CATEGORIES:
BiologyChemistryConstructionCultureEcologyEconomyElectronicsFinanceGeographyHistoryInformaticsLawMathematicsMechanicsMedicineOtherPedagogyPhilosophyPhysicsPolicyPsychologySociologySportTourism
Virus Evolution
As virus creators became more sophisticated, they learned new tricks. One important trick was the ability to load viruses into memory so they could keep running in the background as long as the computer remained on. This gave viruses a much more effective way to replicate themselves. Another trick was the ability to infect the boot sector on floppy disks and hard disks. The boot sector is a small program that is the first part of the operating system that the computer loads. It contains a tiny program that tells the computer how to load the rest of the operating system. By putting its code in the boot sector, a virus can guarantee it is executed. It can load itself into memory immediately and run whenever the computer is on. Boot sector viruses can infect the boot sector of any floppy disk inserted in the machine, and on college campuses, where lots of people share machines, they could spread like wildfire. In general, neither executable nor boot sector viruses are very threatening any longer. The first reason for the decline has been the huge size of today's programs. Nearly every program you buy today comes on a compact disc. Compact discs (CDs) cannot be modified, and that makes viral infection of a CD unlikely, unless the manufacturer permits a virus to be burned onto the CD during production. The programs are so big that the only easy way to move them around is to buy the CD. People certainly can't carry applications around on floppy disks like they did in the 1980s, when floppies full of programs were traded like baseball cards. Boot sector viruses have also declined because operating systems now protect the boot sector. Infection from boot sector viruses and executable viruses is still possible. Even so, it is a lot harder, and these viruses don't spread nearly as quickly as they once did. Call it "shrinking habitat," if you want to use a biological analogy. The environment of floppy disks, small programs and weak operating systems made these viruses possible in the 1980s, but that environmental niche has been largely eliminated 2. General information about computer viruses 2.1 Different malware types Malware is a general name for all programs that are harmful: viruses, Trojan, worms and all other similar programs 2.11 viruses A computer virus is a program, a block of executable code, which attach itself to, overwrite or otherwise replace another program in order to reproduce itself without a knowledge of a PC user. There are a couple of different types of computer viruses: boot sector viruses, parasitic viruses, companion viruses, link viruses and macro viruses. These classifications take into account the different ways in which the virus can infect different parts of a system. The manner in which each of these types operates has one thing in common: any virus has to be executed in order to operate. 2.1.2 Trojan A Trojan horse is a program that does something else that the user thought it would do. It is mostly done to someone on purpose. The Trojan Horses are usually masked so that they look interesting, for example a saxophone.wav file that interests a person collecting sound samples of instruments. A Trojan Horse differs from a destructive virus in that it doesn't reproduce. There has been a password Trojan out in AOL land (the American On Line). Password30 and Pasword50 which some people thought were wav. files, but they were disguised and people did not know that they had the Trojan in their systems until they tried to change their passwords. According to an administrator of AOL, the Trojan steals passwords and sends an E-mail to the hackers fake name and then the hacker has your account in his hands. 2.1.3 Worms A worm is a program which spreads usually over network connections. Unlike a virus which attach itself to a host program, worms always need a host program to spread. In practice, worms are not normally associated with one person computer systems. They are mostly found in multiuser systems such as Unix environments. A classic example of a worm is Robert Morrisis Internet-worm 1988 2.2 Macro virus Macro viruses spread from applications which use macros. The macro viruses which are receiving attention currently are specific to Word 6, WordBasic and Excel. However, many applications, not all of them Windows applications, have potentially damaging and infective macro capabilities too. A CAP macro virus, now widespread, infects macros attached to Word 6.0 for Windows, Word 6.0.1 for Macintosh, Word 6.0 for Windows NT, and Word for Windows 95 documents. What makes such a virus possible is that the macros are created by WordBASIC and even allows DOS commands to be run. WordBASIC in a program language which links features used in Word to macros. A virus, named '’Concept," has no destructive payload; it merely spreads, after a document containing the virus is opened. Concept copies itself to other documents when they are saved, without affecting the contents of documents. Since then, however, other macro viruses have been discovered, and some of them contain destructive routines. Microsoft suggests opening files without macros to prevent macro viruses from spreading, unless the user can verify that the macros contained in the document will not cause damage. This does NOT work for all macro viruses. Why are macro viruses so successful? Today people share so much data, email documents and use the Internet to get programs and documents. Macros are also very easy to write. The problem is also that Word for Windows corrupts macros inadvertently creating new macro viruses. Corruption's also creates "remnant" macros which are not infectious, but look like viruses and cause false alarms. Known macro virus can get together and create wholly new viruses.
