|
Ver. 1.0
Viruses
Hackers.Com FAQ
Compiled by: Liquid
Ch@os
This FAQ contains information regarding Viruses
and similarities. It is for informational purposes and is intended for the
learning of Viruses and what they do. Included in this version is
information on kinds of Viruses, how they infect computer systems, and
securing yourself from them.
| Section 1 |
I. Kinds of
Viruses |
A.
Viruses |
| |
|
B. Trojans |
| |
|
C.
Worms |
| Section 2 |
II. How Viruses work |
A. Stealth Viruses |
| |
|
B. Polymorphic
Viruses |
| |
|
C. Slow infector |
| |
|
D. Fast infector |
| |
|
E. Sparse infector |
| |
|
F. Boot Sector Infector
(BSI) |
| |
|
G. Companion Virus |
| |
|
H. Armored
Virus |
| Section
3 |
III. Virus Security
|
A. Virus
scanners |
|
|
B.
Firewalls |
| Section 1 |
Back
to Top |
| I. Kinds of Viruses |
There are many kinds of viruses. These
include Trojan horses and Worms as well. New viruses are released
upon the world every day. The next section will list different
styles and what they do. This section defines the 3 most common
kinds and their definitions. |
| A. Viruses |
A virus is a program that infects a
computers files and copies itself to them. Thus damaging the file.
Most common viruses infect .COM or .EXE file extensions and corrupts
them, rendering the program useless and/or infecting other files
when run. Viruses are commonly recieved thru email and downloaded
programs. Email viruses (depending on what you use for your mail)
can access your address book and forward itself on to the people on
the list, without the users knowledge. |
| B. Trojans |
Trojans are programs that do something
which the writer means it to do that the user does not know about.
These programs can be attached to another program so when the
original program (that which may be any common good program people
will use) is run the trojan virus will be installed. These range in
the way of invisible keyloggers to the common trojans like NetBus,
Sub7, and Back Orfice. There are amny kinds of trojans out there.
Some can damage your computer, some will allow others access to your
files, and some are there but dont do to much. But at any rate these
can be malicious and are in many cases can be as bad as a virus that
can destroy your computer. The common names for these viruses
unattached from another program is "patch" and "server" alltho they
may have other names as well depending on what it has been changed
to. |
| C. Worms |
Worms are programs that replicate over
and over using up system resources and/or clowing down the computer.
These include "resource hoggers" and "HDD fillers" (hard drive
fillers). These programs may produce thousands of smaller files in a
folder deep in the hard drive and keep making them until the hard
drive is full. As well as using up resources of the computer. These
little programs are hard to find. Due to having to find the original
virus to stop the damage being done. There are other kinds of worms
as well. Different ones depending on the writers
needs. |
| Section 2 |
Back
to Top |
| II. How Viruses work |
This section will explain on a few types
of viruses and how they work. This is only a partial list of the
different kinds out there. There are many other kinds but these are
the main ones. This will be updated about every 6 months adding new
ones out. |
| A. Stealth Viruses |
A stealth virus is one which hides the
modifications it has made in the file or boot record, usually by
monitoring the system functions used by programs to read files or
physical blocks from storage media, and forging the results of such
system functions so that programs which try to read these areas see
the original uninfected form of the file instead of the actual
infected form. Thus the viral modifications go undetected by
anti-viral programs. However, in order to do this, the virus must be
resident in memory when the anti-viral program is executed. |
| B. Polymorphic Viruses |
A polymorphic virus is one which produces
varied (yet fully operational) copies of itself, in the hope that
virus scanners will not be able to detect all instances of the
virus.These viruses are hard to detect because of their constant
change. Most viruses scanners will detect the original but not the
newer versions of the virus all the time. |
| C. Slow infector |
A slow infector is a virus that which
runs in the memory and infects programs that are modified or
created. This is to fool many programs that check for modifications
in programs for the virus hides what it has done. |
| D. Fast infector |
A fast infector is a virus which, when it
is active in memory, infects not only programs which are executed,
but even those which are merely opened. The result is that if such a
virus is in memory, running a scanner can result in all (or at least
many) programs becoming infected all at once. |
| E. Sparse infector |
A sparse infector virus will only infect
a file occasionaly. These will count however many programs it was
designed to count then infect and so on. Making it harder to track
down the orginal source of the virus. These are hard to find due to
the originaly has to be found thru many infected files that could be
the original. |
| F. Boot Sector Infector (BSI) |
A BSI is a virus that attacks the
computer on boot. Sometimes halting the boot procedure alltogether
and/or damaging boot files making the system either unstable and
crash on startup or not able to start at all. These are some of the
worst viruses to get because once infected you are unable to run
system virus scans thru the OS. |
| G. Companion Virus |
A companion virus modifies a file
so that when it is run it runs a seperate program as well. (Many
trojans work as this kind of virus) When the original file is run
the virus is run instead of the original program. Once the virus is
done, which is commonly fast enough to go unnoticed, the original
program will start. The user will normaly have no clue as to
anything was happening they did not know about. |
| H. Armored Virus |
An armored virus will use different
things to stop the user from deleting, editing, tracing, and more.
These can sometimes be deleted by virus scanners but not
always. |
| Section III |
Back
to Top |
| III. Virus Security |
Virus security starts with a good virus
scanner and never ends. There are many ways to prevent viruses.
Thousands of new viruses are created each week and scanners are
constantly being updated. The best way to be secured from them is to
only download files from trusted sites/people and to keep a good
updated scanner. |
| A. Virus Scanners |
Virus scanners are the number one way to keep viruses off your
system. There are hundreds of different scanners available. There
are a few companies who keep up with them. (we all know who they
are) So here is what you should do to keep them updated and working
properly.
Always watch their website, they often have info on the latest
bad viruses out and updates for your scanner. Also keep up
monthly/weekly with your updates of your scanner. This will
drastically reduce your vulnerability towards most the common
viruses out. Another tip is when you hear of another big virus out,
manualy update your scanner. Most the good scanners available have
auto and manual update programs on your computer. |
| B. Firewalls |
Firewalls are very good protection for
personal computers. Some of them will block against viruses and most
will, or have the ability, to block trojan viruses. As with scanners
there are many to choose from. It is the users personal preference
on what they want to use. Firewalls provide good protection towards
more than viruses/trojans as well. They will protect your whole
computer from many kinds of other "cracking" attacks. They watch
over your computer and watch open ports on your system for incoming
data and either let it pass or block it depending on what the user
wants. They work as nets, allowing what the user wants to go thru
and blocking what the user does not want to go thru |
| Home |
Back
to
Top | |