ViruS ComPuTeR

Understanding the Resident Virus

Viruses are a tremendous threat to anyone with a connection to the internet. These nasty programs typically install and execute themselves without the victim's knowledge. The impact of a virus ranges widely from slowing down the performance of your computer to completely erasing all of your important files. In most cases, it will distribute itself to other machines you communicate with, giving it the ability to cripple an entire network. Regardless of how severe the consequence, a virus is something you do not want on your computer.

What is a Resident Virus?

A resident virus is one of the most common types of computer infections. It functions by installing malicious code into the memory of your computer, infecting current programs and any others you may install in the future. In order to achieve this, the resident virus needs to find a method to allocate memory for itself, meaning it must find somewhere to hide. Additionally, it must establish a process that activates the resident code to begin infecting other files.

A resident virus may use a number of different techniques to spread it's infection. One of the most overlooked methods involves the TSR (Terminate-Stay-Resident) interrupt function. While this method is the easiest to invoke infection, it is also easily detected by a virus scanner. A more desired technique involves the manipulation of MBCs (memory control blocks). Lastly, a virus needs to attach itself to specific interrupts in order to launch the resident code. For instance, if a virus is programmed to activate each time a program is run, it must be hooked to interrupt functions designated for loading and executing that particular application.

Structure of the Virus

The replication module within a resident virus is quite similar to that of a nonresident infection. The virus loads the replication module into computer memory when executing, ensuring that it is launched each time the operating system is requested to perform a particular function. For instance, the replication module may called upon a WPD. word file. In this scenario, the resident virus may eventually infect every program suited for the executable file on the computer.

Resident viruses are composed of two primary categories: fast infectors and slow infectors. Fast infectors are specifically designed to corrupt as many files it can as quickly as possible. In simpler terms, it has the ability to infect every host file accessed on the computer. This complex structure creates a significant problem for anti-virus programs as many of the scanners they employ are designed to check every host file when conducting a full-system scan. If the scan fails to detect that such a virus resides in the memory, the infection can then "piggy-back" on the scanner and infect any file it searches.

Slow infectors are designed to infrequently infect hosts. For example, they often only infect files that are copied. They are able to limit their activity in order to avoid the detection of a user. Slow infectors gradually falter the performance of your computer, giving little indication to the presence of a virus. Because of this, they aren't very effective and are easily detected by a virus scanner.

Methods of Detection

In many instances, a resident virus can be detected by the average computer user. This is done by referring to the map of your local hard drive. The recommended and more efficient method involves installing an anti-virus program with in-depth scanning capability

Understanding the Macro Virus

A macro virus is a computer infection written in macro language, which is commonly built into word processing applications. In general, macros is a series of commands and executions that help automate specific tasks. Regardless of how they are created, they must be executed by a system able to interpret stored commands. Some macro systems are actually self-contained utilities while others are built into more advanced applications that allow users to easily repeat a sequence of commands or enable a programmer to customize the application to suite the user's needs.

What has made some programs vulnerable to the macro virus is a feature that allows macros to be stored in the documents that are edited, processed and saved by the application. This means that a virus can be easily attached to a document without the user's knowledge and executed upon opening the file. This provides a mechanism that enables the infection to spread throughout the system.

How it Functions

A macro virus may be distributed via email, floppy disk, network sharing, a modem and compromised sites on the internet. Since most macros automatically start when a documented is opened and closed, a macros virus seeks to replace the original with it's malicious code. From their, the infection tags the replacement code with the same name and functions when the command is executed which happens when a user accesses the file.

Once opened, the macro virus begins to embed itself within other documents and templates. It also makes preparations to infect any files that will eventually be created. Depending on what resources it is able to access, a macro virus can damage other areas of the operating system. This occurs as the infected documents are shared amongst other users and devices.

One of the most popular variations of this infection is the Melissa Virus, first detected in 1999. It spread via email attachment and infected any recipient who opened it. This virus manipulated the victim's address book and distributed itself to numerous email contacts, enabling it to replicate at an alarming rate.

A macro virus has the ability to infect nearly any system running word processing software. This is because it seeks to corrupt that application opposed to the operating system. The virus has been known to attack computers running Mac OS X, Windows and other platforms that are compatible with Microsoft Word.

Prevention

Because of the wide spread of macro viruses, it is important to remain cautious of the emails you receive. Many of the messages waiting in your inbox are attached with financial scams and malicious programs. By downloading an attachment from these unsolicited messages, a macro virus can be easily installed onto your computer, and from there, the madness begins.

