Viruses & Worms/Working of a Virus/Classification of virus

byRaja Das -
0

#Viruses & Worms:
Viruses & Worms:

#Chapter Outline

          1. What is the virus?
          2. Working on a virus.
          3. Reasons Behind Virus Creation.
          4. Characteristics of Virus Attack.
          5. Threats from a Virus Attack.
          6. Lifecycle of Virus.
          7. Classification of Virus.
                   

Virus:     

            Viruses can be defined as the weakness of the system. The virus makes a system more vulnerable to the attacker. Viruses are made to threaten the target system.

              The virus is a kind of malicious program which is used to the target system. When the virus is executed into the target system generally it replicates itself in many copies and infects the target system. A computer virus infects data files or programs or information stored in the target system.
           Some viruses are designed in such a way that they utilize the disk space and make it unavailable resulting in fragmentation, Viruses may harm the system in many ways like stealing personal information, infecting the documents and data stored, stealing boot records and many other possibilities are there.
           Viruses contain the property to install themselves without the permission of the user. However, hiding property in viruses differs
cording to their work and use. Virus writers mainly code the virus for destructive purposes, generally to exploit the system and infect the data stored. Sometimes a virus can also be used for pranking and fun.
          Viruses have a tendency to change their nature by automatically modifying their source code and sometimes this gives an advantage to the virus. It generally hides itself using encryptions or using alternate data streams (discussed in previous chapters).
            Generally, a computer virus first gets executed into the system and then starts infecting the target system. Once it replicates and successfully infects the target system, it starts performing the attacks on the target system. The ultimate aim of a computer virus is to corrupt the system. A virus may corrupt the whole system and make it un-accessible.

Working of a Virus:

1. An Attacker somehow manages to let the virus executed into the system. A virus is a malicious code that executes without any permission and can replicate itself.
 2. Once the virus is deployed into the system, it starts infecting
the system. Infecting includes replicating the virus, hiding inside data, and making the system quite slower. Once the desire infection is done attacking the virus moves to the next phase. 
3. Once the system is infected and comes under the control of the virus, it starts attacking the target system. It makes the system slower and corrupts the data. Some viruses allow the attacker to gain remote access to the system. At last, the private and personal information is under risk of being disclosed to the attacker.
4. The working of a virus may according to the intention of the developer. There are many viruses that are used to defeat the security and companies and take over the data of business personals and are quite harmless.

The lifecycle of a virus:

1. Development:

                 The first phase is the development of a virus which the desired task in the target system. For the de of self-controlled virus whose behavior can be per requirement, one should have sufficient know programming languages like assembly, bash, c++, etc...
                  There are some virus constructions kits are also av which can create a virus with pre-fixed features. The varieties of viruses can be created using virus constr which can perform the development a be changed as ont knowledge of bash, c++, etc. re also available res. Thousand rus construction kits.

2. Deployment & Replication:

           Once the virus is developed, the main challenge is to deploy it into the target systems. Viruses may be sent with an attachment or can be transferred with a file shame or by other direct or indirect means. Once the virus ge deployed into the system, it starts replicating itself. A virus has a tendency to replicate itself. It replicates itself until it completely spread and infects the target system.

 3. Execution & Attack :

                After the replication, the virus spreads in the target system and completely infects the target system without any prior knowledge to the target. Now with the specified classes, when a user performs or starts something, it automatically activates and launches the virus. Now the virus starts attacking into the system causing the unwanted behavior of the system.
       The attacker virus performs specified attacks such as corrupting the data, freezing the system, or system failure. This is the main phase where the work of the virus is done and the system and information may get vanished.

4. Detection & Removal: 


           When the target notices about the unwanted active unresponsiveness, the target starts detecting the root using anti-viruses or anti-thefts targets star unwanted activities and detecting the root cause. By anti-thefts targets starts hunting for the root cause and tries to get rid of it. General-purpose viruses are easily detected by the ant-viruses and can be removed easily but there are some encryption algorithms like jump or shikata encryptions that encrypt the virus and hence make it undetectable. Anti-virus detects viruses as a threat or potential risks and removes them immediately. Anti-virus is pre-configured to detect viruses on the basis of file types, behavior and program source code. An anti-virus easily detects the presence of some pre-configured viruses whereas it took time to detect a modified virus. Anti-virus makes classifications on the basis of the behavior and source code impact and detects the virus.

Classification of virus:

The virus may be classified into the following categories:
     1. Infection target 
     2. Method of infection 

A. Infection Target :

                 Viruses may be classified on the basis of the infection target. The different virus targets different point or different vulnerability in the target system. On the basis of Infectio target, the virus may be classified as:

 B. Information or Data Virus :

             These types of viruses target the data or information present in the system and make it unusable by corrupting it. Generally, executable files easily get infected and sometimes
the virus is spread using these executable files. 

C. Boot or Bios Virus :

           These types of viruses target the boot sector or bios of the system. They corrupt the boot records resulting in system failure or enable the bios lock or interfere with bios.

 D. Network-Based Virus :

          These viruses are easily transmitted over e-mails or gain access to the system using open network protocols. This leads to the infection of port and protocol communications.

E. Appending Virus :

     These viruses have a tendency to get n with executable the source code with things Cally gets executed of the original file. Generally free som ned (infected file). e tendency to get merged with pending their source code with the Generally free software or free contains this type of virus. It automatically into the system when the file is opened (infected file).

 A. Method of Infection: 

1. Encrypted Virus: 

          Using some special encryption algorithm encrypted and thus it became undetectable by anti-viruses Generally encrypted virus is used in compromise companies or big networks.

2. Cavity Injector Virus :

          These viruses do not change the original file size infecting any file i.e. they Maintain original file size and hence user doesn't go the idea of infection. 

3. Boot loader Virus :

These are the virus designed to destroy the data of hard when booted by the mean of USB or CD. This t virus infects the bootable image files. When the images is booted, it gets executed and destroyed the complete data to the hard disk. 

4. Auto mod virus :

                These kinds of the virus have a special tendency to automatically modify its signature. Generally, an anti-virus looks for the virus signature in a file while scanning. This kind of virus modifies its signature for every next infected file and hence
the detection rate becomes lower.

 5. Mutating Virus :

           In the mutating virus, the infection part of each file is different. To enable mutation, the virus needs to contain a mutating engine. With the help of mutation, each and every time it left different infection parts with the target file there is no change in the original source of the virus.

6. Extension Virus :

         This virus changes the file extension. U extension is turned off. The file appears with then the target file and ale extension. Generally, the file 's with the name only.
For Ex: ABC.txt is the original file that is infected by the virus and now the extension becomes ABC.txt.bat. Now, when an attacker sends this file to the target due to the extension show is off, the target will normally see ABC as a text file and opens it. When the target opens the file, the virus
gets executed.


WORMS:

         Worms are malicious programs like viruses and have almost the same functionality. But worms differ from the viruses.
        A worm does not require any kind of human involvement whereas a virus needs some form of human involvement. This is the special property of worm. Worms can be considered as a special type of viruses. Worms have the ability to replicate itself in the system but they are not able to attach themselves to the target program.
       Worms can be spread over the infected network without any human involvement whereas a virus is not able to do so.
      Hence, there are few things which a virus can't do but a worm can but ultimately the worm is a special kind of virus.

                                                                               only for education , Happy learning

Tags

You may like these posts

Post a Comment

Previous Post Next Post