Most frequent symptoms of infection

• Slow down your computer: The computer is working much more slowly than usual. Takes a long time to open applications or programs. The operating system takes a long time to perform simple tasks that usually do not require much time;
• Inability to run a program or open a specific file;
• Disappearance of files and folders: files stored in specific folders (usually those belonging to the operating system or certain applications) have disappeared since deleted from the virus. Could be lost entire folders and directories;
• Inability to access the contents of files: opening a file, you receive an error message or simply can not be opened. A virus may have changed the File Allocation Table (FAT) that causes the loss of addresses that are the starting point for locating files;
• Error messages unexpected or unusual: Displaying dialog boxes contain messages absurd, funny, mischievous or aggressive;
• Reduction of space in the memory and hard drive, significantly reducing the free space on your hard disk, when a program is running, you receive a message indicating insufficient memory to do so (although this is not true and there are no other programs open)
• Bad sectors you are alerted of the existence of errors in the disk on which you are working and warned that the file can not be saved or that you can not perform an action,
• Changes in ownership of the file: The virus modifies some or all of the files it infects. Consequently are no longer correct or change the properties associated with the infected file. Among the properties most affected: time / date (of creation or last modified), size, etc;
• Operating system error: operations normally performed and supported by the operating system determines the error messages, the execution of operational requirements or the failure to execute the transaction request;
• Duplication of files: if there are two files with the same name but with extension EXE, COM, respectively, the COM extension will be a virus. Viruses do so because if there are two files with the same name as the operating system will always first with the COM extension;
• Renaming of files: a virus can rename files infected and / or specific files;
• Problems starting the computer: The computer does not start or not start in the usual way;
• Computer crash: despite the opening of a few or no programs and the lack of a heavy load on the system, it hangs ( ‘Crash’), making it necessary to use the Task Manager to remove the blocked task or reboot the computer ;
• Stopping the running program without the user has performed operations unexpected or done something that could have caused this result;
• Opening and closing the CD / DVD without user intervention;
• Keyboard and / or mouse not working properly: the keyboard does not write what is typed by the user or transactions which do not correspond to your key presses. The mouse pointer moves by itself or independently from the movement requested by the user;
• Disappearance of sections of windows specific sections (buttons, menus, texts etc.) that should appear in a particular window are missing or not displayed. Or in windows in which should not appear anything but icons appear strange or unusual content (e.g., in the Windows taskbar).

Spontaneous Reboot the computer

• Antivirus turned off automatically;
• Programs suddenly no longer functional or dysfunctional;
• Slowness of Internet connection;
• Issuance by the computer sound unusual;
• Microsoft Internet Explorer crashes or otherwise malfunctioning, ensuring the continuity errors (for example, fails to close the applications)

Keep in mind that the symptoms described above may be due to causes other than viruses. In the case of presence of one or more of these symptoms, it is advisable to run a virus scan of system;

Techniques Used For Detection Of Virus

There is a general method to identify viruses within a system. The detection techniques used by the virus are different: used simultaneously guarantee an excellent probability of detection of the presence of a virus. According to detection techniques used, the virus can be divided into three types:

• Monitoring programs: are aimed at preventing infection by monitoring for suspicious activity (for example, the request to format a disk or access to privileged areas of memory). They are important because they represent the first line of defense. But they are easy to pass through the technique of tunneling.
• Scanner searches for viruses through two techniques:
• a) For the comparison of signatures stored in an internal database with those possibly contained in files infected;
• b) For use of heuristics to viruses that are encrypted or unknown.

Programs detection: using two techniques:

1. Check the integrity: calculate the hash of files to be compared later with the new values resulting from a new calculation to verify that files have not changed in the meantime.
2. Heuristics: save enough information to restore the original file if it is damaged by a virus.

Study: From Wikipedia, the free encyclopedia. The text is available under the Creative Commons.

Methods Of Dissemination

What distinguishes the virus worms, and proper mode of replication and dissemination: a virus is a snippet of code that can not be run separately from a program host, while a worm is a stand-alone application. Also, some worms spread by exploiting security vulnerabilities, and therefore do not depend on whether the trick user to be performed.

Before the widespread use of Internet connections, the means of spreading the virus mainly from one machine to another was the exchange of floppy disks containing infected files or virus boot. The preferred vehicle of infection was instead represented today by e-mail communications and peer to peer networks (e.g., eMule).

In computer systems is customary to use the Windows registry keys necessary to enter into the new programs created ad hoc with the programmer of the virus that start automatically at startup. One of the weaknesses of Windows is its own registry. There are various programs to keep an eye on the dangerous in the Windows registry keys, one of which is Absolute Startup, which at regular intervals of time scans of areas at risk register to see if a new virus or crash program was added in those keys.

