The propagation would be similar to the one used for malicious purposes, but instead deliver a good payload, opposed to one that is destructive. Because of this, experts believe that anyone found guilty of distributing a good virus should be charged with the same offense as someone distributing malicious code, though with reduced penalties, as the damage is liable to be not as severe.

However, this supposed good virus would not only spread and execute itself without permission, but also consume bandwidth, disk space, memory and processor cycles. All of these factors could possibly result in the denial of the those resources to system administrators, a condition more commonly termed as a DoS (denial-of-service) attack.

Good vs. Malicious Viruses

Another problem would be distinguishing the good virus from malicious programs. While identifying a known virus is fairly easy with the right technology, separating it from the unknown good code may be difficult. Since a good number of legitimate programs have been known to damage and mistakenly remove files, this ability alone isn't enough to truly identify malware. Perhaps this good virus would be limited to removing programs, as it can combine its code with an individual program. However, this would certainly be an inconvenience for those developing self-extracting archive software. Assuming this as the major obstacle, how would a good virus distinguish another from a malicious program? Both would behave similarly with the tendency to damage or destroy other files. One would only hope that creators of these viruses carefully script their codes to identify other good variants, a task that seems difficult or next to impossible when considering polymorphism.

Good viruses would have to be written to near perfection for a number of reasons. If they happen to mistakenly delete software and operating system patches, they would essentially be just as much trouble as malicious viruses. There is also the strong possibly of unscrupulous characters mutating the good virus with evil strains. These new strains are likely to be identified as good viruses, even though they contain a destructive payload, one capable of destroying all other identifiable good viruses.

With so much still in the air, we may find ourselves reflecting on the day when good viruses first invaded our systems, strengthening the malicious epidemic. If these viruses of the future aren't written properly, they could inevitably improve the breed of destructive programs just before being wiped out by variants of their own code. While this is certainly a hot topic, many security experts believe that spreading good viruses could eventually end up causing more harm than good.

How to Run a Virus Scan

You simply can't put a price on security these days. Any computer with an online connection must be shielded from the many threats lurking on the internet. Just imagine a malicious program slithering into your system, executing itself and offsetting a wave of destruction within a matter of minutes. The impact of an infection may range from subtle to devastating; slowing down the performance of your computer or deleting all of your important files and rendering your applications inoperable. Without implementing the proper security measures, all of the above could be your reality.

When malicious items such a virus, worm or Trojan enters your system, it may be days or even weeks before you're aware of the problem. The best way to learn if your computer has been infected is to run a virus scan on all system files and directories. A scan is a basic function performed by anti-virus software. This component thoroughly combs the hard drive of your computer in search of harmful or unwanted items. If questionable items are detected, the scanner displays a description of the file and the nature of the infection.

Simple Steps for Long-Term Protection

Running a virus scan is a simple yet essential step towards protecting your computer. As internet threats continue to evolve into huge problems, technology has enabled security experts to fight back with advanced solutions. There are now many available options for running a virus scan on your computer. You may begin by signing online and performing a scan over the internet. In this case, the scanner typically searches and detects infections but requires you to buy the full version of a particular program to the eradicate the threat. You also have totally free software such as products by ClamWin and AVG. These programs run a complete scan of your system, are thorough at detecting threats and removing them as well. The most reliable protection is much more expensive yet well worth it when considering the level of security implementation. Programs developed by leading brand name vendors such as McAfee, Symantec and Kaspersky offer all-in-one solutions capable of detecting viruses, spyware and more complex types of malware. They are often coupled with firewall components to keep intruders out of your system and also receive daily updates to keep you protected against the latest threats roaming the web.

Start with a Virus Scanner

By installing a virus scanner, you're essentially activating 24/7 protection for your computer. The scan engine can be easily configured to run on a predetermined schedule or right at your command. It may also function continuously in the background as you knockout important everyday tasks, an automated process that keeps you productive and safe at the same time.

With a virus scanner on deck, the chances of contracting a nasty infection are drastically reduced. This allows you to surf the web in confidence, tend to all of your emails and download important files without being concerned with malicious threats. More importantly, it brings a piece of mind by knowing your computer will perform like a champ over a significant period of time.

