Evolutions virus

hi

According to the cyber world the hacker are up to two types one is black cap hacker and another is white cap hacker. They both are opposite in nature. Doing every type of destructive work is the aim of black cap hacker. They do so to show their talent. So a group was formed to protect us from them. And the group is known as white cap hacker.

In the similar manner if someone (black cap hacker) has developed a virus then also a person (white cap hacker) will develop an anti-virus to protect us from that virus.

So I will tell you the both the evolution. That means how the virus and the anti-virus were got developed. So let’s start.

What is Virus?

     A virus is basically an executable (.exe) file that is designed such that it is able to infect other files & documents.

 A virus has the ability to replicating itself & is also able to avoid detection. Viruses basically designed to corrupt or delete data on the hard disc i.e. on the FAT (File Allocation Table)

Types of virus

1. Boot Sector Viruses
2.  File or Program Virus
3. Multipartite Viruses
4. Stealth virus
5. Polymorphic virus
6. Macro virus

Boot Sector Viruses:-

       Boot sector viruses can be created without much difficulty & infect either the master boot record of the disk or floppy drive.

The boot record program responsible for the booting of the operating system is replaced by the viruses.

The virus either copies the master boot record program to another part of the hard disk or overwrites it.

It infects a computer when it boots up or when it access the infected floppy disc in the floppy drive.

What is a master Boot Record?

The boot record is the first sector of the floppy disc or the hard disc that contains information like disk architecture, sectors & clusters etc.

What is a Boot record?

The boot record of the hard disk also has a program known as boot loader which loads the operating system upon loading.

Boot virus:-

  The user copies an infected file to the disk or the floppy disk. When the infected file is executed the virus is loaded in to the memory. Then the virus copies the boot record program to another sector & puts a pointer to it on the boot sector. The virus then makes a copy of itself in the boot sector. The next time the computer boots from the disk then the virus also boots itself & stays in the RAM until the computer runs & starts infecting other files which are in well condition.

     Example:-

              Aircop:-Floppy boot records, Length –520 bytes, Memory resident.

               Bofore(b):-Infects floppy & master boot records ,Length-520 bytes.

               Bad Lead:-Infects floppy & master boot records, Length-520 bytes.

                                 Memory resident, full stealth.

To protect us from that type of virus an anti-virus had developed. Which don’t give rights to a program to write anything in the master boot record or boot record without the permission of a authorized user.

So if a program will try to over-write the master boot record then this anti-virus shows a message a program having named this (program name) doing a virus like activity and try to modify the boot record. And it also give three options continue, stop execution, ignore.

So now this type of virus can be detected easily.

File or Program Virus:-

             Some programs are viruses in disguise & when executed they load the virus in the memory along with the program & perform predefined steps & infect the system. They infect the program files having extensions as follows.

          .exe

          .com

          .bin

          .dru

          .sys

Some file viruses just replicate while others destroy the program currently being used at that time. Such viruses start replicating as soon as they loaded into the memory. As file viruses also destroy the program currently being used, after removing the virus or disinfecting the system the program that got corrupted due to the file viruses too has to be repaired or reinstalled.

                   Some common viruses are

                                            99-percent-infect .exe files

                                                                   Length 256 bytes

                                    A&A-infect .com & .exe files, length 506 byte, memory residence.

Multipartite Viruses:-

       Multipartite viruses are hybrid variety .They can be best described as a cross between both boot viruses & file viruses. They not only infect files but also infect the boot sector.

       They are more destructive & more difficult to remove .First of all they infect the program files and when the infected program is launched or run. The multipartite viruses start infecting the boot sector too.

       The viruses do not stop once the boot sector is infected & after that when the system is rebooted they load in to the memory & start infecting other

So to protect from this the Anti-virus enhance some of its feature.

         Everybody knows that the *.com *.exe and *.sys like files have fixed file size and the file size can’t be increase without virus affecting. So if the above file’s file size will increase then it is sure that your system is virus affected. And if a program will try to modify these files without the permission of the user then it’s a virus.

         When you install an Anti-virus, I think you have seen that it required full system scanning first time. At that time it maintain a database having the file name and file size of the file like *.com, *.exe, *.sys, and *.bin etc. whose file size will fixed forever. It is also called as check summers method. So in next time if a modified above file will come for execution then the Anti-virus will detect it as virus.

So now the Anti-virus can able to catch this type of virus easily.        

Stealth viruses:-

             These viruses are stealth in nature and use various methods to hide themselves to avoid detection

1.      They sometimes remove themselves from the memory temporally to avoid detection and hide from virus scanner.

2.      Some can also redirect the disk. Head to read another sector in which they reside.

3.      Some stealth viruses like the whale conceal the increase in the length of the infected file and display the length size by reducing the size by the same amount as that of the increase. So as to avoid detection from canner.  

So they are somewhat difficult to detect.

For catching this type of virus we have to follow the signature. So what is a signature?  

Let us take an example for accessing a floppy drive we have to follow some specific code. Similarly for accessing a file we have to follow some different kind of specific code. This is a one type of signature .So different virus has different signature.

For catching this type virus the Anti-virus will have to maintain another database having name of virus and the signature of that virus. Only for this the Anti-virus now you are using can able to tell you the name of the virus which try to infect your system.

Everyday many new viruses are developed. So the Anti-virus try to update it (means to update the database) to catch the new type of virus.   

POLYMORPHIC

They are the most difficult viruses to detect. They have the ability to mutate as implying that they change the viral code known as signature each time they spread or infect. Thus, anti-viruses which look for specific virus codes are not able to detect such virus

•          The user copies an infected file to the disk.

•          When the infected file is run, it loads the virus into the memory or the RAM.

•          The new virus looks for a host and starts infecting other files on the disk.

•          The virus makes copies of itself on the disk.

•          The mutation engine on the new viruses generates a new unique encrypt code, which is developed due to a new unique algorithm.

•          Thus avoids detecting from check summers.

MACRO

•          The user gets an infected office document by email or by any other medium.

•          The infected document is opened by the user.

•          The evil macro code looks for the event to occur, which is set as the event handler at which the virus is set off or starts infecting other files.

To protect the system from this type of virus we need update our Anti-virus every time.

CONCLUSION

•          History has shown that to eradicate or to protect against harmful elements one needs to get some of these harmful elements onto his side and only then declare war.

•          All the laws in the world cannot and will not discourage computer criminals. Crackers are getting smart these days and it is becoming increasingly easier for them to break into a system, create havoc and escape without leaving any trace behind. Laws are absolutely useless when system administrators themselves are becoming ignorant of computer security and are dismissing all hackers as people belonging to the dark side of society. It has become absolutely necessary that people know how crackers work, how cracking is executed and how to protect computer systems from Crackers. If this is not done soon, then the Crackers will get way ahead in the security race.