False Virus

The lack of knowledge of the mechanisms of spread of viruses and the manner in which the topic is often the media allow the spread of both viruses as virus hoax, also called the hoax: they are messages that warn of the spread of a terrible new phantom virus tones catastrophic and invite the recipient to forward it to as many people as possible. It is unclear how these false alarms are harmful as they increase the amount of spam and spreading false information, or even harmful.

Virus Yesterday And Today

Today, there are very few malicious code which can be attributed, really, the name of the virus. A time when the exchange took place via physical media file, usually a floppy drive, these were to be a vehicle of infection and therefore it was important, wanting to create a virus that spreads, that this was as silent as possible. They were written in assembly language, which makes them small, high performance yet insidious following the rule: if you do not know what to look figured if you know how to find it.

Speaking today of viruses, entering into details, but you make an error. It is aimed at, the term virus, all the malicious code can cause damage to a user. The exchange files via physical devices such as floppy disks, the almost total abandonment of self to make a boot procedure and recovery, has rendered obsolete the old concept of viruses, malicious code a little difficult to locate.

Nevertheless, the machines are increasingly powerful, consumers increasingly less and less prepared, broadband for all. The information travels from one end of the globe without physical constraints now, and so the malicious code.

The old concept of the virus was replaced with the more modern worms. The worms are not written in assembly but in most programming languages ever higher level, in close connivance with the operating system, in almost all cases, Windows, and its vulnerability.

All this makes the writing of malicious code much easier than before and the large number and diversity of worms with their variants is an obvious example. These new types of infections entering the system almost always alone exploiting the vulnerability, and they do not do much to hide, rather than replicate like worms infect files, which is a more complex and now abandoned.

Lately, they have become very fashionable and highly destructive payload, or which expose the victim to other types of attacks. The life of the worm is generally shorter than that of a virus because they identify, thanks to the Internet, has become a big business now more than in former times and is probably why more and more often leads developers to want a life span shorter for the machine that houses it, and some hair in less user.

The worms are acting increasingly as retrovirus and, wanting to run faster than the patch that corrects the vulnerability that allowed it to spread, often you are to update the antivirus when the code has already taken hold in the system.

Exchange Of Virus

Many virus programmers today, but particularly in the past, exchanged sources of virus to understand new programming techniques. Many exchanges of virus occurred through websites called VX. VX means Virus eXchange. Nowadays sites (at least public ones) dedicated to VX have been few, but we think that there are underground sites that contain databases accessible only to crew recent virus writer. You can get a virus through email, which installs the virus even if they are not open.

Continued…

Components of a Virus

The simplest viruses are composed of two essential parts, sufficient to ensure replication:

• A search routine, which takes care of finding files suitable for infected and check that they do not already contain a copy, in order to avoid repeated infections of the same file;
• A routine infection, with the task of copying the virus code within each file selected by the search routine so that it runs every time the infected file is opened in a manner transparent to the user.
• Many viruses are designed to run code alien to the purposes of replication of the virus itself, and thus contain two other elements:
• The routine activities, which contains the criteria by which the virus decides whether or not the attack (e.g., a date, or the attainment of a certain number of infected files);
• The payload, a sequence of instructions usually detrimental to the host system, such as deleting some files or viewing messages.

Viruses can be encrypted and maybe change algorithm and / or key every time you run, so they may contain three elements:

• A decryption routine, which contains instructions to decrypt the virus code;
• An encryption routine, usually encrypted itself, which contains the procedure to encrypt each copy of the virus;
• A routine mutation, which deals with changing the encryption and decryption routines for each new copy of the virus.

Classification criteria virus

Computer viruses can be divided into categories according to the following characteristics:

• Development Environment
• Operational capabilities of the algorithms
• Destructive capabilities.

There are also combination of the above categories: for example, there are viruses that are both boot viruses and file viruses. In this case their infection is more complex algorithm could perform different attacks.

Development environment

The viruses are grown on different physical media and therefore are classified as:

• File viruses, which in turn are divided into:
• or parasitic virus;
• or companion virus
• Link or virus;
• or overwriting virus;
• worm or file
• Boot virus;
• Macro viruses;
• Network viruses

Operational Capabilities of the Virus Algorithms

According to the characteristics of their algorithms, viruses are categorized in:

• TSR virus;
• Polymorphic viruses;
• Stealth viruses

In general there are many viruses that are only stealth, polymorphic, or TSR, they would be easily detectable. In reality, computer viruses are formed by a combination of the above.

