Computer viruses are a type of malicious software program ("malware") which, when executed, multiplies by modifying other computer programs and entering its own code. When this replication is successful, the affected area is then said to be "infected" with a computer virus.
Virus authors use social engineering scams and exploit detailed knowledge about security vulnerabilities to infect systems and spread viruses. Most viruses target systems running Microsoft Windows, using various mechanisms to infect new hosts, and often use complex anti-detection/stealth strategies to avoid antivirus software. Motives for creating viruses can include profit-seeking (eg, with ransomware), the desire to send political messages, personal entertainment, to indicate that vulnerabilities exist in software, for sabotage and denial of service, or simply because they want to explore cyber security issues. , artificial life and evolutionary algorithms.
Today's computer viruses cause economic damage to billions of dollars each year, as it causes system failures, wasting computer resources, corrupting data, increasing maintenance costs, etc. In response, free open source antivirus tools have been developed, and the antivirus software industry has been cut, sold or freely distributed virus protection to users of various operating systems. In 2005, although no current antivirus software was able to uncover all computer viruses (especially new ones), computer security researchers are actively looking for new ways to activate antivirus solutions in order to detect viruses that appear more effectively, before they become wider. distributed.
The term "virus" is also common, but it is mistaken, used to refer to other types of malware. "Malware" includes computer viruses along with various other forms of malicious software, such as "worm" computers, ransomware, spyware, adware, trojan horses, keyloggers, rootkits, bootkits, Malicious Browser Helper Objects (BHOs) and other malicious software. The majority of active malware threats are actually Trojan horse programs or computer worms rather than computer viruses. The term computer virus, invented by Fred Cohen in 1985, is a misnomer. Viruses often perform certain types of malicious activity on infected host computers, such as acquiring hard disk space or central processing time (CPU), accessing personal information (eg, credit card numbers), corrupting data, displaying political messages or humor on the user's screen, sending spam to their e-mail contacts, record their keystrokes, or even render the computer useless. However, not all viruses carry a destructive "payload" and try to hide themselves - the defining characteristics of viruses are that they are self-replicating computer programs that modify other software without user consent.
Video Computer virus
Historical development
Early academic work on self-replicating programs
The first academic work on self-replicating computer program theory was conducted in 1949 by John von Neumann who lectured at the University of Illinois on "Theory and Organization of Automata Complicates". The work of von Neumann was later published as "Theory of self-reproducing automata". In his essay von Neumann describes how a computer program can be designed to reproduce itself. Von Neumann's design for a self-reproducing computer program is considered to be the world's first computer virus, and he is considered the theoretical "father" of computer virology. In 1972, Veith Risak, who directly built von Neumann's work on self-replication, published his article "Selbstreproduzierende Automaten mit Minimal InformationsÃÆ'¼bertragung" (Self-reproducing automata with minimal information exchange). This article describes a fully functional virus written in assembler programming language for SIEMENS 4004/35 computer systems. In 1980 JÃÆ'¼rgen Kraus wrote his diploma thesis "Selbstreproduktion bei Programmen" (self-reproduction program) at the University of Dortmund. In his work, Kraus postulated that computer programs can behave in a manner similar to a biological virus.
First example
The Creeper virus was first detected on ARPANET, the Internet pioneer, in the early 1970s. Creeper is a self-replicating experimental program written by Bob Thomas at BBN Technologies in 1971. Creeper uses ARPANET to infect DEC PDP-10 computers running the TENEX operating system. Creeper gained access via the ARPANET and copied himself to a remote system where the message, "I'm the explorer, catch me if you can!" has been displayed. The Reaper program is created to remove Creeper. In fiction, sci-fi film Michael Crichton 1973 Westworld makes the earliest mention of the concept of computer viruses, becoming the central theme of the plot that causes android rage. The character Alan Oppenheimer summarizes the problem by stating that "... there is a clear pattern here that shows the analogy of the process of infectious disease, spreading from one... area to the next area." To the answer stated: "There may be a superficial similarity to the disease" and, "I must admit I find it hard to believe in the disease of the machine."
