What Do Viruses Do?
I'm going to present an easy to understand but detailed explanation of viruses and other types of malicious software. For now, it's enough to understand that viruses are potentially destructive software that spreads from program to program or from disk to disk. Computer viruses, like biological viruses, need a host to infect; in the case of computer viruses this host is an innocent program. If such a program is transferred to your PC, other programs on your PC will become infected. (I'll shortly explain in more detail how this happens.) Even though some viruses do not intentionally damage your data, I consider all viruses to be malicious software since they modify your programs without your permission with occasional disastrous results.
The bottom line is that if you have a virus, you are no longer in control of your PC. Every time you boot your PC or execute a program the virus may also be executing and spreading its infection. While most viruses haven't been written to be destructive, almost all viruses can cause damage to your files--mostly because the viruses themselves are very poorly written programs. If viruses destroy nothing else, they destroy your trust in your PC--something that is quite valuable
Software attacks against computer and their difference from viruses:-
Viruses are one specific type of program written deliberately to cause harm to someone's computer or to use that computer in an unauthorized way. There are many forms of malicious software; sometimes the media calls all malicious software viruses, but it's important to understand the distinction between the various types. Let's examine the different types of malicious software:
Trap doors are a secret entry point in to a program that allows some one that aware of the trap door to gain access without going through the usual security access procedures. Trap doors become threats when they are used by unscrupulous programmers to fain unauthorized access.
Just like a real bomb, a logic bomb will lie dormant until triggered by some event. The trigger can be a specific date, the number of times executed, a random number, or even a specific event such as deletion of an employee's payroll record. When the logic bomb is triggered it will usually do something unpleasant. This can range from changing a random byte of data somewhere on your disk to making the entire disk unreadable. The changing of random data on disk may be the most insidious attack since it would do a lot of damage before it would be detected.
These are named after the Trojan horse which delivered soldiers into the city of
. Likewise, a Trojan program is a delivery vehicle for some destructive code (such as a logic bomb or a virus) onto a computer. The Trojan program appears to be a useful program, but when a certain event occurs, it will attack your PC in some way. Troy
Here's our definition:
“A virus is a program which reproduces its own code by attaching itself to other programs in such a way that the virus code is executed when the infected program is executed.”
You could also say that the virus must do this without the permission or knowledge of the user
A worm is a self-reproducing program which does not infect other programs as a virus will, but instead creates copies of itself, which create even more copies. These are usually seen on networks and on multi-processing operating systems, where the worm will create copies of itself which are also executed. Each new copy will create more copies quickly clogging the system. The so called Morris ARPANET/INTERNET "virus" was actually a worm. It created copies of itself through the ARPA network, eventually bringing the network to its knees. It did not infect other programs as a virus would, but simply kept creating copies of itself which would then execute and try to spread to other machines.
A zombie is a program that secretly takes over another internet –attached computer and then uses that computer to launch that are difficult to trace to the zombie’s creator .Zombies are used in denial of services attacks, typically against targeted websites.
General Virus Behavior
Viruses come in a great many different forms, but they all potentially have three phases to their execution, the dormant, the infection phase and the attack phase:
The virus is idle. The virus is eventually be activated by some event, such as a date, the presence of another program or file, or the capacity of disk exceeding some limit. Not all viruses have this phase.
Infection phase:-When the virus executes it will infect other programs. What is often not clearly understood is precisely when it will infect the other programs. Some viruses infect other programs each time they are executed, other viruses infect only upon a certain trigger. This trigger could by anything; it could be a day or time, an external event on your PC, a counter within the virus etc. Some viruses are very selective about when they infect programs; this is vital to the virus's survival. If the virus infects too often, it is more likely to be discovered before it can spread far. Virus writers want their programs to spread as far as possible before anyone detects them. This brings up an important point which bears repeating:
It is a serious mistake to execute a program a few times -- find nothing infected and presume there are no viruses in the program. You can never be sure that the virus simply hasn't triggered its infection phase!
Many viruses go resident in the memory of your PC just as a terminate and stay resident (TSR) program such as Sidekick(R) does. This means the virus can wait for some external event such as inserting a diskette, copying a file, or executing a program to actually infect another program. This makes these viruses very dangerous since it's hard to guess what trigger condition they use for their infection. Resident viruses frequently corrupt the system software on the PC to hide their existence.
Execution phase:-The second phase is the attack phase. Many viruses do unpleasant things such as deleting files or changing random data on your disk, simulating typos or merely slowing your PC down; some viruses do less harmful things such as playing music or creating messages or animation on your screen. Just as the virus's infection phase can be triggered by some event, the attack phase also has its own trigger. Viruses usually delay revealing their presence by launching their attack only after they have had ample opportunity to spread. This means that the attack may be delayed for years after the initial infection. The attack phase is optional; many viruses simply reproduce and have no trigger for an attack phase. Does this mean that these are "good" viruses? No, unfortunately not! Anything that writes itself to your disk without your permission is stealing storage and CPU cycles. This is made worse since viruses which "just infect", with no attack phase, damage the programs or disks they infect. This is not intentional on the part of the virus, but simply a result of the fact that many viruses contain extremely poor quality code. One of the most common viruses, the STONED virus is not intentionally harmful. Unfortunately the author did not anticipate other than 360K floppy disks, with the result that the virus will try to hide its own code in an area on 1.2mb diskettes which causes corruption of the entire diskette.
Now that we've examined general virus behavior, let's take a closer look at the two major categories of viruses and how they operate.