VIRUS - Vital Information Resource Under Siege
The term ``computer virus'' was formally defined by Fred Cohen in 1983, while he performed academic experiments on a Digital Equipment Corporation VAX system.
The first computer viruses were developed in the early 1980s. The first viruses found in the wild were Apple II viruses, such as Elk Cloner, which was reported in 1981 [Den90]. Viruses have now been found on the following platforms:
- Apple II
- IBM PC
- Macintosh
- Atari
- Amiga
Viruses have ``evolved'' over the years due to efforts by their authors to make the code more difficult to detect, disassemble, and eradicate. This evolution has been especially apparent in the IBM PC viruses; since there are more distinct viruses known for the DOS operating system than any other.
The first IBM-PC virus appeared in 1986 [Den90]; this was the Brain virus. Brain was a boot sector virus and remained resident. In 1987, Brain was followed byAlameda (Yale), Cascade, Jerusalem, Lehigh, and Miami (South African Friday the 13th). These viruses expanded the target executables to include COM and EXE files.
Cascade was encrypted to deter disassembly and detection. Variable encryption appeared in 1989 with the 1260 virus. Stealth viruses, which employ various techniques to avoid detection, also first appeared in 1989, such as Zero Bug, Dark Avenger and Frodo (4096 or 4K). In 1990, self-modifying viruses, such as Whale were introduced. The year 1991 brought the GP1 virus, which is ``network-sensitive'' and attempts to steal Novell NetWare passwords. Since their inception, viruses have become increasingly complex.
Types of Computer Viruses
Boot Sector Virus
Boot sector viruses became popular because of the use of floppy disks to boot a computer.
Browser Hijacker
which can spread itself in numerous ways including voluntary download, effectively hijacks certain browser functions, usually in the form of re-directing the user automatically to particular sites.
Direct Action Virus
This type of virus, unlike most, only comes into action when the file
containing the virus is executed. The payload is delivered and then the
virus essentially becomes dormant – it takes no other action unless an
infected file is executed again.
File Infector Virus
The most common type of virus, the file infector takes root in a host
file and then begins its operation when the file is executed. The virus
may completely overwrite the file that it infects, or may only replace
parts of the file, or may not replace anything but instead re-write the
file so that the virus is executed rather than the program the user
intended.
Macro Virus
A wide variety of programs, including productivity applications like
Microsoft Excel, provide support for Macros – special actions programmed
into the document using a specific macro programming language.
Unfortunately, this makes it possible for a virus to be hidden inside a
seemingly benign document.
Multipartite Virus
While some viruses are happy to spread via one method or deliver a single payload, Multipartite viruses want it all. A virus of this type may spread in multiple ways, and it may take different actions on an infected computer depending on variables, such as the operating system installed or the existence of certain files.Polymorphic Virus
Another jack-of-all-trades, the Polymorphic virus actually mutates over
time or after every execution, changing the code used to deliver its
payload. Alternatively, or in addition, a Polymorphic virus may guard
itself with an encryption algorithm that automatically alters itself
when certain conditions are met.
No comments:
Post a Comment