|
|
Recently, a virus was discovered know as W32.Kriz. The
virus has a dangerous payload that triggers on December 25th of any year. The
payload is designed to overwrite files on the floppy disk drive, hard drive, RAM
drive, and network drives. It also clears the information stored on the BIOS.
This payload is similar to the W95.CIH virus that triggered on April 26th, 1999.
What comes first in your mind whenever you hear the phrase "computer
virus"? If you ask me, its something that infects your computer and
destroys all of its contents! Hmmm... the understanding for computer newbees.
We'll technically, a computer virus is a piece of malicious code that attaches to important areas within computers, such as executable files, and the boot areas of floppy disks and hard disks. A virus can destroy data after copying itself to other host files or disks. The virus spreads when its host file runs and the malicious code is unleashed. The virus can quickly spread into memory as the computer boots from an infected disk.
Once in memory, the virus can infect other executable files or disk boot sectors. Typically, a virus remains dormant until some trigger event occurs, such as a system date. In addition to replication, a computer virus often performs some other function, usually intended to do damage or spread a message.
Viruses are created by people who know how to use and manipulate code. However, you can take various counteractions once
you use an anti-virus software detects an infection within your computer.
The computer virus can also be associated with the real-life virus. Just like
the doctor, curing his/her patient. This goes the same way, you need to remove
the virus out of your system.
How do viruses spread?
Types of viruses
Boot virus
Program virus
Macro virus
Program viruses spread through just about any network, modem, or magnetic medium. Most boot viruses can only spread by way of floppy disks. Multipartite viruses are especially elusive because they can travel as a program virus, infect a boot sector, and be transmitted through floppy disks.
The explosive growth of LAN, Internet, and global email connectivity has dramatically accelerated the rate at which viruses can spread. A localized virus outbreak can quickly spread to another part of a company or the world when infected files are sent through email. The primary threat of infection comes from files that are shared, and then opened and used.
Now, look what happed with the "I Love You" virus.
Viruses are classified by what they infect and how they attempt to evade detection. The basic virus types are defined by the area of the computer they infect:
Boot viruses: Insert instructions into the boot sectors of floppy disks, or the boot sector or master boot record (partition sector) of a hard disk.
Program viruses: Infect executable files such as .COM, .EXE, and .DLL files.
Macro viruses: Infect document files such as Microsoft Word .DOC files by changing the way macros behave.
Other types of destructive code include worms, Trojan horses, and logic bombs. These types of destructive code are different than viruses because they don't replicate.
Boot viruses are some of the most successful viruses. They are simple to write, and they take control of the computer at a low level.
What they infect?
Boot viruses insert instructions into the boot sectors of floppy disks, or the boot sector or master boot record (partition sector) of a hard disk.
How they infect?
When the computer boots from an infected floppy disk, the virus infects the hard disk and loads its code into memory. The floppy disk does not have to be bootable for the virus to spread. The virus remains memory resident and infects any floppy disks that are accessed. Typically, the trigger for a boot virus is the system date or time. For example, the Michelangelo virus is a boot virus that deletes the hard disk of its host on March 6 (Michelangelo's birthday).
Damage
A floppy disk or hard disk with an infected boot sector won't infect any files unless the virus is also multipartite. A true boot virus can't spread to a server or over the network.
What they infect?
Program file viruses attach to executable files such as .COM, .EXE, and .DLL files by inserting instructions into the execution sequence. When the infected file runs, the inserted instructions execute the virus code. After the code finishes executing, the file continues with its normal execution sequence. This happens so quickly that you're not aware that the virus executed.
How they infect?
There are three sub classifications of program file viruses:
Memory resident: Stay in memory as terminate-stay-resident (TSR) programs and typically infect all executed files.
Direct action: Execute, infect other files, and unload.
Companion: Associates itself with an executable file without modifying it. For example, the virus might create a companion file, WORD.COM, to the WORD.EXE file. When the Word program opens, the infected WORD.COM file executes, performs the virus activities, and then executes the WORD.EXE file.
Damage
The damage caused by program file viruses varies from irritating, such as displaying screen messages, to data destroying.
What they infect?
Unlike other viruses, macro viruses do not infect program files; they infect documents. Common targets for many macro viruses are word processors such as Microsoft Word and Lotus AmiPro, and spreadsheets like Microsoft Excel.
How they infect?
Word uses macros to perform actions such as formatting text and opening or closing a document. Macro viruses can modify macros defined by the Word application to perform malicious actions such as overwriting or redefining default definitions in Word.
Damage
The damage caused by macro viruses can range from inserting unwanted text into documents to significantly reducing the functionality of a computer. For example, Format.C will format your hard disk.
Common targets
Macro viruses that infect Word commonly target the macros associated with the NORMAL.DOT template. This template is global, so all your Word files can be infected.
Percival S. Reginalde, New Media Engineer
Copyright © 2000 PIMS Inc. All rights reserved.
Revised: December 27, 2000
.
home
|
