|
Virus ABCs
How viruses are contracted
Virus properties
How viruses may infect files
What viruses may do
Detecting viruses
Virus myths
Virus Definitions
VIRUS ABCs
One of the biggest fears of having
computers are viruses, viruses are malicious programs designed entirely
for destruction and havoc. Viruses are created by people who either know
a lot about programming or know a lot about computers.
Once the virus is made it will generally
be distributed through shareware, pirated software, e-mail or other
various ways of transporting data, once the virus infects someone's
computer it will either start infecting other data, destroying data,
overwriting data, or corrupting software.
The reason that these programs are
called viruses is because it is spreads like a human virus, once you
have become infected either by downloading something off of the Internet
or sharing software any disks or write able media that you placed into
the computer will then be infected. When that disk is put into another
computer their computer is then infected, and then if that person puts
files on the Internet and hundreds of people download that file they are
all infected and then the process continues infecting thousands if not
millions of people.
HOW VIRUSES ARE
CONTRACTED
The majority of viruses are contract by
floppy's by bringing information from one source and then put onto your
computer. VIRUSES can infect disks and when that disk is put into your
computer your computer will then become infected with that virus, a
recent survey done in 1997 by NCSA given to 80 percent of PC users
showed that 90% of PC users contract viruses by floppy diskettes.
In the survey done above it showed that
the other 20% of viruses were contracted by email attachments and over
the Internet. This means that you received an email with an attached
file and opened the file. Or downloaded a file over the Internet.
VIRUS PROPERTIES
Your computer can be infected
even if files are just copied. Because some viruses are memory
resident as soon as a diskette or program is loaded into memory the
virus then attaches itself into memory.
Can be Polymorphic.
Some viruses have the capability of modifying their code which means one
virus could have various amounts of similar variants.
Can be memory / Non memory
resident. Depending on the virus can be memory resident virus
which first attaches itself into memory and then infects the computer.
The virus can also be Non memory resident which means a program must be
ran in order to infect the computer.
Can be a stealth virus.
Stealth viruses will first attach itself to files on the computer and
then attack the computer this causes the virus to spread more rapidly.
Viruses can carry other viruses
and infect that system and also infect with the other virus as well.
Because viruses are generally written by different individuals
and do not infect the same locations of memory and or files this could
mean multiple viruses can be stored in one file, diskette or computer.
Can make the system never show
outward signs. Some viruses will hide changes made such as when
infecting a file the file will stay the same size.
Can stay on the computer even if
the computer is formatted. Viruses have the capability of
infecting different portions of the computer such as the CMOS battery or
master
HOW VIRUSES MAY
EFFECT FILES
VIRUSES can effect any files
however usually attack .com, .exe, .sys, .bin, .pif or any data files.
Viruses have the capability of infecting any file however will generally
infect executable files or data files such as word or excel documents
which are open frequently.
It can increase the files size,
however this can be hidden. When infecting files virtues will
generally increase the size of the file however with more sophisticated
viruses these changes can be hidden.
It can delete files as the file
is ran. Because most files are loaded into memory and then ran
once the program is in memory the Virus can delete the file.
It can corrupt files randomly.
Some destructive viruses are not designed to destroy random
data but instead randomly delete or corrupt files.
It can cause write protect
errors when executing .exe files from a write protected disk.
Viruses may need to write themselves to files which are executed because
of this if a diskette is write protected you may receive a write
protection error.
It can convert .exe files to
.com files. Viruses may use a separate file to run the program
and rename the original file to another extension so the exe is ran
before the com.
It can reboot the computer when
a files is ran. Various computers may be designed to reboot the
computer when ran.
WHAT VIRUSES MAY
DO
The following are
possibilities you may experience when you are infected with a virus.
Remember that you also may be experiencing any of the following issues
and not have a virus.
Once the hard drive is
infected any disk that is non-write protected disk that is accessed can
be infected.
 Deleted files
Various messages
in files or on programs.
Changes volume
label.
Marks clusters as
bad in the FAT.
Randomly
overwrites sectors on the hard disk.