In 1982, a program called "Elk Cloner" was the first personal computer virus to appear "in the wild" - that is, outside the computer or lab [computer] where it was created. Written in 1981 by Richard Skrenta while in ninth grade at Mount Lebanon High School near Pittsburgh, he attached himself to the Apple DOS 3.3 operating system and spread through floppy disks. This virus, made as a practical joke when Skrenta is still in high school, is injected in a game on a floppy disk. On his 50th using Elk Cloner virus will be activated, infecting personal computers and displaying short poems starting "Elk Cloner: Program with personality." In 1984 Fred Cohen of the University of Southern California wrote his paper "Computer Virus - Theory and Experiments". This is the first paper to explicitly refer to the self-reproduction program as a "virus", a term introduced by Cohen's mentor, Leonard Adleman. In 1987, Fred Cohen published a demonstration that no algorithm could perfectly detect all possible viruses. Theoretical compression virus Fred Cohen is an example of a virus that is not malicious software (malware), but is basically kind-hearted (well-intentioned). However, antivirus professionals do not accept the concept of "good virus", because any desired functionality can be implemented without involving the virus (automatic compression, for example, is available under the Windows operating system on the user's choice). Any virus by definition will make unauthorized changes to the computer, which is unwanted even if no damage is done or intended. On the page of one of Dr Solomon's Virus Encyclopaedia, an unintentable virus, even one that does nothing but reproduce, is thoroughly explained.
An article describing "useful virus functionality" was published by JB Gunn under the heading "The use of viral functions to provide virtual APL interpreters under user control" in 1984. The first IBM PC virus in "wild" was a dubbed boot sector virus (c ) Brain, created in 1986 by Farooq Alvi Brothers in Lahore, Pakistan, was reported to prevent unauthorized copying of the software they wrote. The first virus that specifically targeted Microsoft Windows, WinVir was discovered in April 1992, two years after the release of Windows 3.0. Viruses do not contain Windows API calls, but instead rely on DOS interruptions. A few years later, in February 1996, the Australian hacker of the VLAD virus maker crew created the Bizatch virus (also known as "Boza" virus), which was the first known virus to target Windows 95. In late 1997, the memory was encrypted. - Win32.Cabanas stealth viruses released - the first known virus that targets Windows NT (it's also capable of infecting Windows 3.0 and Windows 9x hosts).
Even home computers are affected by viruses. The first to appear in the Commodore Amiga is a boot sector virus called the SCA virus, which was detected in November 1987. The first social networking virus, Win32.5-0-1, was created by Matt Larose on August 15, 2001. The virus specifically targeted MSN users Messenger and online bulletin boards. Users will be prompted to click on a link to activate the virus, which will then send an email containing the user's data to an anonymous email address, which was later discovered to be owned by Larose. The data submitted will contain items like the user's IP address and email address, contacts, website search history, and commonly-used phrases. In 2008, the larger websites used part of Win32.5-0-1 code to track interest related to web user ads.
Maps Computer virus
Operation and function
Section
A decent computer virus must contain a search routine, which places new files or new disks that are a valuable target for infection. Secondly, every computer virus must contain a routine to copy itself into the program sought by public search. The three major parts of the virus are:
Infection mechanism
The infection mechanism (also called 'infection vector'), is how the virus spreads or spreads. Viruses usually have a search routine, which places new files or new disks for infection.
Trigger
Triggers, also known as logic bombs, are compiled versions that can be enabled at any time executable files with viruses executed that specify events or conditions for malicious "payloads" that will be activated or sent as certain dates, times, specific attendance of the program otherwise, the disk capacity exceeds a certain limit, or double-clicks that open certain files.
Payload
The "payload" is the actual body or data that does the actual malicious purpose of the virus. Cargo activity can be seen (for example, because it causes the system to slow down or "freeze"), because most of the time the "payload" itself is a malicious, or sometimes harmful but distributive activity, called a fake news virus.
