Computer Virus, Worm and Trojan Horse

image_pdfimage_print

Virus: A computer virus is a program, script, or macro designed to cause damage, steal personal information, modify data, send e-mail, display messages, or some combination of these actions.When the virus is executed, it spreads by copying itself into or over data files, programs, or boot sector of a computer’s hard drive, or potentially anything else writable. To help spread an infection the virus writers use detailed knowledge of security vulnerabilities, zero days, or social engineering to gain access to a host’s computer.

Types of Virus:
1)Boot Sector Virus:A Boot Sector Virus infects the first sector of the hard drive, where the Master Boot Record (MBR) is stored. The Master Boot Record (MBR) stores the disk’s primary partition table and to store bootstrapping instructions which are executed after the computer’s BIOS passes execution to machine code. If a computer is infected with Boot Sector Virus, when the computer is turned on, the virus launches immediately and is loaded into memory, enabling it to control the computer.Examples of boot viruses are polyboot and antiexe.

2)File Deleting Viruses:A File Deleting Virus is designed to delete critical files which are the part of Operating System or data files.

3)Mass Mailer Viruses:Mass Mailer Viruses search e-mail programs like MS outlook for e-mail addresses which are stored in the address book and replicate by e-mailing themselves to the addresses stored in the address book of the e-mail program.

4)Macro Virus: Document or macro viruses are written in a macro language. Such languages are usually included in advanced applications such as word processing and spreadsheet programs. The vast majority of known macro viruses replicate using the MS Office program suite, mainly MS Word and MS Excel, but some viruses targeting other applications are known as well. The symptoms of infection include the automatic restart of computer again and again. Commonly known types of macro viruses are Melissa A, Bablas and Y2K Bug.

5)File Infector:Another common problem of the computer programmers is the file infector viruses which automatically interrupt during the processing or while writing and infects the file. Or they work on execution of the file. Unwanted dialog boxes starts appearing on the screen with unknown statements with extensions .com and .exe. They destroy the original copy of the file and save the infected file with the same as original. Once infected, it is very hard to recover the original data.

6)Stealth viruses: Stealth viruses have the capability to hide from operating system or anti-virus software by making changes to file sizes or directory structure. Stealth viruses are anti-heuristic nature which helps them to hide from heuristic detection.

7)Resident Virus:These are the threat programs that permanently penetrates in the Random access memory of the computer system .when the computer gets started it is automatically transmitted to the secondary storage media and interrupts all the sequential operations of the processor and corrupt all the running programs. For instance Randex and CMJ are commonly known resident viruses .if these viruses gets into the hard disk then one has to replace the secondary storage media and some times RAM even.

8)Polymorphic Viruses: Polymorphic viruses change their form in order to avoid detection and disinfection by anti-virus applications. After the work, these types of viruses try to hide from the anti-virus application by encrypting parts of the virus itself. This is known as mutation.

9)Retrovirus is another type virus which tries to attack and disable the anti-virus application running on the computer. A retrovirus can be considered anti-antivirus. Some Retroviruses attack the anti-virus application and stop it from running or some other destroys the virus definition database.

Worms:
A computer worm is a self-replicating computer program that penetrates an operating system with the intent of spreading malicious code. Worms utilize networks to send copies of the original code to other computers, causing harm by consuming bandwidth or possibly deleting files or sending documents via email. Worms can also install backdoors on computers. Worms are often confused with computer viruses; the difference lies in how they spread. Computer worms self-replicate and spread across networks, exploiting vulnerabilities, automatically; that is, they don’t need a cyber criminal’s guidance, nor do they need to latch onto another computer program.

A mail worm is carried by an email message, usually as an attachment but there have been some cases where the worm is located in the message body. The recipient must open or execute the attachment before the worm can activate. The
attachment may be a document with the worm attached in a virus-like manner, or it may bean independent file. The worm may very well remain undetected by the user if it is attached to a document. The document is opened normally and the user’s attention is probably focused on the document contents when the worm activates. Independent worm files usually fake an error message or perform some similar action to avoid detection.

Pure worms have the potential to spread very quickly because they are not dependent on any human actions, but the current networking environment is not ideal for them. They usually require a direct real-time connection between the source and target computer when the worm replicates.

Trojan Virus:
A trojan in computing is malicious code hidden within software or data that is designed to compromise security, execute disruptive or damaging commands, or allow improper access to computers, networks and electronic systems.
Trojans are similar to worms and viruses, but trojans do not replicate themselves or seek to infect other systems once installed on a computer.As software programs, Trojan horses can appear as a game, a mobile application, a utility program, or a textual hyperlink. Each intends to enhance interest and to entice an unsuspecting user to download the disguised malware or virus. Once downloaded and installed, the infection is free to collect personal information, destroy files and records, and eventually render your computer or network unusable.Cybercriminals purposely create malware and virus packages with the intention of either obtaining personal information or destroying computer records and files. By hiding the malicious code and making it appear innocent, many individuals will overlook the possibility of a Trojan horse and download the package without thinking.

Classification of Trojan Horse Virus:

Backdoor: These are created to give an unauthorized user remote control of a computer. Once installed on a machine, the remote user can then do anything they wish with the infected computer. This often results in uniting multiple backdoor Trojan-infected computers working together for criminal activity.

Rootkit: Programmed to conceal files and computer activities, rootkits are often created to hide further malware from being discovered. Normally, this is so malicious programs can run for an extended period of time on the infected computer.

DDoS: A sub sect of backdoor Trojans, denial of service (DoS) attacks are made from numerous computers to cause a web address to fail.

Banker: Trojan-bankers are created for the sole purpose of gathering users’ bank, credit card, debit card and e-payment information.

FakeAV: This type of Trojan is used to convince users that their computers are infected with numerous viruses and other threats in an attempt to extort money. Often, the threats aren’t real, and the FakeAV program itself will be what is causing problems in the first place.

Ransom: Trojan-Ransoms will modify or block data on a computer either so it doesn’t work properly or so certain files can’t be accessed. The person disrupting the computer will restore the computer or files only after a user has paid a ransom. Data blocked this way is often impossible to recover without the criminal’s approval.