What You Should Know About Cyber Security Threats – Part II

Continued from Part I…

Computer Viruses

A computer virus is a self replicating program. When inserted to a computer system it can damage files and affect system performance and stability. A common way to insert a virus into a computer is sending the virus integrated / attached to an email. When you open an infected email your computer system can get infected instantly.

In some cases e-mail viruses capture and transmit confidential data in email messages when spreading. In others, the link of an infected web page is sent inside the mail. When the recipient clicks on the link her machine gets infected.

Earlier in nineteen sixties and seventies computer viruses were confined to removable media such as floppy disks, zip drives etc. Proliferation of interconnected networks sped up proliferation of computer viruses also. In an interconnected system, computer viruses have a greater chance of replication by infecting a single computer and then spreading via the network.

When you computer returns poor performance – like taking long to start, hanging frequently, files shutting down automatically or pop us ads displaying out of nowhere – it means time for a security checkup!

Computer Viruses Infecting Files

These are the most common virus. This type of virus injects its executable code to another executable file. When the user runs the infected file, the virus executes its own code and spreads the infection to other executable files on the user’s machine. And when these infected files and transmitted over a network – the infection spreads exponentially affecting all vulnerable computer systems on the network.

Non Resident Viruses.

A non resident virus is not stored in computer hard drive or system memory. Rather the virus invades an executable file on the computer system and makes the executable file its home – in a sense. When the executable is run, the virus code also fires, infection other executable files on the system.

Nonresident viruses consist of two modules – finder module and replication module. The finder module searches and finds new files to infect. The replication module is called to infect the new files.

Resident Viruses.

This type of virus remains in the system memory after it executes, and infects other memory resident programs. Each time the system boots up, such virus eats up system memory and resides there until system shutdown. Having access to system memory these viruses can intercept operating system services, allowing for execution of the virus as planned by the attacker.

In some cases such viruses modify Windows Registry some crafty viruses modify the Windows Registry giving the virus great control to monitor system activities and execute its own code without trouble.

Both resident and non resident viruses have a replication module. However, in case of resident virus, finder module is not required to execute the replication module. The replication module is called each time the operating system performs certain operation – called trigger events. For example, the replication module can execute each time when a text file is opened. Running from memory the virus can infect every suitable file on the system.

Resident viruses can be divided into two categories – fast and slow.

Slow resident viruses infect the host infrequently, making it hard for anti virus programs to detect such infection.

Fast resident viruses infect files at a rapid pace – including even anti virus program files. This provides the fast virus a channel to spread the infection even more quickly as the anti virus program scans all files in a system. Fast viruses are easy to detect – just look for any serious system performance degradation and any out of order activities on your system.

Cavity Viruses.

A cavity virus is one which inhabits the unused part of a file (usually null). The size and functionality of the target file remains unchanged. Most viruses simply attach themselves to the end of a file and then modify the start of the program, making it first point to the virus and then to the actual program code. On the other hand a cavity virus attempts to occupy the empty space inside of programs. This is a difficult thing to do and hence this type of virus is rare.

Boot Sector Viruses

A boot sector virus alters the boot sector program on a computer system. The virus replaces the default boot sector program with infected code. This gives the virus almost total control over the system. But this type of virus can infect a system only if the boot sector is corrupted. This type of virus is harmless if the virus gets introduced after the boot up process.

Boot sector virus have become a rarity after floppy drives went obsolete. Besides, modern operating systems have boot sector guard built in which makes corrupting the boot sector almost impossible.

To be continued…

Article Index:

. What You Should Know about Cyber Threats – Part I

VN:F [1.9.12_1141]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.12_1141]
Rating: 0 (from 0 votes)
This entry was posted in General. Bookmark the permalink. Both comments and trackbacks are currently closed.