A computer virus is malicious software designed to spread to other computers by inserting herself into legitimate programs called “guests.” It can more or less seriously damage the functions of the infected computer. It can spread through any medium of exchange of digital data such as computer networks and CD-ROMs, USB keys, etc.
Its name comes from an analogy with biological viruses because it has similarities in the way it is spread using the reproductive capability of the host cell. It assigns the term “computer virus” in computer and molecular biologist Leonard Adleman (Fred Cohen, Experiments with Computer Viruses, 1984). Computer viruses are not to be confused with computer worms, which are programs that can spread and replicate on their own without contaminating the host program. In a broad sense, is often used and misused the word virus to designate any form of malware.
The total number of malicious programs known to be about 95 000 according to Sophos (all types of malware combined). However, the actual number of viruses in circulation would not exceed a few thousand depending on the WildList Organization, every antivirus vendor with an interest in “inflating” the number of viruses it detects. The vast majority affects the Windows platform. Although they are extremely few, there are also virus-like systems Unix / Linux, but no outbreaks similar to that of the Windows virus has been detected in 2010. The rest is mainly aimed at operating systems that are distributed over the past few years, as the 27 viruses – none being dangerous – imposed Mac OS 9 and its predecessors (recorded by John Norstad, author of the antivirus Disinfectant ). Systems are least affected FreeBSD that focuses its development on security, as well as Netware and OS / 2 too few to provide a developer known viruses. Viruses are often subject to false alarms that the rumor spread, bulky freight.
Some of them, playing on the ignorance of computer users, they sometimes destroy parts of the operating system completely healthy. The first autonomous software had no purpose they have today. The very first software of this type were mere entertainment, a game between three data of Bell, Core War, created in 1970 in the laboratories of the company. For this game, each player writes a program, then loaded into RAM. The operating system, which has just been multitasking, in turn executes an instruction for each software. The goal of the game is to destroy the opposing programs while ensuring its own proliferation. The players do not obviously opposing the location of the program. The software is capable of copying itself, repair itself, to move themselves into different areas of memory and “attacking” the software by writing random opponent in other memory areas. The game ends after a set time or when a player sees all its programs inactive or destroyed. The winner is the one that has the largest number of active copies. This is exactly the principles of programming viruses.
In 1984, the magazine Scientific American presented a computer game design consisting of small programs that come into s’autoreproduisant fight and trying to inflict damage on opponents, thus setting the stage for future viruses. In 1986, the ARPANET was infected by Brain, virus renaming all boot disks system (C) Brain. The creators of this virus gave them their name, address and phone number because it was an advertisement for them.
The virus is a classic piece of program, often written in assembler, which fits into a normal program, most often at the end but also at the beginning or the middle. Each time the user runs the program “infected”, it activates the virus the opportunity to get integrated into other executable programs. Moreover, when it contains a payload, it may, after a certain time (which can be very long) or a special event, perform a predetermined action. This action can range from a simple message harmless to the deterioration of some functions of the operating system or damage to files or even complete destruction of all data on the computer. One speaks in this case “logic bomb”.A boot virus installs a boot sector of a boot device: hard drive (the main boot sector, the “master boot record, or that of a partition), floppy or whatever. It replaces a boot loader (or boot program or “bootloader”) entered (by copying the original elsewhere) or created (on a disc or there was none) but does not modify a program like a normal virus, when it replaces an existing startup program, it acts like a virus “prepend” (which is inserted at the beginning), but the fact of infecting a virgin device of any software startup differs from classical virus, which never attacks to “nothing.”
Macro viruses that attack software macros in Microsoft Office (Word, Excel, etc..) Through VBA Microsoft. For example, adhering to the normal.dot template in Word, a virus can be activated every time the user runs the program. Viruses, worms, appeared around 2003, having experienced a rapid development in the years that followed, are classic viruses because they have a host program. But similar to the worms (in English “worm”) because:
Their mode of propagation is linked to the network, like worms, usually via the exploitation of security vulnerabilities.
Like worms, their action is discreet and non-destructive to users of the infected machine.
Like worms, they continue to set broad goals, such as distributed denial of resources attack or DoS (Denial of Service) to a server with thousands of infected machines connecting simultaneously. [ref. necessary] The batch-type virus, which emerged in the days when MS-DOS operating system was in vogue, viruses are “primitive.” Although able to reproduce and infect other batch files, they are slow and have very low infectivity. Some programmers have been up to create encrypted and polymorphic viruses Batch. This is a real technical feat Batch as the language is simple and primitive.