How to Conduct Virus Repair

The internal files of your computer are very essential to its operation. From system memory to the registry, these areas are used to process the actions of the machine and all programs installed on it. Aside from hackers looking for passwords and access codes, a virus poses the biggest threat to your computer system.

A virus is a complex program that may contain one or several malicious codes. Just like a human virus, it has the ability to move from host to host, infecting various system files in the process. It is often attached to genuine files and then downloaded onto your computer. When the machine reboots, the file is executed and the madness begins. A virus can function in the background without you suspecting a thing. It can falter the performance of your computer, cripple your applications, completely destroy your files, deploy other infections and even leave you wide open to hacking attempts.

Quickly Begin the Repair Process

If you suspect that your machine has been infected, it is important to act fast and eliminate the problem with a virus repair solution. This can actually be performed in number of ways. The most affordable option calls for a free anti-virus program. Many are available online and can detect viruses and other threats rather efficiently. ClamWin and free editions of AVG are programs that have established a reputation for not only finding viruses, but deleting them as well.

Another option to consider is purchasing high-grade anti-virus software. Products from McAfee and Symantec provide all-in-one solutions that protect against malware, phishing scams, spam email and hacking attempts. These programs become more advanced and reliable with each new edition, practically automating the security process and reducing the user's workload.

Lastly, you can take the machine into a shop with an onsite certified virus repair technician and allow them to clear up the mess. If your computer is totally consumed with viruses, Trojans and spyware, completing erasing the hard drive may be the only option. While this may be a frustrating an ordeal if important data is lost, your computer will typically function like new with the installation of a fresh operating system. A good technician will clear your computer of all infections and supply it with a dependable anti-virus program. Even if it's security on a trial-basis, you'll be protected for the time being and know of what action to take to keep things that way.

Regardless what method of virus repair you choose, ridding your computer of infection is the most important aspect of all. By doing this you will optimize performance, free up space on the hard drive and greatly improve the overall health of your machine.

When detecting a virus, be sure to precisely follow the instructions provided to you, whether its from the anti-virus program or a technician. If the scanner detects an infection but isn't equipped with the features required to eradicate it, the virus removal technician is probably your best option. By doing a bit of research in advance, you should come to trust their advice and ability to get your computer on the road to recovery.

Understanding the Resident Virus

Viruses are a tremendous threat to anyone with a connection to the internet. These nasty programs typically install and execute themselves without the victim's knowledge. The impact of a virus ranges widely from slowing down the performance of your computer to completely erasing all of your important files. In most cases, it will distribute itself to other machines you communicate with, giving it the ability to cripple an entire network. Regardless of how severe the consequence, a virus is something you do not want on your computer.

What is a Resident Virus?

A resident virus is one of the most common types of computer infections. It functions by installing malicious code into the memory of your computer, infecting current programs and any others you may install in the future. In order to achieve this, the resident virus needs to find a method to allocate memory for itself, meaning it must find somewhere to hide. Additionally, it must establish a process that activates the resident code to begin infecting other files.

A resident virus may use a number of different techniques to spread it's infection. One of the most overlooked methods involves the TSR (Terminate-Stay-Resident) interrupt function. While this method is the easiest to invoke infection, it is also easily detected by a virus scanner. A more desired technique involves the manipulation of MBCs (memory control blocks). Lastly, a virus needs to attach itself to specific interrupts in order to launch the resident code. For instance, if a virus is programmed to activate each time a program is run, it must be hooked to interrupt functions designated for loading and executing that particular application.

Structure of the Virus

The replication module within a resident virus is quite similar to that of a nonresident infection. The virus loads the replication module into computer memory when executing, ensuring that it is launched each time the operating system is requested to perform a particular function. For instance, the replication module may called upon a WPD. word file. In this scenario, the resident virus may eventually infect every program suited for the executable file on the computer.

Resident viruses are composed of two primary categories: fast infectors and slow infectors. Fast infectors are specifically designed to corrupt as many files it can as quickly as possible. In simpler terms, it has the ability to infect every host file accessed on the computer. This complex structure creates a significant problem for anti-virus programs as many of the scanners they employ are designed to check every host file when conducting a full-system scan. If the scan fails to detect that such a virus resides in the memory, the infection can then "piggy-back" on the scanner and infect any file it searches.

