- Computer viruses are parasitic programs which are able to replicate themselves, attach themselves to other executables in the computer, and perform some unwanted and often malicious actions. A virus is not able to spread itself to another computers, some user actions are needed for it to infect a new computer. Downloading and running software from untrusted sources, inserting an USB drive without a previous scan–remember always disable the AutoRun feature for the drives as CD-ROMs, DVD-ROMs– , downloading and running emails or IM attachments even from known persons, can put you in the nasty situation to have an infected computer. Always when you deal with these situations and to prevent computer infections, scan before to run.
The best scanners in my opinion are multi-engine online scanners like virustotal.com or novirusthanks.org. The links of these scanners and many more are on the home page.
The main three features of a virus are :
- the replication mechanism search and find other executable files in your computer, check if the files are already infected–it has a special mechanism for that and if the file is clean then append itself to the file. It can append to the front, middle or end of the executable file thus changing the file size. This is also the reason why the number of new created viruses decreased in the last years, the AntiViruses has a very simple mechanism for “checking and compare” the files size –checksums at different period of times and a file bigger in size than at a previous date is a sign of infection.
A special category of viruses are “Bacteria” viruses, they replicate themselves so quickly and in a such percentage that the harddisk will run very soon out of free space.
- a trigger is designed to activate a task of the virus, as displaying strange messages, deleting files, sending emails, begin the replicate process or whatever the programmer write in his malicious code. The trigger can be a certain date in calendar–formerly know as Time Bombs, the time when some event occur, opening a certain program or other users actions. The trigger is very important for the virus spreading, because once infected the user will notice nothing strange in his computer, and will continue to spread the virus without to suspect anything. Other reason of this delaying of infection symptoms is for viruses to hide its tracks, the user simply does not know when and how it get infected.
- the task or “payload” can differ from inoffensive ones like displaying joke messages, to deleting or editing important system files like hosts file , deleting or editing registry entries, sometimes making the computer unbootable.
Using polymorphic engines, the viruses change the “virus signature”–their binary code each time when they infect a new computer making very difficult for AntiViruses to detect them using traditional “signature based” scanners.
Macro Viruses can attach themselves to the executable portion of a spreadsheet documents in AutoOpen, AutoClose, AutoExit, or other file macros. The words processors are the most affected by these viruses, so to prevent the computer infections, always perform an AntiVirus scan for documents received as emails attachments, or received by another methods from another computers.
- Computer worms are a special category of viruses with a very important feature added : they can spread themselves between computers, without the user interaction, exploiting some networks vulnerabilities or facilities as network shares or remote file executions. It’s recommended by some experts to disable the Windows Remote Assistance feature, seeing this as a possibly vulnerability. Once it infect a computer it looks forward for other computers connected to the network–LAN or Internet continuing to search for possibly victims.
- Trojans are malicious executable files, masquerading as beneficial programs and tricking users to run their code. Very often they are embedded into other programs as setup or installers file and shared into the forums or blogs as pirated software(warez), so when the user run the installer of a program, the trojan will run in parallel infecting the computer. It’s a server-client software and once infecting a computer, it gives to the hacker where it connects the full power over the computer.
The hacker can see screenshots of the victims computer, can see the webcam in real time, can download and upload files or run other malware.
They are very trendy in nowdays and deserve a special attention, so a more detailed description of this type of malware will be given in the part 2 of this article.
- Spyware is a malicious code able to gather private data from an infected computer and send it to the hacker. The data can be passwords, credit card numbers, login credentials and other private data. They accomplish their mission by using various mechanisms for decrypting passwords previously saved in web-browsers, keyloggers or screenshots. The computer user get infected by spyware in several ways by downloading and running “fake antiviruses” or “registry cleaners” or visiting malicious sites t