28-10-2013, 01:34 PM
Computer Viruses in UNIX Environment: Case Study.pdf (Size: 223.34 KB / Downloads: 30)
Abstract.
All of people who don’t know how to use a computer have heard a
bout viruses through programs such as hackers and some means like that. There
is no doubt that our culture is fascinated by the potential danger of these
viruses. Computer virus have become threat to computer users and almost every
field in the advance technology industrial nowadays. Know about virus is very
necessary for anti-virus researchers as well as operating systems makers. With
the development of the open source systems today, computer viruses on these
systems should be considered strictly. The goal of this paper is to present my
concept of classification virus computer in UNIX environment. This paper
provides some subjective comments on some of the most widely known
environment and some methods available to protect UNIX today. propose
some viruses that can work on this environment and suggest some methods to
prevent as well as restrain damages of these viruses.
1 Introduction
The term computer virus as a program that can infect other programs by modifying
them to include a possibly evolved copy of itself. With the infection property, a virus
can spread throughout a computer system or network using the authorizations of
every user using it to infect their programs. Every program that gets infected may also
act as a virus and thus the infection grows [1].
1.1 Parts Of Computer Viruses
A computer virus consists of three parts[2]
The infection mechanism
The trigger
The payload
As mentioned above, a computer virus must at least have the infection mechanism
part.
1.1.1 The Infection Mechanism
Searches for one or more suitable victims and checks to avoid multiple infections if
the host is already infected or (not every virus does this[3]; some viruses infect a host
multiple times due to bugs). After that, the virus body is copied into the victim. The
easiest method to do so is (by) over writing the code of the victim. Other methods are
putting the code in front of or at the end of a file.
1.1.2 The Trigger
A trigger is used for starting the possible payload[3], i.e. on a particular event, the
payload is executed. Such an event could a special day or when the infection counter
has reached a pre-defined value.
1.1.3The Payload
A possible payload causes transient or permanent damage e.g. displaying an
animation on the screen or formatting the hard disk drive or manipulation of data[3].
Damage may even happen unintentionally, e.g. due to a programming error or if an
old DOS virus causes trouble within the windows environment. Damage may be
caused by over-reaction the user, too[4].
1.2 Classification Of Computer Viruses
The classification of computer viruses can be done via several ways[2]:
Type of host victim
Type of infection technique
Special virus features
1.2.1 Type Of Host Victim
We can distinguish between:
Boot (DBR) sector and master boot record (MBR) virus
File virus
Companion virus
Multipartite virus
A boot virus: infects the boot sector of a floppy disc and / or master boot
record or boot sector of a hard disc. Such a virus can infect the computer
system, when the computer is booted from an infected floppy disc. As the
code in the MBR/DBR is started by the BIOS after it does the POST(Power
On Self Test) the virus gets activated even before the operation system has