What is a virus?
A computer virus is malicious code designed to damage, disrupt or steal info, without the permission or knowledge of the user. A virus must meet 2 criteria:
- It must execute itself. It will often place its self in the path of execution of another program.
- It must replicate itself. For example, it may replace other executable files with a copy of the virus infected file. Viruses can infect devices and network servers alike.
Some viruses are designed to damage the computer by damaging programs, deleting files, or reformatting the hard disk. Others are not designed to do any damage, but simply to replicate themselves and make their presence known by presenting text, video, and audio messages. Even these type of viruses can slow down the computer and create problems in performance. They usually take up computer memory used by legitimate programs. As a result, they often cause erratic behavior and may result in system crashes or data loss
here are 5 recognized types of viruses:
1. File infector viruses
File infector viruses infect program files. These viruses normally infect executable code, such as .com and .exe files. The can infect other files when an infected program is run from floppy, hard drive, or from the network. Many of these viruses are memory resident. After memory becomes infected, any uninfected executable that runs becomes infected. Examples of known file infector viruses include Jerusalem and Cascade.
2. Boot sector viruses
Boot sector viruses infect the system area of a disk–that is, the boot record on floppy disks and hard disks. All floppy disks and hard disks (including disks containing only data) contain a small program in the boot record that is run when the computer starts up. Boot sector viruses attach themselves to this part of the disk and activate when the user attempts to start up from the infected disk. These viruses are always memory resident in nature. Most were written for DOS, but, all PCs, regardless of the operating system, are potential targets of this type of virus. All that is required to become infected is to attempt to start up your computer with an infected floppy disk Thereafter, while the virus remains in memory, all floppy disks that are not write protected will become infected when the floppy disk is accessed. Examples of boot sector viruses are Form, Disk Killer, Michelangelo, and Stoned.
3. Master boot record viruses
Master boot record viruses are memory resident viruses that infect disks in the same manner as boot sector viruses. The difference between these two virus types is where the viral code is located. Master boot record injectors normally save a legitimate copy of the master boot record in an different location. Older computers such as Windows NT that were infected by either boot sector viruses or master boot sector viruses will not boot.
4. Multipartite viruses
Multipartite (also known as polypartite) viruses infect both boot records and program files. These are particularly difficult to repair. If the boot area is cleaned, but the files are not, the boot area will be reinfected.
5. Macro viruses
These types of viruses infect data files. They are the most common and have cost corporations the most money and time trying to repair. With the advent of Visual Basic in Microsoft’s Office 97, a macro virus can be written that not only infects data files, but also can infect other files as well. Macro viruses infect Microsoft Office Word, Excel, PowerPoint and Access files. Newer strains are now turning up in other programs as well.
What is a Trojan horse?
Trojan horses are impostors–files that claim to be something desirable but, in fact, are malicious. A very important distinction from true viruses is that they do not replicate themselves, as viruses do. Trojans contain malicious code, that, when triggered, cause loss, or even theft, of data. In order for a Trojan horse to spread, you must, in effect, invite these programs onto your computers–for example, by opening an email attachment.
What is a worm?
Worms are programs that replicate themselves from system to system without the use of a host file. This is in contrast to viruses, which requires the spreading of an infected host file. Although worms generally exist inside of other files, often Word or Excel documents, there is a difference between how worms and viruses use the host file.
What is a blended threat?
Blended threats combine the characteristics of viruses, worms, Trojan horses, and malicious code with server and Internet vulnerabilities to initiate, transmit, and spread an attack. By using multiple methods and techniques, blended threats can rapidly spread and cause widespread damage.
Characteristics of blended threats include the following:
- Causes harm Launches a Denial of Service (DoS) attack at a target IP address, defaces Web servers, or plants Trojan horse programs for later execution.
- Propagates by multiple methods Scans for vulnerabilities to compromise a system, such as embedding code in HTML files on a server, infecting visitors to a compromised Web site, or sending unauthorized email from compromised servers with a worm attachment.
- Attacks from multiple points Injects malicious code into the .exe files on a system, raises the privilege level of the guest account, creates world read and writeable network shares, makes numerous registry changes, and adds script code into HTML files.
- Spreads without human intervention Continuously scans the Internet for vulnerable servers to attack.
- Exploits vulnerabilities Takes advantage of known vulnerabilities, such as buffer overflows, HTTP input validation vulnerabilities, and known default passwords to gain unauthorized administrative access.
Effective protection from blended threats requires a comprehensive security solution that contains multiple layers of defense and response mechanisms.
So, What is an expanded threat?
An expanded threat is an application or software-based executable that is either independent or interdependent on another software program, and meets one or more of the following criteria:
- Is considered to be nonviral in nature (that is, does not spread on its own using a virus-like mechanism, or meet the definition of a worm or Trojan horse), yet conforms in a significant way to the general definition of a category of expanded threat.
- Has been submitted to Symantec by a critical number of either corporate or individual users within a given time-frame. The time-frame and number may vary by category and by threat.
- Can be shown to create a general nuisance related to one of the specified threat categories, or exhibits behavior that is as yet undefined under a broader category of expanded threat.
What is a virus hoax?
Virus hoaxes are messages, almost always sent by email, that amount to little more than chain letters. Some of the common phrases used in these hoaxes are:
- If you receive an email titled [email virus hoax name here], don’t open it!
- Delete it at once!
- It contains the [hoax name] virus.
- It will delete everything on your hard drive and [extreme and improbable danger specified here].
- This virus was announced by [reputable organization name here].
- report it !
Most virus hoax warnings do not deviate far from this pattern. If you are unsure whether a virus warning is legitimate or a hoax, report it.
What is not a virus?
Because of the hype that viruses have received lately, it is easy to blame any computer problem on a virus. The following items are not likely to be caused by a virus or other malicious code:
- Hardware problems. Up to now there are no viruses that can physically damage computer hardware, such as chips, boards, and monitors.
- The pc beeps at startup with no screen display. This is typically caused by a hardware problem during the boot process.
- The pc does not register 640 KB of conventional memory. This can be a sign of a virus, but it is not for sure. Some hardware drivers such as those for the monitor or SCSI card can use memory.
- You have 2 antivirus installed and one of them reports a virus. While this could be a virus, it can also be caused by one antivirus program detect the other and creating a conflict.
- You are using Word and Word warns you that a document contains a macro. This does not mean that the macro is a virus.
- You are not able to open a particular document. This is not necessarily a virus. Try opening another document or a backup of the document in question or try opening that document in another pc.
- The label on a hard drive has changed. Every disk is allowed to have a label. You can set a label to a disk by using the “label” command at the command prompt.
What is term safe computing?
With all the hype, it is easy to believe that viruses lurk in every file, every email, every Web site. However, a few basic precautions can minimize your risk of infection. Practice safe computing and encourage everyone you know to do so as well.
- always be suspicious of email attachments, downloads from unknown sources.
- Verify that attachments have been sent by the sender.
- Never set your email software to “auto-run” attachments.
- Obtain all security updates.
- Always Back up your data frequently. preferably in cloud so you have access 24/7.
Specific Endpoint Protection
- Be sure that you have the latest virus and spyware definitions. Check for Virus Definitions & Security Updates.
- Make sure you keep Auto-Protect running.
- Always Scan all new software before installing.
- Scan all media that originated from someone else.
- Always use caution when opening email attachments or downloads.