Slow infectors are designed to infrequently infect hosts. For example, they often only infect files that are copied. They are able to limit their activity in order to avoid the detection of a user. Slow infectors gradually falter the performance of your computer, giving little indication to the presence of a virus. Because of this, they aren't very effective and are easily detected by a virus scanner.

Methods of Detection

In many instances, a resident virus can be detected by the average computer user. This is done by referring to the map of your local hard drive. The recommended and more efficient method involves installing an anti-virus program with in-depth scanning capability

Beware of the Overwriting Virus

Computer viruses come in numerous forms with many different functions. Some are rather simplistic and can be detected by the average user while others are complex and go unseen for sometime. The most common viruses fall under the classification of file infectors, which operate by infecting executable files. They achieve this by inserting their malicious code into an area of the original file, allowing it to be executed whenever the file is accessed. Some of them are able to completely overwrite a file, rendering an entire program useless.

Considering their destructive nature, overwriting viruses have been identified as the most dangerous of them all. They have been known to exploit a wide range of operating systems including Linux, Macintosh, Windows and DOS platforms. Once a victim file has been infected, it is then overwritten with a malicious code from the virus. If a user does not spot the infection in time, an overwriting virus can inflict irreversible damage to numerous files. A system that has been compromised by this type of infection can easily become unstable and eventually inoperable. Files that have been corrupted by the overwriting virus cannot be disinfected. Instead they must be completely deleted and restored from a backup source.

Well-Known Overwriting Viruses

Grog.377 - Known as a non-memory resident virus, it interprets a random sector of a hard disk in search of special instructions. If instructions exist, it overwrites that part of the sector with a malicious code. When launched, the infection can inflict considerable damage on system BIOS and prevent a computer from booting up.

Grog.202/456 - Two of the most dangerous overwriting viruses. They seek out COM. files in the current directory, quickly deleting and replacing the content with malicious code. If no COM. files are found in that particular directory, the GROG virus dials a random phone number over the user's modem in search of interconnected network computers. Both of these infections are also considered to be non-memory overwriting viruses.

Loveletter - Perhaps the most complex overwriting virus. Like other variants, it's main intend is to seek out files and overwrite them with malicious code. What makes this virus different is that it acts as file infector, an email worm and a Trojan horse capable of downloading other types of malware.

Overwriting viruses were initially deployed because of their effectiveness; a way for the infection to infuse itself with an innocent file. This corrupts the original file in such a way that it can't be disinfected. Many of them are able to escape the scanner of an anti-virus program, making no alterations to the victim file so changes aren't detected.

While they were very effective, most malicious codes do not write this type of virus anymore. Many tend to focus on tempting users with genuine Trojan horses and distributing malware via email. At the same time, you must keep your computer protected from all probable threats at all times. Your best bet would be installing a quality anti-virus program and conducting frequent scans for suspicious activity.

Plagued by Boot Infectors?

Has your computer been dragging as of late? All of a sudden you can't access certain files or programs - your system keeps crashing. If so, you just may have a malicious program controlling the system from the internal sectors of your computer - you just may have contracted a boot infector, a virus that has compromised thousands of computers.

Boot infectors go by many different aliases: boot sector infectors, boot record infectors, boot viruses and system viruses. Regardless of the name, they are rather common and can be very destructive. A boot infector attacks the critical section of a floppy disk or hard drive that helps to start your computer. When the computer starts up, the malicious code is launched by the system and your machine becomes wide open to virus coders. The deployment of the infection gives them sort of a guarantee for future attacks. With enough skill, an intruder can obtain complete control over your system and take what ever actions they desire.

Like all viruses, a boot infector functions with the intend of spreading the infection throughout the host system. It usually copies itself to a sector and creates bad sectors along with it's malicious code. It then attempts to execute itself when the computer is booted and claim control as the system continues to run. Some are able to trap other types of boot request such as "CTRL, ATL, DEL", allowing the virus to remain in control even when the system is booted by a non-infective floppy disk. This results in the clean copy becoming instantly infected.

The Pakistani Brain virus is one of the most popular boot infectors This infection has been upgraded in a way that enables it to easily infect hard disks, completely destroy FAT entries, numerous files, and terribly slow down the performance of a computer.