Phase
The viral phase is the life cycle of computer viruses, described by using a biological analogy. This life cycle can be divided into four phases:
Inactive phase
The virus program is inactive during this stage. The virus program has successfully accessed the target computer or software, but during this stage the virus does not take any action. The virus will eventually be activated by a "trigger" stating which events will execute the virus, such as date, program presence or other files, the disk capacity exceeds a certain limit or the user takes certain actions (for example, double click on a particular icon, open e- mail, etc.). Not all viruses have this stage.
Propagation phase
The virus begins to spread, which multiplies and replicates itself. The virus puts a copy of itself into another program or to a specific system area on the disk. The copy may not be identical to the propagation version; viruses are often "changed" or changed to avoid detection by IT professionals and anti-virus software. Every infected program will now contain a clone of the virus, which in itself will enter the propagation phase.
The trigger phase
The inactive virus moves into this phase when it is activated, and will now perform its intended function. The triggering phase can be caused by various system events, including the count of how many copies of this virus have made copies of themselves.
Execution phase
This is a true viral work, in which "payload" will be released. This can be destructive such as deleting files on disk, crashing the system, or destroying files or being relatively harmless such as raising funny or political messages on the screen.
Target infection and replication techniques
Computer viruses infect different subsystems on their host computers and software. One way to classify viruses is to analyze whether they are in a binary executable (such as a.EXE or.COM file), a data file (such as a Microsoft Word document or PDF file), or in the boot sector of the host's hard drive (or some combination of all this).
Resident vs. non-resident virus
The memory-resident virus (or simply "resident virus") installs itself as part of the operating system when it is run, after which it remains in RAM from when the computer boots up when it is closed down. Resident virus overwrites interrupt handling code or other functions, and when the operating system tries to access the target file or disk sector, the virus code bypasses the request and redirects the control flow to the replication module, infecting the target. In contrast, the non-resident virus (or "non-resident virus"), when executed, scans the disk for the target, infects them, and then exits (ie does not remain in memory after it has finished running).
Macro virus
Many common applications, such as Microsoft Outlook and Microsoft Word, allow macro programs to be embedded in documents or emails, so the program can run automatically when documents are opened. Macro viruses (or "virus documents") are viruses written in macro language, and embedded in these documents so that when a user opens a file, the virus code is executed, and can infect a user's computer. This is one of the reasons why it is dangerous to open an unexpected or suspicious attachment in an email. While not opening e-mail attachments from unknown persons or organizations can help reduce the likelihood of contracting the virus, in some cases, the virus is designed in such a way that the e-mail appears to come from reputable organizations (eg, a major bank or credit card company ).
Boot sector virus
Boot sector virus specifically targets the boot sector and/or Master Boot Record (MBR) of the host's hard drive or removable storage media (flash drive, floppy disk, etc.).
Email virus
Email virus - A virus that deliberately, unintentionally, uses an email system to spread. While virus infected files may be inadvertently sent as email attachments, email viruses realize the functionality of the email system. They generally target specific types of email systems (Microsoft Outlook is the most commonly used), harvest email addresses from multiple sources, and can add their own copies to all sent emails, or can generate email messages containing copies of themselves as attachments.
Stealth Technique
To avoid detection by users, some viruses use different types of fraud. Some older viruses, especially on MS-DOS platforms, ensure that the "last changed" date of the host file remains the same when the file is infected by the virus. This approach does not deceive antivirus software, however, especially those who maintain cyclic redundancy and date check file changes. Some viruses can infect files without increasing their size or corrupting files. They solve this by overwriting unused areas of executable files. This is called virus cavity . For example, the CIH virus, or Chernobyl Virus, infects Portable Executable files. Because the files have many empty gaps, the virus, which is 1 KB in length, does not increase the file size. Some viruses try to avoid detection by killing tasks associated with antivirus software before it can detect them (eg, Conficker). In the 2010s, as computers and operating systems grew larger and more complicated, old hiding techniques needed to be updated or replaced. Defending a computer against a virus may demand that the file system migrate in the direction of explicit and explicit permissions for each type of file access.
