- greymarkb wrote:
- Besides viruses, what are other types of destructive programs are there?
VIRUSES AND OTHER DESTRUCTIVE PROGRAMS
- A VIRUS IS A COMPUTER PROGRAM THAT EXECUTES WHEN AN INFECTED PROGRAM IS EXECUTED. THEREFORE, ONLY EXECUTABLE FILES CAN BE INFECTED
- BY DEFINITION, A VIRUS INFECTS OTHER PROGRAMS WITH COPIES OF ITSELF
o MAY SIMPLY CLONE ITSELF
o MAY DAMAGE OTHER PROGRAMS AND DATA
o SOME SELF-DESTRUCT WHEN DONE
- VIRUS PROGRAMS ARE OFTEN QUITE SMALL, ONLY A FEW LINES OF CODE
- CAN BE HIDDEN IN HEALTHY SOFTWARE AND QUITE HARD TO FIND
- CAN INFECT ANY COMPUTER, CAN BE TRANSMITTED OVER ANY LINES. REPRODUCE RAPIDLY, MAKING IT DIFFICULT TO TRACE BACK TO SOURCE
TYPES OF VIRUSES
- A VIRUS MAY ATACH ITSELF TO OTHER PROGRAMS AND HIDE IN THEM. OR IT MAY INFILTRATE THE COMPUTER’S OPERATING SYSTEM
- USUALLY CONTRACTED FROM EXTERNAL SOFTWARE SOURCE – VIRUS HOST PROGRAMS MADE DELIBERATELY ATTRACTIVE TO VICTIMS (E.G., E-MAIL MESSAGE, GAME)
- CAN ACT IMMEDIATELY OR LIE DORMANT FOR A PERIOD OF TIME (E.G., MICHELANGO VIRUS, ON MICHELANGO’S BIRTHDAY) OR UNTIL SOME EVENT (1-2-3 VIRUS WHEN 1,2,3 TYPED)
OTHER DESTRUCTIVE PROGRAMS
- WORMS
o WORMS ARE CONSTRUCTED TO INFILTRATE LEGITIMATE DATA PROCESSING PROGRAMS AND ALTER OR DESTROY THE DATA (E.G., ILLICIT BANK FUNDS TRANSFER)
o WORMS DO NOT REPLICATE THEMSELVES (WORMS ARE LIKE A BENIGN TUMOR, VIRUSES LIKE MALIGNANT ONES)
o WORM’S CHANGES MAY CONTINUE IN EFFECT AFTER WORM IS DESTROYED UNLESS CORRECTED
- TROJAN HORSES
o TROJAN HORSES ARE DESTRUCTIVE PROGRAMS THAT HAVE BEEN DISGUISED, OR CONCEALED IN, AN INNOCUOUS PIECE OF SOFTWARE (VIRUS OR WORM MAY BE WITHIN TROJAN HORSE)
o CAN BE IN GAMES, GRAPHICS)
o TROJAN HORSES DO NOT REPRODUCE THEMSELVES AND SPREAD
o USED FOR EMBEZZLEMENT AND INDUSTRIAL ESPIONAGE – OFTEN DESIGNED NOT TO BE DISCOVERED
- LOGIC BOMBS
o LOGIC BOMBS ARE SIMILAR TO A TROJAN HORSE, BUT ARE SET TO GO OFF AT A PARTICULAR DATE AND TIME (CAN BE DELAYED A LONG TIME)
o LOGIC BOMBS DO NOT REPRODUCE
o OFTEN DESIGNED TO DO MAXIMUM DAMAGE
o OFTEN USED BY DISGRUNTLED EMPLOYEES, E.G., WHEN THEIR NAME IS REMOVED FROM PAYROLL RECORDS
o CAN BE USED TO HOLD SOFTWARE “HOSTAGE” UNTIL A RANSOM IS PAID. ALSO “INSURANCE” FOR PAYMENT TO COMPUTER SYSTEM SUPPLIERS OR CONSULTANTS
TYPES OF VIRUSES
- BOOT SECTOR VIRUSES (“BOOT SECTOR” IS THE FIRST THING LOADED WHEN A COMPUTER STARTS)
o INFECT THE “BOOT SECTOR” ON A COMPUTER SYSTEM, OVERWRITING IT WITH INFECTED CODE