The best defense against a macro virus is a reliable anti-virus program. A good scanner will check every file and directory in your system and even scan emails and attachments before you even open them. This small step is one that can save you a lot of time, money and the frustrations associated with internet threats.

Understanding the Polymorphic Virus

While most people have at least heard of them, not everyone is familiar with the functionality and technical details of a computer virus. The truth is that no two are exactly the same and their effects vary depending on design and implementation of code. Some are more subtle and present an annoyance to the user while others pose catastrophic threats capable of destroying an entire operating system. In either scenario, it is crucial that you take extreme measures to keep these infections away from your computer.

Taking Viruses to the Next Level

The polymorphic virus is one of the more complex computer threats. During the process of infection, it creates slightly modified, fully functional copies of itself. This is primarily done to elude the detection of a virus scanner as some are not able to identify different instances of an infection. One method it commonly uses to bypass a scanner involves self-encryption performed with a variable key. In order to create an effective polymorphic virus, a coder chooses from a number of different encryption schemes that require different methods of decryption, only one of which will remain plainly visible to all instances of the infection. A virus scanner based on a string-driven detection would have to find many different strings, one for each probable decryption scheme. This is the best technique for reliably identifying this type of virus.

More advanced forms of the polymorphic virus alter the instruction sequences of their variants by interspersing decryption instructions with other instructions designed to fail the process of encryption. It may also interchange mutually independent instructions to load inaccurate arbitrary values such as moving "0" to "A" or replacing "A" with "B". A basic virus scanner would have no way to effectively identify all variants of the infection. Even a more advanced program has to thoroughly research this type of various and make special configurations to their scanner in order to detect it.

The Big Brother of All Polymorphic Viruses

One of the most complex forms of the polymorphic virus known today relies on its MtE (Mutation Engine), which is essentially a type of object module. The Mutation Engine allows any virus to reach a polymorphic state when implementing specific codes to the program source code and linking to modules able to generate random numbers.

The evolution of polymorphic viruses has made the jobs of many security experts much more difficult. Adding more scan strings is often a frustrating and expensive task for software developers. At the same time these additional implementations are needed as the average scanner simply isn't efficient enough to manage these type of viruses.

You don't have to be a computer technician or an anti-virus expert to know these infections are bad news. A virus of this nature can easily corrupt your system and go undetected for months; capable of rendering it inoperable if action is not taken in a timely fashion. Your best defense lies in a scanner equipped with the latest virus definitions. This will keep the infections out of your system and stop the madness of polymorphism dead in it's tracks

The Dangers of the Companion Virus

It's amazing yet unsettling to know that a computer virus can infect the files on your system without altering a single byte. In fact, this is done quite frequently in a number of different ways. The most common method is employed by the companion virus, also known as the spawning virus or the cluster virus. Instead of modifying the existing files in your system like most viruses, it creates new ones and sends them off to spread the malicious code.

The companion virus works by seeking all files with extensions ending in EXE. It then creates a matching file that ends in the COM. extension, which is specifically reserved for the malicious code. Though it is possible for EXE. and COM. files to have similar names, the instance is very rare. In most cases, this is merely an indication of this deceptive infection. When this does occur, the companion virus typically will not the modify the existing COM. file.

How the Companion Virus Works

Here is an example of how this infection operates:

The companion virus is downloaded on your computer and unknowingly executed. When the time comes to spread the infection, it searches the system and finds a file labeled MGM.EXE. From there it creates a matching file that contains the virus and labels it MGM.EXE. This file is typically placed in a directory with the EXE. file though it can also be inserted into any directory along a number of different paths. When you access the MGM.EXE file, the operating system executes the MGM.COM file instead. The virus is then executed and proceeds to infect other files on the system.

The companion virus is very sophisticated and may take several steps towards hiding it's presence. At times, the infection attempts to conceal the extra files by storing them in a different directory, applying hidden attributes that are invisible to normal commands. It can effectively conceal these files when active in system memory while distributing itself to other areas of the computer to spread the infection.

Finding the Virus

While the companion virus is somewhat of a nuisance, it's easily detected because of the presence of the additional COM. files. Your computer should have a map of the hard drive that enables you to ensure the integrity of these files. By analyzing it you will be able to determine what should actually be on the hard drive. From there you can locate the virus and safely remove it yourself.

If analyzing the map of your hard drive sounds like too much trouble, you can elude the hassle by installing a reliable anti-virus program on your computer. The scanner will thoroughly comb the files and directories of your system in search of companion viruses and many other security threats. Keep in mind that an integrity checking program that only seeks out modifications in existing files and will not be able to detect such a complex virus.

