Vital Information Resources Under Siege
Virus is a little program whos activity can destruct/destroy
some files and a computer system. If this program does not open, it's
inactive and could not or will not destroy anything.
VIRUS-EMAIL-
The virus program is brought to you by an email as attachment. It
has a server itself (virus server). File virus attachments cannot go to
another email, such as an email was sent by user (netter), member,
moderator etc to be as their attachment. It must be brought to you by
itself,that we called EMAIL Of VIRUS.
THEIR ADDRESS-
EMAIL OF VIRUS would be sent by any email address of any account,
that it found and cracked from some mailbox or address-book of other
person
anywhere. So that why the email of virus looks like it was sent by our
friend, our member,our moderator etc..... even it is able to email a
virus by our own email address.
HOW TO SEE IS THAT A VIRUS ATTACHMENT?
To identification of virus attachment:
a). it has a small size ( <150KB )
b). it has extension file name such as below:
*.scr
*.clp
*.pif
*.bat
*.exe
*.com
*.txt
*.doc
*.lhz
*.rhz
*.vbs
and some time it's compressed by *.zip file.
Also by the fake name HotMovie.MPEG_ _________ scr.
Actualy the file is virus file with extension .scr
HOW TO SEE IS THAT AN EMAIL VIRUS?
You are would able to understand an email virus from their SUBJECT,
most of them contains an amazing statement or unsusal word, such as
below:
Weah ^_^ :))
Hokki=)
Hi :)
ello!=))
Hello -:))
Hey, dude, it's me ^_^
access Mpeg
Re:your text
Re:Text message
Re:Msg reply
Re:Is that your document?
Re:Hot Movie(MPEG)
Re:Information. ..
Re;Important info
Re:This is your photos!:)
and more, and more...
If you received emails with the subject matter as above, you
should delete even with out openin.
Type of Malware
We can generally classify computer viruses into the following types:
Boot Sector Virus Top
This type of virus was the most common virus until the mid-1990s. It was stored in the Master Boot Record (MBR) (or master bootstrap) or the DOS Boot Sector (BS) of the infected hard drive. It spreads by attempting to infect the boot sector of every floppy disk that is inserted into the infected PC.
A PC will be infected when booting from an infected floppy disk. During the boot up process, BIOS executes virus codes resided in the floppy disk boot sector and thus passes the control of the system to the virus. With the control in hand, the virus can infect the PC by writing the virus codes to the master bootstrap of the hard disk. Afterwards, it resumes the normal boot sequence. From user point of view, everything may look normal.
The virus stayed in the infected master bootstrap will get executed in subsequent boot ups. Hence, it will stay in the memory and be ready to infect any used floppy diskette.
[Master bootstrap is the first sector of a hard disk. It contains the partition table and codes to load the operating system. Usually, 16 or more sectors following the master bootstrap are unused.
Up to 4 partitions can exist in a hard disk. DOS extended partition can be sub-divided into logical drives.
The first sector of each partition is the boot sector, which contains information of the partition and codes to load the operating system in the partition.
Floppy disks do not have master bootstrap. A floppy disk with standard DOS format has the same structure as a DOS partition in a hard disk.]
File Virus Top
File virus is also known as parasitic virus stays in a file. It spread out via program files, but not data files. A PC will be infected when it executes an infected program (obtained from floppy, CD-ROM, network, Internet etc.). Upon execution of an infected program, the attached virus may infect other programs immediately, or it may become a resident program to infect other programs later. Afterwards, the virus will resume the execution of the original normal program. Hence, the users may not notice any difference when executing an infected program.
File virus typically looks for specific file extensions to infect. Common candidates are files with extension COM, EXE and SYS.
Macro Virus Top
In July 1995, a new kind of virus was reported and it struck the computer industry instantly. Unlike the Boot Sector and File viruses, macro viruses infect data files instead of executables. Word Macro virus is multi-platform and as long as your version of Word supports the Word file format, you are prone to be affected: no matter you are using OS/2 or Windows version of Word, no matter you are using PC or Macintosh.
New Type of Virus
The virus and anti-virus technology is ever changing. As user moves to a new platform / new technologies, virus writers will try to develop new virus that can spread upon it. The following lists some new platforms / technologies upon which new type of virus might arise:
* Java
* ActiveX
* Visual Basic (VB) Script
* HTML
* Lotus Notes
Java Top
Java viruses have long been a hot topic: Questions like " Is it possible to write a Java virus? " or " Could a Java virus spread from computer to computer, may be via the Internet? " have generated quite some discussion in different newsgroups. At a first glance, the answer is " NO " , because applets are designed to run in a controlled environment (the " sandbox " ), without access to files or arbitrary network connections on the computer.
Nevertheless, Java also allows developers to build applications which have full control over the system, like any standard program. And this is the place where Java viruses found their way out.
The first Java-based virus is known as Java.StrangeBrew. It was first discovered in September 1998 and infects java class files. But the virus works only if the file is executed as a native Java application, not as an applet. Though java application is rare and the implementation of Java.StrangeBrew is primitive, its influence should not be overlooked. We expect more Java viruses to come when Java applications become prevalent.
ActiveX Top
ActiveX, like Java, is perceived to be another platform for virus to thrive. Of the two new carriers of viruses, ActiveX posts a greater threat because of its design. Essentially a compact version of Object Linking and Embedding (OLE), ActiveX has direct access to native Windows calls, linking it to any system function. And ActiveX is not limited to users of MS Internet Explorer; a Netscape Navigator plug-in now available. Java, by contrast, is ' sandboxed ' or insulated from operating system services by the Java Virtual Machine.
