High technological school of professional studies Sabac

Seminar paper

Subject: English business language

Theme: Viruses

Professor:
Milana Tomic

Students:
Aleksandar Vuckovski 4-143/2009
Nemanja Ivanic 4-54/2008
CONTENTS:

- Introduction
- The difference between viruses and other programs
- Payload
- How does the virus
- Types of viruses
- File Viruses
- Boot Viruses
- Macro viruses
- Network viruses
- Techniques for hiding viruses
- Good Viruses
- History of viruses
- Protection
- References

VIRUSI

Introduction:
Viruses are small programs that have a feature to be copied and
executed, often without permission and knowledge of the user, and
usually with the intent to inflict damage to computers.
The term "Computer virus" was first used by Fred Cohen at Lehigh
university in the U.S. in 1984. They got their name from the properties
that are very similar to biological viruses. They have the possibility of
mutation, infection of different types of files or parts of the system and
they are transferred from computer to computer as well as biological
viruses from man to man.

Viruses can attack all types of files (exe, com, txt, doc, gif, jpg, jpeg,
bmp, ocx ,...), they can be written to the boot sectors HDD, floppy and
they can be upload into the RAM or even in the BIOS.

The difference between viruses and other programs:

- Viruses are designed to be executed, copied, often without the

knowledge of users
- Often contain so-called "payloads" action
- Viruses are hidden in all the possible parts of the system (floppy, cd,
boot, e-mail, picture, ...)

"Payload":

The translation means the charge or damage that will be inflicted with
the virus. It may be:
- Delete, modify or sending confidential information
- Restatement of safety adjustments
- Modification of various media
- Degradation of computer performance

How does the virus work:

Viruses generally work in two parts, one part is the infection and the
second is attack.
Infection is the action that is most difficult for these programs,
because they have to bypass all the protection that exist in a system,
because viruses use different types of mutation by changing their
code to antivirus programs would not find, some are even hidden in a
certain time file and then do the timed attacking of their targets.
Attack or "payload" is the true face of viruses, some may be
harmless, and such viruses will open your cd-rom or throw
messages, while there are much more dangerous that can delete
files, steal passwords, etc.

The types of viruses:

File Viruses:

- "OverWriting" virus

These are the simplest viruses whose role is to find certain types of
files (exe, com ..), and to copy the code of the program. When such a
program is started, the virus is started thereby infecting more files.
Such viruses are often reluctant because of differences in the
locations of functions in various machines and operating systems,
and so often comes "only" to the destruction program. There is also
such a kind that copies your code in a program when executed
returns all to normal.

- "Parasitic" virus or "Cavity" virus

His name is given by the way of infection, they unite with a file and
are executed within it. They mayay be registered in any part of the file
and therefore are called "Cavity" (cavities), they are looking blank
pieces of code and write their own content. Some of these viruses
compress your code so it does not change the file size, making it
harder to find. An example of this virus is "Lehigh" or "CIH" virus.
- "Companion" virus

These viruses produce clones of files, so when you run a file that is
actually run clone virus. Often, these viruses do the following: you
have a program program.exe, a virus clone program.com when you
type in the console "program" program.com (virus) will be open
because the t .com has a higher priority than .exe.

- File Worms

These are modified "Companion" viruses. The difference is that they

are multiplied into a much larger number and have the possibility of
propagation through the network.

- "Link" and "Cluster" virus

"Cluster" viruses are changing directories so that when you run a

program you first run the virus. These viruses do not infect files by
changing the code, but by changing the DOS directory information, so
that they point to the virus and not on the program. This is done by
placing links to files. The best known link viruses are viruses in the
family, "DIR-II."

- "Shorts code" virus

These viruses attack the source code of the program. Most often by
adding some trojan code in already existing. There are many types of
these viruses because there are many kinds of programming
languages and compilers. The best-known virus is a "DIE HARD".

- "Tunneling" virus

These viruses are trying to bypass anti-virus programs by trying to

find a direct "interrupt-E" breaks in DOS or BIOS of a program and
thus halt the work of antivirus programs or perform any other task.

- "Camouflage" viruses

When antivirus software looking for viruses, they seek specific

piece of code in a file, what has the virus. But it can be accidentally
happens that a program has the same kind of code, and is not a
virus, in these cases, the antivirus programs is a logical part that
determines whether it is a virus or not. And that is the problem,
since then the developers are trying to write these viruses, which
will look like a plain file and initiated a false alarm with antivirus
software, while the other will be a real virus. Therefore, a better
antivirus programs use other ways of finding the virus, using
advanced techniques of the same test code.

- "Batch File" viruses

These are simple viruses that use DOS commands written in

the. bat file. For example, we can write a simple virus so we shall
write in the autoexec.bat file command that will erase all data from
the directory or format a disk or anything else.

- "Sparce" viruses

This type of virus used many techniques to their hiding, for

example, can infect every 10 file, attack only files that begin with
particular letter, or go for the determination of the size of files.

Boot viruses :
 Boot viruses copy themselves into sections boot floppy disk or
MBR (master boot record) HDD. The most of them were written in
assembly language. The first such virus for DOS was the brain.

- "Parity" boot

This virus writes a mistake, "Parity Check" and freezes OS. This
bug really exist and occurs when it comes to failure of memory.

