Components of a Virus

The simplest viruses are composed of two essential parts, sufficient to ensure replication:

• A search routine, which takes care of finding files suitable for infected and check that they do not already contain a copy, in order to avoid repeated infections of the same file;
• A routine infection, with the task of copying the virus code within each file selected by the search routine so that it runs every time the infected file is opened in a manner transparent to the user.
• Many viruses are designed to run code alien to the purposes of replication of the virus itself, and thus contain two other elements:
• The routine activities, which contains the criteria by which the virus decides whether or not the attack (e.g., a date, or the attainment of a certain number of infected files);
• The payload, a sequence of instructions usually detrimental to the host system, such as deleting some files or viewing messages.

Viruses can be encrypted and maybe change algorithm and / or key every time you run, so they may contain three elements:

• A decryption routine, which contains instructions to decrypt the virus code;
• An encryption routine, usually encrypted itself, which contains the procedure to encrypt each copy of the virus;
• A routine mutation, which deals with changing the encryption and decryption routines for each new copy of the virus.

Classification criteria virus

Computer viruses can be divided into categories according to the following characteristics:

• Development Environment
• Operational capabilities of the algorithms
• Destructive capabilities.

There are also combination of the above categories: for example, there are viruses that are both boot viruses and file viruses. In this case their infection is more complex algorithm could perform different attacks.

Development environment

The viruses are grown on different physical media and therefore are classified as:

• File viruses, which in turn are divided into:
• or parasitic virus;
• or companion virus
• Link or virus;
• or overwriting virus;
• worm or file
• Boot virus;
• Macro viruses;
• Network viruses

Operational Capabilities of the Virus Algorithms

According to the characteristics of their algorithms, viruses are categorized in:

• TSR virus;
• Polymorphic viruses;
• Stealth viruses

In general there are many viruses that are only stealth, polymorphic, or TSR, they would be easily detectable. In reality, computer viruses are formed by a combination of the above.

Destructive capabilities

Depending on the type of damage, the viruses are classified as:

• Harmless: if they involve only a decrease of free disk space without any change in the operations of the computer;
• No harmful: if they involve only a decrease of free disk space, with the show graphics, sound or other multimedia effects.
• Harmful: may cause problems with normal operations of the computer (for example, deletion of parts of files);
• Very damaging: They cause damage difficult to recover as the deletion of key information for the system (formatting of portions of the disc).

Other Virus-type Threats

Once all the threats were viruses as defined above, then appeared and have specialized other threats, even though in common language continues to be improperly called “viruses”:

Backdoor
Or “back door” passage point through which you can take control of a computer.

Buffer overflows
Technique to send data that is longer than the scheduled beyond the capacity of the buffer.

DoS and its variant DRDoS
“Denial of service”; technique tempest of requests a single service in order to do it collapse.

Exploit
Techniques to take control of a computer by exploiting weaknesses (bugs) of the operating system or other programs that access the Internet.

Social engineering
Technical study of a target for snatch and lick confidence in contact.

Keylogger
Software once executed on a machine stored in a manner transparent to the user each key pressed in its own database. Is usually installed through a virus or backdoor, and is programmed so that network retransmits the data stored.

Phishing
Social engineering to obtain confidential information for the purpose of identity theft and personal information.

Port scanning
Technique to check the status (accepted, denied, dropped, filtered) of the 65,535 ports (socket) of a computer.

Rootkit
Programs that allow the virus to “hide” in the computer

Sniffing
Or “sniff” technique to intercept data in transit on the network and decode them.

Trojan
Or “Trojan horse” are generally malicious software (malware) hidden inside seemingly useful programs, and therefore the user does voluntarily. The type of malicious software that will run silently in the enforcement of the file the user can be either a virus that any kind of threat because it allows computer hacker who infected your computer to trace the IP address of victim.

War dialing
It Works with using a modem with the end of every phone call in a local network to find a computer along with the variations, and Wardriving and Warflying.

Continued…

History Of The Virus

In 1949 John von Neumann proved mathematically the possibility of constructing a computer program that can replicate itself. The concept of self-replicating program found its practical evolution in the early 60’s in the game, created by a group of programmers at Bell Laboratories of AT & T called “Core Wars”, in which more programs are needed to defeat overwrite each other. It was the beginning of the history of computer viruses.

The term “virus” was first used by Fred Cohen (1984) University of Southern California in his paper Experiments with Computer Viruses (experiments with computer viruses), where he pointed to Leonard Adleman as the one who coined that term. The definition of virus, was as follows: “A computer virus is a program that recursively and explicitly copies a possibly evolved version of itself.”

In 1972 David Gerrold wrote a science fiction novel The God Machine (When HARLE was One), where there is a description of a computer program called “virus” that does exactly the same things as a virus. John Brunner’s 1975 novel, wrote the code 4GH (The Shockwave Rider) that describes programs called “tapeworms” which infiltrate the network in order to erase all data. In 1973 the phrase “computer virus” was used in the film Westworld (Westworld). The term “computer virus” with the usual meaning is also involved in the ‘comic book “Uncanny X-Men” No. 158, published in 1982. It can therefore be said that Cohen had first use of the word virus only in the academic field, since this was already present in the spoken language.

A program called “Elk Clones” is credited as the first computer virus appeared in the world. It was created in 1982 by Rich Skrenta on the Apple DOS 3.3 and the infection was spread through the exchange of floppy disks. During the eighties and early nineties was the exchange of floppy the dominant mode of infection by computer viruses. Since the mid-nineties, however, with the spread of internet viruses and malware in general began to spread much more quickly, using the networking and the exchange of e-mail as a source for new infections. The favorite targets of these programs are mostly different versions of Windows.