Effects on Windows

Microsoft Windows is known for being more vulnerable to computer viruses and other exploits. In fact, many of the infections commonly used today were specifically coded for Windows platforms. In many instances, a file infector such as a resident virus can prevent an older DOS system from starting at all. When this occurs, the victim will typically have knowledge of the problem. From there they can make an attempt with virus removal software, though taking the machine to a technician would probably be the best move.

However, a Windows system that contracts a boot infector will behave quite differently and is susceptible to great damage. With a boot virus, the operating system will not only start, but spread the infection from within Windows. Because of subtle movement, it may be a good while before a user learns they have contracted a boot infection. The computer will often start up without flaw and function as expected for sometime. Eventually, the virus will distribute itself to numerous sectors and slowly begin a wave of infection. Without a reliable anti-virus program, the victim will typically have no knowledge of the infection and see no need to get rid of it.

Understanding the Macro Virus

A macro virus is a computer infection written in macro language, which is commonly built into word processing applications. In general, macros is a series of commands and executions that help automate specific tasks. Regardless of how they are created, they must be executed by a system able to interpret stored commands. Some macro systems are actually self-contained utilities while others are built into more advanced applications that allow users to easily repeat a sequence of commands or enable a programmer to customize the application to suite the user's needs.

What has made some programs vulnerable to the macro virus is a feature that allows macros to be stored in the documents that are edited, processed and saved by the application. This means that a virus can be easily attached to a document without the user's knowledge and executed upon opening the file. This provides a mechanism that enables the infection to spread throughout the system.

How it Functions

A macro virus may be distributed via email, floppy disk, network sharing, a modem and compromised sites on the internet. Since most macros automatically start when a documented is opened and closed, a macros virus seeks to replace the original with it's malicious code. From their, the infection tags the replacement code with the same name and functions when the command is executed which happens when a user accesses the file.

Once opened, the macro virus begins to embed itself within other documents and templates. It also makes preparations to infect any files that will eventually be created. Depending on what resources it is able to access, a macro virus can damage other areas of the operating system. This occurs as the infected documents are shared amongst other users and devices.

One of the most popular variations of this infection is the Melissa Virus, first detected in 1999. It spread via email attachment and infected any recipient who opened it. This virus manipulated the victim's address book and distributed itself to numerous email contacts, enabling it to replicate at an alarming rate.

A macro virus has the ability to infect nearly any system running word processing software. This is because it seeks to corrupt that application opposed to the operating system. The virus has been known to attack computers running Mac OS X, Windows and other platforms that are compatible with Microsoft Word.

Prevention

Because of the wide spread of macro viruses, it is important to remain cautious of the emails you receive. Many of the messages waiting in your inbox are attached with financial scams and malicious programs. By downloading an attachment from these unsolicited messages, a macro virus can be easily installed onto your computer, and from there, the madness begins.

The best defense against a macro virus is a reliable anti-virus program. A good scanner will check every file and directory in your system and even scan emails and attachments before you even open them. This small step is one that can save you a lot of time, money and the frustrations associated with internet threats.

Understanding the Polymorphic Virus

While most people have at least heard of them, not everyone is familiar with the functionality and technical details of a computer virus. The truth is that no two are exactly the same and their effects vary depending on design and implementation of code. Some are more subtle and present an annoyance to the user while others pose catastrophic threats capable of destroying an entire operating system. In either scenario, it is crucial that you take extreme measures to keep these infections away from your computer.

Taking Viruses to the Next Level

The polymorphic virus is one of the more complex computer threats. During the process of infection, it creates slightly modified, fully functional copies of itself. This is primarily done to elude the detection of a virus scanner as some are not able to identify different instances of an infection. One method it commonly uses to bypass a scanner involves self-encryption performed with a variable key. In order to create an effective polymorphic virus, a coder chooses from a number of different encryption schemes that require different methods of decryption, only one of which will remain plainly visible to all instances of the infection. A virus scanner based on a string-driven detection would have to find many different strings, one for each probable decryption scheme. This is the best technique for reliably identifying this type of virus.

More advanced forms of the polymorphic virus alter the instruction sequences of their variants by interspersing decryption instructions with other instructions designed to fail the process of encryption. It may also interchange mutually independent instructions to load inaccurate arbitrary values such as moving "0" to "A" or replacing "A" with "B". A basic virus scanner would have no way to effectively identify all variants of the infection. Even a more advanced program has to thoroughly research this type of various and make special configurations to their scanner in order to detect it.

