T E C H N I C A L   P A P E R S

Home

MIT


 Linux Corner

 Q & A

 Tips & Tricks

 Technical Papers

 Downloads

 Search

 About skumar

 B.E.(CSE) Specials  


 Success Stories

 Friends Diary

 Laughing Therapy
Write for Us

 Contact Us

LoveGalaxy Network

 
 

  Virus Encyclopedia
   
 

        Before going to read this article, first of all think about the exact definition and working of viruses so that there may be no further confusions.
great !! you have an excellent thinking power yes ! I am explaining here exactly what you had  thought now  i.e. the working of computer viruses and its infection to system.
First of all I am going to explain what is a virus then it’s various types and finally the working of these viruses.

what is meant by a virus?                                                                                             
           Basically, virus is a program or we can say that it is an executable file which is designed such that its first aim is to infect the documents then it should have ability to replicate itself as speedily as possible and it should have ability to avoid detection.
For avoiding detection, a virus should look like a legitimate program for which the user could not suspect as a virus.
Since the viruses are designed to corrupt or destroy. data on the hard disk i.e. on the FAT (file allocation table), so it has various types.

Classification of viruses:

Viruses can be categorized on the basis of following attributes:

1. The media of Residence
2. Infection methods
3. The destruction abilities
4. The features of virus algorithm.

1)Depending on the media of Residence                                                                          
              The viruses are of three types: Network virus, file virus and boot virus. Network virus spared through the computer networks .file viruses spread through the files, and the boot virus spreads in the boot sector of floppy disk or mater. boot records (MBR) of hard disk. The details of these type of viruses, we will discuss in later Topics.


2) Depending upon the infection methods.
               Viruses are of two type: Resident viruses & Non-Resident viruses.on infection the resident viruses leaves their resident part in RAM and are active till the system is re-booted.
           While infecting, virus scans comp. memory to check whether its copy is present there or not. After infecting RAM virus searches the free space on hard disk and replicates itself. here, it may define some interrupts necessary for seeking files to be infected to have destructive effects as weak as making effects on sound or video.


3) Depending upon destruction abilities viruses are of following types:


1. Harmless:
               These type of viruses doesn’t affect CPU operation but it decreases the free memory space due to their roaming.
2. Non-Dangerous:
               These type of viruses affects the graphic, sound effects and also decreases the free memory space.
3. Dangerous:
                These type of viruses causes serious faire or problems in computer operation.
4. very dangerous:
               These type of virus of viruses are very hazardous, which results in losses of programs, copprrupt date and destroy the information which will be necessary for CPU operations


4) Depending upon the Algorithm features viruses are of following types:


1. Companies:
                These are fil3 Viruses They makes files companies to exe files, which have the same name but with extension Com.
For ex: for the file MIT>EXE, the file MIT.Com is created.
2. Worms:
            These are the network viruses they cracks computer memory through networks it calculates the network addresses of there computers and send their own copies by their addresses.
3. Parasitic
                All the viruses which are not worms or companions comes under this group. They replicates by changing the contents of files or sectors on disks.
4. Stealth :
                These are invisible viruses and sues various methods to avoid detection some tings these viruses removes themselves from Emory tempo raring to avoid detection. Also they can redirect the disk head to read another sector instead of the sector in which they lives.
‘The best example of this type is FRODO.


 Frodo Virus:
             These are very dangerous stealth viruses having 4096 bytes length. They trance and books 21st and writes themselves to the end of com or.EXE files that are being executed. Also they affects date files as.exe files while infecting, these viruses increase the years field in file by 100.

 Boot Sector Virus:

              Till now, the known boot viruses are always memory resident.Boot sector virus infects the boot sector of a floppy disk or mar of a hard disk. the original boot sector or master boot program is replaced by virus. the boot sector may b copied to another sector of the disk or overwritten.
If the virus is longer than the sector size, then only first part of the virus is copied there and other parts of virus are installed in other sector i.e. in first free sectors of the disk.

             Thus the MBR which is the first sector of bar disk containing boot record. partition table, etc. is corrupted then the so will not be launched The best example of this type are STONE, AZUSA, MICHELANGELO, etc.

Algorithm of infection of Boot virus:

1) The user copies or downloads the infected file to the hard disk or floppy drive.
2) on execution of this infected file, the virus is loaded into the memory
3) virus reduces free memory space word at the address 0040:0013)
4) virus copies the boot record program to another sector and transfers control to it.
5) The virus get replicated in other memory area.
6) Next time. When computer boots from did the virus loads itself into the RAM or memory and starts infecting other files.

File Virus:

            This virus can incorporate into three kinds of files: Batch files (.BAT), File Drivers (.Sys, excluding IO.SYS & MSDOS.SYS) and executable binary files (.EXE,.COM).
            Some of file viruses just replicate but some viruses destroys the program being used at that time such viruses start replicating as soon as they are loaded into the memory. after removing these viruses also, the program file that got corrupted has to be repaired or reinstalled.

An incorporation of Virus at the starting of file:
              There are two ways for a virus to get into the file beginning.
In first type, Virus saves the beginning of file to its end and copies itself there.
In second type, virus writes it’s own codes at the beginning of the file not saving the old contents of file beginning.
naturally, In this case, the file will not be executable and cannot be recovered.


An Incorporation of virus at the end of file:
             This is most common method to send the virus.here, the virus modifies the file beginning in such a way that the first there bytes of.EXE commands in the programme file becomes that of the virus in.com file.

Multipatite Virus:       

          These are somewhat gloried viruses. They can be best described as cress between boot viruses and file viruses because they not only infects the files but also infects the boot sectors.
           These are very dangerous and are difficult to remove. After the infection of boot sector, when the system is booted, they load into memory and start infecting other files. The best example of these type are Invader, Flip, etc.

 Micro Viruses:
           Macro viruses are just VB code written in visual Basic editor that comes with comes with MS.Office. There is a feature known as macro in MS excel or word. These are the set of automated Instructions which makes work more efficient.
So, this a virus consisting viral macro VBA (Visual basic applications) code which creates voc in the computer. These viruses spread very speedily.

 Polymorphism Viruses:
           These viruses are very difficult to detect. because. They don’t have any signature i.e. they don’t contain any constant block of code. Thus, the anti virus which looks for a special code unable to detect them.
In most cases, the two samples of same polymorphism virus do not have a single similar block of code.

              Until now I have explained working of various types of viruses only AND now what about these virus creatures? who are they ?? If you remember, on the infection of love-bug someone once said, “The average virus creator is above 14 years and below the age of 23 and the virus creators of some evil viruses. Suffers from social loneliness.”

             But I think, this may not be the fact, because most of the virus creators do not make viruses to create have or destroy do not make viruses to create havoc or destroy the computer system. Just due to Interest & curiosity, they creates virus and then sent it to their friends viz e-mail which will then spread at the speed of light and before virus creator knows it, the cyber cops would have started investigation to caught him.

So.... what you are thinking? wanna create a single (at least) Virus ?:??........

                                                                                                 ---  K.Skumar
 
   
   Page last modified:
© 2004  k.skumar &Group. 
     All rights reserved.  
  
      March 14, 2004