Companion Viruses PDF

Preview

Summary

Companion Viruses...

Description

Companion Viruses Companion viruses can be considered file infector viruses like resident or direct-action types. They are known as companion viruses because once they get into the system, they "accompany" the other files that already exist. In other words, to carry out their infection routines, companion viruses can wait in memory until a program is run (resident viruses) or act immediately by making copies of themselves (direct action viruses). Some examples include Stator, Asimov.1539, and Terrax.1069 1. Network Virus Network viruses rapidly spread through a Local Network Area (LAN), and sometimes throughout the internet. Generally, network viruses multiply through shared resources, i.e., shared drives and folders. When the virus infects a computer, it searches through the network to attack its new potential prey. When the virus finishes infecting that computer, it moves on to the next and the cycle repeats itself. The most dangerous network viruses are Nimda and SQLSlammer. 2. Nonresident Viruses This type of viruses is similar to Resident Viruses by using replication of module. Besides that, Nonresident Viruses role as finder module which can infect to files when it found one (it will select one or more files to infect each time the module is executed). 3. Stealth Viruses Stealth Viruses is some sort of viruses which try to trick anti-virus software by intercepting its requests to the operating system. It has ability to hide itself from some antivirus software programs. Therefore, some antivirus program cannot detect them. 4. Sparse Infectors

In order to spread widely, a virus must attempt to avoid detection. To minimize the probability of its being discovered a virus could use any number of different techniques. It might, for example, only infect every 20th time a file is executed; it might only infect files whose lengths are within narrowly defined ranges or whose names begin with letters in a certain range of the alphabet. There are many other possibilities. 5. Spacefiller (Cavity) Viruses Many viruses take the easy way out when infecting files; they simply attach themselves to the end of the file and then change the start of the program so that it first points to the virus and then to the actual program code. Many viruses that do this also implement some stealth techniques so you don't see the increase in file length when the virus is active in memory. A space filler (cavity) virus, on the other hand, attempts to be clever. Some program files, for a variety of reasons, have empty space inside of them. This empty space can be used to house virus code. A space filler virus attempts to install itself in this empty space while not damaging the actual program itself. An advantage of this is that the virus then does not increase the length of the program and can avoid the need for some stealth techniques. The Lehigh virus was an early example of a space filler virus. FAT Virus The file allocation table or FAT is the part of a disk used to connect information and is a vital part of the normal functioning of the computer. This type of virus attack can be especially dangerous, by preventing access to certain sections of the disk where important files are stored. Damage caused can result in information losses from individual files or even entire directories. 17.Worms

A worm is technically not a virus, but a program very similar to a virus; it has the ability to self-replicate, and can lead to negative effects on your system and most importantly they are detected and eliminated by antiviruses. Examples of worms include: PSWBugbear.B, Lovgate.F, Trile.C, Sobig.D, Mapson. 19.Trojans or Trojan Horses Another unsavory breed of malicious code (not a virus as well) are Trojans or Trojan horses, which unlike viruses do not reproduce by infecting other files, nor do they self-replicate like worms. 20.Logic Bombs They are not considered viruses because they do not replicate. They are not even programs in their own right but rather camouflaged segments of other programs. Their objective is to destroy data on the computer once certain conditions have been met. Logic bombs go undetected until launched, and the results can be destructive.

1.7.2Use of Antivirus software

Antivirus or anti-virus software (often abbreviated as AV), sometimes known as antimalware software, is computer software used to prevent, detect and remove malicious software. Antivirus (or anti- virus)software is used to safeguard a computer from malware, including viruses, computer worms, and Trojan horses Antivirus software may also remove or prevent spyware and adware, along with other forms of malicious programs. Free antivirus software generally only searches your computer using signature-based detection which involves looking for patterns of data that are known to be related to already-identified malware. Paid antivirus software will usually also include heuristics to catch new, or zero-day threats, by either using genetic signatures to identify new variants of existing virus code or by running the file in a virtual

environment (also called a sandbox), and watching what it does to see if it has malicious intent. Virus designers, however, usually test their malicious code against the major antivirus types of malware, specifically ransomware, use polymorphic code to make it difficult to be detected by antivirus software. Besides using antivirus software to keep your computer safe and running smoothly, it is also always a good idea to be proactive: make sure your web browser is updated to the latest version, use a firewall, only download programs from websites you trust and always surf the web using a standard user account, rather than your administrator one....