16-09-2013, 03:06 PM
Computer viruses are not inherently destructive. The essential feature
of a computer program that causes it to be classified as a virus is not
its ability to destroy data, but its ability to gain control of the
computer and make a fully functional copy of itself. It can reproduce.
When it is executed, it makes one or more copies of itself. Those
copies may later be executed, to create still more copies, ad
infinitum. Not all computer programs that are destructive are
classified as viruses because they do not all reproduce, and not all
viruses are destructive because reproduction is not destructive.
However, all viruses do reproduce. The computer virus overcomes the
roadblock of operator control by hiding itself in other programs. Thus
it gains access to the CPU simply because people run programs that it
happens to have attached itself to without their knowledge. A computer
virus attaches itself to other programs earned it the name virus.
However that analogy is wrong since the programs it attaches to are not
in any sense alive.
Virus: What exactly is a Virus?
A virus is basically an executable file which is designed such that
first of all it should be able to infect documents, then it has to have
the ability to survive by replicating itself and then it should also be
able to avoid detection. Usually to avoid detection, a Virus disguises
itself as a legitimate program which the user would not normally
suspect to be a Virus. Viruses are designed to corrupt or delete data
on the hard disk i.e. on the FAT (File Allocation Table).
2.2 TYPES OF VIRUSES
Computer viruses can be classified into several different types.
1. File or program viruses:
Some programs are viruses in disguise, when executed they load the
virus in the memory along with the program and perform the predefined
steps and infect the system. They infect program files like files with
extensions like .EXE, .COM , .BIN , .DRV and .SYS. Some file viruses
just replicate while others destroy the program being used at that
time.
2. Boot Sector Viruses (MBR or Master Boot Record)
Boot sector viruses can be created without much difficulty and infect
either the Master boot record of the hard disk or the floppy drive.
3. Multipartite Viruses
Multipartite viruses are the hybrid variety; they can be best described
as a cross between both Boot Viruses and File viruses. They not only
infect files but also infect the boot sector.
4. Stealth Viruses
They viruses are stealth in nature and use various methods to hide
themselves and to avoid detection.
5. Polymorphic Viruses
They are the most difficult viruses to detect. They have the ability to
mutate this means that they change the viral code known as the
signature each time it spreads or infects.
6. Macro viruses
In essence, a macro is an executable program embedded in a word
processing document or other type of file. Typically users employ
macros to automate repetitive tasks and there by save key strokes
THE FUNCTIONAL ELEMENTS OF A VIRUS
Every viable computer virus must have at least two basic parts, or
subroutines, if it is even to be called a virus. Firstly, it must
contain a search routine, which locates new files or new areas on disk
which are worthwhile targets for infection. This routine will determine
how well the virus reproduces, e.g., whether it does so quickly or
slowly, whether it can infect multiple disks or a single disk, and
whether it can infect every portion of a disk or just certain specific
areas. As with all programs, there is a size versus functionality
tradeoff here. The more sophisticated the search routine is, the more
space it will take up .So although an efficient search routine may help
a virus to spread faster, it will make the virus bigger, and that is
not always so good.
Secondly, every computer virus must contain a routine to copy itself
into the area which the search routine locates. The copy routine will
only be sophisticated enough to do its job without getting caught. The
smaller it is, the better. How small it can be will depend on how
complex a virus it must copy. For example, a virus which infects only
COM files can get by with a much smaller copy routine than a virus
which infects EXE files. This is because the EXE file structure is much
more complex, so the virus simply needs to do more to attach itself to
an EXE file.
While the virus only needs to be able to locate suitable hosts and
attach itself to them, it is usually helpful to incorporate some
additional features into the virus to avoid detection, either by the
computer user, or by commercial virus detection software. Anti-
detection routines can either be a part of the search or copy routines,
or functionally separate from them. For example, the search routine may
be severely limited in scope to avoid detection. A routine which
checked every file on every disk drive, without limit, would take a
long time and cause enough unusual disk activity that an alert user
might become suspicious. Alternatively, an Anti-detection routine might
cause the virus to activate under certain special conditions. For
example, it might activate only after a certain date has passed (so the
virus could lie dormant for a time).
Figure 1.