o THEY THEN MOVE THE ORIGINAL BOOT SECTOR INFORMATION TO ANOTHER SECTOR ON THE DISK, MARKING THAT SECTOR AS A BAD SPOT ON THE DISK SO IT WILL NOT BE USED IN THE FUTURE
o TAKES FULL COMMAND OF THE INFECTED COMPUTER
o THE ONLY WAY A SYSTEM CAN BECOME INFECTED WITH A BOOT SECTOR VIRUS IS TO BOOT USING AN INFECTED FLOPPY DISK
- FILE INFECTING VIRUSES
o VIRUSES THAT (SURPRISE!) INFECT FILES
o MOSTLY INFECT EXECUTABLE FILES (E.G., .COM, .EXE, .OVL)
o SOME ACT LIKE BOOT SECTOR INFECTORS AND REPLACE THE “PROGRAM LOAD” INSTRUCTION IN AN EXECUTABLE FILE WITH THEIR OWN INSTRUCTIONS
o OTHERS USE “COMPANION” FILES, E.G., RENAME ALL .COM FILES WITH .EXE, THEN WRITE A NEW FILE WITH A .COM EXTENSION. THIS NEW FILE WILL HAVE THE VIRUS INSTRUCTIONS, AND WILL EXECUTE
- POLYMORPHIC VIRUSES
o POLYMORPHIC VIRUSES CHANGE THEIR APPEARANCE WITH EACH INFECTION
o THEY ARE ENCRYPTED, AND ALTER THE ENCRYPTION ALGORITHM WITH EACH NEW INFECTION (SOME WITH OVER 2 BILLION DIFFERENT FORMS). ANTI-VIRUS SOFTWARE MUST SCAN FOR ALGORITHMS AS WELL AS STRINGS
- STEALTH VIRUSES
o ATTEMPT TO HIDE BOTH FROM OPERATING SYSTEM AND ANTI-VIRUS SOFTWARE
o MUST STAY IN MEMORY TO INTERCEPT ALL ATEMMPTS TO USE THE OPERATING SYSTEM
o CAN HIDE CHANGES IT MAKES TO FILE SIZES, DIRECTORY STRUCTURES AND/OR OTHER OPERATING SYSTEM ASPECTS
o MUST BE DETECTED WHILE IN MEMORY AND DISABLED BEFORE DISK-BASED COMPONENTS CAN BE CORRECTED
- MULTI-PARTITE VIRUSES
o INFECT BOTH BOOT SECTORS AND EXECUTABLE FILES
o COMBINE SOME OR ALL OF THE STEALTH TECHNIQUES, ALONG WITH POLYMORPHISM
- MACRO VIRUSES
o CURRENTLY ACCOUNT FOR ABOUT 80 PERCENT OF ALL VIRUSES. FASTEST GROWING VIRUSES IN COMPUTER HISTORY
o UNLIKE OTHER VIRUS TYPES, MACRO VIRUSES AREN’T SPECIFIC TO AN OPERATING SYSTEM AND SPREAD VIA E-MAIL ATTACHMENTS, FLOPPY DISKS, WEB DOWNLOADS, FILE TRANSFERS AND COOPERATIVE APPLICATIONS
o MACRO VIRUSES ARE, HOWEVER, APPLICATION SPECIFIC. THEY INFECT MACRO UTILITIES THAT ACCOMPANY SUCH APPLICATIONS AS MICROSOFT WORD AND EXCEL, WHICH MEANS A WORD MACRO VIRUS CANNOT INFECT AN EXCEL DOCUMENT OR VICE VERSA
o INSTEAD, MACRO VIRUSES TRAVEL BETWEEN DATA FILES IN THE APPLICATION AND CAN EVENTUALLY INFECT HUNDREDS OF FILES IF UNDETERRED
o MACRO VIRUSES ARE WRITTEN IN VISUAL BASIC AND ARE RELATIVELY EASY TO CREATE
o THEY CAN INFECT AT DIFFERENT POINTS DURING A FILE’S USE, FOR EXAMPLE, WHEN IT IS OPENED, SAVED, CLOSED OR DELETED