Similar to most computer infections, the best defense against a companion virus is prevention. You can protect yourself by remaining cautious of the sites you visit on the internet and never downloading the attachment of an unsolicited email.

Spotting the Stealth Virus

By nature, a computer virus must modify something in the host system in order for it to become active. This may be a specific file, a boot sector, or a partition sector, more commonly known as a MBR (Master Boot Record). Regardless of what it is, it must be modified in some type of way. Unless the infection takes control of portions in the system to manage accesses to modifications that have been made, the changes will typically become visible, leaving the virus exposed. This very nature has led writers to design malicious codes that are for more elusive.

Understand the Stealth Virus

A stealth virus is one that conceals the changes it makes. This is done by taking control of system functions that interpret files or system sectors. When other applications request data from portions of the system modified by the virus, the infection reports back the accurate, unchanged data, instead of the malicious code. In order for this to occur, the virus must be actively present in the memory.

An example of a stealth infection is Brain, the very fist DOS virus. Brain is a system infector that begins by monitoring physical disks. It then redirects all attempts to read an infected sector to sections on the disk where the original, uninfected boot sector is located. Other viruses to follow this trend were Frodo and the Number of the Beast, two viruses classified as file infectors.

How the Stealth Virus Works

It is important to know that many viruses not only hide, but encrypt the original data they have infected. Some victims may use traditional DOS commands such as FDISK/MBR or SYS to fix the problem, an instance that could make things much worse. If the virus is overwritten with FDISK/MBR, the hard drive will have no way to recognize what's in the partition table and cannot access the encrypted data without aid of the virus. For this reason, anti-virus software is recommended to eradicate a stealth virus rather than self maintenance.

Virus coders mainly use the stealth approach to elude virus scanners. Those that have not been designed to do so, because the malicious code is fairly new or the user's anti-virus software isn't up to date, are often described as stealth viruses as well. The stealth technique is a contributing factor to why most anti-virus programs function best when the system is booted from a clean CD or floppy disk. By doing this, the infection is not able to seize control of the system and the changes it makes can be exposed and immediately dealt with.

In general, a stealth virus will hide itself in system memory every time a program scanner is run. It employs various techniques to hide any changes so that when the scanner looks for altered sections, the virus redirects it to any area that contains the clean, uninfected data. A more advanced anti-virus program can detect a stealth virus by searching for evidence of changes within system sectors along with areas that are more susceptible to attack, regardless of how it is booted.

You've Got Email Virus

Viruses have been around for sometime in the world of computing. They have become much more prevalent in today's society thanks to modern technologies such as the internet. Malicious code writers essentially changed the environment of computing with the creation of email viruses. Take Melissa for example. Released in 1999, this infection is known as one of the most devastating viruses of all time. Melissa distributed itself through Microsoft Word documents distributed via email. Here is how it functioned:

The Email Virus Origin

The virus was originally created as a Word document and was then uploaded via email to an internet newsgroup. Any recipient who opened the email, downloaded the document and opened it on their computer, unknowingly triggered Melissa's payload. From there, the virus sent itself as a document to the first 50 contacts in the victim's address book. The email was attached with a friendly note which included the recipient's name. This was done to make the virus appear harmless and trick them into opening it. It then created 50 new infected documents from that victim's machine. At this continuous rate, Melissa quickly became the fastest spreading virus seen by anyone at the time. The virus was so severe that it resulted in a number of large commercial companies disabling their email systems.

Melissa was so powerful because it capitalized on a vulnerability found in the Microsoft Word programming language known as VBA (Visual Basic for Applications). VBA is a complete language that can be programmed to perform actions such as modifying files and distributing emails. It also includes a rather useful yet dangerous function known as "auto-execute". The Melissa virus was programmed by inserting malicious code into a document, enabling it to be executed whenever someone opened it.

The ILOVEYOU virus, which was first detected in May of 2000, was much more simple than Melissa. The malicious code it contained came in the form of an attachment. Any recipient who clicked on the attachment unknowingly executed the code. This email virus then distributed copies of itself to contacts in the user's address book, enabling the infection to spread at a rapid rate. Because ILOVEYOU was also known to unload different types of infections, some experts have labeled it a Trojan rather than a virus.

Fueling Email Viruses

Since they are known to exploit common vulnerabilities in word processing applications, email viruses fall under the classification of macro viruses. Because of their wide spread nature, most Microsoft applications are equipped with a feature known as Macro Virus Protection, which helps to prevent ths type of infection. When this feature is enabled, a dialog box is displayed to warn the user of any document attempting to execute a malicious code. Unfortunately, many users have limited knowledge on macros or macro viruses, causing them to ignore the warning and unknowingly allow the infection to launch.

