What is Virus , Worms ,Trojan and Virus analysis

Everybody wants to know what is exactly a virus is  ? How To use virus ? Types Of virus ? If you want to know then you are at right place.

Virus Is a self-replicating program that produce it's own code by attaching copies of itself into other executable codes. 

Spyware :

Spyware is a piece of software that gets installed on computer without your consent. It collects your personal information without you being aware of it. It also Change how your computer or web browser is configured and bombard you with online advertisements. Spyware programs are notorious for being difficult to remove on your own and slow down your PC. A program gets installed in the background while you are doing something else on Internet.Spware has fairly widespread because your cable modem or DSL connection is always connected.

Difference between Virus, Worms and Trojans:

  • Virus is an application that self replicates by injecting its code into other data files. Virus spreads and attempts to consume specific targets and are normally executable.
  • Worm copies itself over a network. It is a program that views the infection points another computer rather than as other executable files on an already infected computer .
  • Trojan is a program that once executed performs a task other than expected.

Virus Properties :

  1. Your computer can be infected even if files are just copied.
  2. Can be Polymorphic.
  3. Can be memory or non-memory resident.
  4. Can be a stealth virus.
  5. Viruses can carry other viruses.
  6. Can make the system never show outward signs.
  7. Can stay on the computer even if the computer is formatted.

Virus Operation Phase :

 Most of the viruses operate in two phases

1. Infection Phase –  In this phase virus developers decide

- When to Infect program
- Which programs to infect
  • Some viruses infect the computer as soon as virus file installed in computer.
  • Some viruses infect computer at specific date,time or perticular event.
  • TSR viruses loaded into memory & later infect the PCs.

2. Attack Phase - In this phase Virus will

- Delete files.
- Replicate itself to another PCs.
- Corrupt targets only

Virus Indications :

Following are some of the common indications of Virus when it infects system

  • Files have strange name than the normal.
  • File extensions can also be changed.
  • Program takes longer time to load than the normal.
  • Computer‟s hard drives constantly runs out of free space.
  • Victim will not be able to open some programs.
  • Programs getting corrupted without any reasons.

Virus Types :

Following are some of the common indications of Virus when it infects system.

  1. Macro Virus – Spreads & Infects database files.
  2. File Virus – Infects Executable.
  3.  Source Code Virus – Affects & Damage source code.
  4. Network Virus – Spreads via network elements & protocols.
  5. Boot Virus – Infects boot sectors & records.
  6. Shell Virus – Virus Code forms shell around target host‟s genuine program & host it as sub routine.
  7. Terminate & stay resident virus – remains permanently in the memory during the work session even after target host is executed & terminated.

Methods to Avoid Detection :

  • Same “last Modified” Date.

  1. In order to avoid detection by users, some viruses employ different kinds of deception.
  2.  Some old viruses, especially on the MS-DOS platform, make sure that the "last modified" date of a host file stays the same when the file is infected by the virus.
  3. This approach sometimes fool anti-virus software.

  • Overwriting Unused areas of the .exe files.
  • Killing tasks of Antivirus Software.

      Some viruses try to avoid detection by killing the tasks                     associated with antivirus software before it can detect them.

  • Avoiding Bait files & other undesirable hosts.

  1.  Bait files (or goat files) are files that are specially created by anti-virus software, or by anti-virus professionals themselves, to be infected by a virus.
  2. Many anti-virus programs perform an integrity check of their own code.
  3. Infecting such programs will therefore increase the likelihood that the virus is detected.
  4. Anti-virus professionals can use bait files to take a sample of a virus

  • Making stealth virus.

  1. Some viruses try to trick anti-virus software by intercepting its requests to the operating system.
  2. The virus can then return an uninfected version of the file to the anti-virus software, so that it seems that the file is "clean".

  • Self Modification on each Infection.

  1. Some viruses try to trick anti-virus software by modifying themselves on each modifications.
  2. As file signatures are modified, Antivirus software find it difficult to detect.

  • Encryption with variable key.

  1.  Some viruses use simple methods to encipher the code.
  2. The virus is encrypted with different encryption keys on each infections.
  3. The AV cannot scan such files directly using conventional methods.
okay that's it friends if you have any doubt feel free to comment ...

HTML Comment Box is loading comments...