💾 Archived View for gemini.spam.works › mirrors › textfiles › uploads › basicviruses.txt captured on 2023-01-29 at 12:47:02.

View Raw

More Information

⬅️ Previous capture (2020-10-31)

-=-=-=-=-=-=-

                 `'.'`'.'`'.'`'.'`'.'`'.'`'.'`'.'`'.'`'.'

                    THE BASIC CONCEPTS OF PC VIRUSES

                 `'.'`'.'`'.'`'.'`'.'`'.'`'.'`'.'`'.'`'.'
                  written by: paranoidxe
                  date: 04/22/04
                  email: paranoidtsi@hotmail.com


                     +----------------------+
                     |     DEFINITIONS...   |
                     +----------------------+


Virus: a virus is a program that replicates itself and "injects" its code
       into other programs on your computer without the user's knowledge
       or permission. For a human example, when a human virus enters the
       body it attaches to a cell, it then injects its DNA coding into
       the cell and tells it to make copies...essentially the same concept,
       the computer virus attaches to a program. as defined in this guide
       a virus replicates on purpose NOT as a side effect.

Trojan: a program that is advertised as having a legit function, but when
        the user launches it it either has alternative motives or it runs
        fine but does something in the background. The important difference
        between a trojan and a virus is that a trojan is a program that 
        DOES NOT infect other files or spread like a virus.

Worm: the third virus-like program, a worm spreads usually through security
      holes, it does NOT require user intervention and does not infect files
      on a computer. A worms primary function is to spread and under normal 
      circumstances it causes overload on network systems causing them to
      crash. A worm will dissappear if the computer is turned off. The
      general prevention measure is to patch the security flaw the worm
      uses.

Bug: a bug is a unintentional flaw in software products. The reason this is
     mentioned is because bugs usually cause a computer to act funky on the
     user, and just because this happens does not mean its a virus.

Droppers: usually a shell of a virus, this is a program that has a virus
          encrypted into it to avoid detection. Once a dropper is launched
          the virus is decrypted and launched on the targeted machine.


                         [MISC. MEANINGS]

AV - antivirus: either refering to a program that combats and eliminates
                viruses, or a company that produces antivirus products.

MBR - master boot record: this is the program that tells you hard drive 
                          how to work and how to understand to retrieve/
                          write data.

file system: if MBR is the program to give direction (like a ref in a
             football game) then the file system is the field. file system
             is what organizes data on a drive.

false positive: this is when a antivirus program reports a file as being
                infected when its really not.

false negative: this is when a antivirus program reports the file uninfected,
                yet really it is.



                    +-------------------------+
                    |    VIRUS MECHANISMS     |
                    +-------------------------+

Viruses can use various technologies to infect the targeted machine, these
are some of the common methods used:

Boot Sector/MBR Infector: These viruses pray on the boot program that is on
                          every single hard drive/floppy drive. The boot
                          program essentially tells the size of the disk and
                          tells the disk how to read the data...viruses have
                          found a way to get here which insures that the 
                          virus is launched at every boot.

Polymorphic: Polymorphic is a method used by virus writers to avoid detection,
             the way it works is normally a virus will infect a file with the
             same size and code..polymorphism will actually change the codes
             appearance as well as size. This makes detection more difficult
             and antivirus companies must rely on the patterns instead of
             code signatures.

Stealth: This technology makes it so when reporting file sizes the virus 
         reports the uninfected file size...this essentially means the virus
         makes the file appear unaltered.

Encryption: A method that seems to be getting more and more complex, encryption
            makes it so antivirus companies cannot decypher the viruses code,
            this makes it harder for antivirus companies to understand the virus
            and provide fixes if the virus damages anything.

TSR - terminate/stay resident: this is a virus that enters memory and stays
                               in memory generally infecting any program written
                               or read. This is a part of almost every virus now.

Macro virus: a 1995 invention, a macro virus thrives off microsoft word, it
             infects the global setting file on word and every document after
             the initial infection is launched it too becomes infected.

File Infector: this is the most common type of virus, it infects programs as
               they are launched but does NOT infect boot sectors. This is
               the most basic of viruses.

multi-partite: these are viruses that use both file infection and boot sector
               infection. This is what most viruses will use now that are
               non-macro viruses.



