COMPUTER VIRUS

1. They are and what to do about them?

In recent years viruses are the biggest threat to computer systems and the main
cause of economic losses in business. It stressed the importance of avoiding pan
ic and to understand that viruses are controllable, and that it is possible that
our computer never suffers a serious infection. For this reason, the Research D
epartment of the Instituto Argentino de Computación (IAC) gives information to k
now how the virus originated, what damage may occur on our computer, and how to
fix it. The first computer virus that reached a high level of dispersion appeare
d during the 80s. When all this started, who wrote those first viruses were expe
rt programmers, who knew in depth programming languages such as Assembler low an
d the processor architecture. The limited availability of memory and processing
speed the time required highly efficient programs to be able to hide in that con
text. Today, it takes a lot less knowledge to write a virus, can be generated wi
th any single programming tool, as contained in the Word or Excel. In addition,
with the help of over 35,000 web sites that exist in Internet hacking. Another p
oint which has promoted the progress of the virus is its way of infection, which
initially was made dispersal through the exchange of floppy disks or other phys
ical media, but today thanks to the Internet, a newly developed virus in Japan c
an infect thousands of computers worldwide in a matter of seconds.
2. What harm can a virus in my system?
• Software or modification of programs to stop working or modification of progra
ms to run incorrectly or the data modification or elimination of programs and /
or End the data or free space on hard drive or make the system work more slowly
Theft of confidential information or Hardware or BIOS or Quemado Erasing the fal
se information processor temperature sensor or break the hard disk to read it re
peatedly forcing their specific sectors mechanical operation
•
How do viruses spread?
• • • • • • Floppy disks or other removable storage media pirate software on dis
kettes or CDs Computer Networks E-mail messages downloaded from the Internet Sof
tware demonstration and test discs free
Symptoms that indicate the presence of Virus
• • • • • • • • • • • Changes in the length of the program changes the date and
/ or time delays files to load a program operation of the system slower reductio
n in memory capacity and / or hard disk bad sectors on floppy disks activity unu
sual error messages on the screen strange failures in implementing the program f
ails to boot the computer time scriptures out of disk
3. Types of Computer Virus infection by destination
Oo executable file infectors affect extension files EXE, COM, BAT, SYS, PIF, DLL
, DRV direct infectors
The infected program must be running for the virus to function (keep infecting a
nd execute their destructive actions)
Memory resident infectors
The infected program does not need to be running, the virus stays in memory and
stays resident infecting each new program implemented and executing its routine
destruction
Boot sector infectors
Both hard drives and floppies contain a boot sector, which contains specific inf
ormation regarding the format of the disk and the data stored in it. It also con
tains a small program called Boot Program that runs when you boot from that disk
and is responsible to seek and execute files on the disk operating system. This
 program is showing the famous message "Non-system Disk or Disk Error" if you do
not find the operating system files. This is the program affected by the boot s
ector virus. The computer is infected with boot sector viruses when you try to b
oot from an infected floppy disk. At this time the virus runs and infects the bo
ot sector of hard disk, floppy disk then each used to infect the PC. Importantly
, as each disk has a boot sector, it is possible to infect the PC with a floppy
disk that contains only data .....
Macro viruses
Viruses are most popular today. Not be transmitted through executable files, but
through the application documents that have some type of macro language. These
are all belonging to the Office package (Word, Excel, Power Point,€Access) and C
orel Draw. When one of these infected files are opened or closed, the virus take
s control and copies the template basis of new documents, so that they are infec
ted all files
open or create in the future ... The macro languages such as Visual Basic For Ap
plications are very powerful and have capacity to change the operating system se
ttings, delete files, send e-mails, etc.
Active Agents and Java Applets
In 1997, there are Java applets and Active controls. These little programs are r
ecorded in the user's hard drive when connected to the Internet and run when the
website on which you sail so requires, be a way to run routines without having
to consume bandwidth. The virus developed with Java applets and Active controls
access to the hard drive via a www connection so that the user does not detect.
It can be programmed to delete or corrupt files, monitor memory, send informatio
n to a website, etc.
HTML
A more efficient mechanism of infection than the Java applets and Active control
s appeared in late 1998 with the virus that include its code in HTML files. Just
connect to the Internet, any HTML file on a web page can contain and execute a
virus. This strain was developed in Visual Basic Script. Attacked for Win98 user
s, 2000 and the latest versions of Explorer. This is because they need the Windo
ws Scripting Host is active. Potentially can delete or corrupt files.