There have been viruses since 1986 and macro viruses since 1995. Now about 15 percent of virus are macro viruses. There are about 2.000 macro viruses and about 11.000 DOS viruses, but the problem is that macro viruses spreads so fast. New macro viruses are created in the workplace, on a daily basis, on typical end-user machines, not in a virus lab. New macro virus creation is due to corruption, mating, and conversion. Traditional anti-virus programs are also not good at detecting new macro viruses. Almost all virus detected in the Helsinki University of Technology have been macro viruses, according to Tapio Keihanen, the virus specialist in HUT. Before micro viruses it was more easy to defect and repair virus infection with anti-virus Programs. But now when there are new macro viruses, it is harder to detect macro viruses and people are more in contact with their anti-virus vendor to detect an repair unknown macro viruses, because new macro viruses spread faster than new anti-virus program updates come up. 2.3 E-mail Viruses Virus authors adapted to the changing computing environment by creating the e-mail virus. For example, the Melissa virus in March 1999 was spectacular. Melissa spread in Microsoft Word documents sent via e-mail, and it worked like this: Someone created the virus as a Word document and uploaded it to an Internet newsgroup. Anyone who downloaded the document and opened it would trigger the virus. The virus would then send the document (and therefore itself) in an e-mail message to the first 50 people in the person’s address book. The e-mail message contained a friendly note that included the person's name, so the recipient would open the document, thinking it was harmless. The virus would then create 50 new messages from the recipient's machine. At that rate, the Melissa virus quickly became the fastest-spreading virus anyone had seen at the time. As mentioned earlier, it forced a number of large companies to shut down their e-mail systems. The ILOVEYOU virus, which appeared on May 4,2000, was even simpler. It contained a piece of code as an attachment. People who double-clicked on the attachment launched the code. It then sent copies of itself to everyone in the victim's address book and started corrupting files on the victim's machine. This is as simple as a virus can get. It is really more of a Trojan horse distributed by e-mail than it is a virus. The Melissa virus took advantage of the programming language built into Microsoft Word called VBA, or Visual Basic for Applications. It is a complete programming language and it can be programmed to do things like modify files and send e-mail messages. It also has a useful but dangerous auto-execute feature. A programmer can insert a program into a document that runs instantly whenever the document is opened. This is how the Melissa virus was programmed. Anyone who opened a document infected with Melissa would immediately activate the virus. It would send the 50 e-mails, and then infect a central file called NORMAL.DOT so that any file saved later would also contain the virus. It created a huge mess. Microsoft applications have a feature called Macro Virus Protection built into them to prevent this sort of virus. With Macro Virus Protection turned on (the default option is ON), the auto-execute feature is disabled. So when a document tries to auto-execute viral code, a dialog pops up warning the user. Unfortunately, many people don't know what macros or macro viruses are, and when they see the dialog they ignore it, so the virus runs anyway. Many other people turn off the protection mechanism. So the Melissa virus spread despite the safeguards in place to prevent it. In the case of the ILOVEYOU virus, the whole thing was human-powered. If a person double-clicked on the program that came as an attachment, then the program ran and did its thing. What fueled this virus was the human willingness to double-click on the executable. Date: 2014-12-29; view: 1051
|