Security: Computer Viruses Part I

“I think computer viruses should count as life.  I think it says something about human nature that the only form of life we have created so far is purely destructive.  We’ve created life in our own image.”
– Stephen Hawking

Virus is a term that was mostly used in a biological sense till 1971. I do not know if the Virus is used as an acronym or not but I have been using it as an acronym for "Very Important Resources Under Siege" where very the important resources are the resources on my Computer and they get affected.

History of Computer Virus

The Creeper virus was first detected on ARPANET, the forerunner of the Internet in the early 1970s. Creeper was an experimental self-replicating program written by Bob Thomas at BBN in 1971.

A program called "Rother J" was the first computer virus to appear "in the wild" — that is, outside the single computer or lab where it was created. Written in 1981 by Richard Skrenta, it attached itself to the Apple DOS 3.3 operating system and spread via floppy disk.

The first PC virus in the wild was a boot sector virus dubbed (c)Brain, created in 1986 by the Farooq Alvi Brothers, operating out of Lahore, Pakistan, reportedly to deter piracy of the software they had written.

What Is a Computer Virus?

A Computer Virus, as is clear from the origins, is a piece of software or code that gets loaded on your computer without your knowledge and permission and runs against your wishes. Computer Virus, like its biological counterpart, has the ability to replicate itself. A computer virus can damage or corrupt data, change data, and even degrade the performance of your system by utilizing resources such as memory or disk space.

Why are the Virus Programs Written?

You might be wondering that if the Computer Virus is a piece of code then why does one writer such a code that will do bad or bring harm to the computer it infects. There are various reasons that people write codes that create computer virus.

At the start, it was more of an experimentation, but now a days, it is become the handiwork of a few people who are perverts and do not feel happy till they have written a program which will cause damage.

The other reason may be the rejection of the coder in some company and he is out there just to tell to the world - "I can do this".

There is another belief that for the good to be proven there must exist the evil. For the Anti-Virus Companies to survive, the computer virus must exist and so a set of the community even believes that these companies intentionally keep creating computer virus so that their products remain in the market.

Whatever be the motivation behind the creating of the code, the fact is that the computer virus is a reality and it is quite lucky of you in case you have never been affected by one.

How Does a Virus Spread?

Early viruses were small pieces of code embedded in larger, legitimate programs like your favorite game or word processing package or any application that was assumed to be popular and widely used. When the user ran the legitimate program (which was bugged), the virus loaded itself along with the original code of the application into the main memory of the computer ­ and looked around to see if it could find any other program to get attached to. If it found one, it had the capacity to modify the program and get itself attached to the code of the clean and legit application. So the next time you started the cleaner application that had got affected gave the virus a chance to spread to other applications.

Once in the memory, the virus launches the "real program", which actually does the major damage.

Types of Computer Virus

There are different types of virus that exist in the computer world. In the initial days, the Internet was not that popular and as such the Virus programs spread only via the usage of storage media like floppy disks. But since internet became popular, people have started creating virus that spread via the internet.

1. Boot Sector viruses:

A boot sector virus infects diskettes and hard drives. Not getting into the technical structure of Disks, the base concept involved here is that the Virus program attaches itself to the Boot sector – The Main part of the Disk that is used to load the operating system.
Modus operandi
Each time you start your computer; this virus gets loaded into the Memory of your computer and then starts its play damaging files and folders including its own replication.

2. Program viruses:

The program viruses affect Application files only and hence are called Program Viruses.
Modus Operandi
A program virus infects only the executable and binary files. They become active when the program files (usually with extensions .BIN, .COM, .EXE, .OVL, .DRV) carrying the virus is opened.

3. Multipartite viruses:

The multipartite generation of Computer Virus is a hybrid of Boot and Program viruses.
Modus Operandi – 
They start by infecting the program files and when the infected program is executed, these viruses infect the boot record.

4. Stealth viruses

Stealth viruses are considered to be the smart viruses. This is because they use techniques to avoid getting detected. Their mode of operation also is varied but in most of the cases, they either redirect the disk head to read another sector instead of the one in which they reside or they alter the reading of the infected file’s size shown in the directory listing. This makes their detection a difficult one. They can stop you from accessing files and also can corrupt your data.

5. Macro viruses:

A macro virus infects the macros within a document or template. Macros are usually written in applications to perform a specific task quickly. The macros are mostly stored in documents or their templates. So when you open the document or the template, the macro virus is activated and it infects the templates.
Modus Operandi – 
A macro virus attaches itself to the Macros for spreading. Then when the file is opened, it attaches itself to the Template. So the next time you open any document or create any document based on this template, the virus automatically gets transferred,

6. Next Generation
6.1 Worms
A worm is a computer program that has the ability to copy itself from machine to machine. Worms use up computer time and network bandwidth when they replicate, and often carry payloads that do considerable damage. A worm usually exploits some sort of security hole in a piece of software or the operating system.
Worms normally move around and infect other machines through computer networks. Using a network, a worm can expand from a single copy incredibly quickly.

6.2 Trojans or Trojan Horses
Another unsavory breed of malicious code are Trojans or Trojan horses, which unlike viruses do not reproduce by infecting other files, nor do they self-replicate like worms. They are programs which claim to do one thing (it may claim to be a game) but instead do damage when you run it (it may erase your hard disk). Trojan horses have no way to replicate automatically.

6.3 Logic Bombs
Logic Bombs are not considered viruses because they do not replicate. They are not even programs in their own right but rather camouflaged segments of other programs.

6.4 MalWare
Malware is just another name for software that has an evil intent. Here are some common types of malware and what they might do to your infected computer:

  • Adware puts ads up on your screen.
  • Spyware collects personal information about you, like your passwords or other information you type into your computer.
  • Hijackers turn your machine into a zombie computer.
  • Dialers force your computer to make phone calls. For example, one might call toll 900-numbers and run up your phone bill, while boosting revenue for the owners of the 900-numbers.
In the next part of the post, you will find information on how to prepare yourself for preventing a virus attack, how to know whether your computer is bugged and also how to remove virus in case your computer has already been bugged.

Hope you found the article of use. 


Post a Comment

Spread the Word