The first computer virus known in the world was created in 1986 by two Pakistani brothers, owners of a computer store to punish those who illegally copying their software. The virus called Brain, spread throughout the world, and was the first example of viruses that infect the boot sector.

The first file infector appeared in 1987. His name Lehigh and only the infected file Command.com. Robert Morris Jr. in 1988 created the first worm in history. The following year, in 1989, there emerged the first polymorphic virus, with one of the most famous Vienna, and was released on AIDS trojan (a.k.a., Cyborg), very similar to modern-day trojan called PGPCoder. Both encode the data because the hard drive and then ask the user for a ransom to retrieve everything.

In 1995, the first macro virus, viruses written in the scripting language of Microsoft programs such as MS-Word and Outlook that infect primarily the various versions of Microsoft programs through the exchange of documents. Concept was the first macro virus history. In 1998, the birth of another virus history, Chernobyl or CIH, famous for overwriting the BIOS of the motherboard and hard drive partition table is infected every 26 month.

The mainstreaming of the Internet in the late 90s leads to modification of the techniques of viral spread: no more floppy but worms that spread via e-mail. Among the most prominent worm before 2000: Melissa and Happy99 Bubbleboy, the first worm that can exploit a flaw in Internet Explorer and Outlook Express by themselves without opening the attachment.

In 2000 the famous I Love You that starts the period of the script virus, the most insidious of the viruses spread through e-mail because exploiting the possibilities offered by programs like Outlook and Outlook Express to run active statements (called script), contained in e-mail mail written in HTML to perform potentially dangerous actions on the recipient’s computer.

Viruses made scripts are the most dangerous because they can activate themselves when the message is opened for reading. I Love You spread via email in millions of computers around the world, so that the arrest of its creator, a guy from the Philippines, had to intervene a special squad of the FBI. It was an e-mail message containing a small program that instructs the computer to postpone the newly arrived message to all the addresses in the phonebook of the victim, thus creating a kind of chain letter sent automatically at the end crashed mail server.

Since 2001, an increase of worms that spread to take advantage of flaws in programs or operating systems without user intervention. The peak in 2003 and 2004: SQL / Slammer, the fastest worm in history – in fifteen minutes after the first attack Slammer had already infected half of the servers that held up internet knocked the ATMs of Bank of America, turning off the 911 emergency service in Seattle and causing the cancellation still unexplained errors in services, ticketing and check-in, and the two most famous worm in history: Blaster and Sasser.

Any operating system that allows the execution of programs written by third system is a potential virus attack, but we must also recognize that there are operating systems less secure than others. Microsoft’s operating systems are most affected by the virus (also because of their distribution to an audience of ‘non-experts’), but there are also experimental viruses for other platforms. Systems based on the GNU project (GNU / Linux, GNU / Hurd, BSD, etc.) and on Mac OS X in the spread of a virus is very unlikely if the system is managed properly by the owner, also a virus on these systems can hardly fail to cause damage to the operating system.

Continued…

What Is A “Virus”?

In the computing software terms, virus belonging to the category of malware that is able to, once executed, can infect files in order to reproduce, making copies of itself, usually without discovery by the user. Viruses may or may not be directly harmful to the host operating system, but also, result in a waste of resources in terms of RAM, CPU and disk space.

As a general rule it is assumed that a virus might directly damage only the software of the machine that hosts it, although it may also indirectly cause damage to hardware, such as causing the overheating of the CPU by over-clocking, or stopping the cooling fan.

In common usage the term virus is frequently and inappropriately used as a synonym of malware, thus indicating also in turn categories of “weed” different, such as worms, Trojan horses and dialers. Those who create these viruses are virus writers.

Life Cycle Of A Virus

Computer viruses have many similarities with biological ones for what concerns the life cycle, which is divided into the following phases:

• Creation: it is the stage where the developer projects, programs and spreads the virus. Usually the cracker for the production of virus uses a low-level programming languages (such as the assembler and C) to obtain viral code of a few hundred bytes. Dissemination of software packages that allow even novice users to create very dangerous virus declassified the creation process even for people without skills.
• Incubation: the virus is present on your computer but does not appear to hit any activity. Remains inert until you experience the conditions for its activation;
• Infection: the virus infects the file so the system
• Activity: the occurrence of specific conditions by the cracker, the virus initiates action harmful.
• Propagation: The virus spreads infection, reproduce and infect both files in the same machine that other systems
• Recognition: The virus is recognized as such and are identified string of recognition, namely the signature that distinguishes each virus
• •    Grubbing is the last stage of the life cycle of the virus. The virus is eliminated from the system.

What Is A Virus, Where It Is And How It Works

A virus is composed of a set of instructions, like any other computer program. It is usually composed of a very small number of instructions (a few bytes to a few kilobytes), and is specialized to perform only a few simple operations and is optimized for use as few resources, so as to make them as invisible as possible. The main characteristic of a virus is to replicate and then spread into the computer every time you open the infected file.

However, a virus in itself is not an executable program, as well as a biological virus is not in itself a form of life. A virus to be activated, it must infect a host program, or a sequence of code that is launched automatically, such as in the case of boot sector virus.

The technique usually used by viruses is to infect the executable files: The virus also copies itself into the executable file that is infected, poses one of the first instructions that execute a jump to the forefront of his copy and the so it makes another leap to the top of the program. This way, when a user launches an infected program, it is executed the virus imperceptibly at first, and then by the program. The user sees the implementation of the program and does not realize that the virus is now running in memory and is undertaking various steps contained in its code.

Mainly a virus make copies of itself spreading the epidemic, but may also have other tasks much more detrimental (delete or damage files, format the hard drive, open the back doors, to display messages, drawings or change the appearance of videos, etc.)

Continued…