Reference: https://seminarproject.net/Thread-comput...z2f2wcyF7N
of a computer program that causes it to be classified as a virus is not
its ability to destroy data, but its ability to gain control of the
computer and make a fully functional copy of itself. It can reproduce.
When it is executed, it makes one or more copies of itself. Those
copies may later be executed, to create still more copies, ad
infinitum. Not all computer programs that are destructive are
classified as viruses because they do not all reproduce, and not all
viruses are destructive because reproduction is not destructive.
However, all viruses do reproduce. The computer virus overcomes the
roadblock of operator control by hiding itself in other programs. Thus
it gains access to the CPU simply because people run programs that it
happens to have attached itself to without their knowledge. A computer
virus attaches itself to other programs earned it the name virus.
However that analogy is wrong since the programs it attaches to are not
in any sense alive.
Virus: What exactly is a Virus?
A virus is basically an executable file which is designed such that
first of all it should be able to infect documents, then it has to have
the ability to survive by replicating itself and then it should also be
able to avoid detection. Usually to avoid detection, a Virus disguises
itself as a legitimate program which the user would not normally
suspect to be a Virus. Viruses are designed to corrupt or delete data
on the hard disk i.e. on the FAT (File Allocation Table).
2.2 TYPES OF VIRUSES
Computer viruses can be classified into several different types.
1. File or program viruses:
Some programs are viruses in disguise, when executed they load the
virus in the memory along with the program and perform the predefined
steps and infect the system. They infect program files like files with
extensions like .EXE, .COM , .BIN , .DRV and .SYS. Some file viruses
just replicate while others destroy the program being used at that
time.
2. Boot Sector Viruses (MBR or Master Boot Record)
Boot sector viruses can be created without much difficulty and infect
either the Master boot record of the hard disk or the floppy drive.
3. Multipartite Viruses
Multipartite viruses are the hybrid variety; they can be best described
as a cross between both Boot Viruses and File viruses. They not only
infect files but also infect the boot sector.
4. Stealth Viruses
They viruses are stealth in nature and use various methods to hide
themselves and to avoid detection.
5. Polymorphic Viruses
They are the most difficult viruses to detect. They have the ability to
mutate this means that they change the viral code known as the
signature each time it spreads or infects.
6. Macro viruses
In essence, a macro is an executable program embedded in a word
processing document or other type of file. Typically users employ
macros to automate repetitive tasks and there by save key strokes
THE FUNCTIONAL ELEMENTS OF A VIRUS
Every viable computer virus must have at least two basic parts, or
subroutines, if it is even to be called a virus. Firstly, it must
contain a search routine, which locates new files or new areas on disk
which are worthwhile targets for infection. This routine will determine
how well the virus reproduces, e.g., whether it does so quickly or
slowly, whether it can infect multiple disks or a single disk, and
whether it can infect every portion of a disk or just certain specific
areas. As with all programs, there is a size versus functionality
tradeoff here. The more sophisticated the search routine is, the more
space it will take up .So although an efficient search routine may help
a virus to spread faster, it will make the virus bigger, and that is
not always so good.
Secondly, every computer virus must contain a routine to copy itself
into the area which the search routine locates. The copy routine will
only be sophisticated enough to do its job without getting caught. The
smaller it is, the better. How small it can be will depend on how
complex a virus it must copy. For example, a virus which infects only
COM files can get by with a much smaller copy routine than a virus
which infects EXE files. This is because the EXE file structure is much
more complex, so the virus simply needs to do more to attach itself to
an EXE file.
While the virus only needs to be able to locate suitable hosts and
attach itself to them, it is usually helpful to incorporate some
additional features into the virus to avoid detection, either by the
computer user, or by commercial virus detection software. Anti-
detection routines can either be a part of the search or copy routines,
or functionally separate from them. For example, the search routine may
be severely limited in scope to avoid detection. A routine which
checked every file on every disk drive, without limit, would take a
long time and cause enough unusual disk activity that an alert user
might become suspicious. Alternatively, an Anti-detection routine might
cause the virus to activate under certain special conditions. For
example, it might activate only after a certain date has passed (so the
virus could lie dormant for a time).
Figure 1.
Reference: https://seminarproject.net/Thread-comput...z2f2wcyF7N