| || || |
| Computer Viruses
/ Virus Guide || |
A computer virus is probably the best known and most dangerous
threat to computer security. Just like an organic virus, a computer
virus attaches itself to healthy computer programs (body cells).
With over 1000 different types of viruses, there is a variety of
different parts of the computer they can attack eg, boot sector.
The most common symptoms that indicate your computer has been infected,
- files and data is deleted
- the computer takes longer to load programs/applications
and images on your screen are distorted and unusual images and text appears
noises come from your keyboard, hard disk
- hard disk operates excessively
or is inaccessible
- disk space and filenames change for no reason
tools such as Scandisk return incorrect values
|Below is a list of the most common types of
- A polymorphic virus is an encrypted virus that hides itself from
anti-virus through encrypted (scrambled) data and then decrypts itself to beable
to spread through the computer. The thing that makes it hard for anti-virus software
to detect polymorphic viruses is that the virus generates an entirely new decryption
routine each time it infects a new executable file, making the virus signature
different in each signature.
- Stealth Viruses
- A Stealth
virus hides the modifications made to files and boot records by modifying and
forging the results of calls to functions, therefore programs believe they are
reading the original file and not the modified file. A good anti-virus software
will probably detect a stealth virus due to the fact that a stealth virus attempts
to hide itself in memory when a anti-virus software is launched.
- A Slow virus is a difficult virus to detect due to the fact it
only modifies and infects files when they have been modified or copied. Therefore
the original file will not be infected by the actual copied file. A good way to
protect yourself against slow viruses is by using an integrity checker or shell.
- A Retro virus attacks the anti-virus software designed to delete
it. The retro virus usually attempts to attack the anti-virus data files such
as the virus signature store which disables the ability of the anti-virus software
to detect and delete viruses. Otherwise the retro virus attempts to alter the
operation of the anti-virus software.
- Multipartite Viruses
- A Multipartite virus attempts to attack and infect both the boot sector and
executable files at the same time.
- Armored Viruses
- A Armored virus attempts to protect itself from anti-virus
software by trying to make anti-virus software believe it
is located somewhere else. Therefore the Armored virus has
made itself more difficult to trace, disassemble and understand.
- A Companion virus creates a companion file for each executable
file the virus infects. Therefore a companion virus may save
itself as scandisk.com and everytime a user executes scandisk.exe,
the computer will load scandisk.com and therefore infect the
- Phage Viruses
- A Phage
virus is a very destructive virus that re-writes a executable program with it's
own code, rather than just attaching itself to a file. Therefore a Phage virus
will usually attempt to delete or destroy every program it infects.
- A Revisiting virus is a worm virus and attempts to copy itself
within the computers memory and then copy itself to another linked computer using
TCP/IP protocols. The Morris Worm virus in the late 1980's was the first major
virus threat to hit the Internet.
The best way to protect yourself against
viruses is to buy a good anti-virus software package such as Norton or McAfee
and keep installing the latest updates. These packages may not always protect
you against the latest virus, but offer the best solution possible. You should
always try the following
- Install anti-virus software.
your anti-virus software up-to-date.
- Install a personal firewall
- Use Windows / Apple / Linux updates to patch security holes.
open email messages that look suspicious
- Don't click on email attachments
you were not expecting
Viruses on the Mac
All the above topics are mainly concerned with Viruses, worms and
Trojan Horses on windows PC's. It is a much bigger problem for the
PC than for the Mac. In 2004 of all the thousands of viruses identified
by McAfee only a small handful target the Mac. There has however
been famous mac viruses and worms such as INIT-29-B and Hypercard
HC-9507 virus. Some of the most famous worms are listed below,
- AutoStart - originated in Asia in 1998
- Like many recently dangerous
viruses and worms this originated in Asia in 1998. It first appeared in Hong Kong
and then spread across the world. Autostart used QuickTime's AutoStart and infected
any PowerPC systems running the MacOS or later. It also usually required QuickTime
2.0 or above. The damage it created was by adding invisible files to every disk
partition and also overwriting some data files with random data. In the fallout
it caused John Norstad to retire Disinfectant, a shareware program which was a
popular alternative to commercial antivirus packages.