Other threats exist in IT, it often distinguished by the absence of reproductive system that characterizes the viruses and worms, the term “malicious software (” malware “in English) is more appropriate in this case. The term computer virus was created by analogy with the virus in biology: a computer virus uses its host (the computer it infects) to reproduce and spread to other computers. Like biological viruses, where the genetic diversity slows growth chances of a virus, computer systems and what are the most popular software that are most affected by viruses: Microsoft Windows, Microsoft Office, Microsoft Outlook, Microsoft Internet Explorer, Microsoft Internet Information Server… Professional versions of Windows (NT/2000/XP Pro) to manage rights in a professional manner are not immunized against these stealthy invaders.
The commoditization of Internet access was a major factor in the rapid widespread dissemination of the latest viruses. This is mainly due to the ability of viruses to appropriate email addresses found on the infected machine (in the address book but also in the messages or archives visited web pages or messages to newsgroups ). Similarly, the interconnection of computers in local networks has amplified the ability to spread viruses that find this way more potential targets. However, systems with limited distribution are not affected proportionately. The majority of these systems, as variants of the architecture UNIX (BSD, Mac OS X or Linux), using standard management rights of each user allowing them to avoid the simplest attacks, the damage is so normally confined to areas accessible only to users, saving the base operating system. Legal viruses.
When discovered, the virus is assigned a name. This theory is consistent with the agreement signed in 1991 by members of Computer Best Antivirus Research Organization. This name is determined as follows:
- Prefix, mode of infection (macro viruses, trojan horses, worms…) or the operating system concerned;
- A word expressing its special or flaw that exploits (Swen is an anagram of News, an anagram of Admin Nimda, Sasser exploits a vulnerability LSASS );
In a version number suffix (the viruses are often taken the form of variants with similarities to the original version). Unfortunately, the analytical laboratories of various antiviral publishers sometimes affect their own name to the virus they are working on, which makes it difficult to find information. Thus, for example, the Netsky virus in Alternative Q is called W32.Netsky.Q @ mm Symantec, Trend Micro WORM_NETSKY.Q, W32/Netsky.Q.worm at Panda and I-Worm.NetSky. r at Kaspersky. It is possible to search for a generic name given through specialized search engines, such as Virus Bulletin or Kevin Spicer. Virus on Linux. The Linux operating system, as well as the Unix operating systems and related, is usually fairly well protected against computer viruses. However, some viruses can potentially damage Linux systems are not secure.
Like other Unix systems, Linux implements a multi-user environment, in which users have rights corresponding to their specific needs. There is thus a system of access control to prevent a user to read or edit a file. Thus, viruses typically have less capacity to affect and infect a system running Linux or DOS on Windows files always having FAT32 (NTFS files have the same protection as files UNIX, Windows NT database also isolate the accounts between them). Therefore, no viruses written for Linux, including those listed below, could spread successfully. In addition, security vulnerabilities that are exploited by viruses are corrected in a few days for updates of the Linux kernel. Virus scanners are available for Linux systems to monitor the activity of active viruses on Windows. They are mainly used on proxy servers or mail servers that have Microsoft Windows client systems The antivirus software designed to identify, neutralize and eliminate malware (including viruses are just one example) that are based on the exploitation of security vulnerabilities. Antivirus checks the files and emails. Different methods are possible:
- The major antivirus market are focusing on signature files and then compare the signature of the virus to viral code to check.
-The heuristic method is the most powerful, seeking to discover malicious code by its behavior. She tries to detect it by analyzing the code of an unknown program. Sometimes false alarms may be caused.
