Boot Sector Virus
Boot sector virus is spread is a common one. This virus in
reproduce itself, will have to move or replace the original boot sector
podići program with the virus. So when the virus occurs podići akan loaded
to memory and then the virus will have the ability to control
standard hardware (eg monitor, printer etc.) and also from the memory of this virus akan
spread to all who have the drive and connected to the computer (for example:
Floopy, drive other than drive c:).
Examples of viruses:
- Variant virus wyx
ex: wyx.C (B) menginfeksi boot record and Floopy;
Length: 520 bytes;
Characteristics: Memory resident and encrypted.
- Variant V-sign:
attack: Master Boot Record;
Length of 520 bytes;
Characteristics: live in the memory (memory resident), encrypted, and polymorphic)
- Stoned.june 4th / bloody!:
infect: Master Boot Record and Floopy;
Length of 520 bytes;
0
comments
Thursday, April 30, 2009
Macro virus
This type of virus is certainly very often we hear. This virus was written with
programming language of an application is not the programming language of an Operating System. This virus can be run when the application can creating it self
running well. For example, if the computer is run mac application
Word, the macro virus that is made from the Word macro language can be worked on
system Mac computer is operating.
Examples of viruses:
- Variant W97M, eg W97M.Panther
Length of 1234 bytes, will infect NORMAL.DOT and infect document
when opened.
- WM.Twno.A; TW
The length of 41,984 bytes, will infect document using Ms.Word
macro language, usually extention: . . DOC and DOT
0
comments
Saturday, April 25, 2009
Life cycle VIRUS
Life cycle of viruses in general, through the 4 stages:
Dormant phase (Phase Rest / Sleep)
At this phase the virus is not active. Virus will be activated by a condition
particular, such as: the date specified, the presence of other programs / be executed
other programs, etc.. Not all of the virus through this phase.
Propagation phase (phase distribution)
At this phase the virus will copy it self to a program or to a
place of storage media (both hard drives, RAM etc.). Each program is infected
will be the result of "cloning" the virus (depending on how the virus
menginfeksinya).
Trigerring phase (active phase)
In this phase the virus is active and this is also the trigger conditions by some
as in the Dormant Phase.
Execution phase (execution phase)
At this phase the virus is active before akan perform its function. Like
delete files, display messages, etc.
Dormant phase (Phase Rest / Sleep)
At this phase the virus is not active. Virus will be activated by a condition
particular, such as: the date specified, the presence of other programs / be executed
other programs, etc.. Not all of the virus through this phase.
Propagation phase (phase distribution)
At this phase the virus will copy it self to a program or to a
place of storage media (both hard drives, RAM etc.). Each program is infected
will be the result of "cloning" the virus (depending on how the virus
menginfeksinya).
Trigerring phase (active phase)
In this phase the virus is active and this is also the trigger conditions by some
as in the Dormant Phase.
Execution phase (execution phase)
At this phase the virus is active before akan perform its function. Like
delete files, display messages, etc.
Hide ability of self
Hide this capability must be owned by a virus that
all work well from the beginning until the successful transmission can be realized.
The steps that are usually made:
- Program the virus stored in the form of machine code and combined with the program
- Program viruses sependek may be made, and the resulting file is not too diinfeksi
change in size
- The virus does not change the description / information within a file
- Etc.
all work well from the beginning until the successful transmission can be realized.
The steps that are usually made:
- Program the virus stored in the form of machine code and combined with the program
others that are considered useful by the user
- Program Boot virus placed on the record or track on the disk that is rarely
- Program viruses sependek may be made, and the resulting file is not too diinfeksi
change in size
- The virus does not change the description / information within a file
- Etc.
The ability to manipulate
Routine (routine) owned a virus will be run after the virus
infect a file. The contents of a routine this can vary from that is not
dangerous to do the demolition. This routine is generally used for
manipulate files or popularize the author! This routine utilizes
ability of an operating system (Operating System), that have
the same ability with the operating system. For example:
a. Create an image or message on the monitor
b. Change / change-change the label of each file, directory, or the label of the drive in your PC
c. Manipulate files that be infected
d. Damage to the file
e. Disrupt work printer, etc.
infect a file. The contents of a routine this can vary from that is not
dangerous to do the demolition. This routine is generally used for
manipulate files or popularize the author! This routine utilizes
ability of an operating system (Operating System), that have
the same ability with the operating system. For example:
a. Create an image or message on the monitor
b. Change / change-change the label of each file, directory, or the label of the drive in your PC
c. Manipulate files that be infected
d. Damage to the file
e. Disrupt work printer, etc.
The ability to reproduce themselves
The core of the virus is the ability reproduce infect themselves with the file
another. A virus has been found when the potential victims he akan
check with them. If not then infected with the virus akan
aksinya start with the writing of a byte in the file,
and so copy/ write virus code objects above the target file. Some
general way by the virus to infect / reproduce themselves is:
a. File a ditulari akan deleted or renamed. Then created
a file containing the virus program itself using the file name of the original.
b. Virus program that is executed / loaded to memory akan directly infect
files with other ways infected all the files you have.
another. A virus has been found when the potential victims he akan
check with them. If not then infected with the virus akan
aksinya start with the writing of a byte in the file,
and so copy/ write virus code objects above the target file. Some
general way by the virus to infect / reproduce themselves is:
a. File a ditulari akan deleted or renamed. Then created
a file containing the virus program itself using the file name of the original.
b. Virus program that is executed / loaded to memory akan directly infect
files with other ways infected all the files you have.
