Computer virus
A computer virus is software whose objective is to alter the normal operation of any type of computer device, without the permission or knowledge of the user, mainly to achieve malicious on the device. Viruses usually replace executable files with others infected with the same code. Viruses can intentionally destroy the data stored on a computer, although there are also other more harmless ones that only cause discomfort or unforeseen events.
Computer viruses basically have the function of spreading through software, they are very harmful and some also contain a harmful load (payload) with different objectives, from from a simple prank to significant damage to systems, or blocking computer networks generating useless traffic. The operation of a computer virus is conceptually simple. A program is executed that is infected, in most cases, due to the user's ignorance. The virus code remains resident (housed) in the computer's RAM memory, even when the program that contained it has finished executing. The virus then takes control of the basic services of the operating system, subsequently infecting executable files that are called for execution. Finally, the virus code is added to the infected program and recorded on the disk, thus completing the replication process.
The first virus attacked an IBM Series 360 machine (and recognized as such). It was called Creeper, (ENMS) created in 1972. This program periodically broadcast the message on the screen: "I'm the creeper... catch me if you can!" ("I'm the creeper... Catch me if you can!"). To eliminate this problem, the first antivirus program called Reaper (reaper) was created.
However, the term virus would not be adopted until 1984, but they already existed before. Victor Vyssotsky, Robert Morris Sr. and Doug McIlroy, researchers at Bell Labs (Dennis Ritchie or Ken Thompson are wrongly cited as fourth co-authors) developed a computer game called Darwin (from which Core Wars) that consists of eliminating the adversary program occupying all the RAM.
After 1984, viruses have expanded greatly, from those that attack floppy disk boot sectors to those that are attached to e-mail.
Computer viruses and their spread to other operating systems
Computer viruses affect to a greater or lesser extent almost all the best-known and most used systems today. Windows, Mac OS, Linux...
It should be noted that a computer virus will mostly attack only the operating system for which it was developed, although there have been some cases of multiplatform viruses.
MS-Windows and Android
The highest incidences of viruses occur in the Windows and Android operating systems for these reasons:
- Its great popularity, such as operating systems, between personal computers and mobile devices. It is estimated that in 2007, 90% of them used Windows. While Android has a market share of 80% in 2015. This popularity based on ease of use without any prior knowledge, motivates malicious software creators (also called malware) to develop new computer viruses; and thus, by attacking their weaknesses, increase the impact they generate.
- The lack of security in Windows (current priority of Microsoft) makes the “infection” of the Computer very easy as it is a traditionally very permissive system with the installation of programs other than it, without requiring any authentication from the user or asking for any special permission to do so in the older systems. From the inclusion of User Account Control in Windows Vista and henceforth (and as long as it is not deactivated) this problem has been solved, since it can be used the classic Linux configuration to have a protected administrator on a daily basis using a standard user without permissions is unprotected by a virus threat.
- Software such as Internet Explorer and Outlook Express, developed by Microsoft and predetermined in previous versions of Windows, are known to be vulnerable to viruses as they take advantage of the advantage that such programs are heavily integrated into the operating system giving full, and virtually unrestricted access to system files. A famous example of this type is the ILOVEYOU virus, created in 2000 and propagated through Outlook. Today Internet Explorer has been separated from Windows and Outlook Express was uncontinued.
- The lack of training of a significant number of users of these systems, which causes non-preventive measures to be taken by these systems, since these systems are mostly targeted at non-information users. This situation is constantly used by virus programmers.
Unix and derivatives
In other operating systems such as GNU/Linux, BSD, Solaris, MacOS iOS and other Unix-based distributions, incidents and attacks are rare. This is mainly due to:
- Traditionally Unix-based programmers and users have considered security as a priority so there are greater measures against viruses, such as the need for authentication by the user as administrator or root to install any additional program to the system. In Windows this benefit exists from Windows Vista.
- The directories or folders containing the vital files of the operating system have special access permissions, so no user or program can easily access them to modify or delete them. There is a hierarchy of permissions and accesses for users.
- Related to the previous point, unlike Windows XP users and previous versions of Windows, most Unix-based system users cannot normally start sessions as "administrators" users or by the superuser root, except to install or configure software, resulting in that even if a non-administrator user runs a virus or some malicious software, it would not completely damage the operating system as Unix limits the running environment to a reserved space or directory commonly called home. Although from Windows Vista, user accounts can be configured similarly.
- These systems, unlike Windows, are used for more complex tasks such as servers that are usually heavily protected, which makes them less attractive for virus development or malicious software.
- In the particular case of distributions based on GNU/Linux and thanks to the collaborative model, free licenses and because they are more popular than other Unix systems, the community constantly provides and in a very short time span updates that solve bugs and/or security holes that could be taken advantage of by some malware.
Other operating systems
Most computers contain a disk operating system from the 1990s (8, 16, and 32-bit computers) and have suffered from different variants of viruses, mainly boot sector and infected files. The only exception seems to have been the versions of CP/M, CP/M-86 and DOS Plus, but not its descendant DR-DOS. In the directories of BBS and the incipient Internet, an antivirus section is always present. However, the most up-to-date versions of these operating systems only consider it as something historical, since there are no specific developments for the OS (which does not eliminate, for example, attacks through web browsing). This strength is based mainly on video games that need to have the floppy disk write-unprotected to store scores or game states, or on certain protections. Several are located in ROM, so it is not possible to infect the system itself, but since you need to load part of it from the floppy disk, no checking is done.
- Commodore Amiga/Amiga OS: They are quite numerous, so the first thing you do when you receive a third-party disk is to scan it in case. At least 548 viruses are known.
- Atari ST/Atari TOS: It has the first case of cross platform viruses: viruses Aladinn and Frankie are written for Apple Macintosh Aladinn emulator. Its compatibility with the MS-DOS disk format causes cases of ST disks infected by DOS sector virus (no effect for the computer), so their antivirus contemplate them, to protect PC emulators by soft and hard platform.
- Acorn Archimedes/RISC OS: Less known for being almost restricted to the British market, there are at least 10 antivirus: VProtect, VZap, KillVirus, Hunter, Interferon, IVSearch, Killer, Scanner, VirusKill, VKiller.
- MS-DOS/DR-DOS: the paradise of the virus in those times, with some of the first in his class. Of the anti-virus providers then survive McAfee and Symantec today, the rest entered the market with Microsoft Windows.
- Commodore 64: BHP VIRUS, Bula.
- Apple II: Holds one of the first viruses, the 1982 Elk Cloner.
- Apple Macintosh/Mac OS Classic: versions for 680x0 and PowerPC processors are infected by specific viruses (the 680x0 emulation in PowerPC makes them vulnerable to some of the old viruses, but not all) as a macro virus for MS Office. Platform changes act as a barrier for, e.g., start-up sector viruses. The appearance of Mac OS X marks a point and apart in the viruses for MacOS; although it does not suppose its disappearance, it reduces them significantly.
Features
Since a characteristic of viruses is the consumption of resources, viruses cause problems such as: loss of productivity, outages in information systems or damage at the data level.
One of the characteristics is the possibility that they have of disseminating through replicas and copies. Networks currently help such propagation when they do not have adequate security.
Other damage that viruses cause to computer systems are the loss of information, hours of productive stoppage, reinstallation time, etc.
Keep in mind that each virus poses a different situation.
Methods of propagation
There are two main types of contagion. In the first, the user, at a given moment, inadvertently executes or accepts the installation of the virus. In the second, the malicious program acts by replicating itself through networks. In this case we speak of worms.
In either case, the infected operating system begins to experience a series of abnormal or unexpected behaviors. These behaviors can give a hint of the problem and allow recovery from it.
Among the most frequent contaminations by user interaction are the following:
Messages that automatically launch programs (such as a mail program that directly opens an attachment). Social engineering, messages like "run this program and win a prize", or, more commonly: "Make 2 clicks and win 2 free ringtones". Entry of information on disks of other infected users. Installation of modified or dubious software. In the Windows system, it may be the case that the computer can be infected without any type of user intervention (Windows 2000, XP and Server 2003 versions) by viruses such as Blaster, Sasser and their variants simply by the fact that the machine is connected to a network or the Internet. This type of virus exploits a buffer and network port overflow vulnerability to infiltrate and infect the computer, cause system instability, display error messages, resend itself to other machines via the local network or the Internet, and even reboot the system, among other things. other damages. The latest versions of Windows 2000, XP and Server 2003 have mostly corrected this problem.
Protection methods
The methods to diminish or reduce the risks associated with viruses can be called active or passive.
Assets
- Antivirus: are programs that try to discover the traces that have left a malicious software, to detect and remove it, and in some cases contain or stop pollution. They try to control the system while it works by stopping known pathways of infection and notifying the user of possible security incidents. For example, seeing a file called Win32.EXE.vbs in the folder C:Windows%System32% In the background, see that it is suspicious behavior, skip and notify the user.
- File Filters: It consists of generating filters of harmful files if the computer is connected to a network. These filters can be used, for example, in the mail system or using firewall techniques. In general, this system provides security where user intervention is not required, can be very effective, and allow only resources to be used more selectively.
- Automatic Update: It consists in downloading and installing the updates that the operating system manufacturer releases to correct security failures and improve performance. Depending on the configuration the process can be completely automatic or let the user decide when to install the updates.
Passives
To avoid infecting a device, you must:
- Do not install software of doubtful origin.
- Do not open emails of strangers or attachments that are not recognized.
- Use a pop-up blocker in the browser.
- Use the browser privacy settings.
- Activate User Account Control.
- Delete the Internet cache memory and browser history.
- Do not open documents without making sure of the file type. It can be an executable or incorporate macros within it.
Types of viruses
There are various types of viruses, they vary according to their function or the way in which it runs on our computer, altering its activity, among the most common are:
- Recycler: It consists of creating a direct access to a program and eliminating its original application, in addition to infecting a pendrive converts all information into direct access and hides the original so that the files cannot be seen, but with the creation of a file batch that modifies the attributes of the files contained in the pendrive, these could be recovered.
- Trojan: It consists of stealing information or altering the hardware system or in an extreme case allows an external user to control the computer.
- Logical or time bombs: These are programs that are activated when a particular event occurs. The condition is usually a date (time bombs), a combination of keys, or certain technical conditions (logical bombs). If the condition does not occur, it remains hidden from the user.
- Gusano: He has the property to double himself.
- Hoax: hoax They are not viruses or have the ability to reproduce on their own. These are false content messages that encourage the user to make copies and send it to their contacts. They often appeal to moral sentiments (“Help a child suffering from cancer”) or to the spirit of solidarity (“I warn of a new dangerous virus”) and, in any case, they try to take advantage of the lack of experience of the new Internet users.
- Joke: Like the hoax, they are not viruses, but they are annoying, an example: a pornographic page that moves from one side to the next, and if you get to close it is possible to exit a window that says error.
Other types for different characteristics are listed below:
- Resident virus:
The main characteristic of these viruses is that they hide in RAM memory permanently or resident. In this way, they can control and intercept all the operations carried out by the operating system, infecting all those files and/or programs that are executed, opened, closed, renamed, copied. Some examples of this type of virus are: Randex, CMJ, Meve, MrKlunky.
- Direct action virus:
Unlike residents, these viruses do not persist in memory. Therefore, their primary objective is to reproduce and act at the very moment of being executed. When a certain condition is met, they are activated and look for the files located within the same directory to infect them.
- Overwriting virus:
These viruses are characterized by destroying the information contained in the files they infect. When they infect a file, they write to its content, making it totally or partially useless.
- Batch virus
Batch viruses generate script language batch files based on configuration options proposed by the program. Creating this type of program is very simple, which is why there are many virus generators of this type.<
- boot virus (bot_kill) or boot virus:
The terms boot or boot sector refer to a very important section of a disk or storage unit CD, DVD, USB memory, etc. In it, essential information about the characteristics of the disk is stored and there is a program that allows you to start the computer. This type of virus does not infect files, but rather the disks that contain them. They work by first infecting the boot sector of storage devices. When a computer starts up with a storage device, the boot virus will infect the hard drive.
Boot viruses cannot affect your computer as long as you don't try to start it with an infected disk. Therefore, the best way to defend against them is to write-protect your storage devices and never boot your computer with an unknown such device in the computer.
Some examples of this type of virus are: Polyboot.B, AntiEXE.
- Link virus or directory:
The files are located at certain addresses (basically made up of a drive and a directory), which the operating system knows in order to locate and work with them.
Link or directory viruses alter the addresses that indicate where files are stored. In this way, when trying to run a program (file with an EXE or COM extension) infected by a link virus, what is actually done is running the virus, since it will have modified the address where the program was originally located, placing itself instead.
Once the infection has occurred, it is impossible to locate and work with the original files.
- Encrypted viruses:
More than a type of virus, it is a technique used by some of them, which in turn may belong to other classifications. These viruses encrypt themselves so as not to be detected by antivirus programs. To carry out its activities, the virus decrypts itself and, when it has finished, it re-encrypts itself.
- Polymorphic virus:
They are viruses that are encrypted in a different way with each infection they carry out (using different algorithms and encryption keys). In this way, they generate a high number of copies of themselves and prevent antiviruses from locating them through the search for strings or signatures, which is why they are usually the most expensive viruses to detect.
- Multipartite virus
Very advanced viruses, which can carry out multiple infections, combining different techniques to do so. Its target is any element that can be infected: files, programs, macros, disks, etc.
- File virus
They infect programs or executable files (files with EXE and COM extensions). When the infected program is executed, the virus is activated, producing different effects.
- FAT virus:
The file allocation table or FAT (from English File Allocation Table) is the section of a disk used to link the information contained in it. It is a fundamental element in the system. Viruses that attack this element are especially dangerous, since they will prevent access to certain parts of the disk, where critical files for the normal functioning of the computer are stored.
- Virus hijackers:
These are programs that hijack Internet browsers, mainly the explorer. Hijackers alter the initial pages of the browser and prevent the user from changing it, display advertising in pop-ups. It installs new tools in the browser bar and sometimes they prevent the user from accessing certain web pages. An example may be not being able to access an antivirus page.
- Virus Zombie:
They are programs that hijack computers in a way that is controlled by third parties. It is used to spread viruses, keyloggers and invasive procedures in general. This can happen when the computer has the firewall and its outdated operating system.
- Virus Keylogger:
This virus is in charge of registering each key that is pressed, in some cases it also registers the clicks. They are viruses that are hidden in the operating system so that the victim has no way of knowing that they are being monitored. Keyloggers are usually used to steal bank account passwords, obtain personal passwords such as E-mail, Facebook, etc.
Virus actions
Some of the actions of some viruses are:
- Join any program allowing it to spread and being more expensive to get rid of it.
- Slow the device.
* Reducing the space on the disk. * Showing windows constantly. * Streaming device files, in some cases vital files for the operation of the device. * Downloading files or trash programs
- Turn off or restart your device
- Make calls to your contacts or other numbers at higher cost
- Remove all data stored on the hard drive
Origin
Theoretical origins: up to 1985
The first academic paper on the theory of self-replicating computer programs was published by John von Neumann in 1949 who lectured at the University of Illinois on the Theory and Organization of Complicated Automata (Theory and Organization of Complicated Automata). Von Neumann's work was later published as the Theory of Self-Reproducing Automata. In his essay von Neumann described how a computer program can be designed to reproduce itself. Von Neumann's design of a computer program capable of copying itself is considered the world's first computer virus, and is regarded as the theoretical father of computer virology.
In 1960 Victor Vyssotsky, Robert Morris Sr., and Doug McIlroy, researchers at Bell Labs, implemented a computer game called Darwin on an IBM 7090 mainframe. In it, two player programs compete in the arena for controlling the system, eliminating its enemy, trying to overwrite or disable all its copies. An improved version of it will be known as Core Wars. Many of the concepts in this are based on an article by Alexander Dewdney in the Computer Recreations column of Scientific American.
In 1972 Veith Risak published the article "Selbstreproduzierende Automaten mit minimaler Informationsübertragung" (self-reproducing automaton with minimal information exchange). The article describes a virus written for research purposes. This contained all the essential components. It was programmed in assembly language for the SIEMENS 4004/35 equipment and it ran without problems.
In 1975 the English author John Brunner published the novel The Shock Wave Rider, in which he anticipated the risk of Internet viruses. Thomas Joseph Ryan described 1979 in The Adolescence of P-1, as an Artificial Intelligence spreads similar to a virus on the national computer network.
In 1980, Jürgen Kraus wrote a thesis at the Technical University of Dortmund, in which he compared some programs to biological viruses.
In 1982 Rich Skrenta, a 15-year-old high school student, programs the Elk Cloner for the Apple II, the first known computer virus to actually spread rather than as a laboratory concept. It can be described as the first boot sector virus.
In 1984 Leonard M. Adleman used the term "computer virus" for the first time in a conversation with Fred Cohen.
Note
Contenido relacionado
Carrier sense multiple access with collision detection
CalligraSuite
Logitech