-"Boot & File" virus or "Multi Partite" virus

These viruses attack the boot sections and files.

The famoust are: Tequila, Empire, 4096, Michelangelo…

-"System Sector" Viruses

System sector ( Master Boot Record I DOS boot record ) su najcesce

mete virusa. These viruses use all possible techniques to infected
and hide your code. System sectors are available to all programs
but are vital for the system. System sectors are available to all
programs but they are vital for the system. These viruses can hide
their code so it will present its code as "Bad Sector" or can copy the
contents of a previous code and replace it with, and when someone
requests information from that place he sent a copy of the virus and
hiding their code .

Macro Viruses :

Ordinary data files can not be a virus but with the help of scripting
languages can very easily become, such as macro viruses. In the
simple word document we can write a virus that will execute when
you try to open the document.
There are several types of scripting languages, the best known are:
Visual Basic Script, Java Script, ...

Network viruses :

These viruses are able to use all kinds of network protocols, to

perform its tasks, it can be copied from the server to a remote
computer and vice versa, or that are loaded as needed with a
computer to a remote computer through networks. They are called
"worms" or translated worms.
The best-known viruses such as: Morris virus, Christmas Tree,
Wank Worm ...

The characteristics are as follows:

- Finding all the address (ip, irc, isq, e-mail ,...),

and copying at this address
- Create as many "temp" files on the system disk
- Capture as much memory

WORMS

Unlike a virus worms do not infect other programs or documents

already have the task of constantly copied, meaning that when an
initial worm is activated it makes a copy of itself, then that makes up
your copy and so on.

There are two types of worm:

- “Host computer worms "

- "Network worms"

- “Host computer worms "

This type of worm does not copy themselves several times on one
computer but only once and then copied to the next computer on the
network and so on. Sometimes, these worms are called "rabbits."

- "Network worms"

These worms are composed of several segments, each one

located on another computer and execute their part of the task. They
communicate through the main segment that they also serve as
kordinator. They called and "octopuses".

Techniques for hiding viruses:

There are several techniques that viruses use to hide from antivirus
programs, but mainly to the following techniques:

- TSR (terminate and stay resident ")

Done by the virus code is not on a physical medium while the
computer already included in the computer memory and returns the
closure of some of the physical medium (hard disk, floppy ,...)

- Stealth
Viruses with this attribute follow all function calls to the infected files
when they request the information they send a pre-made copies.

- Polymorphic
This is the principle of encryption of each copy of the virus so that
each copy has a different code. There is a program that implements
this feature of viruses, called "Dark Avenger's Mutation Engine."

- Virus droppers
These are programs that in themselves carry the virus and when they
need it compiled code.

- Logic bomb It is a feature of the virus to run on any particular

event… For the example it could be a particular date or time, or even
a particular installation programs and the like.

Good virus

There are no real viruses are good but here are a few examples that
do not involve just a big damage:

- File Compressor "

As the name says, this virus compress files.

- Disk Encriptor "

This virus encrypted files using IDEA.

- "Maintenance"
This is a "worm" that delete "temp" files.

History of Virus

* 1960/1970 - The Rabbit (Univax 1108)

Pervading Animal (Univax 1108)
* 1970 - The Creeper (Tenex OS)
* 1980 - The appearance of Trojans
* 1981 - Elk Cloner (Apple ii)
* 1986 - Brain (IBM PC), VirDem
* 1987 - Vienna, Yale, Stoned,
Christmas Tree (VM / CMS)
* 1988 - Jerusalem, Morris
* 1989 - Daracrime, Yankee (IBM PC), Trojan horse AIDS
* 1990 - Chameleon, DiscKiller
* 1991 - Dir-II
* 1992 - Michelangelo
* 1994 - GoodTimes, Shifter, SCRVir, OneHalf
* 1995 - Form (Windows 95), Concept (Windows 95)
* 1996 - Win95.Boza (Windows 95), Win. Tentacle (Windows 3.x)
OS2.AEP, Laroux, Win95.Punch
* 1997 - Linux.Bliss (Linux), ShareFun, worm Homer
* 1998 - Win95.HPS (Windows), Win95.Marburg (Windows)
AccessiV, RedTeam, Win95.CIH (Windows)
Java.StrangeBrew, VBScript.Rabbit, HTML-Internal, Trojans:
BackOrifice, NetBus, Phase, Sub7, ...

Furthermore, all more or less just a mutation of the virus!

PROTECTION

In addition to all these viruses raises the question of how to protect,

but it is not so difficult. Here are a few tips:

- Use an antivirus software: Norton Antivirus, McAfee, PC clean,

Panda, kasperski, ...

- When you surf the Internet using the optional "Firewall"

- Never joy to a file attached to mail if the sender unknown

- All windows which open themselves (popup windows) closed

because they are usually ads with attached links to viruses, those
that are open so that they do not see the x to close shut with Alt + F4,
or minimize them with ALT + SPACE

- If I initiate a download of an unknown file in the entry on a page or in

any other situation immediately stop

- Each file is removed from the Internet but with large and sure to
check out the official websites of some antivirus programs

- Regular download new antivirus definitions for

- If a site you leave an e-mail address is a great probability that you

will be found to target the virus.

REFERENCES

- www.astalavista.org
- www.wikipedia.com