The ability to check a program
A virus must also be able to check a file that will ditulari, for example,
he served infect program extention: . doc, he has to check whether
document file has been infected or not, because if it is, akan
useless invected again. This is very useful to improve the ability of a
virus in the case of speed invected a file / program. The public be
by viruses is to have / give alert in the file / program that has been infected so easy to recognize by the virus. Sample designation is for example, provides a unique bytes in each file that was infected.
he served infect program extention: . doc, he has to check whether
document file has been infected or not, because if it is, akan
useless invected again. This is very useful to improve the ability of a
virus in the case of speed invected a file / program. The public be
by viruses is to have / give alert in the file / program that has been infected so easy to recognize by the virus. Sample designation is for example, provides a unique bytes in each file that was infected.
Ability to obtain information
In general, a virus requires a list of names of the files that have
in a directory. For what? So that he can get a list of files that can be
he tulari. For example, a macro virus akan menginfeksi all data files MS Word,
akan find a list of files berekstensi *. doc. Is the ability to gather
information is required so that the virus can make a list / data files, and
memilahnya with the search for files that can be ditulari. Usually this data are now
file a contagious / virus infected files or virus program itself was opened by the user.
The virus will soon make the collection of data and put it (usually) in the
RAM, so that when the computer is turned off all the data lost. But this data
akan created again each time the virus is activated. Typically data is stored
also as a hidden file by the virus.
in a directory. For what? So that he can get a list of files that can be
he tulari. For example, a macro virus akan menginfeksi all data files MS Word,
akan find a list of files berekstensi *. doc. Is the ability to gather
information is required so that the virus can make a list / data files, and
memilahnya with the search for files that can be ditulari. Usually this data are now
file a contagious / virus infected files or virus program itself was opened by the user.
The virus will soon make the collection of data and put it (usually) in the
RAM, so that when the computer is turned off all the data lost. But this data
akan created again each time the virus is activated. Typically data is stored
also as a hidden file by the virus.
CRITERIA VIRUS
A program can be referred to as a virus when meet a minimum of 5
following criteria:
1. Ability to obtain information
2. The ability to check a file
3. The ability to reproduce themselves and transmit themselves
4. The ability to manipulate
5. The ability to hide themselves.
Now it will try to explain what is short of tiaptiap
ability, and why this is necessary.
following criteria:
1. Ability to obtain information
2. The ability to check a file
3. The ability to reproduce themselves and transmit themselves
4. The ability to manipulate
5. The ability to hide themselves.
Now it will try to explain what is short of tiaptiap
ability, and why this is necessary.
The VIRUS
"A program that can infect other programs by modifying them to include a slighty
altered copy of itself. A virus can spread throughout a computer system or network
using the authorization of every user using it to infect their programs. Every programs
that gets infected can also act as a viral infection that grows "
(Fred Cohen)
The first time the term "virus" is used by Fred Cohen in 1984 in
United States. Computer virus called "virus" because it has some
fundamental similarities with the virus in the medical term (biological viruses).
Computer viruses can be defined as a normal computer program. But
have a fundamental difference with other programs, the virus
made to infect other programs, change, manipulate
even merusaknya. There is a need to note here, the virus will only infect
triggered when the program or programs that have been infected earlier executed, disinilah
differences with the "worm". This study will not be because the worm will
divert us from the discussion on this virus.
altered copy of itself. A virus can spread throughout a computer system or network
using the authorization of every user using it to infect their programs. Every programs
that gets infected can also act as a viral infection that grows "
(Fred Cohen)
The first time the term "virus" is used by Fred Cohen in 1984 in
United States. Computer virus called "virus" because it has some
fundamental similarities with the virus in the medical term (biological viruses).
Computer viruses can be defined as a normal computer program. But
have a fundamental difference with other programs, the virus
made to infect other programs, change, manipulate
even merusaknya. There is a need to note here, the virus will only infect
triggered when the program or programs that have been infected earlier executed, disinilah
differences with the "worm". This study will not be because the worm will
divert us from the discussion on this virus.
The Legend of Virus
1949, John von Neumann, said"self altering automata theory"
which is the result of the research mathematician. 1960, Bell Lab (AT & T), the
experts in the lab Bell (AT & T)-try to try the theory expressed by John von
Neumann, with a type of game / game. They create a program
that can reproduce themselves and the program can be made in the opponent.
The program is capable of enduring and destroy all other programs, akan
considered to be the winner. This game eventually became the favorite game in the
each computer lab. However, the longer the program that created the
dangerous, so they do control and strict security
of this game. 1980, these programs are finally known
with a "virus" is spread out successful laboratory environment, and
began circulating in the general public.
which is the result of the research mathematician. 1960, Bell Lab (AT & T), the
experts in the lab Bell (AT & T)-try to try the theory expressed by John von
Neumann, with a type of game / game. They create a program
that can reproduce themselves and the program can be made in the opponent.
The program is capable of enduring and destroy all other programs, akan
considered to be the winner. This game eventually became the favorite game in the
each computer lab. However, the longer the program that created the
dangerous, so they do control and strict security
of this game. 1980, these programs are finally known
with a "virus" is spread out successful laboratory environment, and
began circulating in the general public.
Subscribe to:
Posts (Atom)