Viruses

Discussion in 'Ethical hacking Tips' started by SpOonWiZaRd, Nov 19, 2007.

  1. SpOonWiZaRd

    SpOonWiZaRd Know what you can do.

    Joined:
    May 30, 2007
    Messages:
    746
    Likes Received:
    8
    Trophy Points:
    0
    Occupation:
    Network Engineer/Programmer
    Location:
    South Africa
    I have decided to write an article just to cover the types of viruses and what they all do, in short. There are 8 types of viruses:

    1. Polymorphic Virus
    2. Stealth Virus
    3. Retrovirus
    4. Multipartite Virus
    5. Armored Virus
    6. Companion Virus
    7. Phage Virus
    8. Macro Virus
    A virus is a piece of software designed to infect a computer system. The virus may do nothing more than reside on the computer. A virus may also damage the data on your hard disk, destroy your operating system, and possibly spread to other systems. Viruses get into your computer in one of 3 ways: on a contaminated floppy or CD-ROM, trough email, or as part of another program. Each type of virus has a different attack strategy and different consequences.

    Polymorphic Viruses - Polymorphic viruses change form in order to avoid detection. These types of viruses attack your system, display a message on your computer, and delete files on your system. The virus will attempt to hide from your antivirus software. Frequently the virus will encrypt parts of itself to avoid detection. When that happens it's called mutation.

    Stealth Virus - This type of virus attempts to avoid detection by masking itself from applications. It may attach itself to the boot sector of the hard drive. When a system utility or program runs, the stealth virus redirects commands around itself in order to avoid detection. An infected file may report a file size different from what is actually present in order to avoid detection. It may also move itself around your computer to different folders during a virus scan to avoid detection.

    Retrovirus - This virus attacks or bypasses the antivirus software installed on your computer. You can consider a retrovirus to be a "anti-antivirus". It can directly attack your antivirus software and potentially destroy the virus definition database file. This loss of information will leave you with a false sense of security. This type of virus may also directly attack the antivirus to create bypasses for the virus.

    Multipartite Virus - This virus attacks your system in multiple ways. It may attempt to infect your boot sector, infect all you executable files, and destroy your applications files. The hope her is that you wont be able to correct all the problems and will allow the infestation to continue. It attacks your boot sector, infects application files, and attacks your microsoft word documents.

    Armored Virus - This virus makes itself difficult to detect or analyze. Armored viruses cover themselves with protective code that stop debuggers or disassemblers for examining critical elements of the virus. The virus may be written in such a way that some aspects of the programming act as a decoy to distract analysis while the actual code hides in other areas in the program. The more time it takes to de-construct the virus, the longer it will live. The longer it can live, the more time it has to replicate and spread to as many machines as possible.

    Companion Virus - This virus attaches itself to legitimate programs and then creates a program with a different file extension. This file may reside on your systems temporary directory. When the user types the name of the legitimate program, the companion virus executes instead of the real program. This hides the virus from the user (effectively). Many of the viruses that are used to attack windows systems make changes to program pointers in the registry so that they point to the infected program. The infected program will perform it's dirty deed and then start the real program.

    Phage Virus - This virus modifies and alters other programs and databases. The virus infects all of these files. The only way to remove this type of virus is to reinstall the programs that are infected. If you miss even a single incident of this virus on the victim system, the process will start again and infect the system once more.

    Macro Virus - This virus exploits the enhancements made to many application programs. Programs such as word and excel allow programmers to expand the capability of the application. Word, for example, supports a mini - BASIC programming language that allows files to be manipulated automatically. These programs in the document are called macros. For example, a macro can tell your word processor to spell-check your document when it opens. Macro viruses can infect all the documents on you system and spread to other systems using mail or other methods.

    Then there is other types of threats like worms, trojan horses, and logic bombs. I will cover these briefly in order to make the difference between these and viruses clear.

    Worms - A worm is different from a virus in that it can reproduce itself, it's self-contained, and it doesn't need a host application to be transported. It is possible for a worm to contain or deliver a virus to a target system. (WORM - Write Once Read Many)

    Trojan Horses - This is a program that enters a system or network in disguise of another program. The trojan may create a back door or replace a valid program during installation. They can be used to compromised the security of your system and can be there for years before detection. A port scan may reveal a trojan horse on your system as it creates a back door (a open port that you don't know about).

