I have just created a new virus. My laptop got infected with that. The virus is HIV. It is also known as AK47. Use safe network to stay away from it. It will erase all the files in your disk. A computer virus is a malware program that, when executed, replicates by inserting copies of itself (possibly modified) into other computer programs, data files, or the boot sector of the hard drive ; when this replication succeeds, the affected areas are then said to be infected. [1][2][3][4] Viruses often perform some type of harmful activity on infected hosts, such as stealing hard disk space or CPU time, accessing private information, corrupting data, displaying political or humorous messages on the users screen, spamming their contacts, or logging their keystrokes. However, not all viruses carry a destructive payload or attempt to hide themselves—the defining characteristic of viruses is that they are self-replicating computer programs which install themselves without the users consent. Virus writers use social engineering and exploit detailed knowledge of security vulnerabilities to gain access to their hosts computing resources. The vast majority of viruses target systems running Microsoft Windows, [5][6][7] employing a variety of mechanisms to infect new hosts,[8] and often using complex anti-detection/stealth strategies to evade antivirus software .[9][10] [11][12] Motives for creating viruses can include seeking profit , desire to send a political message, personal amusement, to demonstrate that a vulnerability exists in software, for sabotage and denial of service, or simply because they wish to explore artificial life and evolutionary algorithms. [13] Computer viruses currently cause billions of dollars worth of economic damage each year, [14] due to causing systems failure, wasting computer resources, corrupting data, increasing maintenance costs, etc. In response, free, open-source antivirus tools have been developed, and a multi-billion dollar industry of antivirus software vendors has cropped up, selling virus protection to users of various operating systems of which Android and Windows are among the most victimized. Unfortunately, no currently existing antivirus software is able to catch all computer viruses (especially new ones); computer security researchers are actively searching for new ways to enable antivirus solutions to more effectively detect emerging viruses, before they have already become widely distributed. [15] Vulnerabilities and infection vectors Software bugs Because software is often designed with security features to prevent unauthorized use of system resources, many viruses must exploit security bugs (security defects) in system or application software to spread. Software development strategies that produce large numbers of bugs will generally also produce potential exploits . Social engineering and poor security practices In order to replicate itself, a virus must be permitted to execute code and write to memory. For this reason, many viruses attach themselves to executable files that may be part of legitimate programs (see code injection). If a user attempts to launch an infected program, the virus code may be executed simultaneously. [16] In operating systems that use file extensions to determine program associations (such as Microsoft Windows), the extensions may be hidden from the user by default. This makes it possible to create a file that is of a different type than it appears to the user. For example, an executable may be created named picture.png.exe, in which the user sees only picture.png and therefore assumes that this file is an image and most likely is safe, yet when opened runs the executable on the client machine. [17] Vulnerability of different operating systems to viruses The vast majority of viruses target systems running Microsoft Windows. This is due to Microsofts large market share of desktop users (over 90%). The diversity of software systems on a network limits the destructive potential of viruses and malware. [18] Open- source operating systems such as Linux allow users to choose from a variety of desktop environments , packaging tools, etc. which means that malicious code targeting any one of these systems will only affect a subset of all users. Many Windows users are running the same set of applications, enabling viruses to rapidly spread amongst Windows systems by targeting the same exploits on large numbers of hosts. [5][6][7] [19] Theoretically, other operating systems are also susceptible to viruses, but in practice these are extremely rare or non-existent, due to much more robust security architectures in Unix-like systems (including Linux and Mac OS X) and to the diversity of the applications running on them. [20] Only a few major viruses have hit Macs in the last years.[21][22] The difference in virus vulnerability between Macs and Windows is a chief selling point, one that Apple uses in their Get a Mac advertising.