Viruses
A virus is a piece of software designed to infect a
computer system. The virus may do nothing
more than reside on the computer. A virus may
also damage the data on your hard disk,
destroy your operating system, and possibly spread
to other systems. Viruses get into your
computer in one of three ways: on contaminated
media (floppy, USB drive, or CD-ROM),
through mail and peer-to-peer sites, or as part of
another program.
Viruses can be classified as polymorphic, stealth,
retroviruses, multipartite, armored,
companion, phage, and macro viruses. Each type of
virus has a different attack strategy
and different consequences.
Many viruses will announce that you're infected as
soon as they gain access to your system.
They may take control of your system and flash
annoying messages on your screen or
destroy your hard disk. When this occurs, you'll
know that you're a victim. Other viruses
will cause your system to slow down, cause files to
disappear from your computer, or take
over your disk space.
You should look for some of the following
symptoms when determining if a virus infection
has occurred:
The programs on your system start to load more
slowly. T his happens because the
virus is spreading to other files in your system or is
taking over system resources.
* Unusual files appear on your hard drive, or files
start to disappear from your system.
Many viruses delete key files in your system to
render it inoperable.
* Program sizes change from the installed versions.
This occurs because the virus is
attaching itself to these programs on your disk.
* Your browser, word processing application, or
other software begins to exhibit unusual
operating characteristics. Screens or menus may
change.
* The system mysteriously shuts itself down or
starts itself up and does a great deal of
unanticipated disk activity.
* You mysteriously lose access to a disk drive or
other system resources. The virus has
changed the settings on a device to make it
unusable.
* Your system suddenly doesn't reboot or gives
unexpected error messages during startup.
This list is by no means comprehensive.
A virus, in most cases, tries to accomplish one of
two things: render your system inoperable
or spread to other systems. Many viruses will
spread to other systems given the chance and
then render your system unusable. This is common
with many of the newer viruses.
If your system is infected, the virus may try to
attach itself to every file in your system
and spread each time you send a file or document
to other users.
Viruses take many different forms. The following
sections briefly introduce these forms
and explain how they work. These are the most
common types, but this isn't a comprehensive
list.
Types of viruses
Armored Virus
An armored virus is designed to make itself difficult
to detect or analyze. Armored viruses
cover themselves with protective code that stops
debuggers or disassemblers from examining
critical elements of the virus. The virus may be
written in such a way that some aspects of the
programming act as a decoy to distract analysis
while the actual code hides in other areas in
the program.
From the perspective of the creator, the more time
it takes to deconstruct the virus, the
longer it can live. The longer it can live, the more
time it has to replicate and spread to as
many machines as possible. The key to stopping
most viruses is to identify them quickly
and educate administrators about them the very
things that the armor intensifies the
difficulty of accomplishing.
Companion Virus
A companion virus attaches itself to legitimate
programs and then creates a program with a
different filename extension. This file may reside in
your systems temporary directory. When
a user types the name of the legitimate program,
the companion virus executes instead of the
real program. This effectively hides the virus from
the user. Many of the viruses that are used
to attack Windows systems make changes to
program pointers in the Registry so that they
point to the infected program. The infected program
may perform its dirty deed and then
start the real program.