- The shape analysis is based on filtering rules between regexp or other, put in a junk file. The latter method can be very effective for mail servers supporting postfix regexp type since it does not rely on a signature file. Antivirus programs can scan the contents of a hard drive, but also the computer memory. For the more modern they act upstream of the machine by scanning the file exchanges with the outside world, both in amount that flows downhill. Thus, emails are reviewed, but the files copied to or from removable media such as CDs, floppy disks, network connections, USB keys… Virus creators have previously identified and recorded information about the virus, like a dictionary, the antivirus can detect and locate the presence of a virus. When this occurs, the virus has three options, it may:
- try to repair the corrupted files by removing viruses;
put the files in quarantine so they can be accessible to other files or spread and they can eventually be repaired later;
delete infected files. To maximize the yield of virus, it is essential to make frequent updates by downloading newer versions. Internet and conscientious with good computer skills can identify themselves from viruses and send their information to software developers so that their antivirus database is updated. Typically, antivirus review each file when it is created, opened, closed, or read. In this way, viruses can be identified immediately. It is possible to program the system of administration which conducts a regular review of all files on the storage space (hard disk, etc.). Although antivirus software are very reliable and regularly updated, virus writers are just as often be inventive. In particular, the virus “oligomorphiques”, “polymorphic” and more recently “metamorphic” are harder to detect. Whitelist. The “white list” is a technique increasingly used to fight against malware.
Instead of seeking software known as malware, it prevents execution of any program except those that are considered reliable by the system administrator. By adopting this method of blocking by default, it avoids the problems inherent in the updating of virus signature file. In addition, it helps prevent the execution of unwanted programs. Given that modern enterprises have many applications are considered reliable, the efficiency of this technique depends on the ability of the administrator to establish and update the whitelist. This task can be facilitated by the use of tools for process automation and inventory maintenance. Another approach to localize the virus is to detect suspicious behavior programs. For example, if a program tries to write data to a program run, the antivirus will detect this suspicious behavior and notify the user that will indicate the steps to follow.
Unlike the previous approach, the method used to identify suspicious behavior very recent viruses that are not yet known in the dictionary of the virus. However, the fact that users are constantly warned of false alarms can make them insensitive to the real threats. If users answer “Agree” to all of these alerts, antivirus offered them no protection. This problem has worsened since 1997, since many programs have changed some harmless executable files without observing these false alarms. Therefore, most modern antivirus software use less this method. The heuristic analysis is used by some viruses. For example, the antivirus can scan the beginning of each code of all new applications before transferring control to the user. If the program seems to be a virus, then the user is notified. However, this method can also lead to false alarms. The heuristic method can detect virus variants, and automatically communicating the results of the analysis to the editor, it can verify the accuracy and updating its database of virus definitions.
The method of the sandbox (sandbox in English) is to emulate the operating system and run the file during the simulation. Once the program is terminated, software analyzes the results of the sandbox to detect changes that may contain viruses. Because of performance problems, such detection usually takes place during the scanning on demand. This method may fail as viruses can be nondeterministic and result in different actions or perhaps even no action when executed. It is impossible to detect from a single execution. Many companies claim the title of creator of the first antivirus software. The first public announcement of a neutralization of a virus for PC was made by European Bernt Fix (or Bernd) in early 1987, the Vienna virus. Following this virus, several other viruses have surfaced such as ping pong, Lehigh and Survive-3, also known as Jerusalem.
Since 1988, several companies with the objective of further research in the field of antivirus software came together. The first breakthroughs in anti-virus occurred in March 1988 with the release of Den Zuk, created by Indonesian Denny Yanuar Ramdhani. Den Zuk virus could neutralize the Brain. In April 1988, the Virus-L forum has been created on Usenet, and mid-1988 saw the design of a search engine can detect viruses and Trojans that were known to the public. In autumn 1988 appeared antivirus software Dr. Solomon’s Anti-Virus Toolkit designed by Briton Alan Solomon. At the end of December 1990, the market has come to the point of offering the consumer products related to 19 different anti-virus, among them, Norton Antivirus and McAfee VirusScan. Peter Tippett was extensively involved in the emerging field of detection of computer viruses. It was an emergency occupation and also had his software company. He read an article about the Lehigh virus, which was the first to be developed, but it’s actually on Lehigh himself that Tippett was the most knowledgeable.
He asked if there were similar characteristics between these viruses and those that attack humans. From a standpoint epidemic, he was able to determine how these viruses affect the same processor computer (the boot sector was affected by the Brain virus, the. Com with the Lehigh virus, while the Jerusalem virus attacked both files. com and. exe). Tippett’s company, Certus International Corp.. was therefore involved in the creation of antivirus software. He sold the company to Symantec Corp. in 1992. Tippett and joined them by implementing the software developed on behalf of Symantec, Norton AntiVirus.