This type of feature would be useless against the ILOVE virus which was entirely human powered. Overall, the infection was fueled by the willingness of a human recipient to click on the virus and initiate it's execution.

Dialer Virus

Most computers have internet access these days and there's a very good reason for this. The internet is a very useful tool for many different applications. But, there are plenty of nasty things on the internet that you need to be wary of. If you're not careful then you are in danger of losing control of your computer due to viruses.

Most people connect to the internet through a broadband internet connection. However, if you still connect through a dial up connection then you will want to pay attention to the threats of dialer viruses.

What Is A Dialer Virus?

Dialer Viruses are a special type of Trojan horse which will do one of two things. It either replaces the number in your internet connection dial up settings to become a premium rate number, or it simply has an auto dialer on your computer which will sit there continually dialing a certain premium rate number.

If you ever get a much more expensive phone bill than normal then it could be a result of a dialer virus. Some people have been billed for over $5000 as a result of a dialer virus, which is why you have to be careful.

You may spend hours arguing with the phone company and assure them that you have never made the calls to these 1-900 numbers. But, this certainly isn't a mistake and your computer is to blame. You need to be very careful to avoid this old computer scam because it could cost you thousands of dollars.

Where Did It Start

An auto dialer is not a new idea. It was created by telecom companies as a way of marketing products using the phone to a large number of people at the same time. These phone companies also created a system where people could pay for things even if they didn't have a credit card by adding them onto their phone bill.

These 1-900 services are premium rate numbers and are easy to access. People can phone for gambling tips, weather, and horoscopes without paying with their credit card. These numbers will be charged at the end of the month.

How Do Auto-dialers Get On Your PC?

Auto dialers are just like any other computer virus and they get installed onto your computer without your knowledge. You need to prevent your computer from becoming infected with any viruses and to do this you should use an antivirus scanner. Firewalls are also important tools to prevent your computer from becoming infected with a virus.

Pay attention to these dialer viruses so that they don't end up costing you thousands of dollars on your phone bill.

The Danger of Malware

Malware is the term given to any software which causes harm to your computer. There are many different types of malware, each of which is slightly different. Computer viruses, Trojans, Worms, Adware and Spyware are all considered as Malware.

Viruses

A virus is a computer program capable of self replication. This means that once a computer is infected with a virus it can spread to lots of other files on your computer. Before the internet was common viruses spread through floppy disks. Thanks to the internet, viruses can now spread much easier than ever through file downloads.

Trojans

A Trojan is not by definition a computer virus because it cannot normally make copies of itself. Although there are some Trojans which can self replicate, these blur the boundaries slightly. A Trojan is named after the Greek Trojan horse. It simply means a seemingly useful application which opens a backdoor.

You may have no idea that you are infected with a virus, however it will open a secret backdoor into your computer which hackers can use to steal your information.

Worms

A worm is another slightly different type of malware. Like viruses they are capable of self replication but unlike viruses they are capable of sending themselves to lots of different people. These spread automatically by sending messages to people on your contact list. These are very dangerous and some of the most famous examples of malware are in fact worms.

Spyware

Spyware is similar to a Trojan but instead of allowing a hacker access to your PC, it just sits silently spying on you. Spyware can steal your credit card numbers, bank account information, and anything else that your computer knows about you.

Spyware is often bundled in with other pieces of software which means it gets installed without your knowledge.

Adware

Adware is virtually the same as spyware although it is not always a malicious program. These sit on your computer and will try to display relevant adverts to you. Many of these display so many adverts that they slow your PC down. Others will display adult content to your children which can be very troubling and upsetting.

Malware can cause harm to your computer and make it unreliable. To fight against malware and protect your computer you need a barrage of tools. These tools include virus scanners, spyware scanners, and firewalls. These utilities are available for free on certain websites and there are also complete security suites available for purchase which makes looking after your computer really easy.

How Your PC Gets Infected With Trojans

Computer programs are written for a wide variety of different tasks. Rather worryingly, not all of these programs are kind to your computer. There are a number of pieces of software which can compromise the security of your computer.

What Is A Trojan?

You have probably heard about computer viruses. A Trojan is a special type of virus designed to open a backdoor into your computer. They are named after the Greek Trojan horse because they work in a similar way.

Trojans are installed on your computer without your knowledge. These allow people to easily log into your computer and do a variety of different tasks. Criminals can use Trojans to spy on your computer and find out what you are doing.

It's even possible for these criminals to turn on your webcam and find out what you look like. This software can also be used to steal your credit card details, and potentially your entire identity. Your identity is very valuable and something that you need to be very careful of.