                   +-------------------------+
                   | UNDERSTANDING TROJANS.. |
                   +-------------------------+

As stated in the definitions, a trojan is a program that appears to have a 
desireable function..but instead it has a hidden agenda.

It is important to understand that trojans do NOT infect other files. They
also may function as advertised with the malicious code taking effect in
the background.

Trojans can also load at every boot, however not in the same manner. Trojans
rely on your operating system to load themselves everytime, unlike viruses
which can get into the boot record, trojans generally cannot.

Trojans often have various malicious functions such as:
 * Steal passwords
 * Format Hard Drives
 * Random Reboots
 * Used as a server program for another user

A special type of trojan known as a "backdoor" trojan opens a port on your
internet connection that allows the remote user to use his program and
connect to your computer and do various functions. This could be just to
annoy you, other times it could be used to take your data. Backdoor trojans
are generally able to do the following:


Backdoor trojans can have there uses as a remote adminstrative tool, but this
is rarely the case. 


                   +-------------------------+
                   |    WHY WRITE VIRUSES    |
                   +-------------------------+

There are many reasons people want their viruses out there. The more common
ones include:
a) Revenge, the virus was ment to infect one computer but instead it ends up
   infecting more than just one. It was designed to get revenge on someone
   that apparently pissed the author off.

b) Accidental, sometimes a virus is released accidently..the virus was just
   something to do in their spare time and was never meant to get released.

c) Make a Statement, sometimes viruses are out to make statements, like
   stoned made the statement "Legalize Marijuana"...Tequila was obviously
   made by one who liked tequila <go figure). 

d) Fame, some love to see their creation make it to the media and on TV,
   although this rarely happens.

e) Challenge, to make a virus is challenging, one might want to make one
   just to see if he/she could do it.

f) Education, some do it simply to learn more complex programming. Virus
   writing is easily one project that requires excellent advanced 
   programming skills.


                   +--------------------------+
                   | COMMON WAYS OF INFECTION |
                   +--------------------------+

Back in the day, floppies and BBS were probably the most common ways to get
a virus. However, times have changed and there are plenty of new and 
"exciting" ways to contract one:
- NETWORK, this can be on a local network one user may get infected and the
  virus will spread to other nodes on the network.
- FLOPPY/CD, a computer infected with a virus may burn a CD unknownly 
  writing it onto the CD, you launch it and get it. Floppies work the 
  same way.
- WEBSITES, downloading from websites you really don't know, the webmaster
  could have deliberately infected the file you downloaded or was done
  by accident.
- P2P NETWORKS, this is probably the #1 source of viruses right now, right
  up there with newsgroups. P2P Networking is tricky because the description
  can be labeled as something else yet the file could be something completely
  different from the description..and generally you don't see the filename
  until after it has been downloaded, a good example would be Kazaa.
- EMAIL, sometimes viruses spread themselves through email programs. The
  virus may compose itself from one of your friends email boxes, you thinking
  it is safe after all it is your friend right? you run it and get infected.



                   +-------------------------+
                   |      COMMON MYTHS       |
                   +-------------------------+


 [VIRUSES ALWAYS CAUSE MALICIOUS DAMAGE]
This is not true, in fact some viruses cause malicious damage because of a
bug in the coding, go figure. Anyway, some viruses are simply around to
replicate and spread, others are designed to display political messages or
annoy the user. There are viruses out there that are hell bent on destroying
computers, yes but there are some that don't.

 [MY COMPUTER CRASHED, I MUST HAVE A VIRUS!]
98% of the time the computer crashes because of faulty hardware, faulty 
hardware drivers, faulty or conflicting software, corrupted files, or
corrupted operating system...just because your computer crashes DOES not
mean you have a virus. Viruses like to hide before they do any damage to
your computer, so the chances are you will not realize unless you have a 
antivirus if you have a virus active on your system.

 [I NEED MORE THAN 2 ANTIVIRUS PRODUCTS TO KEEP MY MACHINE SAFE]
What people don't understand is that having more than one antivirus doesn't
make you safer, in fact it could cause conflicts on your computer. I 
recommend only using one antivirus at a time. 