Trojans / Worms
Trojans are programs that mimic useful programs or implementing some kind of act
ion seemingly harmless, but that hides the user is running the malicious code. T
he Trojans do not fulfill the role of self-reproduction, but they are generally
designed so that its content is the same user in charge of the task of spreading
the virus. (Usually they are sent by e-mail)
4. Computer Virus Types for their actions and / or mode of activation
Pumps
Are named the virus running its harmful action as if they were a bomb. This mean
s that are activated seconds after the system being infected or after a certain
time (time bombs) or some type of verifiable logical condition of the equipment.
(Logic bombs). Examples of time bombs are viruses that are activated by a certa
in date or time specified. Examples of logic bombs are viruses that are activate
d when the hard drive only 10% is left unused, etc.
Chameleons
A variety of viruses are similar to Trojan horses that act like other similar pr
ograms, in which the user trusts, while in reality they are doing any damage. Wh
en properly programmed, chameleons can perform all the functions of legitimate p
rograms to be replaced (they act as a product demonstration programs, which are
simulations of actual programs). A chameleon software could, for example, emulat
ing a program access to remote systems to take all the actions they perform, but
 as an additional task (and hidden from users) is a file stored on different log
ins and passwords so that later can be recovered and used illegally by the virus
writer chameleon.
Widgets
The players (also known as rabbit-rabbits) are played steadily once they are ful
ly implemented, while supplies last (and their offspring) the disk space or syst
em memory. The only function of this type of virus is to create clones and throw
to run for them
do the same. The purpose is to exhaust the resources of the system, especially i
n a networked multi-user environment, to the point that the main system can not
continue normal processing.
Worms (Worms)
Worms are programs that constantly travel through an interconnected computer sys
tem, PC to PC, without necessarily damaging the hardware or software systems tha
t visit. The main function is to travel secretly through home teams collect cert
ain information set (such as password files) to send to a particular computer to
which the virus writer has access.
Backdoors are also known as remote administration tools hidden. These are progra
ms that can remotely control the infected PC. They are usually distributed as a
Trojan. When such a virus is executed, it installs into the operating system, wh
ich monitors without any message or query to the user. Not even see it in the li
st of active programs. The Backdoors allow the author to take full control of th
e infected PC and thus send€receive files, delete or modify, display messages to
the user, etc ...
more normal rates:
Virus "funny" are usually humorous messages on the screen, or make some kind of
interference (Flip, The Fly) that at best causes some discomfort and some smiles
. Virus "time-bomb": The time bombs are often viruses that are activated on a ce
rtain day at a certain time, or where there a number of specified circumstances
(Friday 13 Bars). They are usually made by people dissatisfied with their compan
y, they leave to go and come several months after the consequences, which are us
ually loss of data, erasing hard drives or machine breakdowns. Trojan Horses: Tr
aveling in the executables, and its mission is infesting whole hard disk or disk
ette that comes into their hands, to be transmitted. Its effects depend on the b
ad milk than scheduled. Macro virus: While a virus such as "Trojan Horse" (Troja
ns in English) travels in the *. COM and *. EXE, macro viruses are actually macr
os or assistance from the most popular word processors, which may be transmitted
in a letter, a text, and even email. Usually affect word processors used. Colla
pse of the system Virus: Its mission is to halt the system, and he uses every po
ssible weapon, such as destroying the partition table, reformat the disk or dama
ge the boot sectors. Backdoors: Enjoy the weaknesses of the programs for access
to Internet, mail servers and other programming errors (such as the famous hole
Cuartango). In this way, can manage your machine remotely, steal data or even ma
ke us conveyers of virus without
know. One of the most damaging lately is the "Back Oriffice."
.
5. Strategies used by the virus infection
Addition or joint:
The virus code is added to the end of the file to infect, start modifying the fi
le structure so that the control passes the virus program before running the fil
e. This allows the virus execute its specific tasks and then turned over to the
program. This generates an increase in file size which allows easy detection.
Insertion:
The virus code is hosted on unused areas of code or data segments to the file si
ze does not vary. This will require very advanced programming techniques, so it
is not often used this method.
Reorientation:
It is a variant of the above. It introduces the main code of the virus in natura
l areas of the hard disk that are marked as defective and files are implanted sm
all pieces of code that call the main code to run the file. The main advantage i
s that no matter the size of the body of the virus file can be quite important a
nd have a lot of functionality. Its elimination is quite simple as just rewrite
the sectors marked as faulty.
Polymorphism:
This is the most advanced method of transmission. The technique involves inserti
ng the virus code into an executable file, but to avoid increasing the size of t
he infected file, the compact part of the virus code and the code of the host fi
le so that the sum of both is equal to the size original file. When run the infe
cted program, serving first unpacked the virus code in memory necessary portions
. A variant of this technique allows the use of dynamic encryption methods to av
oid detection by antivirus solutions.
Substitution:
This method is more coarse. It is to replace the original code of the virus file
. When you run the desired file, the only thing that runs is the virus, to cover
this procedure reported some type of error with the file so that we think the p
roblem is the file.
Examples of viruses and their actions
• • • • Happy99: sent by mail program, opens a window with fireworks. Manipulate
Internet connectivity. Melissa: Word macro viruses. It sends itself via email.
Damages all. Doc Chernobyl (W95.CIH): Delete the first Mb of HD, where the FAT.
Requires reformatting the HD. Also try to rewrite the BIOS of the PC making it n
ecessary to change the mother. Activated on 26 April. Michelangelo: boot sector
virus. Activated on 6 March. On writing the FAT, leaving the disk unusable.
• • • •
WinWord.Concept: macro virus that infects the Normal.dot template. Message pops
up on the screen and malfunction of Word. FormatC: Trojan that infects the Word,
when you open an infected file format the hard disk. Back Orifice2000 (BO2K): F
unctional is a virus and used to steal information.€Allows you to remotely contr
ol the infected PC or server, with the ability to steal information and alter da
ta. VBS / Bubbleboy: Trojan running without opening an attachment, and is activa
ted immediately after the user opens the mail. It does not generate serious prob
lems.
6. Fake virus: Hoax
What are they?
Hoaxes Examples: Join The Crew, Win a Holiday, Solidarity with Brian
What not to do?
Answer these chains, because it creates saturation mail servers, and also are us
ed to raise e-mails and then sending advertisements. Email Bombing and Spamming
Description E-mail bombing is repeatedly sending the same mail to a particular a
ccount. E-mail spamming is a variant of bombing, is sending e-mail to hundreds o
r thousands of users. The problem is increased if someone responds the message t
o everyone. Spamming and bombing can be combined with e-mail spoofing, which is
to alter the sender address of the recipient, making it impossible to know who o
riginated the chain. When a large number of messages are directed to one server,
it can suffer a DoS (Denial of Service), or the system crash as a result of usi
ng all server resources, or fill in the discs.
What can you do?
In principle it is impossible to prevent since any user can e-mail spam any e-ma
il account, or user list. Must be enabled message filtering options setpoints Pr
actice of message filtering options
What not to do?
Answer these chains, because it creates saturation mail servers and are also use
d to raise e-mails and then sending advertisements.
What to do if you receive?
Do not open it unless you need the contents in this case, burn it to the HD firs
t and then wipe with a virus.
What if you must send it?
If a text document burn RTF Otherwise you run your antivirus software before you
attach the file
What is it?
Pages with XML, Java, Active objects, etc.
When you run?
When viewing the page
How can I protect myself?
Only you can limit risk with options on the Security Zone used. Practice change
security settings ..... Malicious Web scripts
What are they?
A script is a type of computer program used in the programming of websites. (Eg,
Javascript, Perl, Tcl, VBScript, etc). A script is in text commands. Each time
the browser receives these commands, interprets and executes them. This means th
at a script can be included in any web page as if it were text. In principle a s
cript is not necessarily a malicious program, but used his evil purpose function
ality.
How do I get?
When visiting a web page containing a script in your code.
What can you do?
Monitor the user's session, copy personal data to a third site, locally run prog
rams, read cookies from the user and forward them to a third party, etc. and all
this without the user knowing at all.
How do you solve this problem?
Disabling all scripting languages in the browser's security settings.
How does my browsing this solution?
Definitely going to limit their interaction with some websites. Every day more s
cripts are used to provide the pages of a site for custom behavior and more dyna
mic. Perhaps it is advisable to disable these options when visiting untrusted si
tes pages.
Introduction ANTIVIRUS
There is a famous sentence of computer guru, Paul Mace, who says, "users can be
divided into two classes: those who have already lost their data and those who a
re about to lose." Well, if we apply this phrase to the world of computer viruse
s, is that users can be divided into those who have suffered a virus attack and
those who are about to suffer. Do we want to do something to prevent your data b
eing destroyed by these malicious programs? Here you will find additional inform
ation on the most advanced programs to combat computer viruses that have called
generically "anti-virus programs."
. Who needs an antivirus?
There are several factors to consider, but the main ones are: The danger of havi
ng run a virus attacks.
The value of data stored on your computer. If any of these points is important,
then a good antivirus is essential. If our Computer Science and programming skil
ls are limited, it is sufficient to get a program that eliminates the specific p
roblems that appear, or simply one that warns of an abnormal situation. The foll
owing describes each of the general and particular characteristics of some anti-
virus€so that we can see which best fits our needs.
Virus Types
Antivirus programs can be divided into four types:
Detectors: detect the presence of known viruses and warn
the user to take action against them. This is the simplest type of antivirus. Re
movers / Repairers: Also known as "matavirus." In addition to detecting the pres
ence of a virus, you can remove infected files or disk boot area, leaving the pr
ograms in their original state. This is not always possible, and since some viru
s overwrites part of the original code of the infected program. Protectors: Also
known as "prevention programs" or "immunized." Anticipate the infection of any
virus, Trojan horse, or voluntary action involuntary destruction of data (for ex
ample, a FORMAT C:), remaining resident in memory of the computer and monitor th
e implementation of program operations, copying files, formatting records, etc..
They tend to be very sure that programs can usually detect new viruses and prev
ent the action of Trojan horses and logic bombs. Vaccine Programs: add code to a
n executable file so that it is self-checking to run, or calculate and store a l
ist of checksums in a certain part of the disc. Such programs often have compati
bility problems. Before turning to the individual analysis of each product and c
onclusions, indicate the most important characteristics to consider (and what pr
oducts stand out in each field). To start, a good antivirus should be able to de
tect more virus, the better. While a few years ago we had news on countries beyo
nd the seas in which there was a virus
very rare that we knew they would never get to Spain, we are now in the era of T
elecommunications and the Internet, so that through a simple e-mail may come a v
irus. This means that before we could have an antivirus that would detect known
viruses from 1940 to 1950 in our country and we were covered, but today is not s
o. A virus is currently required to be able to detect everything and have been,
and even their mutations. With regard to suspicious situations, once was not nee
ded as much protection. But today, we know that viruses are capable of encrypted
, modify Windows registry information to hide, change date and time, etc. It is
necessary that the antivirus is always hanging these little details, even when w
e that we make these changes. For this program are residents who are part of the
anti-virus are loaded onto the computer's memory in order to monitor each and e
very one of the movements of the computer, or the programs we run. Such protecti
on is usually necessary but, Oh! With such monitoring, machine performance can p
lummet. Another added value to the virus today is being able to monitor the proc
esses of the Internet, since today is very common for E-Mail infested can come a
nd send the files to other users. Such is the case of the famous Melissa virus,
which has done much damage. A good antivirus should be able to check e-mails, an
d monitor a possible management of your machine by someone at the other end of t
he Internet. Another thing: While years ago it was enough to turn off the antivi
rus can detect viruses in *. COM and *. EXE, which was the only way to deliver a
virus we all know that Windows DLL also carry executable code inside, and that
may also be a virus in a program which in turn is compressed with ZIP or ARJ. To
decompress a file to scan its interior is now a basic and indispensable option.
Finally, for some time have become fashionable macro viruses hidden in Word, Vi
sual Basic and even Java applets, so it is essential to check all these things.
. Anyware Antivirus
The Anyware security package, completely developed in Spain by pioneers in the f
ight antivirus, includes several modules: AnyScan, a virus detector, AnyProtect,
a protector and Endvirus system that detects and removes known viruses. The ful
l package also includes opportunity for new virus updates as they appear AnyProt
ec is the first security measure that can detect a lot of viruses on the fly as
files are executed or copied. It has 16 levels of security, including detection
of unauthorized access to the disk, try to stay resident programs, modification
of interruptions, etc.€AnyScan is capable of detecting a large number of viruses
by searching the entire disk. It is specially designed to detect the most wides
pread virus in Spain as well as the most widespread and dangerous in the world.
It has a convenient drop-down menu system, and includes an impressive database o
f information about each virus, with its characteristics and forms of action. Fo
r the elimination of the virus, Endvirus, along with antivirus modules, allowing
them "clean" files infected by known viruses. The package includes technical su
pport, free monthly updates (12 in total) and Web access to information. The hig
h price / performance ratio of this product have made him one of the best in the
comparative test
Antivirus Measures
No one who uses computers is immune to computer viruses. An antivirus program is
good it becomes obsolete very quickly to new viruses that appear every day. • •
• • • • • • • • • Disable booting from floppy setup to not run boot virus. Disa
ble file and printer sharing. Analyze all the antivirus file received by e-mail
before opening it. Update antivirus. Enable macro virus protection of Word and E
xcel. Be careful when downloading files from Internet (Consider whether it is wo
rth the risk and if the site is secure) Do not send your personal or financial i
nformation unless you know who makes the application and necessary for the trans
action. Do not share disks with other users. Do not give anyone your passwords,
even if they call it the Internet or other service. Teach your children safety p
ractices, particularly the delivery of information. When you make a transaction
make sure to use an SSL connection under
• • •
Write-protect the Normal.dot file Distribute RTF files instead of DOCs Back up
MADE BY: - LEON RAMOS MARILUZ - ELIZABETH CHUQUIYAURI LLIUYACC
Huancavelica 28 JUNE 2007