[23] While Linux (and Unix in general) has always natively prevented normal users from making changes to the operating system environment without permission, Windows users are generally not prevented from making these changes, meaning that viruses can easily gain control of the entire system on Windows hosts. This difference has continued partly due to the widespread use of administrator accounts in contemporary versions like XP. In 1997, researchers created and released a virus for Linux— known as Bliss. [24] Bliss, however, requires that the user run it explicitly, and it can only infect programs that the user has the access to modify. Unlike Windows users, most Unix users do not log in as an administrator user except to install or configure software; as a result, even if a user ran the virus, it could not harm their operating system. The Bliss virus never became widespread, and remains chiefly a research curiosity. Its creator later posted the source code to Usenet, allowing researchers to see how it worked. [25] Infection targets and replication techniques Computer viruses infect a variety of different subsystems on their hosts.[26] One manner of classifying viruses is to analyze whether they reside in binary executables (such as .EXE or .COM files ), data files (such as Microsoft Word documents or PDF files ), or in the boot sector of the hosts hard drive (or some combination of all of these). [27][28] Resident vs. non-resident viruses A memory-resident virus (or simply resident virus) installs itself as part of the operating system when executed, after which it remains in RAM from the time the computer is booted up to when it is shut down. Resident viruses overwrite interrupt handling code or other functions, and when the operating system attempts to access the target file or disk sector, the virus code intercepts the request and redirects the control flow to the replication module, infecting the target. In contrast, a non- memory-resident virus (or non-resident virus), when executed, scans the disk for targets, infects them, and then exits (i.e. it does not remain in memory after it is done executing). [29][30][31] Macro viruses Many common applications, such as Microsoft Outlook and Microsoft Word, allow macro programs to be embedded in documents or emails, so that the programs may be run automatically when the document is opened. A macro virus (or document virus) is a virus that is written in a macro language, and embedded into these documents so that when users open the file, the virus code is executed, and can infect the users computer. This is one of the reasons that it is dangerous to open unexpected attachments in e-mails . [32][33] Boot sector viruses Boot sector viruses specifically target the boot sector /Master Boot Record (MBR) of the hosts hard drive or removable storage media (flash drives, floppy disks , etc.). [27] [34][35] Stealth strategies In order to avoid detection by users, some viruses employ different kinds of deception. Some old viruses, especially on the MS-DOS platform, make sure that the last modified date of a host file stays the same when the file is infected by the virus. This approach does not fool antivirus software, however, especially those which maintain and date cyclic redundancy checks on file changes. [ citation needed] Some viruses can infect files without increasing their sizes or damaging the files. They accomplish this by overwriting unused areas of executable files. These are called cavity viruses. For example, the CIH virus, or Chernobyl Virus , infects Portable Executable files. Because those files have many empty gaps, the virus, which was 1 KB in length, did not add to the size of the file. [36] Some viruses try to avoid detection by killing the tasks associated with antivirus software before it can detect them. [citation needed] As computers and operating systems grow larger and more complex, old hiding techniques need to be updated or replaced. Defending a computer against viruses may demand that a file system migrate towards detailed and explicit permission for every kind of file access. [citation needed] Read request intercepts While some antivirus software employ various techniques to counter stealth mechanisms, once the infection occurs any recourse to clean the system is unreliable. In Microsoft Windows operating systems, the NTFS file system is proprietary. Direct access to files without using the Windows OS is undocumented. This leaves antivirus software little alternative but to send a read request to Windows OS files that handle such requests. Some viruses trick antivirus software by intercepting its requests to the OS . A virus can hide itself by intercepting the request to read the infected file, handling the request itself, and return an uninfected version of the file to the antivirus software. The interception can occur by code injection of the actual operating system files that would handle the read request. Thus, an antivirus software attempting to detect the virus will either not be given permission to read the infected file, or, the read request will be served with the uninfected version of the same file. [37] The only reliable method to avoid stealth is to boot from a medium that is known to be clean. Security software can then be used to check the dormant operating system files. Most security software relies on virus signatures, or they employ heuristics .[ citation needed] Security software may also use a database of file hashes for Windows OS files, so the security software can identify altered files, and request Windows installation media to replace them with authentic versions. In older versions of Windows, file hashes of Windows OS files stored in Windows—to allow file integrity/authenticity to be checked—could be overwritten so that the System File Checker would report that altered system files are authentic, so using file hashes to scan for altered files would not always guarantee finding an infection.
Posted on: Sat, 16 Aug 2014 09:06:59 +0000
Trending Topics
Recently Viewed Topics
© 2015