Infecting Your PC With Trojans

Trojans are very easy to get on your computer and usually spread through internet downloads. Fines downloaded from the internet can include Trojans which are installed without your knowledge or approval.

These Trojans are very dangerous and put the data on your PC at risk. Everyone realizes the importance of security on the internet, however many don't realize that their security can be easily compromised. Trojans can put all sorts of information at risk even if the server is secure.

Danger Of Trojans

Trojans are very dangerous for a number of reasons. You enter all sorts of things into your computer. Whenever you pay for anything you will enter your credit card details. It would be very easy for hackers to use Trojans to steal your credit card numbers and all sorts of other information.

Trojans can also be used to steal your passwords, and also spy on you. Sometimes hackers will use these Trojans to install viruses. These can further compromise the security of your PC.

Getting Rid Of Trojans

If you want to get rid of Trojans and protect your computer then you will need a virus scanner. There are many different virus scanners available on the internet. Make sure you carefully choose a virus scanner which will be able to offer ongoing protection.

Don't just stick to virus scanners designed to scan your computer. Make sure the virus scanner you are considering using also has a resident shield. This will protect your computer from danger as you carry on using it. Computers are very useful and that's why you need to protect them from danger.

Computer Virus: The Types of Viruses Out There

A computer virus is usually hard to detect if it's disguised as a harmless file, in the case of a Trojan horse virus. This type of virus doesn't replicate itself like most viruses, but instead opens your computer up to malicious imposters. Leaving you to wonder, how can you tell if you're computer is infected?

Luckily, your computer after coming in contact with a virus or worm will display some symptoms and signs of infection. It is particularly useful to know the signs that indicate an infection. Because you can unintentionally introduce a virus to your computer at anytime when you run an infected program or open an email attachment. To guard against this you need a good anti-virus program

Signs of a Computer Infection

Some signs that may indicate that your computer is infected include:

• Your computer functions slower than normal
• Your computer responds slowly and freezes often
• Your computer restarts itself often
• You see uncommon error messages, distorted menus, and dialog boxes
• You notice applications on your computer fail to work correctly
• You fail to print correctly

Types of Viruses

But what are the types of computer viruses and worms that you're computer can come into contact with? The list of viruses is quiet long and complex. So, we simplified the list by mentioning few broad categories of viruses that can put your computer and all your personal data on it, in danger. These computer viruses include:

Computer Viruses

Boot Sector viruses: A boot sector virus infects diskettes and hard drives. All disks and hard drives contain smaller sections called sectors. The first sector is called the boot. The boot carries the Mater Boot Record (MBR). MBR functions to read and load the operating system. So, if a virus infects the boot or MBR of a disk, such as a floppy disk, your hard drive can become infected, if you re-boot your computer while the infected disk is in the drive. Once your hard drive is infected all diskettes that you use in your computer will be infected. Boot sector viruses often spread to other computers by the use of shared infected disks and pirated software applications. The best way to disinfect your computer of the boot sector virus is by using antivirus software.

Program viruses: A program virus becomes active when the program file (usually with extensions .BIN, .COM, .EXE, .OVL, .DRV) carrying the virus is opened. Once active, the virus will make copies of itself and will infect other programs on the computer.

Multipartite viruses: A multipartite virus is a hybrid of a Boot Sector and Program viruses. It infects program files and when the infected program is active it will affect the boot record. So the next time you start up your computer it'll infect your local drive and other programs on your computer.

Stealth viruses: A stealth virus can disguise itself by using certain tactics to prevent being detected by antivirus software. These tactics include altering its file size, concealing itself in memory, and so on. This type of virus is nothing new, in fact, the first computer virus, dubbed Brain, was a stealth virus. A good antivirus should be able to detect a stealth virus lurking on your hard drive by checking the areas the virus infected and evidence in memory.

Polymorphic viruses: A polymorphic virus acts like a chameleon, changing its virus signature (also known as binary pattern) every time it multiples and infects a new file. By changing binary patterns, a polymorphic virus becomes hard to detect by an antivirus program.

Macro Viruses: A macro virus is programmed as a macro embedded in a document. Many applications, such as Microsoft Word and Excel, support macro languages. Once a macro virus gets on to your computer, every document you produce will become infected. This type of virus is relatively new and may slip by your antivirus software if you don't have the most recent version installed on your computer. .

Active X and Java Control: Some users do not know how to manage and control their web browser to allow or prohibit certain functions to work, such as enabling or disabling sound, pop ups, and so on. Leaving your computer in danger of being targeted by unwanted software or adware floating in cyberspace.