The Computer Virus

What is computer virus?

A computer virus is a computer program that can copy itself without permission or knowledge of the user. The original may modify the copies or the copies may modify themselves, as occurs in a metamorphic virus). A virus can only spread from one computer to another when its host is taken to the uninfected computer, for instance by a user sending it over a network or carrying it on a removable medium. Additionally, viruses can spread to other computers by infecting files on a network file system or a file system that is accessed by another computer.

Viruses are sometimes confused with computer worms and Trojan horses. A worm, however, can spread itself to other computers without needing to be transferred as part of a host. Many personal computers are now connected to the Internet and to local-area networks, facilitating their spread. Today's viruses may also take advantage of network services such as the World Wide Web, e-mail, and file sharing systems to spread.

Some viruses are programmed to damage the computer by damaging programs, deleting files, or reformatting the hard disk. Others are not designed to do any damage, but simply replicate themselves and perhaps make their presence known by presenting text, video, or audio messages. Even these benign viruses can create problems for the computer user. They typically take up computer memory used by legitimate programs. As a result, they often cause erratic behavior and can result in system crashes. In addition, many viruses are bug-ridden, and these bugs may lead to system crashes and data loss.

Worm

A computer worm is a self-replicating computer program. It uses a network or email attachments to send copies of itself to other computers on the network, and it may do so without any user intervention. Unlike a virus, it does not need to attach itself to an existing program. Worms harm the network, whereas viruses infect or corrupt files on a targeted computer.

Some worms may have an additional payload, such as preventing a user from accessing antivirus Web sites, or stealing the licenses of installed games and applications.

Trojan Horse

A Trojan horse is a form of malware that presents itself as a legitimate program. In contrast to viruses, Trojan horses do not insert their code into other computer files and has no replication abilities.

Trojan malware usually have a payload. When a Trojan is executed, you may experience unwanted system problems in operation, and sometimes loss of valuable data.

Types of Computer Viruses

Macro viruses

A macro virus, often written in the scripting languages for programs such as Word and Excel, is spread by infecting documents and spreadsheets. Since macro viruses are written in the language of the application and not in that of the operating system, they are known to be platform-independent. They can spread between Windows, Mac and any other system, so long as they are running the required application. With the ever-increasing capabilities of macro languages in applications, and the possibility of infections spreading over networks, these viruses are major threats.

Today, there are thousands of macro viruses in existence.

Network viruses

This kind of virus is proficient in quickly spreading across a Local Area Network (LAN) or even over the Internet. Usually, it propagates through shared resources, such as shared drives and folders. Once it infects a new system, it searches for potential targets by searching the network for other vulnerable systems. Once a new vulnerable system is found, the network virus infects the other system, and thus spreads over the network.

Logic bomb

A logic bomb employs code that lies inert until specific conditions are met. The resolution of the conditions will trigger a certain function (such as printing a message to the user and/or deleting files). Logic bombs may reside within standalone programs, or they may be part of worms or viruses. An example of a logic bomb would be a virus that waits to execute until it has infected a certain number of hosts. A time bomb is a subset of logic bomb, which is set to trigger on a particular date and/or time.

Sentinels

A sentinel is a highly advanced virus capable of empowering the creator or perpetrator of the virus with remote access control over the computers that are infected. They are used to form vast networks of zombie or slave computers which in turn can be used for malicious purposes such as a Distributed Denial of Service attack.

Boot sector viruses

A boot sector virus alters or hides in the boot sector, usually the 1st sector, of a bootable disk or hard drive. The boot sector is where your computer starts reading your operating system. By inserting its code into the boot sector, a virus guarantees that it loads into memory during every boot sequence. A boot virus does not affect files; instead, it affects the disks that contain them.

Antivirus software

Antivirus software consists of computer programs that attempt to identify, thwart and eliminate computer viruses and other malicious software.

Antivirus software typically uses two different techniques to accomplish this:

• Examining files to look for known viruses matching definitions in a virus dictionary
• Identifying suspicious behavior from any computer program which might indicate infection. Such analysis may include data captures, port monitoring and other methods.

Most commercial antivirus software uses both of these approaches, with an emphasis on the virus dictionary approach.

Dictionary Approach: When the antivirus software looks at a file, it refers to a dictionary of known viruses that the authors of the antivirus software have identified. If a piece of code in the file matches any virus identified in the dictionary, then the antivirus software can take one of the following actions:

• attempt to repair the file by removing the virus itself from the file
• quarantine the file
• delete the infected file.

Suspicious Behavior Approach: Unlike the dictionary approach, the suspicious behavior approach therefore provides protection against brand-new viruses that do not yet exist in any virus dictionaries. Most antivirus software are not using this approach much today.

Using this approach the antivirus software:

• Doesn't attempt to identify known viruses
• Monitors the behavior of all programs.
• If one program tries to write data to an executable program, the antivirus software can flag this suspicious behavior
• alert a user and ask what to do.

Heuristic Analysis Approach:

• Antivirus software could try to emulate the beginning of the code of each new executable that the system invokes before transferring control to that executable.
• If the program seems to use self-modifying code or otherwise appears as a virus, one could assume that a virus has infected the executable. However, this method could result in a lot of false positives

AntiVirus Products:

Kaspersky Labs International Ltd.
is one of the world's top anti-virus companies, and well known all over the world as one of the leaders in the development of advanced anti-virus technologies. We produce anti-virus defense for home users, systems for workstations, file servers and application servers, e-mail gateways, firewalls, and Web servers. Kaspersky Labs also provides anti-spam solution for Small and Medium Businesses.

CA Anti-Virus provides complete protection against viruses, worms and Trojan horse programs. The easy-to-use interface and frequent automatic updates make it effortless to stay protected, and with quick scan times and efficient use of system resources, it won't bog down your PC.