A program or code that replicates itself and infects another program, boot sector, partition sector, or document that supports macros, by inserting itself or attaching itself to that medium. Computer viruses are often attached to other software or documents you might receive. When you run the virus's software or the file the virus has infected, the virus can infect your computer's software. Many computer viruses are malicious - they can erase your files or lock up whole computer systems. Other computer viruses are more benign - they don't do any direct damage other than by spreading themselves locally or throughout the Internet.
Top
The damage a computer virus can inflict on your system depends on many things, including how sophisticated the virus is. Here is a short listing of the types of damage viruses can do to your computer. Viruses can:
- delete or change files, delete documents, or even reformat your hard drive, making your computer unusable;
- release confidential information like credit card information, account numbers, and passwords by emailing it to random email addresses or the address of the virus writer;
- slow down your system dramatically;
- plant monitoring software or change security settings that allow hackers to enter your computer without you knowing about it and steal information or control it;
- some viruses can have effects on computer networks and the Internet.
Top
System Sector Viruses infect executable code found in certain system areas on a disk. There are boot-sector viruses, which infect only the DOS boot sector, this kind of virus can prevent you from being able to boot your hard disk, and MBR viruses which infect the Master Boot Record on fixed disks and the DOS boot sector on diskettes. All common boot sector and MBR viruses are memory resident.
File Viruses infect applications. These viruses usually infect COM and/or EXE programs, though some can infect any program for which execution or interpretation is requested, such as SYS, OVL, OBJ, PRG, MNU and BAT files. File infectors can be either direct-action (non-resident) or resident. A direct-action virus selects one or more programs to infect each time a program infected by it is executed. A resident virus installs itself somewhere in memory (RAM) the first time an infected program is executed, and thereafter infects other programs when they are executed or when other conditions are fulfilled. Most viruses are resident.
Macro Virus a program or code segment written in the internal macro language of an application and attached to a document file (such as Word or Excel). Infect files you might think of as data files. But, because they contain macro programs they can be infected. When a document or template containing the macro virus is opened in the target application, the virus runs, does its damage and copies itself into other documents. Continual use of the program results in the spread of the virus. Some macros replicate, while others infect documents.
Multipartite Viruses may fall into more than one of the top classes. Depending on what needs to be infected, they can infect system sectors or they can infect files.
Polymorphic Virus creates varied (though fully functional) copies of themselves as a way to avoid detection from anti-virus software.
Stealth Virus hides its presence by making an infected file not appear infected, but doesn't usually stand up to anti-virus software. Many stealth viruses intercept disk-access requests, so when an anti-virus application tries to read files or boot sectors to find the virus, the virus feeds the program a "clean" image of the requested item. Other viruses hide the actual size of an infected file and display the size of the file before infection.
Top
There are only two ways for your computer to get a virus:
• You load the virus onto your computer through an infected floppy, CD-ROM, or other storage medium.
• The virus arrives by a downloaded file, email attachment, or other method from the Internet or a network. At this point, an infected file is on your computer's hard drive. But remember, your computer will only become infected if you launch or view the file, or run the infected program. So an important tip is to always scan new files for viruses before you use them.
A PC is infected with a boot sector virus (or partition sector virus) if it is (re-)booted (usually by accident) from an infected floppy disk in drive A. Boot Sector/MBR infectors are the most commonly found viruses, and cannot normally spread across a network. These (normally) spread by accident via floppy disks which may come from virtually any source: unsolicited demonstration disks, brand-new software (even from reputable sources), disks used on your PC by salesmen or engineers, new hardware, or repaired hardware.
A file virus infects other files when the program to which it is attached is run, and so can spread across a network (often very quickly). They may be spread from the same sources as boot sector viruses, but also from sources such as Internet FTP sites and bulletin boards. (This applies also to Trojan Horses.)
A multipartite virus infects boot sectors and files. Often, an infected file is used to infect the boot sector: thus, this is one case where a boot sector infector could spread across a network.
Top
Some common symptoms of virus infections are:
• Your computer suddenly slows down: takes longer to boot up, operates more slowly than usual, and takes longer to start programs. This can be more noticeable if your computer is connected to a network.
• Your computer starts behaving strangely. For example disc drive lights may begin to flash, uour computer displays strange messages, begins to play music, or shows odd graphical displays along with things opening and closing on there own.
• Your computer has much less memory or hard drive space available.
• If you run an internal email server, this may become overloaded and slow down.
• Your data files such as Word or Excel may become corrupt or get lost. Sometimes these popular programs may display a message telling you that your data files are not in their correct format.
• Any unexpected changes in the content of your files.
Some legitimate software can cause these symptoms, so the only way you can be sure your computer is virus-free is to regularly scan it for viruses using antivirus software.
Top
File viruses attach themselves to a file , usually an executable application (e.g. a word processing program or a DOS program). In general, file viruses don't infect data files. However, data files can contain embedded executable code such as macros, which may be used by virus or trojan writers. Recent versions of Microsoft Word are particularly vulnerable to this kind of threat. Text files such as batch files, postscript files, and source code which contain commands that can be compiled or interpreted by another program are potential targets for malware (malicious software), though such malware is not at present common.
Boot sector viruses alter the program that is in the first sector (boot sector) of every DOS-formatted disk. Generally, a boot sector infector executes its own code (which usually infects the boot sector or partition sector of the hard disk), then continues the PC bootup (start-up) process. In most cases, all write-enabled floppies used on that PC from then on will become infected.
Multipartite Virus uses a combination of techniques including infecting documents, executables and boot sectors to infect computers. Most multipartite viruses first become resident in memory and then infect the boot sector of the hard drive. Once in memory, multipartite viruses may infect the entire system.
Macro viruses typically infect global settings files such as Word templates so that subsequently edited documents are contaminated with the infective macros.
Top
• Install reliable anti-virus software. Anti-virus software scans files regularly for unusual changes in file size, programs that match the software's database of known viruses, suspicious email attachments, and other warning signs. It's the most important step you can take towards keeping your computer clean of viruses.
• Update your anti-virus software regularly. New viruses, worms, and Trojan horses are born daily, and variations of them can slip by software that is not current. Once you've installed the antivirus software, you will need to obtain regular updates from the manufacture that tells the antivirus software about new viruses and how to detect them. Most antivirus programs come with a year's worth of updates, and you can usually set the software to either automatically download the updates, or display a reminder for you to do so.
• Get immediate protection. Configure your anti-virus software to boot automatically on start-up and run at all times. This will provide you back-up protection in case you forget to scan an attachment, or decide not to. And in case you forget to boot up your anti-virus software, configuring it to start by itself will ensure you get immediate protection anyway.
• Don't automatically open attachments. Never have your e-mail program set to automatically run attached files. This is especially true for browsers and/or e-mail programs which automatically execute Microsoft Word after opening an e-mail. Turn off the option to launch or execute any programs after receiving e-mail. This will ensure that you can examine and scan attachments before they run.
• Scan all incoming email attachments. Do not open any files attached to an email if the subject line is questionable or unexpected or the source (address) is unknown, suspicious or untrustworthy. Do not open any files attached unless you know what it is even if you recognize and trust the sender if they pass you a virus, they won't know they did. Never run an executable file without first running it through an updated anti-virus utility.
• Delete chain emails and junk email. Do not forward or reply to any to them. These types of email are considered spam, which is unsolicited, intrusive mail that clogs up the network. Some viruses can replicate themselves and spread through email.
• Be careful when downloading files from the Internet. Ensure that the source is a legitimate and reputable one. Do not download any files from strangers. If you're uncertain, don't download the file at all or save all downloads to one folder and test them with your own anti-virus software.
• Always scan new files for viruses before you use them.
• Back up your files on a regular basis. If a virus destroys your files, at least you can replace them with your back-up copy. You should store your backup copy in a separate location from your work files, one that is preferably not on your computer.
• If your computer is on a network, make sure you have security steps in place to prevent unauthorized users putting files on your computer. Networks are ideal virus transmitters since they are accessed by many computers and there usually is a great deal of interaction between these computers.
• Take care using floppy disks. The more computers a floppy has been used on, the better the chance of a virus infecting it. Always run floppies through an anti-virus program before using them and be extremely cautious when booting your computer from a floppy disk (it's adviseable not to do so).
Top
This is vital since there is approx. over 500 new viruses discovered each month. Norton AntiVirus and McAfee VirusScan are the two best-known antivirus programs for the Windows Operating System. For Macintosh users, Norton AntiVirus and McAfee's Virex for Macintosh provide protection. For Linux users, try RAV AntiVirus. While the vast majority of viruses are written to infect Windows-based systems, Macintosh and Linux users should still also have virus protection.
All antivirus software lets you scan the computer's memory and hard drive for viruses. Depending on the software package, the antivirus program may also be able to protect against:
• Incoming emails and email attachments with viruses. - Viruses received through instant messaging, such as ICQ.
• Infected downloaded files, before you open the file.
Top
Usually not. The exception is data files that contain executable code, which can be infected by viruses. A good example of this is a Microsoft Word file (.DOC, .DOT). Although Word files are technically data files, they may contain macros, which are executable and therefore susceptible to infection. Most of the virus infections reported today are from macro viruses.
Top
Firewalls don't screen computer viruses. As the location of firewalls is a good place for scanning, some firewalls has plug-in virus scanning module. And some programs scan virus at a point either before or after a firewall. Note that scanning FTP or HTTP traffic adds heavy network overhead but blocks only one of the sources of virus. Virus can get into the local intranet through floppy disks, CDROM or even a brand new PC.
Top
Although a virus can write to (and corrupt) a PC's CMOS memory, a virus can NOT ' hide ' there. The CMOS memory is not ' addressable '. Data stored in CMOS would not be loaded and executed in a PC.
A virus could use CMOS memory to store part of its code, but executable code stored there must first be moved to DOS memory in order to be executed. Therefore, a virus cannot spread from, or be hidden in CMOS memory. And there is no known virus that store code in CMOS memory.
Top
Theoretically, it is possible to have a virus that hide in BIOS and being executed from BIOS. Current technology enables programs to write codes into BIOS. BIOS is the place storing the first piece of program being executed when a PC boot up.
Top
Anti-virus software not only detect viruses, but also other types of malicious codes, which may not be cleanable. For example, trojan horse is a type of malicious code that should be deleted instead of cleaned. In other cases, the virus may have corrupted the file and made it impossible to clean / recover.
Top
Macro viruses are special macros that self-replicate in the data files of applications such as Microsoft Word and Excel. The majority of macro viruses infect Word document files. When a file containing infected macros is opened, the virus usually copies into Word's global template file (typically NORMAL.DOT). Any document opened or created later will be infected. Macro viruses become part of the document itself, and are transferred with the file via floppy disks, file transfer, and e-mail attachments. Macro viruses are the most common type of computer virus found today.
Top
Like all computer viruses, macro viruses can destroy data. For most users, the worst thing a macro virus might do is reformat their computer hard drive. While most of the more than 500 known macro viruses are not destructive, many cause a considerable loss of productivity and time.
Top
Backup your data regularly and use antivirus software that is able to scan your documents before Word startup.
Top
Plain electronic mail messages with pure text and contain no executable code will not be infected. However, files attached to the message may be infected. If you receive an e-mail with attached files from an unknown source, the best approach is to scan it before running the file or opening it in Word or Excel. If you open the file attachments directly, you risk infecting your computer. The latest generation of antivirus software can usually be configured to scan e-mail attachments before you can open them.
Top
The files in the FTP server may be infected with computer virus(es). Your computer can be infected if you run / open the infected file(s). There, you should scan files downloaded from the Internet before use.
Top
If you' re only viewing web pages written with HTML only (i.e. no Active X, JAVA, ..., etc.), the answer is ' NO ' . However, if you run Active X controls and JAVA applets, or run programs downloaded from the Internet, it is possible that these programs contain virus and affect your machine.
Top
Scanner (conventional scanner, command-line scanner, on-demand scanner) - a program that looks for known viruses by checking for recognisable patterns ('scan strings', 'search strings', 'signatures' [a term best avoided for its ambiguity]).
TSR scanner - a TSR (memory-resident program) that checks for viruses while other programs are running. It may have some of the characteristics of a monitor and/or behaviour blocker.
VxD scanner - a scanner that works under Windows or perhaps under Win 95, or both), which checks for viruses continuously while you work.
Heuristic scanners - scanners that inspect executable files for code using operations that might denote an unknown virus.
Monitor/Behaviour Blocker - a TSR that monitors programs while they are running for behaviour which might denote a virus.
Change Detectors/Checksummers/Integrity Checkers - programs that keep a database of the characteristics of all executable files on a system and check for changes which might signify an attack by an unknown virus.
Cryptographic Checksummers use an encryption algorithm to lessen the risk of being fooled by a virus which targets that particular checksummer.
Top
The life cycle of a virus begins when it is created and ends when it is completely eradicated. The following outline describes each stage:
• Creation
Until recently, creating a virus required knowledge of a computer programming language. Today anyone with basic programming knowledge can create a virus. Typically, individuals who wish to cause widespread, random damage to computers create viruses.
• Replication
Viruses typically replicate for a long period of time before they activate, allowing plenty of time to spread.
• Activation
Viruses with damage routines will activate when certain conditions are met, for example, on a certain date or when the infected user performs a particular action. Viruses without damage routines do not activate, instead causing damage by stealing storage space.
• Discovery
This phase does not always follow activation, but typically does. When a virus is detected and isolated, it is sent to the ICSA in Washington, D.C., to be documented and distributed to antivirus software developers. Discovery normally takes place at least one year before the virus might have become a threat to the computing community.