Read intercepts queries
While some types of antivirus software use various techniques to counter the stealth mechanism, once the infection occurs the other way to "clean up" the system is not reliable. In the Microsoft Windows operating system, the NTFS file system is proprietary. This leaves a small alternative antivirus software but to send a "read" request to the Windows OS file that handles the request. Some viruses trick anti-virus software by intercepting its request to the Operating system (OS). Viruses can hide by intercepting requests to read infected files, handling the request itself, and restoring uninfected versions of files to antivirus software. Interruptions can occur with code injection from the actual operating system files that will handle the read request. So, antivirus software that tries to detect viruses will not be authorized to read infected files, or, a "read" request will be presented with an uninfected version of the same file.
The only reliable method to avoid "stealth" viruses is "reboot" from known "clear" media. The security software can then be used to check for inactive operating system files. Most security software rely on virus signatures, or they use heuristics. The security software can also use a hash database file for Windows OS files, so security software can identify the changed files, and ask the Windows installation media to replace them with the original version. In older versions of Windows, cryptographic hash file files from Windows OS files stored on Windows - to allow file integrity/authenticity to be checked - can be overwritten so that System File Checker will report that the modified file system is genuine, so using hash files to scan the changed files does not always guarantee finding the infection.
Self-modification
Most modern antivirus programs try to find virus patterns inside a regular program by scanning them for so-called virus signatures . Unfortunately, the term is misleading, where the virus does not have a unique signature in the way that humans do. The "sign" of such viruses is just a sequence of bytes sought by an antivirus program because it is known to be part of a virus. The better term is "search string". Different antivirus programs will use different search strings, and indeed different search methods, when identifying viruses. If the virus scanner finds such a pattern in a file, it will perform another check to make sure that it has found the virus, and not just the chance sequence in the innocent file, before informing the user that the file is infected. Users can then delete, or (in some cases) "clean" or "cure" infected files. Some viruses use techniques that make detection with signatures that are difficult but may not be impossible. These viruses modify their code on each infection. That is, every infected file contains different virus variants.
Encrypted virus
One method to avoid signature detection is to use simple encryption to encode (encode) the body of the virus, leaving only encryption module and static cryptographic key in clear text that does not change from one infection to the next. In this case, the virus consists of a small decryption module and a copy of encrypted virus code. If a virus is encrypted with a different key for every infected file, the only part of the virus that remains constant is the decryption module, which will (for example) be added to the end. In this case, the virus scanner can not directly detect the virus using a signature, but it can still detect the decryption module, which still makes indirect detection of possible viruses. Since this is a symmetric key, stored on an infected host, it is very likely to decrypt the last virus, but this may not be necessary, since the self-modifying code is a scarcity that may be the reason for virus scanners at least "mark" files as suspicious. The ancient yet concise way is the use of arithmetic operations such as addition or subtraction and the use of logical conditions such as XORing, where every byte in a virus is a constant, so the operation is exclusive or should only be repeated for decryption. It is suspicious for the code to modify itself, so the code to perform the encryption/decryption can be part of the signature in many virus definitions. The simpler older approach does not use a key, where the encryption consists only of operations without parameters, such as increments and subtractions, bitwise rotation, arithmetic negation, and NOT logic. Some viruses will use encryption tools in executable files where viruses are encrypted in certain instances, such as virus scanners that are disabled for updates or the computer is being rebooted. This is called cryptovirology. At such times, the executable will decrypt the virus and execute the hidden runtime, infect the computer and sometimes disable the antivirus software.