The Big Brother of All Polymorphic Viruses

One of the most complex forms of the polymorphic virus known today relies on its MtE (Mutation Engine), which is essentially a type of object module. The Mutation Engine allows any virus to reach a polymorphic state when implementing specific codes to the program source code and linking to modules able to generate random numbers.

The evolution of polymorphic viruses has made the jobs of many security experts much more difficult. Adding more scan strings is often a frustrating and expensive task for software developers. At the same time these additional implementations are needed as the average scanner simply isn't efficient enough to manage these type of viruses.

You don't have to be a computer technician or an anti-virus expert to know these infections are bad news. A virus of this nature can easily corrupt your system and go undetected for months; capable of rendering it inoperable if action is not taken in a timely fashion. Your best defense lies in a scanner equipped with the latest virus definitions. This will keep the infections out of your system and stop the madness of polymorphism dead in it's tracks

The Dangers of the Companion Virus

It's amazing yet unsettling to know that a computer virus can infect the files on your system without altering a single byte. In fact, this is done quite frequently in a number of different ways. The most common method is employed by the companion virus, also known as the spawning virus or the cluster virus. Instead of modifying the existing files in your system like most viruses, it creates new ones and sends them off to spread the malicious code.

The companion virus works by seeking all files with extensions ending in EXE. It then creates a matching file that ends in the COM. extension, which is specifically reserved for the malicious code. Though it is possible for EXE. and COM. files to have similar names, the instance is very rare. In most cases, this is merely an indication of this deceptive infection. When this does occur, the companion virus typically will not the modify the existing COM. file.

How the Companion Virus Works

Here is an example of how this infection operates:

The companion virus is downloaded on your computer and unknowingly executed. When the time comes to spread the infection, it searches the system and finds a file labeled MGM.EXE. From there it creates a matching file that contains the virus and labels it MGM.EXE. This file is typically placed in a directory with the EXE. file though it can also be inserted into any directory along a number of different paths. When you access the MGM.EXE file, the operating system executes the MGM.COM file instead. The virus is then executed and proceeds to infect other files on the system.

The companion virus is very sophisticated and may take several steps towards hiding it's presence. At times, the infection attempts to conceal the extra files by storing them in a different directory, applying hidden attributes that are invisible to normal commands. It can effectively conceal these files when active in system memory while distributing itself to other areas of the computer to spread the infection.

Finding the Virus

While the companion virus is somewhat of a nuisance, it's easily detected because of the presence of the additional COM. files. Your computer should have a map of the hard drive that enables you to ensure the integrity of these files. By analyzing it you will be able to determine what should actually be on the hard drive. From there you can locate the virus and safely remove it yourself.

If analyzing the map of your hard drive sounds like too much trouble, you can elude the hassle by installing a reliable anti-virus program on your computer. The scanner will thoroughly comb the files and directories of your system in search of companion viruses and many other security threats. Keep in mind that an integrity checking program that only seeks out modifications in existing files and will not be able to detect such a complex virus.

Similar to most computer infections, the best defense against a companion virus is prevention. You can protect yourself by remaining cautious of the sites you visit on the internet and never downloading the attachment of an unsolicited email.

Protecting against File Infectors

By merely surfing the internet, you are exposing yourself to a wide range of security threats. Some of the most common dangers are computer viruses. Many types of viruses may attempt to slither into your computer and spread an infection throughout the system. And while several are similar in function, most have notable distinctions that set them apart.

Categories of File Infectors

According to Symantec, one the leading developers of anti-virus software, all viruses fall under five major categories:

- MBR (Master Boot Record) viruses

- Macro viruses

- Multi-part viruses

- Boot sector viruses

- File infector viruses

As the name indicates, the role of a file infector is to infect the files of a computer. This is one of the most frequently deployed viruses and has been known to inflict considerable damage. Upon running a program that has been corrupted by a file infector, the virus duplicates the malicious code and applies it to other executable applications on the computer. Files that are the most vulnerable to this type of infection bare the extensions of EXE. ( execute) and .COM (command), though any file capable of execution can be infected.

A popular example of the file infector is the Cascade virus, an infection that has basically become obsolete. The original variation of this virus was designed to deliver a payload from October 1^st through December 31^st in 1988. Upon execution, the characters on the victim's monitor descend and find themselves piled at the bottom of the screen. The Cascade virus has spawned a number of variants over the years, most of which have displayed the same basic function.

A more recent example of a file infector is the Cleevix virus, which is reported as being first discovered in January of 2006. When executed, it seeks out the current directory, the system directory and the Windows directory. It then infects all portable executable files within them. Because the infection typically displays a message upon execution, it is fairly easy to detect. Other than being equipped with a few encryption features, Cleevix as a rather simple virus that can be removed with ease.

Characteristics of File Infectors

Although there are many different kinds of file infector viruses, most of them operate the same and take the following course of actions.

- Once a user executes an infected file, the virus copies the file and places into an area where it can be executed. In most cases, this would be the RAM.

- The malicious code runs first while the infected file remains quiescent

- The virus then copies itself in a location separate from where the infection occurred, allowing it to continuously infect files as the user functions other programs

- When the initial process is set in to place, the virus grants control back to the infected file

- When a user opens another application, the dormant virus proceeds to run again. It then inserts a copy of itself into files that were previously uninfected which enables the cycle to repeat consistently

File infectors can be both a nuisance, as well as a tremendous threat to your computer. For this reason, it is recommended to protect your system with anti-virus software that receives free updates for the latest virus definitions.

Understanding Program Infectors

There is a lot of infection malware circulating throughout the internet, all of which can easily find its way to you. The internet has become an open platform for malicious individuals distributing spam emails carrying scams, self replicating network worms and Trojans capable of launching intrusive spyware. All of these harmful programs are often associated with a virus, one of the greatest threats posed to your computer.

With all of the nasty infections cluttering cyberspace, it is important to build a virtual fortress around your computer to keep the intruders away. A great place to start is learning more about the most common viruses and how they function.

Viruses are classified in many different ways and have spawned several variants. Three major types include boot infectors, system infectors and general program infectors. Boot infectors are typically installed into the boot sector of a floppy disk or hard drive. Popular examples of this infection are the Alameda virus and the Pakistani Brain Virus. System infectors spread by attaching to a device driver or module of the operating system. An example would be the Lehigh virus which uses components from another host to infect areas of an operating system.

Program infectors make up the largest classification of viruses. It has the ability to attach itself to any kind of application software, taking complete control when the infected program is run. From there, it roams the system in search of other host programs, whether they're on the hard drive or a floppy disk. After finding victims, the infection spreads further, giving control back to the original program. It many instances, a user may have no indication of a virus as programs may function normally for sometime. Over time, the applications will endure complication or corrupt the system due to multiple infections.

Considering the numerous variations, program infectors stand to cause major problems for home computer users and large networks alike. These viruses replicate themselves at a fast rate, claiming loads of memory and bogging down your machine. One of the biggest concerns involves having all of your important files overwritten and replaced with malicious codes. This could be data pertaining to online confirmations, purchase details or payroll information. Losing these files to a virus could spell disaster for several people. Program infectors can completely shut down your favorite applications and render your devices useless.

Methods of Prevention

With the prevalence of malicious viruses we endure in the internet-era, many users have taken extreme measures to prevent these threats from attacking their systems. Here are a few tips to keep you safe program infectors and several other viruses:

- make backup copies of all data files and programs on a regular basis

- use extreme caution when downloading public-domain software and always scan the program for viruses

- always boot an operating system from a write-protected disk

- remain aware of unusual activity in regard to programs or the system itself

Trusted Security Software

In addition to the basic security procedures, you can keep the viruses at bay with a number anti-virus programs. These solutions are widely available and can be installed on your system in minutes and start protecting you right away.

Protecting against the FAT Virus

The FAT, short for File Allocation Table, is a mechanism employed by Microsoft and used in most Windows operating systems. It's job is to keep track of all the contents on a disk. The FAT is basically a chart which contains numbers that correspond to cluster addresses on a hard drive.

FAT12, the oldest version of the File Allocation Table, uses a 12-bit binary system. This type of system is no longer used to format a hard drive as the maximum volume size was quite limited. If a computer running Windows 95 or higher displays the File Allocation Table as FAT12, it is likely that the hard drive is terribly corrupted and may be infected with a virus.

A FAT virus can be rather dangerous as it infects a vital part of the computer's operational process. It has the ability to prevent access to certain sections on the hard drive where important files are located. As the virus spreads it's infection, these files or even entire directories can be overwritten and permanently lost.

The Link Virus

Computer viruses are generally classified in accordance to what they infect, and the way they spread infection. A common threat to the File Allocation Table is the link virus. Instead of inserting a malicious code directly into infected files, it distributes itself by manipulating the method in which files are accessed by the FAT file system. Once an infected file is executed, a link virus typically slithers into resident memory and writes a hidden file to the disk. Subsequently, it alters the FAT in a way that cross-links other files to a sector of the disk that contains the viral code. As a result, the operating system jumps to the original code and launches it whenever an infected file is run, granting complete control to the virus.

How Linking Works

The technique of cross-linking can be detected when a CHKDSK program is run, though a FAT virus could employ a stealth mode to conceal changes when it resides in the memory.

Some of these viruses do not rely on executable files to infect the FAT. Instead they copy themselves to a wide range of folders and wait to be launched by the user. Many virus writers give their infections names such WINSTART.BAT or INSTALL.EXE to persuade a user into launching a file that contains the malicious code.

An FAT virus will not modify host files. It can, however, force the operating system to execute the viral code altering specific fields in the FAT file system, which can be just as damaging.

Link viruses and other infections that attack the File Allocation Table of a computer are complex and often difficult to identify. Most of the time, a user will have no knowledge of its presence as the virus gradually corrupts the computer.

If you happen to experience performance issues that indicate an FAT virus, you can refer to the map of your hard drive to learn what files should actually be in the system. If viruses are identified, you can simply place them in the recycle bin yourself.

Recognizing the Multipartite Virus

Being infected with a virus can be a real drag ... literally. A virus can tremendously falter the performance of your computer, overwrite important files and eventually make your programs unaccessible. The infection is liable to spread so widely that normal activity such as surfing the internet may become impossible.

Viruses are composed of many different classifications, often termed by the areas they corrupt as well as their method of infection. Most are placed into the categories of file infectors, boot infectors and system infectors; all known to inflict a great amount of damage. Also common are macro viruses, which tend to be less harmful than other types. They are known to infect word processing applications by inserting unwanted text or phrases. One of the most dangerous and complex infections threatening computer users is the multipartite virus, also referred to as the multi-part of the hybrid virus.

The multipartite virus combines the characteristics of more than one type which gives it the ability to infect boot system sectors as well as program files. It often infects the section on a hard drive that contains data which instructs the machine on how to boot up. Whenever the computer starts, the virus is automatically distributed throughout the system. This enables it to spread and infect program files, causing a user to unknowingly invoke the virus, resulting in more destructive payloads being delivered into the system.

Ghostball, the first multipartite virus, was discovered by a member of the Icelandic company, FRISK Software International Corporation. Later variants include the Emperor, Tequila and Anthrax.

Signs of the Virus

Although the effects of some infections are subtle and go unnoticed, a multipartite virus tends to work fast. Here is what you should look for:

• the controllers for your drives are no longer present in the "Device Manager"

• you receive constant messages stating that virtual memory is low

• the content on your screen looks as if it's melting

• the size of your applications and files keep changing

• your hard drive reformats itself

• the extensions of your word processing documents are modified from DOC. to DOT.

• your programs take much longer to load than before or will not open at all

Security Measures against the Multipartite Virus

A multipartite virus is often quite difficult to eliminate. If the infected boot sectors are disinfected but the corrupted files are not, those sectors will be re-infected within a matter of minutes. If the infected program files are cleaned but the virus remains present in the boot sectors, those files will eventually be infected again. Because of it's multi-infectious nature, it will repeatedly infect a host system if not completely eliminated. Because of this, many security experts have suggested that the best defense against this virus is prevention opposed to a cure. They also recommend that users practice various security measures by doing the following:

- install quality anti-virus software

- make sure virus definitions of the scanner are regularly updated

- never open an attachment from an unsolicited message

- taking caution when surfing the internet and downloading files from a questionable website