Wednesday, March 5, 2008

Anti Virus Guide (Introduction)

Introduction
What Is A Virus
How Viruses Spread
Virus Hoaxes
Trojan Horses
Worms
Combinations




What Is A Virus

A virus is computer code, which makes copies of itself, without the computer user's (victim's) knowledge. Viruses attach themselves to other files or programs on the victim's computer - and often take complicated steps to disguise their presence.

- Some viruses are deliberately harmful or malicious - they carry a "payload". For example, erasing data from the victim's hard-disk.

- Other viruses simply attempt to make copies of themselves. Even these viruses can beharmful as they often have unintended consequences, and they always use computer resources (example: disk-space) without the computer user's knowledge or consent.

Very often, a virus can lay dormant for a long period of time (or until a given date), sometimes even years, before copying itself or executing its payload.

Viruses are usually designed by the virus writer to attack a particular type of computer or software. Most viruses are targeted at (and therefore can only infect) users of Microsoft operating systems (MS-DOS and Microsoft Windows) and/or Microsoft products (Microsoft Word, Microsoft Excel, Microsoft Outlook Express, etc.). However there are also viruses which affect other types of computers and software




How Viruses Spread

If a virus just stayed on the infected computer and didn't spread to other computers it wouldn't be too much of a problem (except for the unlucky victim). However just as a virus can infect the files on one computer, it can easily spread on to other computers:


-Some viruses attach themselves to program files (which may include EXE files, device drivers, etc). When the file is copied (or emailed) to another computer - it ends up being infected.


-Some viruses attach themselves to document files (most often Microsoft Word or Excel documents). These "macro viruses" use the advanced features of Word, Excel etc. to replicate themselves.


-Some viruses reside in the boot-sector of floppy or hard-disks. The boot sector is a special area of the disk, which is read and executed when the computer is started. If a computer is started with an infected floppy disk in the drive, it becomes infected.


-Some viruses send email from one computer to another, usually without the sender's knowledge. For example, these emails may be sent to people in the victim's address book or whose email address was listed on recently visited web pages. These viruses send an infected attachment with a plausible looking message. When the recipient opens the attachment, their computer becomes infected.


-Some viruses combine more than one of the above strategies and may switch between different strategies at different times or under different circumstances.




Virus Hoaxes

If you have been on the Internet for a while, you have probably received hoax virus warnings. (If you are new to the Internet, don't worry you are bound to get one sooner or later!) Hoax virus warnings are started by a person maliciously (or as a prank), but then passed on by many innocent computer users who wrongly believe they are genuine warnings and that they are helping others by passing on these messages. Most hoax virus warnings instruct the recipient to forward the warning to "everyone you know" and this is why they spread so fast. (Incidentally many people are taken-in by, and pass on other fake/hoax messages, including "opportunities", "news" or "secret information" )


If you get a virus warning or message telling you to pass it on to "everyone you
know", chances are that it's a bogus message. The most well-known virus hoax is
"Good Times".


Hoax warnings are not harmless.


- It has been known for a company's email system to be crashed by the volume of email generated by users forwarding warnings to everybody else repeatedly!


- Hoaxes waste user's time, as well as Internet resources and bandwidth.


- Some hoax virus warnings encourage users to delete files from their computers - for example - files which are not infected with any virus and may be essential to the correct operation of the computer.


-We recommend that you do not pass on virus warnings at all. If you must do then check carefully whether the warning is a hoax first! Companies should establish a clear policy that says virus warnings should not be passed on, or passed only to the IT department (which can then determine the veracity of the report) and not to all users.




Trojan Horses

The name Trojan horse comes from Homer's Illiad in which Greek warriors were able to sneak inside the walls of Troy (which they were besieging) by concealing hemselves inside a "gift" of a wooden horse.


In the computer world, a Trojan horse (often called just "Trojan") is a program (or occasionally a document) which appears to be harmless, or even useful, but actually has a malicious intent such as erasing the victim's hard-drive.


The difference between a Trojan and a virus is that:


- A virus copies itself without the user's knowledge


- A Trojan is copied by users deliberately - although of course they don't know about its hidden malicious intent. Sometimes Trojans are attached to illegal copyright violating software ("pirated software", "appz", "crackz", etc.).




Worms

Like a virus, a worm is a program that spreads itself from computer to computer without the victim's knowledge. Also, like a virus, worms may sometimes have deliberately malicious effects, although in many cases the mere fact of replication can be enough to be harmful to computers or networks. The difference between a virus and a worm is a technical one:


- A virus attaches itself to files (programs or data) on the victim's disk and spreads when these files are copied or executed.


- A worm resides in the computer's active memory and spreads from one computer to another by infecting other computers over a network connection (these days most often the network is the Internet).


Because worms use network connections to spread themselves, they can spread incredibly fast and generate massive amounts of network traffic (slowing or blocking legitimate access to the network).

Another worm in the news (July 2001) is the "CodeRed Worm" which affects Windows NT and Windows 2000 web servers. This worm takes control of infected servers and then uses them to launch "Denial Of Service" attacks against the other Internet sites. This worm has been highlighted in the press by US government officials and Microsoft. Microsoft have also made a fix available for the security hole that this worm exploits




Combinations


Although there are distinct definitions of the terms "virus", "worm", and "Trojan", virus-authors do not always follow these definitions.

In fact, it is quite common for viruses to combine attributes of each of these types of programs. For example, the virus Happy99 spreads itself by creating a Trojan called HAPPY99.EXE or HAPPY00.EXE and emailing this Trojan to unsuspecting users.