Polymorphic Code
Polymorphic codes are the first technique that poses a serious threat to virus scanners. Just like a regular encrypted virus, polymorphic viruses infect files with an encrypted copy of itself, decoded by the decryption module. In the case of polymorphic viruses, this decryption module is also modified in each infection. Well-written polymorphic viruses therefore do not have identical fixed parts between infections, making it very difficult to detect directly using "signatures". Antivirus software can detect it by decrypting the virus using the emulator, or by analyzing the statistical patterns of the encrypted virus body. To activate the polymorphic code, the virus must have a polymorphic engine (also called a "mutation machine" or "mutation machine") somewhere in its encrypted body. See the polymorphic code for technical details on how to operate such a machine.
Some viruses use polymorphic code in ways that limit the rate of viral mutation significantly. For example, viruses can be programmed to mutate only slightly over time, or can be programmed to refrain from mutating when infecting files on computers that already contain virus copies. The advantage of using slow polymorphic code is making it more difficult for antivirus professionals and investigators to get a representative sample of viruses, since infected "feed" files in one run will usually contain identical or similar samples of viruses. This will make it more likely that the detection by the virus scanner is unreliable, and some virus samples may be able to avoid detection.
Metamorphic Code
To avoid being detected by emulation, some viruses rewrite themselves each time they infect new executables. Viruses that utilize this technique are said to be in the metamorphic code. To allow metamorphosis, a "metamorphic engine" is required. Metamorphic viruses are usually very large and complex. For example, W32/Simile consists of over 14,000 lines of assembly language code, 90% of which are part of a metamorphic engine.
Vulnerability and infection vector
Software bug
Because software is often designed with security features to prevent unauthorized use of system resources, many viruses have to exploit and manipulate security bugs, which are a security flaw in the system or application software, to propagate and infect other computers. Software development strategies that generate many "bugs" in general will also generate potentially exploitable "holes" or "entrances" for viruses.
Social engineering and poor security practices
To replicate itself, the virus must be allowed to execute code and write to memory. For this reason, many viruses stick to executable files that may be part of a legitimate program (see code injection). If a user tries to launch an infected program, the virus code can run simultaneously. In operating systems that use file extensions to specify a program association (such as Microsoft Windows), the extension may be hidden from the user by default. It's possible to create a file that has a different type than the one displayed to the user. For example, an executable can be created and named "picture.png.exe", where the user only sees "picture.png" and therefore assumes that this file is a digital image and is most likely safe, but when opened it executes on the client machine.
Different operating system vulnerabilities
Most viruses target systems running Microsoft Windows. This is due to Microsoft's large market share of desktop computer users. The diversity of software systems on the network limits the destructive potential of viruses and malware. Open-source operating systems like Linux allow users to choose from a variety of desktop environments, packaging tools, etc., which means that malicious code targeting one of these systems will only affect some of the users. Many Windows users run a series of similar applications, allowing the virus to spread rapidly among Microsoft Windows systems by targeting the same exploits on a large number of hosts.
Although Linux and Unix generally prevents normal users from making changes to the operating system environment without permission, Windows users are generally not prevented from making this change, meaning that viruses can easily control the entire system on a Windows host. This discrepancy continues partly because of the widespread use of administrator accounts in contemporary versions like Windows XP. In 1997, researchers created and released a virus for Linux - known as "Bliss". Bliss, however, requires users to run it explicitly, and it can only infect programs that users have access to modify. Unlike Windows users, most Unix users are not logged in as administrator, or "root user", except installing or configuring software; as a result, even if the user is running a virus, it can not harm their operating system. The Bliss virus was never widespread, and remained curious in the study. The creators then post the source code to Usenet, allowing researchers to see how it works.
Countermeasures
Antivirus software
Many users install antivirus software that can detect and remove known viruses when the computer tries to download or execute executable files (which can be distributed as email attachments, or on a USB flash drive, for example). Some antivirus software blocks known malicious websites that try to install malware. Antivirus software does not change the host's basic capability to send viruses. Users should update their software regularly to patch security vulnerabilities ("holes"). Antivirus software also needs to be updated regularly to recognize the latest threats. This is because malicious hackers and others always create new viruses. The AV-TEST Institute of Germany publishes evaluation of antivirus software for Windows and Android.