Destructive capabilities

Depending on the type of damage, the viruses are classified as:

• Harmless: if they involve only a decrease of free disk space without any change in the operations of the computer;
• No harmful: if they involve only a decrease of free disk space, with the show graphics, sound or other multimedia effects.
• Harmful: may cause problems with normal operations of the computer (for example, deletion of parts of files);
• Very damaging: They cause damage difficult to recover as the deletion of key information for the system (formatting of portions of the disc).

Other Virus-type Threats

Once all the threats were viruses as defined above, then appeared and have specialized other threats, even though in common language continues to be improperly called “viruses”:

Backdoor
Or “back door” passage point through which you can take control of a computer.

Buffer overflows
Technique to send data that is longer than the scheduled beyond the capacity of the buffer.

DoS and its variant DRDoS
“Denial of service”; technique tempest of requests a single service in order to do it collapse.

Exploit
Techniques to take control of a computer by exploiting weaknesses (bugs) of the operating system or other programs that access the Internet.

Social engineering
Technical study of a target for snatch and lick confidence in contact.

Keylogger
Software once executed on a machine stored in a manner transparent to the user each key pressed in its own database. Is usually installed through a virus or backdoor, and is programmed so that network retransmits the data stored.

Phishing
Social engineering to obtain confidential information for the purpose of identity theft and personal information.

Port scanning
Technique to check the status (accepted, denied, dropped, filtered) of the 65,535 ports (socket) of a computer.

Rootkit
Programs that allow the virus to “hide” in the computer

Sniffing
Or “sniff” technique to intercept data in transit on the network and decode them.

Trojan
Or “Trojan horse” are generally malicious software (malware) hidden inside seemingly useful programs, and therefore the user does voluntarily. The type of malicious software that will run silently in the enforcement of the file the user can be either a virus that any kind of threat because it allows computer hacker who infected your computer to trace the IP address of victim.

War dialing
It Works with using a modem with the end of every phone call in a local network to find a computer along with the variations, and Wardriving and Warflying.

Continued…

History Of The Virus

In 1949 John von Neumann proved mathematically the possibility of constructing a computer program that can replicate itself. The concept of self-replicating program found its practical evolution in the early 60’s in the game, created by a group of programmers at Bell Laboratories of AT & T called “Core Wars”, in which more programs are needed to defeat overwrite each other. It was the beginning of the history of computer viruses.

The term “virus” was first used by Fred Cohen (1984) University of Southern California in his paper Experiments with Computer Viruses (experiments with computer viruses), where he pointed to Leonard Adleman as the one who coined that term. The definition of virus, was as follows: “A computer virus is a program that recursively and explicitly copies a possibly evolved version of itself.”

In 1972 David Gerrold wrote a science fiction novel The God Machine (When HARLE was One), where there is a description of a computer program called “virus” that does exactly the same things as a virus. John Brunner’s 1975 novel, wrote the code 4GH (The Shockwave Rider) that describes programs called “tapeworms” which infiltrate the network in order to erase all data. In 1973 the phrase “computer virus” was used in the film Westworld (Westworld). The term “computer virus” with the usual meaning is also involved in the ‘comic book “Uncanny X-Men” No. 158, published in 1982. It can therefore be said that Cohen had first use of the word virus only in the academic field, since this was already present in the spoken language.

A program called “Elk Clones” is credited as the first computer virus appeared in the world. It was created in 1982 by Rich Skrenta on the Apple DOS 3.3 and the infection was spread through the exchange of floppy disks. During the eighties and early nineties was the exchange of floppy the dominant mode of infection by computer viruses. Since the mid-nineties, however, with the spread of internet viruses and malware in general began to spread much more quickly, using the networking and the exchange of e-mail as a source for new infections. The favorite targets of these programs are mostly different versions of Windows.

The first computer virus known in the world was created in 1986 by two Pakistani brothers, owners of a computer store to punish those who illegally copying their software. The virus called Brain, spread throughout the world, and was the first example of viruses that infect the boot sector.

The first file infector appeared in 1987. His name Lehigh and only the infected file Command.com. Robert Morris Jr. in 1988 created the first worm in history. The following year, in 1989, there emerged the first polymorphic virus, with one of the most famous Vienna, and was released on AIDS trojan (a.k.a., Cyborg), very similar to modern-day trojan called PGPCoder. Both encode the data because the hard drive and then ask the user for a ransom to retrieve everything.

In 1995, the first macro virus, viruses written in the scripting language of Microsoft programs such as MS-Word and Outlook that infect primarily the various versions of Microsoft programs through the exchange of documents. Concept was the first macro virus history. In 1998, the birth of another virus history, Chernobyl or CIH, famous for overwriting the BIOS of the motherboard and hard drive partition table is infected every 26 month.