Replaces the MBR
with own code.
Create more then
one partitions.
Attempts to
access the hard disk drive can result in error messages such as invalid
drive specification.
Causes cross
linked files.
Causes a "sector
not found" error.
Cause the system
to run slow.
Logical
partitions created, partitions decrease in size.
A directory may
be displayed as garbage.
Directory order
may be modified so files such as COM files will start at the beginning
of the directory.
Cause Hardware
problems such as keyboard keys not working, printer issues, modem issues
etc.
Disable ports
such as LPT or COM ports
Caused keyboard
keys to be remapped
Alter the system
time / date
Cause system to
hang or freeze randomly.
Cause activity on
HDD or FDD randomly.
Increase file
size.
Increase or
decrease memory size.
Randomly change
file or memory size.
Extended boot
times
Increase disk
access times
Cause computer to
make strange noises, make music, clicking noises or beeps.
Display pictures
Different types
of error messages
DETECTING
VIRUSES
The most commonly used method of
protecting against and detecting viruses is to purchase a third party
application designed to scan for all types of viruses. A list of these
protection programs are listed above.
Alternatively a user can
look at various aspects of the computer and detect possible signs
indicating a virus is on the computer. While this method can be used to
determine some viruses it cannot clean or determine the exact virus you
may or may not have.
If you have
Windows95 /
Windows 98 you can
click on start, settings, control panel, system, and under system go to
performance and determine if the file system is 32-bit. If the file
system is running in MS-DOS compatibility mode check the box indicating
what is running in MS-DOS compatibility mode to determine if the master
boot record has been modified. If the Master boot record has been
modified its a good possibility that you may have a virus on the
computer.
Another method is to check
fdisk. In fdisk
choose four to display the partition information if you have multiple
partitions such which have scrambled text such as % or strange
characters this can be another indication of a virus on the computer.
VIRUS MYTHS
The following text is
comments we have heard that are absolutely not true or are false
spreading rumors.
"If I download a file
onto a disk I don't have to worry about a viruses." - This is
not true, just because you place a file on a disk does not mean that
your hard drive cannot be infected. Because around half of the computer
viruses are memory resident the virus will load itself into memory and
will then infect your hard drive and data on the diskette.
"If I buy sealed
software I don't have to worry about viruses." - This is not
always true just because the program may be surrounded in plastic
doesn't mean that it cannot be infected with a virus. When the software
is written to the diskette is when the virus will be attached to the
diskette. While this does not happen frequently it is still a
possibility.
"If I just by
registered software I don't have to worry about viruses." - This
is not always true because there have been cases were company's did not
know that there was a virus on there software and accidentally shipped
software that had viruses on it. While this does not happen frequently
it is still a possibility.
"If I don't download
anything off of the Internet I don't have to worry about viruses."
- This is not always true while you may not be on the Internet you still
can be infected by viruses on diskettes and or CDs.
"If I just read my
E-mail, I will not have to worry about viruses." - Not true
there are viruses out there that are distributed through e-mail also
files can be attached with e-mail.
"If I don't get
on the Internet I don't have to worry about viruses." -
This unfortunately is not the case over 90% of users contract viruses
with floppy diskettes the other percentage is over the Internet.
"You can
contact viruses from just looking at web pages." - Another
rumor that is spreading around. You cannot contract a virus just by
looking at a web page however can contact a virus if you were to
download a file from that web page.
"You can
contact a virus by reading your e-mail." - Not fully true,
by just opening an e-mail message to read its contents you can not
contract a virus, unless that e-mail message contains an attachment and
you were to save that attachment to your hard drive or another storage
media. Our recommendation to help prevent virus through e-mail would be
to not open files that contain attachments from individuals you do not
trust / know. Extra Note: A new virus called the Bubble
boy can infect computers by a user just opening their mail however
requires the user be using Internet Explorer 5.0, Windows 98, and
Microsoft Outlook.
