Components of a Virus
The simplest viruses are composed of two essential parts, sufficient to ensure replication:
- A search routine, which takes care of finding files suitable for infected and check that they do not already contain a copy, in order to avoid repeated infections of the same file;
- A routine infection, with the task of copying the virus code within each file selected by the search routine so that it runs every time the infected file is opened in a manner transparent to the user.
- Many viruses are designed to run code alien to the purposes of replication of the virus itself, and thus contain two other elements:
- The routine activities, which contains the criteria by which the virus decides whether or not the attack (e.g., a date, or the attainment of a certain number of infected files);
- The payload, a sequence of instructions usually detrimental to the host system, such as deleting some files or viewing messages.
Viruses can be encrypted and maybe change algorithm and / or key every time you run, so they may contain three elements:
- A decryption routine, which contains instructions to decrypt the virus code;
- An encryption routine, usually encrypted itself, which contains the procedure to encrypt each copy of the virus;
- A routine mutation, which deals with changing the encryption and decryption routines for each new copy of the virus.
Classification criteria virus
Computer viruses can be divided into categories according to the following characteristics:
- Development Environment
- Operational capabilities of the algorithms
- Destructive capabilities.
There are also combination of the above categories: for example, there are viruses that are both boot viruses and file viruses. In this case their infection is more complex algorithm could perform different attacks.
Development environment
The viruses are grown on different physical media and therefore are classified as:
- File viruses, which in turn are divided into:
- or parasitic virus;
- or companion virus
- Link or virus;
- or overwriting virus;
- worm or file
- Boot virus;
- Macro viruses;
- Network viruses
Operational Capabilities of the Virus Algorithms
According to the characteristics of their algorithms, viruses are categorized in:
- TSR virus;
- Polymorphic viruses;
- Stealth viruses
In general there are many viruses that are only stealth, polymorphic, or TSR, they would be easily detectable. In reality, computer viruses are formed by a combination of the above.
Destructive capabilities
Depending on the type of damage, the viruses are classified as:
- Harmless: if they involve only a decrease of free disk space without any change in the operations of the computer;
- No harmful: if they involve only a decrease of free disk space, with the show graphics, sound or other multimedia effects.
- Harmful: may cause problems with normal operations of the computer (for example, deletion of parts of files);
- Very damaging: They cause damage difficult to recover as the deletion of key information for the system (formatting of portions of the disc).
Other Virus-type Threats
Once all the threats were viruses as defined above, then appeared and have specialized other threats, even though in common language continues to be improperly called “viruses”:
Backdoor
Or “back door” passage point through which you can take control of a computer.
Buffer overflows
Technique to send data that is longer than the scheduled beyond the capacity of the buffer.
DoS and its variant DRDoS
“Denial of service”; technique tempest of requests a single service in order to do it collapse.
Exploit
Techniques to take control of a computer by exploiting weaknesses (bugs) of the operating system or other programs that access the Internet.
Social engineering
Technical study of a target for snatch and lick confidence in contact.
Keylogger
Software once executed on a machine stored in a manner transparent to the user each key pressed in its own database. Is usually installed through a virus or backdoor, and is programmed so that network retransmits the data stored.
Phishing
Social engineering to obtain confidential information for the purpose of identity theft and personal information.
Port scanning
Technique to check the status (accepted, denied, dropped, filtered) of the 65,535 ports (socket) of a computer.
Rootkit
Programs that allow the virus to “hide” in the computer
Sniffing
Or “sniff” technique to intercept data in transit on the network and decode them.
Trojan
Or “Trojan horse” are generally malicious software (malware) hidden inside seemingly useful programs, and therefore the user does voluntarily. The type of malicious software that will run silently in the enforcement of the file the user can be either a virus that any kind of threat because it allows computer hacker who infected your computer to trace the IP address of victim.
War dialing
It Works with using a modem with the end of every phone call in a local network to find a computer along with the variations, and Wardriving and Warflying.
Continued…
Related posts: