So what are they, that’s what I’m asking! (quote…)
Computer viruses are programs designed by various programmers, often belonging to so-called VW- (Virus Writing) or VX- (Virus Creation, Virus eXchange) groups. There are several such groups, some of the most well known calls themselves VLAD, Immortal Riot, Nuke and alike. Keep in mind that all viruses are the creation of human programmers and not the result of some computer who decided to kill off mankind or got some kind of flue, even if a movie might give you that impression…
So how does a virus work?
Very basically, a virus does two things:
- Finds a system/host/file/disk it can infect.
- Copies (overwriting or appending) itself to that system/host/file/disk.
What systems are vulnerable to viruses?
In short you could say that any system that in any way allows a program or user to write, execute or compile source code might be vulnerable to viruses. (i.e: all operating systems, all platforms, several different programs) Just because “there is no viruses that can infect my operating system” you can’t lay down and forget about learning about viruses, because the truth is that simple viruses can be written for almost any system and that over the night the system thought impossible to infect can be very, very easily infected – just look at the problem with “Macro Viruses”, years after they started spread worldwide rapidly “security experts” and administrators of big cooperation’s found themselves suprised at the fact that such viruses existed and ended up with the situation of computers in the entire cooperation infected by such viruses… And trust me, paying professionals to clean up such messes is “expensive”…
Just to mention a few systems that have already been affected by computer viruses:
- DOS
- Linux
- Windows
- WindowsNT
- Most Unix clones
- MS-Office and other Macro capable products
In general you can assume this about viruses:
- Your system won’t be infected just by inserting a disk
- Any program may be infected. It’s not common, but even commercial releases have been infected.
- System may be infected if infected disk in disk drive while booting.
- If a virus is thought to be active it might be considered stupid to use the system until it’s cleaned since several viruses infect files when you or your programs access them.
- Accepting any data from untrusted sources are dangerous. Commonly only executables or MS-Office files are concidered dangerous, however simply changing dos/windows fileextensions could fool some scanners. Also, none-macro data formats can theoreticly be hosts of viruses assuming that the executables handeling the data have security vulnerabilities (buffert overflows etc…)
Well, enough boring stuff, let’s write something interesting!
Virus(related) techniques:
Stealth
techniques that attempts to stop users or programs from detecting the presence of the virus. Some well known stealths are: reducing the size of memory available to the system and then placing the virus in the unused space, and disinfecting files on execution and reinfecting them on termination.
System Call Tunneling
Techniques that attempts to find the original system and by knowing where it is bypass anti virus. Often pretty hard, but it’s successfully been used in e.g DOS environments to use memory resident anti-virus producs useless. (a simple variant which works in DOS is to debug the INT 13h system call and assume that the first call to the F000 segment is the original system call)
Sabotage
anti virus programs can easily be trashed in several ways. Virus damaging the anti virus programs may easily fool you to believe that your system is virusfree.
Payload
“extra features” so to speak. Payload is all parts of a virus that isn’t intended to fool/damage anti virus or spread the virus. Several viruses contains payloads that formats your hard disks, but a few more interesting viruses contains features that is intended to break computer security.