Viruses: How they work and what they are - Malware

chroniccommand

Viruses: How they work and what they are
Written by: Chroniccommand
For: CodeShock
-----------------------------------------------------------------------------------------------------\\\\\\\\\\\\\\\\\
Definition of a computer virus
Wikipedia:

A computer virus is a computer program that can copy itself and infect a computer. The term "virus" is also commonly but erroneously used to refer to other types of malware, adware, and spyware programs that do not have the reproductive ability. A true virus can only spread from one computer to another (in some form of executable code) when its host is taken to the target computer; for instance because a user sent it over a network or the Internet, or carried it on a removable medium such as a floppy disk, CD, DVD, or USB drive. Viruses can increase their chances of spreading to other computers by infecting files on a network file system or a file system that is accessed by another computer.

Me

In my opinion, A computer virus is an crafted piece of code designed to infect computers and cause problems. Viruses may spread in many ways such as removable media drives, E-Mail, P2P(Person 2 Person) or any other numbers of ways. The main objective of a virus is to infect the host computer, like a real virus infects a host with strands of DNA injected into a cell. A computer virus works in a way similar by injecting pieces of code, much like DNA that will cause undesirable functions to the host computer.

-----------------------------\\\
Types of virus's
Worm: A computer worm is one nasty code that you definitely do not want on your system. It is a self replicating program that will send copies of itself to other target machines by methods explained above, which I will now list some again:
#E-Mail
#P2P
#Removable media drives
Unlike a virus, a worm does not need attach itself to a particular program. A worm may do things such as:
#Consume bandwidth
#Consume RAM(Random Access Memory)
#More...
Take a look at this image, which shows the spread of the Conficker worm.
http://upload.wikimedia.org/wikipedia/commons/thumb/5/53/Conficker.svg/800px-Conficker.svg.png
------------------------\\
Trojan Horse
A Trojan Horse is another very nasty piece of code. A Trojan Horse is a non-replicating piece of software that attempts to preform undesirable functions to the host computer. Trojan horses are designed to allow a hacker remote access to a target computer system. Once a Trojan horse has been installed on a target computer system, it is possible for a hacker to access it remotely and perform various operations. The operations that a hacker can perform are limited by user privileges on the target computer system and the design of the Trojan horse. Some Trojan Horse functions are listed below:
#Data theft
#Download/Upload files
#View a users screen
#Wasting storage space
#Using as a botnet
Trojan Horse installation: Normally a hacker will download a program, such as Cybergate or Spy-Net or Prorat. From the interface of such programs a hacker will create a server which will open a backdoor into the computers system. Step 3 is to connect to the server(Some programs such as cybergate listen for a connection and will allow multiple connections). Once the hacker has connected to the host machine infected by the Trojan, the hacker will have access to many of the tools the Trojan Horse offers.
----------------------------\\
Spyware
Definition of Spyware.

Spyware is a type of malware that is installed on computers and collects little bits of information at a time about users without their knowledge. The presence of spyware is typically hidden from the user, and can be difficult to detect. Typically, spyware is secretly installed on the user's personal computer. Sometimes, however, spywares such as keyloggers are installed by the owner of a shared, corporate, or public computer on purpose in order to secretly monitor other users.

The most common use of spyware is through a keylogger. A keylogger is a piece of code that will log all keys typed by the user. Typically the logs will send either the hackers mail or by FTP.
---------------------------\\
How to protect yourself
Protecting yourself from any virus is quite simple. Some simple ways of protecting yourself are listed right below:
#Use Linux!!
#Download an AV(Anti Virus) program and scan regularly
#Be weary of what you download
#Try to run things sandboxed or through VM.
#If your infected please consult many of the experts on HackForums and CodeShock and you can get yourself uninfected.
----------------------\\
Undetection methods
Latest Anti-Virus wont fully protect you from viruses. Let me explain a little. What is FUD? FUD stands for Fully Undetectable. A FUD virus is a virus that will not be detected by an anti-virus. If a virus is detected by some Anti-Virus systems but not all it is considered UD(Undetectable).
Method of FUD'ing a virus:
Typically the hacker will use a program called a Crypter to help make there virus FUD/UD. The hacker will crypt the file and scan it with http://scanner.novirusthanks.org/ And choose not to distribute the sample because a sample of the virus will be sent to Anti-Virus companies, looked at and soon the virus will no longer be FUD.
---------------------------\\
Please note that this is an early version of the paper. I may write more. Please reply or PM suggestions/comments and I hope you enjoyed this paper on viruses, how they work, what they do and how to protect yourself.
-Chroniccommand

Xin

Great Paper! keep them coming chronic.

tarunagg888

thnx man...i created a presentation on viruses....!!

Rajah

Very good post, do you know anything about the ever elusive Linux virus? We haven't seen any yet but they are sure to come in the near future.

chroniccommand

said:

Very good post, do you know anything about the ever elusive Linux virus? We haven't seen any yet but they are sure to come in the near future.

Linux viruses are a lot less common, but are still out there. *Nix is usually more secure, but viruses can still be created.

Rajah

I've heard about proof of concept ones being created but never of any running rampant across the net. That's why I was curious. It seems like it would be rather difficult to write an effective virus targeting the Linux community.

Xin

said:

I've heard about proof of concept ones being created but never of any running rampant across the net. That's why I was curious. It seems like it would be rather difficult to write an effective virus targeting the Linux community.

The reason they dont exist as much i think is because a lot less people use linux, but mainly there a lot less exploits out for standard linux applications, exploits are key in an effective worm/virus. Windows in general is a lot less secure.

Things like Freebsd 64bit cannot even be effected by BOFs.

Null Set

How to protect yourself
Protecting yourself from any virus is quite simple. Some simple ways of protecting yourself are listed right below:
#Use Linux!!
#Download an AV(Anti Virus) program and scan regularly
#Be weary of what you download
#Try to run things sandboxed or through VM.
#If your infected please consult many of the experts on HackForums and CodeShock and you can get yourself uninfected.

I think the basic idea should be "Know the difference between something that seems so good it shouldn't be true". I wrote about this concept in SO and you can check it here.

Let me explain a little bit further. When you handle your computer, you ought to know that not all things you find online are safe. Sometimes, when something seems to be "too good" like a free serial key or a download of a new program, be wary - this may be a virus. This is how I relate this to my concept. In reality, if you're careful enough, you can avoid being hit by a virus already.

Btw, this is a good paper, I'd think. :)

bornwanted

Great post mate :) crystal clear

Howdy, Stranger!

Top Posters

Who's Online (1)