Professional Documents
Culture Documents
Seminar paper
Theme: Viruses
Professor:
Milana Tomic
Students:
Aleksandar Vuckovski 4-143/2009
Nemanja Ivanic 4-54/2008
CONTENTS:
- Introduction
- The difference between viruses and other programs
- Payload
- How does the virus
- Types of viruses
- File Viruses
- Boot Viruses
- Macro viruses
- Network viruses
- Techniques for hiding viruses
- Good Viruses
- History of viruses
- Protection
- References
VIRUSI
Introduction:
Viruses are small programs that have a feature to be copied and
executed, often without permission and knowledge of the user, and
usually with the intent to inflict damage to computers.
The term "Computer virus" was first used by Fred Cohen at Lehigh
university in the U.S. in 1984. They got their name from the properties
that are very similar to biological viruses. They have the possibility of
mutation, infection of different types of files or parts of the system and
they are transferred from computer to computer as well as biological
viruses from man to man.
Viruses can attack all types of files (exe, com, txt, doc, gif, jpg, jpeg,
bmp, ocx ,...), they can be written to the boot sectors HDD, floppy and
they can be upload into the RAM or even in the BIOS.
"Payload":
The translation means the charge or damage that will be inflicted with
the virus. It may be:
- Delete, modify or sending confidential information
- Restatement of safety adjustments
- Modification of various media
- Degradation of computer performance
Viruses generally work in two parts, one part is the infection and the
second is attack.
Infection is the action that is most difficult for these programs,
because they have to bypass all the protection that exist in a system,
because viruses use different types of mutation by changing their
code to antivirus programs would not find, some are even hidden in a
certain time file and then do the timed attacking of their targets.
Attack or "payload" is the true face of viruses, some may be
harmless, and such viruses will open your cd-rom or throw
messages, while there are much more dangerous that can delete
files, steal passwords, etc.
File Viruses:
- "OverWriting" virus
These are the simplest viruses whose role is to find certain types of
files (exe, com ..), and to copy the code of the program. When such a
program is started, the virus is started thereby infecting more files.
Such viruses are often reluctant because of differences in the
locations of functions in various machines and operating systems,
and so often comes "only" to the destruction program. There is also
such a kind that copies your code in a program when executed
returns all to normal.
His name is given by the way of infection, they unite with a file and
are executed within it. They mayay be registered in any part of the file
and therefore are called "Cavity" (cavities), they are looking blank
pieces of code and write their own content. Some of these viruses
compress your code so it does not change the file size, making it
harder to find. An example of this virus is "Lehigh" or "CIH" virus.
- "Companion" virus
These viruses produce clones of files, so when you run a file that is
actually run clone virus. Often, these viruses do the following: you
have a program program.exe, a virus clone program.com when you
type in the console "program" program.com (virus) will be open
because the t .com has a higher priority than .exe.
- File Worms
These viruses attack the source code of the program. Most often by
adding some trojan code in already existing. There are many types of
these viruses because there are many kinds of programming
languages and compilers. The best-known virus is a "DIE HARD".
- "Tunneling" virus
- "Camouflage" viruses
- "Sparce" viruses
Boot viruses :
Boot viruses copy themselves into sections boot floppy disk or
MBR (master boot record) HDD. The most of them were written in
assembly language. The first such virus for DOS was the brain.
- "Parity" boot
This virus writes a mistake, "Parity Check" and freezes OS. This
bug really exist and occurs when it comes to failure of memory.
Macro Viruses :
Ordinary data files can not be a virus but with the help of scripting
languages can very easily become, such as macro viruses. In the
simple word document we can write a virus that will execute when
you try to open the document.
There are several types of scripting languages, the best known are:
Visual Basic Script, Java Script, ...
Network viruses :
WORMS
This type of worm does not copy themselves several times on one
computer but only once and then copied to the next computer on the
network and so on. Sometimes, these worms are called "rabbits."
- "Network worms"
There are several techniques that viruses use to hide from antivirus
programs, but mainly to the following techniques:
- Stealth
Viruses with this attribute follow all function calls to the infected files
when they request the information they send a pre-made copies.
- Polymorphic
This is the principle of encryption of each copy of the virus so that
each copy has a different code. There is a program that implements
this feature of viruses, called "Dark Avenger's Mutation Engine."
- Virus droppers
These are programs that in themselves carry the virus and when they
need it compiled code.
Good virus
There are no real viruses are good but here are a few examples that
do not involve just a big damage:
- "Maintenance"
This is a "worm" that delete "temp" files.
History of Virus
- Each file is removed from the Internet but with large and sure to
check out the official websites of some antivirus programs
REFERENCES
- www.astalavista.org
- www.wikipedia.com