Virus and worm
I welcome all my readers to this blog, today we will talk
about few important types of malware, this blog will be helpful for all
students who wants to learn about cyber security, or want to complete
certification like Comp TIA Security+ or CEH.
Introduction:
Malware is a software design to damage a computer
(workstation, mobile, server or network), it can delete the data, modify the
data or encrypt the data, and it can change the setting of your computer or
registry and can spy data from the system.
Types of malware:
Virus and worms
Ransomware and crypto malware
Trojan and RATS
Rootkits
Keyloggers
Adware and Spyware
Bot and Botnets
We will now discuss each one of it one by one. In this blog we will start with virus and
Worms, and I will try to cover all malware one by one in my coming blogs. Now let’s start with virus
Virus:
The name virus is used from the medical field because computer
virus behavior is similar to a virus (It replicates itself). We just need to
run a program and then it can replicate itself and it can spread itself by file
system or network, sometimes a virus may not cause a problem, and sometimes it
can be a disaster. The first virus detected on ARPANET (ARPANET was the network that became the basis for
the Internet,
in 1970) and its name was Creeper.
These days virus are very common every day thousand of virus
are created and spread around globe.
Types of Virus:
Program Virus
Boot sector virus
Script virus
Macro virus
Encrypted virus:
Polymorphic Virus:
1. Program Virus:
These are the part of application, email
attachment, or storage media like CD, floppy, and virus code are written hidden
in it, it’s like a trogon and when we run application,when we open the
attachment or when we play storage media its code work in background
2. Boot sector virus:
These are the virus design to effect boot
sector/ master boot Record (MBR) or external storage media like CD, floppy disk
etc.
3. Script Virus:
These are web based virus, which attack a
computer with the help of a website. Sometimes a malicious website is designed
to attack a system, by running script. We can understand it with an example when
we download any file from a website or if we play any video on a website, a
script can run in background which can be very harmful.
4. Macro virus:
These are the virus that can be executed from
executed files; the best example is Microsoft Office world file. Notepad files
can also be used for this purpose, such virus is spread by using email with the
attachment. These are the .bat files that excite its code when we click on it. We
always suppose to check file extension before exciting it.
5. Encrypted virus:
Attacker send the virus code in encrypted
form, so that it cannot be easily detected, in most cases it carry decryption algorithms
as well, so that when it reaches the
target the decryption algorithm code decrypt
the file code for execution.
6. Polymorphic Virus:
Polymorphic means (occurring in several
different forms, in particular with reference to species or genetic variation)
we have studied about it in biology and chemistry in our days, the best example
is in biology is phenotype , now it’s time to read polymorphic in computer
science.
Traditional antivirus
works on signature base, so attacker use polymorphic property in coding so that
if antivirus detect its signature, it changes its signature in next installation
so that antivirus should not detect it.
I have explained the types of virus, Apart from these we can
also categorize virus like Armored
Virus, Multipartite Virus, Tunneling Virus, Stealth Virus but these are made based on different types of technique
used by virus and I think I do not need to explain that much here.
Now we will take an
example how attacker can write a program to create a virus and how attacker can spread it,
I request from my readers to not apply this technique on anyone because it’s
illegal, I am writing this blog just for education purpose.
The best example is the .bat file extension program,
attacker can spread these file by an attachment in the email.
Below are the steps:
1. Open notepad file.
2. Write the below code.
@echo off
Shut down -s -t 00
3. Save the file with .bat extension
4. And run it just by double clicking it
the command “shutdown -s –t 00 shutdown the computer each
time when it starts, so user can never start the computer normally and it may
cause to loss data.
Other example is
@echo off
deltree C:\
It will delete files permanently from the hard disk.
How can we protect
our computer from virus attack
The best way is to use antivirus with latest virus
definition, the antivirus contain signatures of all the virus detected and
protect your machine from such virus.
- Use firewall
- Use authenticated website
- Always download from file, video or other documents from good source
- Use emails carefully and do not open attachment from unknown email
If you want to know more about how to protect your machine
please read my blog:
Worm: A computer
worm is self-replicating malware that duplicates itself to spread to uninfected
computers. It can move from one system to another or from one network to other
network without human intervention. It uses network as transmission and that’s why
it spread quickly.
How we can protect our computer from worm ?
We can use firewall to protect out network from worm, apart
from this we can use antivirus with latest signature update.
The main difference between virus and worm
Virus
|
Worm
|
It needs human intervention
|
It do not need human intervention
|
Virus is slower than worm,
|
It effects more faster than virus
|
Antivirus plays a very important role to protect our environment from
virus
|
Antivirus and firewall play important role to protect from worm
|
Virus main impact is, it delete a file, corrupt a file.
|
Main purpose of worm is to slowdown the network or system.
|