Examples of Microsoft Windows anti-malware and anti-malware software include optional Microsoft Security Essentials (for Windows XP, Vista and Windows 7) for real-time protection, Windows Malicious Software Removal Tool (now included with Windows Update (Security) under " Patch Tuesday ", the second Tuesday of every month), and Windows Defender (optional download in case of Windows XP). In addition, some antivirus software programs are available for download free from the Internet (usually limited for non-commercial use). Some of these free programs are almost as good as commercial competitors. Common security vulnerabilities are assigned a CVE ID and are registered with the US National Vulnerability Database. Secunia PSI is an example of software, free for personal use, which will check the PC for vulnerable software that expires, and try to update it. The warning of ransomware and phishing scams appears as a press release on the Internet Crime Action Center announcement board. Ransomware is a virus that posts a message on the user's screen saying that the screen or system will remain locked or unusable until ransom payments are made. Phishing is a fraud in which malicious individuals pretend to be friends, computer security experts, or other benevolent individuals, in order to convince targeted individuals to reveal passwords or other personal information.
Other commonly used precautions include timely operating system updates, software updates, careful Internet searching (avoiding shady websites), and the installation of trusted software only. Sites of certain browser flags that have been reported to Google and that have been confirmed as malware hosting by Google.
There are two common methods used by antivirus software applications to detect viruses, as described in antivirus software articles. The first, and by far the most common method of virus detection is to use a list of virus signature definitions. This works by examining the contents of computer memory (Random Access Memory (RAM), and boot sectors) and files stored on fixed or removable drives (hard drives, floppy drives, or USB flash drives), and comparing those files with a database of known virus "signatures". Virus signatures are just the set of codes used to identify individual viruses; for each virus, the antivirus designer tries to select a unique signature string that will not be found in a legitimate program. Different antivirus programs use different "signatures" to identify viruses. The disadvantage of this detection method is that users are only protected from viruses detected by signatures in their latest virus definition updates, and are not protected from new viruses (see "zero-day attacks").
The second method to find the virus is to use a heuristic algorithm based on common viral behavior. This method has the ability to detect new viruses where antivirus security firms have not set "signatures", but also cause more false errors than using signatures. False positives can be disruptive, especially in commercial environments, as it may cause the company to instruct staff not to use the company's computer system until IT services have checked the system for viruses. This can slow down the productivity of regular workers.
Recovery strategies and methods
One can reduce the damage done by viruses by backing up data regularly (and the operating system) on different media, which either remain not connected to the system (most of the time, like on hard drives), read-only or inaccessible because other reasons, such as using a different file system. In this way, if data is lost through a virus, someone can start using backup again (which is expected to happen recently). If backup sessions on optical media such as CDs and DVDs are closed, it becomes read-only and can no longer be affected by viruses (as long as viruses or infected files are not copied to CD/DVD). Likewise, the operating system on a bootable CD can be used to start the computer if the installed operating system becomes unusable. Backups on removable media should be checked carefully before recovery. Gammima virus, for example, spreads through a removable flash drive.
Virus deletion
Many websites run by antivirus software companies provide free online virus scans, with limited "cleaning" facilities (however, the purpose of the website is to sell antivirus products and services). Some websites - such as a Google subsidiary, VirusTotal.com - allow users to upload one or more suspicious files to be scanned and checked by one or more antivirus programs in one operation. In addition, some antivirus software programs are available for download free from the Internet (usually limited for non-commercial use). Microsoft offers an optional free antivirus utility called Microsoft Security Essentials, an updated Windows Malicious Software Removal Tool as part of the usual Windows update regime, and an enhanced Windows Defender optional anti-malware enhancements to antivirus products in Windows 8.
Some viruses disable System Recovery and other important Windows tools like Task Manager and CMD. An example of a virus that does this is CiaDoor. Many such viruses can be removed by rebooting the computer, entering "safe mode" Windows with the network, and then using system tools or Microsoft Safety Scanner. System Restore in Windows Me, Windows XP, Windows Vista, and Windows 7 can restore critical system files and files to previous checkpoints. Often the virus will cause the system to "hang" or "freeze", and the next hard reboot will make the system restore point from the same day is broken. Restoring points from the previous day should work, as long as the virus is not designed to corrupt the recovery files and does not exist in the previous restore point.
Reinstalling the operating system
Microsoft System File Checker (upgraded in Windows 7 and later) can be used to check, and repair, damaged system files. Restoring a previous "clean" (virus-free) copy of all the partitions from a cloned disk, disk image, or backup copy is one solution - restoring a previous backup "image" is relatively easy, usually removing any malware, and possibly faster than " disinfect "computer - or reinstall and reconfigure the operating system and program from scratch, as described below, then restore user preferences. Reinstalling the operating system is another approach to virus removal. It is possible to recover copies of important user data by booting from the CD directly, or connecting the hard drive to another computer and booting from the second computer operating system, be very careful not to infect the computer by executing the infected program on the original drive. The original hard drive can then be reformatted and the OS and all programs installed from the original media. Once the system is restored, precautions must be taken to avoid re-infection of any recoverable files.
Virus and Internet
Before the computer network was widespread, most viruses spread in removable media, especially floppy disks. In the early days of personal computers, many users regularly exchanged information and programs about floppy disks. Some viruses spread by infecting programs stored on these disks, while others install themselves into the boot disk sector, ensuring that they will run when users boot the computer from the disk, usually by mistake. Personal computer era will try to boot first from floppy if there is left in drive. Until the floppy disk is not used anymore, this is the most successful infection strategy and boot sector viruses are the most common in the "wild" for years. Traditional computer viruses emerged in the 1980s, driven by the deployment of personal computers and enhancements generated in the bulletin board system (BBS), the use of modems, and the sharing of software. Bulletin board software support contributes directly to the spread of Trojan horse programs, and viruses are written to infect commercially traded software. Shareware software and bootleg are both common vectors for viruses on BBSs. Viruses can increase their chances of spreading to other computers by infecting files on network file systems or file systems accessed by other computers.
Macro viruses have become common since the mid-1990s. Most of these viruses are written in scripting languages ​​for Microsoft programs such as Microsoft Word and Microsoft Excel and spread throughout Microsoft Office by infecting documents and spreadsheets. Since Word and Excel are also available for Mac OS, most can also spread to Macintosh computers. Although most of these viruses do not have the ability to send infected email messages, those viruses take advantage of the Microsoft Outlook Component Object Model (COM) interface. Some older versions of Microsoft Word allow macros to replicate themselves with additional blank lines. If two macro viruses simultaneously infect the document, the combination of both, if also self-replicating, can appear as "marriage" of both and is likely to be detected as a unique virus of "parent".
Viruses can also send web address links as instant messages to all contacts (such as friend and peer email addresses) stored on infected computers. If the recipient considers the link to be from a friend (a trusted source) following a link to a website, the hosted virus on the site may be able to infect this new computer and continue spreading. Viruses that spread using cross-site scripting were first reported in 2002, and were academically demonstrated in 2005. There are several examples of cross-site scripting virus on "wild" sites, exploiting such as MySpace (with Samy worm) and Yahoo !.
See also
References
Further reading
External links
- Virus in Curlie (based on DMOZ) (DMOZ)
- Microsoft Security Portal
- US Govt CERT Team (Computer Emergency Readiness Team)
- 'Computer Virus - Theory and Experiment' - Original paper by Fred Cohen, 1984
- Deep Hacking on Counterculture by Andrew RossÃ, (On Hacking, 1990)
Source of the article : Wikipedia
0 Comments