MACRO VIRUSES
Macro viruses are becoming
a big threat to the computer community, a macro virus is a virus
designed in a word processor, which is just a macro designed to destroy,
corrupt, infect, erase files or delete files or data on the hard disk
drive. These viruses are fast becoming a threat, because they are so
easily created and capable of transmitting extremely fast and with a lot
of older virus scanners not being able to detect them these are growing
fast there are now over 1000 different macro viruses. Because these are
becoming such a threat virus companies are becoming aware of this and
with new virus scanners are also having the capability of scanning for
macro viruses.
Virus Definitions
(B) Boot Sector
(C) Companion
(CMOS) CMOS
(E) Executable
(H) Hoax
(M) Multipart
(MAC) Macro
(MBR) Master Boot Record
(N) Non Resident
(O) Overwriting
(P) Polymorphic
(R) Resident
(S) Stealth
(B) BOOT SECTOR
A Boot Sector Virus is a virus that
infects the first or first few sectors of a computer
hard drive or
diskette drive
allowing the virus to activate as the drive or diskette is booted from.
(C) COMPANION
A Companion Virus is a virus that stores
its code in a .com file and name it self as a frequently used program
file which may be an .exe or .bat file. When a computer command is typed
in the computer will execute the .com file before the .exe or .bat
(CMOS) CMOS
A CMOS Virus is a virus that has the
capability of infecting the
CMOS battery.
This means even if the hard disk drive is erased the virus will still
reside on the computer.
(E) EXECUTABLE
A Executable Virus is a virus
that stores itself and or infects other EXE, BAT, COM
files so when ran execute and infect other files.
(H) HOAX
A Hoax is a fake virus
that is said to do something which is either impossible or never
happens. Generally sent VIA e-mail these are a widespread nonsense.
(M) MULTIPART
A Multipart virus is a virus that
infect the Master Boot record as well as executable files
on the hard disk drive.
(MAC) MACRO
A Macro virus is a virus that
infects Word and or Excel Files. The virus is essentially
a destructive Macro that modifies, deletes or otherwise tampers with the
files stored on the computer.
(MBR) MASTER
BOOT RECORD
A Master Boot Record virus that
modifies and or infects the Master Boot Record generally
causing the computer to loose CD-ROM support and or cause the computer
to run in compatibility mode.
(N) NON RESIDENT
A Non resident virus is a virus that
does not store itself in the memory and instead will say
within a executable file. Once this file is ran the virus will then
activate.
(O) OVERWRITING
A Overwriting virus is a virus that
will eliminate sections of files and replace these
sections of files with its own code, generally causing the file to be
irreparable.
(P) POLYMORPHIC
A Polymorphic virus is a virus that
has the capability of changing its own code allowing the
virus to have hundreds sometimes thousands of different variants making
it much more difficult to detect.
(R) RESIDENT
A Resident virus is a virus that
will store itself within memory allowing it to infect
certain files instantaneously and does not require the user to run the
executable file to infect files.
(S) STEALTH
A Stealth virus is a virus that
hides its tracks after infecting the computer. Once the
computer has been infected the virus can make modifications to allow the
computer to appear that it has not lost any memory and or that the file
size has not changed.
Awareness
Viruses on the Internet and email are becoming more and more prevalent.
The biggest contributor of spreading viruses is ignorance. By learning just
a little bit about viruses you can help avoid the spread of them as well as
protect yourself from being infected. Here are some Do's & Don'ts to help
you out:
- Install an anti-virus software on your system that will alert
you to viruses that are attacking. Most importantly that it will check
incoming email. Check out
AVG AntiVirus.
- Make sure you do regular updates for your anti-virus software so that
it will recognize the latest viruses on the net.
- Beware of attachments. Most of all viruses come as attachments
in e-mail, many of which, are from people you know. The viruses are being
sent automatically from a computer that is infected and the person sending
is not even aware that they are sending it to you. If someone you don't
know sends you an attachment, it is best that do not open it and simply
delete it.
- Install a firewall. If you are on a permanent connection such
as DSL, Cable, or some other sort of broadband service you may be
vulnerable to hackers and trojan viruses. Routers may give you some
protection as a firewall or you may install a software program such as
BlackIce or
ZoneAlarm.
|
US