• Assimilation
At this point, antivirus software developers modify their software so that it can detect the new virus. This can take anywhere from one day to six months, depending on the developer and the virus type.
• Eradication
If enough users install up-to-date virus protection software, any virus can be wiped out. So far no viruses have disappeared completely, but some have long ceased to be a major threat.
Top
A fast infector infects programs not just when they are run, but also when they are simply accessed. The purpose of this type of infection is to ride on the back of anti-virus software to infect files as they are being checked. By its nature, anti-virus software (a scanner, in particular) opens each file on a disk being checked in order to determine if a virus is present. A fast infector that has not been found in memory before the scanning starts will spread itself quickly throughout the disk.
A slow infector does just the opposite. A slow infector will only infect files when they are created or modified. Its purpose is to attempt to defeat integrity checking software by piggybacking on top of the process which legitimately changes a file. Because the user knows the file is being changed, they will be less likely to suspect the changes also represent an infection. By its nature (and because executable code is not usually changed) a slow infector does not spread rapidly and if the integrity checker has a scanning component it will likely be caught. Also, an integrity checker that is run on a computer booted from a known-clean floppy disk will be able to defeat a slow infector.
Top
Today's antivirus software typically adopt one or more of the following methods to screen emails and files moving in ( and out ) of a computer:
• File Scanning - usually after antivirus installation and download of latest virus definitions ( file/files containing latest virus info that that the antivirus software uses to detect viruses ). This scans certain or all files on the computer to detect virus infection. All antivirus allows user scheduled background scanning.
• Email and Attachment Scanning - since email is the primary virus delivery mechanism, this is the most important function of the antivirus software. All antivirus today scans both email content and attachments for viruses - some like Norton picks up your emails from your email server before passing it to your computer for scanning ( downside : if scanning server is bogged down, you will encounter delays ) and others like Bullguard intercepts your emails and attachments in your computer before passing it to your email program.
• Download Scanning - scans files that are being downloaded from a website/FTP. Ex. during a "File Download" - Save this file to disk operation or using a download accelerator.
• Heuristic Scanning - used to detect viruslike code in emails and files based on intelligent guessing of typical viruslike code patterns and behaviour. Test labs use 'zoo viruses -fabricated viruses' to test performance of antivirus software in detecting new viruses.
• Active Code Scanning - new browsers allows active codes like Java and ActiveX in webpages. But these codes can also be of malicious nature and do severe damage to the computer and go on to infect other computers. Links in emails can invoke active codes in a webpage and do the same damage.
Top
The boot sector is the first sector on a floppy disk. On a hard disk it is the first sector of a partition. It contains information about the disk or partition, such as the number of sectors, plus a small program.
When the PC starts up it attempts to read the boot sector of a disk in drive A:. If this fails because there is no disk it reads the boot sector of drive C:. A boot sector virus replaces this sector with its own code and usually moves the original elsewhere on the disk.
Even a non-bootable floppy disk has executable code in its boot sector. This displays the "not bootable" message when the computer attempts to boot from the disk. Therefore, non-bootable floppies can still contain a virus and infect a PC if it is inserted in drive A: when the PC starts up.
FDISK /MBR will not change the code in a hard disk boot sector (as opposed to the partition sector). Most boot sector viruses infect the partition sector of hard disks and floppy disk boot sectors: most do not infect the boot sector of a hard disk - the Form virus is an exception.
Top
A program that resides in the active memory of a computer and duplicates itself; for example, from one disk drive to another, or by copying itself using email or another transport mechanism. Once the worm has infected your system, it may automatically send out emails containing more copies of the virus using the address book in your email program. The worm may do damage and compromise the security of the computer. It may arrive in the form of a joke program or software of some sort. Unlike a virus, it does not attach itself to a host program.
Top
A Trojan horse program is a malicious program that pretends to be a benign application; a Trojan horse program purposefully does something the user does not expect. Trojans are closely related to computer viruses, but they are not viruses since they do not replicate, but Trojan horse programs can be just as destructive. Many people use the term to refer only to non-replicating malicious programs, thus making a distinction between Trojans and viruses.
Top
A program with annoying or funny functionality, that changes or interrupts the normal behavior of your computer, creating a general distraction or nuisance. Harmless programs that cause various benign activities to display on your computer (for example, an unexpected screen saver)
Top
A dropper is a program that installs a virus or Trojan on a computer system. The program itself is not infected nor is it a virus because it does not replicate. So, technically, a dropper should be considered a Trojan. The virus code is usually contained in a dropper in such a way that it won't be detected by virus scanners that normally detect that virus (i.e., the dropper program is not infected with the virus).
Top
|