Visual Basic (VB) Script Top
In the past, virus writers had to develop considerable expertise about low-level computer operations before they could create a virus that can successfully spread from machines to machines. Then, with the arrival of macros in the Microsoft Office, the tools for virus creation is readily available and much less knowledge is required to write a virus. The same is also true for VB Script virus, the environment it requires will soon be commonplace and the entrance barrier is low.
VB Script viruses are becoming a real threat. The original intention of Microsoft is to include a powerful and easy to use language that can easily access the resources in the Windows system (98 / NT). VB Script is in human readable form and so it is easy to understand. Thus it invites lots of "less technical" virus writers to invade the territory.
The first generation of VB Script viruses are those that embedded in the HTML pages and spread through the Internet, while the prevalent VB Script viruses usually spread by sending mails, together with an infected script, to users in the address book. Users who run the attached script will help the virus to spread.
HTML Top
Again, there has been a great deal of discussion around the Internet concerning HTML-based virus. You may notice that someone has claimed / broadcasted that he / she has invented / found the first HTML virus.
HTML, by its own, is a mark-up language to control the layout of Web pages. Raw HTML cannot be viral, so browsers supporting only HTML are not at risk. It is therefore, the so-called "HTML virus" is unlikely to be a real world incident. The real threat comes not from surfing the Internet but from downloading viral codes from the Internet and executing them.
Nevertheless, most browsers now support other scripting languages in addition to HTML. And the so-called ¡§ HTML virus ¡¨ usually take advantage of these scripting languages. The script virus usually uses Web pages as a vehicle to reach the machines of the victim. VBS.Offline is a typical example. The most common script virus nowadays is VB Script virus, which has been discussed before.
Lotus Notes Top
Given its huge user base, Lotus Notes is a potential area that virus writer will explore. Up to now, no native Lotus Notes virus has been identified. Nevertheless, the rich-text field in Lotus Notes database provide a place where conventional (file and macro) viruses to reside. Common server-based anti-virus software could not detect virus in Notes databases because the records are compressed. To guard against computer virus in a Notes environment, we recommend users to install a Notes-based anti-virus software.
____________________________________________________________________________________
How Anti-Virus Do programs Detect Virus?
Many Of us wonder how our Antivirus software scans for Virus, Worm, Trojan.We scan a Folder Or Local Drive for Virus but what actually happens during the Virus Scan Period
Techniques used by Anti Virus Program to Detect Malware:
1.Signature Based Scan.
2. Heuristic Based Scan.
3. Threat Sense Technology.
4. Artificial Intelligence (Behavioral Antivirus Programs).
5. Proactive Defense.
1. Signature Based Scan:
Traditionally, Antivirus solutions have relied strongly on signature-based scanning, also referred to as “scan string-based technologies”. In signature based scanning anti virus program searches within given files for the presence of certain strings (also only in certain regions).If these predefined strings are found, then antivirus report A Threat has been detected.
Fact:
According to Mac fee Lab, approximately 250 virus are released every day, so it’s very difficult to catch all those viruses every day. So new technologies are used to detect unknown threats as explained below.
2. Heuristic Based Scan:
The first heuristic engines were introduced to detect DOS viruses in 1989.Heuristic (hyu-ˈris-tik) is an adjective for methods that help in problem solving. A heuristic scan is used to detect new, unknown viruses in your systems that have not yet been identified. Only some anti viruses can do this type of scan, the majority are only able to detect known viruses.
In this scanning, anti virus program searches instructions or commands within a file that are not found in typical good application programs. As a result, a heuristic engine is able to detect potentially malicious files and report them as a virus.
3. Threat Sense Technology:
In past when a virus was released it was detected by antivirus experts after 15-30 days. Till then virus had done enough damage to millions of users like “I love you worm”. Then anti virus experts started using Threat Sense Technology.
In this technology , when a certain files does specious activity in computer, Av program doesn’t perform any action and keep eye on that file. Next, when you update your anti virus these files are send to security experts of that anti virus that you are using. They analyze the file, if it is a virus then they make it’s signatures. By this a virus is caught within 3-4 days.
4. Artificial Intelligence (Behavioral Antivirus programs):
These programs monitor you computer activities. If any dangerous or specious activity occurred by a file, they inform user and give some option to perform certain action. Now user has to take decision that is it a virus file or helpful file. Some times, if user takes wrong decision then the software which is reported by anti virus get corrupted and antivirus quarantined.
5. Proactive Defense:
One more technology is “Proactive Defense”. It was first used by Kaspersky (My Most Trusted Friend).When a program or process gets executed, “Proactive Defense” tells the user about the activity of the program and asks it to allow or Block.
The Most advanced Proactive Defense is provided by Comodo Internet Security.
_______________________________________________________________________________
Various Trojan Types
- Remote Access Trojans
- Password Sending Trojans
- Keyloggers
- Destructive
- Denial Of Service (DoS) Attack Trojans
- Proxy/Wingate Trojans
- FTP Trojans
- Software Detection Killers
- Attachments
- Physical Access
- Browser And E-mail Software Bugs
- NetBIOS (File Sharing)
- Fake Programs
- Un-trusted Sites And Freeware Software