    Logic Bombs - These are snippets of code that execute when a certain predefined event occurs. A bomb may send a note to an attacker when a user is logged on to the internet and is using a word processor. This message informs the attacker that the user is ready for an attack.

    I hope that this article provided you with enough information about viruses, I will write another article soon on how to prevent these viruses and other attacks.
     
  2. Izaan

    Izaan New Member

    Joined:
    Oct 16, 2007
    Messages:
    215
    Likes Received:
    2
    Trophy Points:
    0
    Very interesting and waiting for your other one
     
  3. coderzone

    coderzone Super Moderator

    Joined:
    Jul 25, 2004
    Messages:
    736
    Likes Received:
    38
    Trophy Points:
    28
    Ditto.
     
  4. Safari

    Safari New Member

    Joined:
    Oct 16, 2007
    Messages:
    183
    Likes Received:
    17
    Trophy Points:
    0
    Very good. Keep them coming.
     
  5. Muaz

    Muaz New Member

    Joined:
    Nov 29, 2007
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    0
    Hi, This post of mine is very knowledgable and may enhance the information of the viewers , however I would like some specific information for myself. If someone can help me then please send me a private message. Best Regards,
     
  6. shabbir

    shabbir Administrator Staff Member

    Joined:
    Jul 12, 2004
    Messages:
    15,375
    Likes Received:
    388
    Trophy Points:
    83
  7. SpOonWiZaRd

    SpOonWiZaRd Know what you can do.

    Joined:
    May 30, 2007
    Messages:
    746
    Likes Received:
    8
    Trophy Points:
    0
    Occupation:
    Network Engineer/Programmer
    Location:
    South Africa
    Done, I have written them... ;)
     
  8. shabbir

    shabbir Administrator Staff Member

    Joined:
    Jul 12, 2004
    Messages:
    15,375
    Likes Received:
    388
    Trophy Points:
    83
  9. Izaan

    Izaan New Member

    Joined:
    Oct 16, 2007
    Messages:
    215
    Likes Received:
    2
    Trophy Points:
    0
  10. ghostomni

    ghostomni New Member

    Joined:
    Jul 1, 2007
    Messages:
    31
    Likes Received:
    1
    Trophy Points:
    0
    thanks buddy you provide such a usefull information
     
  11. shabbir

    shabbir Administrator Staff Member

    Joined:
    Jul 12, 2004
    Messages:
    15,375
    Likes Received:
    388
    Trophy Points:
    83
    If you think so vote for the article so that it can win for the Article of the Month.
     
  12. SpOonWiZaRd

    SpOonWiZaRd Know what you can do.

    Joined:
    May 30, 2007
    Messages:
    746
    Likes Received:
    8
    Trophy Points:
    0
    Occupation:
    Network Engineer/Programmer
    Location:
    South Africa
    Thanks for all the great comments and I will write more as soon as I can fit in some free time.
     
  13. asadullah.ansari

    asadullah.ansari TechCake

    Joined:
    Jan 9, 2008
    Messages:
    356
    Likes Received:
    14
    Trophy Points:
    0
    Occupation:
    Developer
    Location:
    NOIDA
    Excellent Info!!! Voted
     
  14. aussiedude

    aussiedude New Member

    Joined:
    May 30, 2008
    Messages:
    18
    Likes Received:
    3
    Trophy Points:
    0
    Occupation:
    white hat, free lance comp tehch
    Location:
    Darwin, NT
    thanks for that :happy:
     
  15. DeepSeas

    DeepSeas New Member

    Joined:
    Feb 26, 2008
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    0
    Great article. Is the other one up yet? If so, what's it listed under?
     
  16. GreenGrass

    GreenGrass New Member

    Joined:
    Jul 5, 2008
    Messages:
    123
    Likes Received:
    8
    Trophy Points:
    0
    Location:
    Norway
    Really Good one.!
     
  17. phartkid

    phartkid New Member

    Joined:
    Mar 19, 2009
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    0
    virus people should be stoped
     

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice