Академический Документы
Профессиональный Документы
Культура Документы
In computers, a virus is a program or programming code that replicates by being copied or initiating its copying to another program, computer boot sector or document. Viruses can be transmitted as attachments to an e-mail note or in a downloaded file, or be present on a diskette or CD. The immediate source of the e-mail note, downloaded file, or diskette you've received is usually unaware that it contains a virus. Some viruses wreak their effect as soon as their code is executed; other viruses lie dormant until circumstances cause their code to be executed by the computer. Some viruses are benign or playful in intent and effect ("Happy Birthday, Ludwig!") and some can be quite harmful, erasing data or causing your hard disk to require reformatting. A virus that replicates itself by resending itself as an e-mail attachment or as part of a network message is known as a worm.
VIRUS
Page 1
Multipartite Viruses
Multipartite viruses are a mixture of boot sector viruses and file viruses. These viruses enter the system through infected media and dwell in the system memory. They then travel onto the boot sector of the hard drive. From there, the multipartite virus infects the executable files on the hard drive and spreads throughout the system. There arent many multipartite viruses present these days, but in their era, they were responsible for a number of vital troubles due to their ability to combine different infection practices. A significant example of a multipartite virus is Ywinz. More on Multipartite Viruses
Macro Viruses
Macro viruses infect files that are formed using certain applications or programs that include macros. Such applications comprises of Microsoft Office documents such as Word documents, Excel spreadsheets, PowerPoint presentations, Access databases and other related application files such as Corel Draw, AmiPro, etc. As macro viruses are programmed in the language of the application and not in that of the operating system, they are recognized to be platform-independent, i.e. they can spread across
VIRUS Page 2
operating systems such as Windows, Macintosh or any other systems, as long as they are running the necessary application. With the ever rising abilities of macro languages in applications, and the risk of hazardous infection spreading over the networks, this macro virus has become a critical threat. The earliest macro virus was programmed for Microsoft Word and was exposed back in August 1995. At present, there are thousands of macro viruses in existence. Examples of macro viruses are Relax, Melissa.A and Bablas.
Network Viruses
A network virus is very much skilled in rapidly spreading across a Local Area Network (LAN) or even over the internet. Generally, it circulates through shared resources, such as shared drives and folders. When it infects a fresh system, it hunts for possible victims by scanning the network for other defenseless systems. When a defenseless system is found, the network virus infects the additional systems and thus spreads over the network. Examples of some most dangerous viruses are Nimda and SQLStammer.
E-Mail Viruses
An e-mail virus can probably be a type of a macro virus that spreads itself to all the contacts located in the hosts e-mail address book. If any of the e-mail recipients open the attachment of the infected mail, it spreads to the new hosts address book contacts, and then proceeds to send itself to all those contacts as well. Nowadays, e-mail viruses can infect hosts even if the infected e-mail is previewed in a mail client. One of the most widespread and destructive e-mail viruses is the ILOVEYOU virus. There are many methods by which a virus can infect or stay inactive on your computer. However, whether active or inactive, its dangerous to let one free on your system, and should be dealt with instantaneously.
VIRUS
Page 3
ANTIVIRUS
"antivirus" is protective software designed to defend your computer against malicious software. Malicious software, or "malware" includes: viruses, Trojans, keyloggers, hijackers, dialers, and other code that vandalizes or steals your computer contents. In order to be an effective defense, your antivirus software needs to run in the background at all times, and should be kept updated so it recognizes new versions of malicious software.
VIRUS
Page 4
takes precautionary measures and follows a set of standard procedures. In most cases, the antivirus, will first try to heal the culprit-file, and if it fails to do so it tries to quarantine it. For some reason, if it can not even quarantine the infected file, the last option is to delete it permanently. However, off late it has been seen that hackers and virus creators are more successfully coming up with new and complicated polymorphic viruses which are actually sort of hybrids of two or more viruses. These improvised, polymorphic viruses are not featured by the virus dictionary, and hence most antivirus tools based on the dictionary approach find themselves helpless while countering these threats.
VIRUS
Page 5
VIRUS
ANTIVIRUS
Backdoor:OSX/Olyx.C
Detection Names: Category: Type: Platform: Backdoor:OSX/Olyx.C MAC.OSX.Trojan.Lamadai.B Malware Backdoor OS X
Backdoor:OSX/Olyx.C connects to a remote server to receive further instructions, without the knowledge or permission from the user
Trojan:W32/Reveton
Category: Type: Platform: Malware Trojan W32
F-Secure Anti-Virus.
Trojan:W32/Reveton is a Ransomware application. It fraudulently claims to be from a legitimate law enforcement authority and prevents users from accessing their infected machine, demanding that a 'fine' must be paid to restore normal access
Exploit:Java/Blackhole
Detection Names: Aliases: Category: Type: Platform: Exploit.java.blacole.f Java.Exploit.CVE-2010-0840, JAVA_BLACOLE, TROJ_VOTERAI.A Malware Exploit Java
F-Secure Anti-Virus
Exploit:Java/Blackhole identifies a Java class module used as part of an exploit kit known as Blackhole
VIRUS
Page 6
Rootkit:W32/ZAccess
Detection Names : Category: Type: Platform: Rootkit.ZAccess.A, Trojan.sirefef.k, Trojan:w64/zaccess Malware Trojan W32
F-Secure Rescue CD
Rootkit:W32/ZAccess constantly displays advertisements on the infected machine and may silently contact remote servers to retrieve additionaly advertising information
Worm:W32/Morto.A
Detection Names : Category: Type: Platform: Morto Worm:W32/Morto.A Malware Worm W32
F-Secure Anti-Virus
Worm:W32/Morto.A propagates through Remote Desktop Services on Windows servers by bruteforcing the login credentials of the server.
Spyware:Android/Flexispy.K
Name : Detection Names : Category: Type: Platform: Spyware:Android/Flexispy.K Flexispy Flexispy.K Spyware Spyware Android
Spyware:Android/Flexispy.K is a commercially available monitoring program, On installation, the program does not display an icon in the Applications menu. The program is only visible under the 'Manage Applications' menu under Settings, but in that location uses the name
VIRUS Page 7
Rogue:OSX/FakeMacDef.A
Detection Names : Category: Type: Platform: Rogue:OSX/MacDefender.A Rogue:OSX/FakeMacDef.A Trojan-Downloader:OSX/FakeMacDef.A Malware Rogue W32
F-Secure Antivirus
The rogue is installed in the Applications directory, as per normal Mac applications. It also adds its own menulet to the desktop menu bar. The rogue is also added to the Login Items for the user, so that it will automatically launch every time the user logs in.
Virus:W32/Ramnit.N
Name : Detection Names : Category: Type: Platform: Virus:W32/Ramnit.N Win32.Ramnit.N Virus:Win32/Ramnit.I Malware Virus W32
F-Secure Anti-Virus
A program that secretly and maliciously integrates itself into program or data files. It spreads by integrating itself into more files each time the host program is run. When a Ramnit.Ninfected file is first executed, it will drop a copy of itself to the following location:
%programfiles%\Microsoft\WaterMark.exe It then create the following mutex, which is used to ensure only a single instance of the
VIRUS Page 8
{061D056A-EC07-92FD-CF39-0A93F1F304E3} In order to automatically execute itself if the system is rebooted, the virus also creates the following registry launchpoint:
Packed:W32/PeCan.A
Category: Type: Platform: Malware Packed W32
F-Secure Anti-Virus
This program is packed using a packer program associated with numerous other malware. This program has been packed by the PeCancer packer program (hence the name of the detection). Samples identified by the same detection perform one or more of the following activities: o o o o Drop suspicious files or a copy of itself onto the system. Set launch points to itself, or to the files it drops. Some samples attempt to connect to and download from suspicious/malicious websites, for example: hxxp://downxml.[..].cn/iepop/list/[..] hxxp://downxml.[..].cn/iepop/update/[..] hxxp://soft.jajaca.com/[..] hxxp://news.huigezi.net/[..]
VIRUS
Page 9
Backdoor:W32/Zxshell.A
Name : Detection Names : Category: Type: Platform: Backdoor:W32/Zxshell.A Backdoor:W32/Zxshell.A Malware Backdoor W32
F-Secure Anti-Virus
Backdoor:W32/Zxshell.A is a DLL file with an exported function ("Install"), which is called to install the backdoor. It will connect to the remote host of the attacker machines. The URL of the remote host is set by the attacker to where the backdoor wants to connect to.
VIRUS
Page 10
REFERENCE
http://www.f-secure.com/en/web/labs_global/threats/descriptions http://searchsecurity.techtarget.com/definition/virus http://www.antivirussoftwaremax.com/how-does-antivirus-software-work/
VIRUS
Page 11