The mainstreaming of the Internet in the late 90s leads to modification of the techniques of viral spread: no more floppy but worms that spread via e-mail. Among the most prominent worm before 2000: Melissa and Happy99 Bubbleboy, the first worm that can exploit a flaw in Internet Explorer and Outlook Express by themselves without opening the attachment.

In 2000 the famous I Love You that starts the period of the script virus, the most insidious of the viruses spread through e-mail because exploiting the possibilities offered by programs like Outlook and Outlook Express to run active statements (called script), contained in e-mail mail written in HTML to perform potentially dangerous actions on the recipient’s computer.

Viruses made scripts are the most dangerous because they can activate themselves when the message is opened for reading. I Love You spread via email in millions of computers around the world, so that the arrest of its creator, a guy from the Philippines, had to intervene a special squad of the FBI. It was an e-mail message containing a small program that instructs the computer to postpone the newly arrived message to all the addresses in the phonebook of the victim, thus creating a kind of chain letter sent automatically at the end crashed mail server.

Since 2001, an increase of worms that spread to take advantage of flaws in programs or operating systems without user intervention. The peak in 2003 and 2004: SQL / Slammer, the fastest worm in history – in fifteen minutes after the first attack Slammer had already infected half of the servers that held up internet knocked the ATMs of Bank of America, turning off the 911 emergency service in Seattle and causing the cancellation still unexplained errors in services, ticketing and check-in, and the two most famous worm in history: Blaster and Sasser.

Any operating system that allows the execution of programs written by third system is a potential virus attack, but we must also recognize that there are operating systems less secure than others. Microsoft’s operating systems are most affected by the virus (also because of their distribution to an audience of ‘non-experts’), but there are also experimental viruses for other platforms. Systems based on the GNU project (GNU / Linux, GNU / Hurd, BSD, etc.) and on Mac OS X in the spread of a virus is very unlikely if the system is managed properly by the owner, also a virus on these systems can hardly fail to cause damage to the operating system.

Continued…

What Is A “Virus”?

In the computing software terms, virus belonging to the category of malware that is able to, once executed, can infect files in order to reproduce, making copies of itself, usually without discovery by the user. Viruses may or may not be directly harmful to the host operating system, but also, result in a waste of resources in terms of RAM, CPU and disk space.

As a general rule it is assumed that a virus might directly damage only the software of the machine that hosts it, although it may also indirectly cause damage to hardware, such as causing the overheating of the CPU by over-clocking, or stopping the cooling fan.

In common usage the term virus is frequently and inappropriately used as a synonym of malware, thus indicating also in turn categories of “weed” different, such as worms, Trojan horses and dialers. Those who create these viruses are virus writers.

Life Cycle Of A Virus

Computer viruses have many similarities with biological ones for what concerns the life cycle, which is divided into the following phases:

• Creation: it is the stage where the developer projects, programs and spreads the virus. Usually the cracker for the production of virus uses a low-level programming languages (such as the assembler and C) to obtain viral code of a few hundred bytes. Dissemination of software packages that allow even novice users to create very dangerous virus declassified the creation process even for people without skills.
• Incubation: the virus is present on your computer but does not appear to hit any activity. Remains inert until you experience the conditions for its activation;
• Infection: the virus infects the file so the system
• Activity: the occurrence of specific conditions by the cracker, the virus initiates action harmful.
• Propagation: The virus spreads infection, reproduce and infect both files in the same machine that other systems
• Recognition: The virus is recognized as such and are identified string of recognition, namely the signature that distinguishes each virus
• •    Grubbing is the last stage of the life cycle of the virus. The virus is eliminated from the system.

What Is A Virus, Where It Is And How It Works

A virus is composed of a set of instructions, like any other computer program. It is usually composed of a very small number of instructions (a few bytes to a few kilobytes), and is specialized to perform only a few simple operations and is optimized for use as few resources, so as to make them as invisible as possible. The main characteristic of a virus is to replicate and then spread into the computer every time you open the infected file.

However, a virus in itself is not an executable program, as well as a biological virus is not in itself a form of life. A virus to be activated, it must infect a host program, or a sequence of code that is launched automatically, such as in the case of boot sector virus.

The technique usually used by viruses is to infect the executable files: The virus also copies itself into the executable file that is infected, poses one of the first instructions that execute a jump to the forefront of his copy and the so it makes another leap to the top of the program. This way, when a user launches an infected program, it is executed the virus imperceptibly at first, and then by the program. The user sees the implementation of the program and does not realize that the virus is now running in memory and is undertaking various steps contained in its code.

Mainly a virus make copies of itself spreading the epidemic, but may also have other tasks much more detrimental (delete or damage files, format the hard drive, open the back doors, to display messages, drawings or change the appearance of videos, etc.)

Continued…