 [I CAN GET A VIRUS FROM READING EMAIL]
With the exception of the Outlook Express vulnerability, NO you cannot.
The Outlook Express vulernability was a bug that allowed execution of
code through the preview window, this has been fixed with recent patches.
Otherwise, you can NOT get a virus by simply reading your email using
your eyeballs, but you can get a virus if you selectively download 
a virus infected file and run it.

 [MY CDS CAN GET INFECTED BY A VIRUS]
No, this is because cds are read-only. There is no currently known virus
that can write itself using a cd burner or otherwise. HOWEVER, viruses
can come from CDR media that came from an infected computer. Commercial
software has maybe a 1 in a trillion chance of being infected by a virus,
most companies are VERY careful about infection but it doesn't mean it 
can't happen. CDs can carry viruses yes, but a virus cannot infect a
CD.

 [VIRUSES ARE WRITTEN BY SCRIPT KIDDIES]
No, in fact adults write viruses almost as much as kids do. Virus writers
are very intelligent they just choose to waste their talent on viruses.

 [I CAN GET A VIRUS THROUGH A VIDEO]
No, video formats such as .WMV, .WMA, .AVI, .MPG, .MPEG, .ASF, etc. etc. 
do not contain any "executable" code to modify other files. video files
CANNOT WILL NOT contain viruses. The exception is when the file has a
double extension, such as home.wmv.exe...this means the file was designed
to appear as a video but really isn't.

 [I CAN GET A VIRUS THROUGH MP3s]
Not true, however a bug in Winamp 2.79 may cause a executable code to be
run through a mp3 data stream. MP3 files themselves CANNOT contain viruses
because once again there is no executable code.

 [I CAN GET A VIRUS THROUGH PICTURE FILES]
Same as video, you cannot get a virus through a picture file. These 
extensions include, but not limited to:
.JPG, .JPEG, .TIFF, .PIC, .BMP, .TIF, .GIF, .PSD, .PSP, etc.


 [TROJAN/WORM FILES CAN BE CLEANED BY ANTIVIRUS PRODUCTS]
This is untrue, before you mouth drops let me explain something. A virus
injects its code into other programs for example:
01010101010     << orignal code
010101010103333 << orignal code with virus attached at the end
01010101010     << cleaned by antivirus product

Trojans and Worms work differently because the WHOLE program is the 
problem. 
33333333333 << trojan/worm

There is NO good useful code in the program, thus there is nothing for
the antivirus software to recover data from. The antivirus program CAN
delete the trojan/worm and get the infection off of your computer, but
it cannot clean it.


  [ANTIVIRUS PRODUCTS ARE 100% I AM SAFE]
No you are not. antivirus products can in fact be a false sense of security,
no antivirus product is perfect. New viruses are created all the time and
antivirus programs can't detect these unless they have a sample. Yes av
products do reduce the chance of getting an infection but they are not
fool proof.

                       +-----------------------+
                       | PROTECTING YOURSELF.. |
                       +-----------------------+

        [ANTI-VIRUS PRODUCTS]

There are many different products out on the market, at this point there is
NO product that is really superior to the other. There are free antivirus
products and pay products. here is the list of some common antivirus 
products used at present time:

Symantec Norton Antivirus - www.symantec.com
Mcafee Antivirus - www.mcafee.com
F-Secure Antivirus - www.f-secure.com
PC-Cillin - housecall.trendmicro.com
AVG Antivirus (free version) - www.grisoft.com
NOD32 Antivirus System - www.nod32.com
Avast Antivirus (free) - www.alwil.com

It is recommended that you have at least one antivirus product on your 
computer at all times. It is recommended that you have the constant virus
monitor on if you do not have common knowledge about computers and how to
identify a virus from a regular program.


         [ANTI-TROJAN PRODUCTS]

Many antivirus products do provide trojan protection, however they are 
generally not as good as antitrojan products available. You may or may not
have a anti-trojan product on your computer..it is simply optional. 

Trojan Hunter - www.misec.net/trojanhunter/
The Cleaner - www.moosoft.com
Tauscan - www.agnitum.com/


                         [GENERAL TIPS]


  don't download attachments from people you DO know. Viruses can spread
  through friends address books and the virus could be sent to you.


  the file size is only 20K big..think about it..is AIM really on 20K in
  size? I don't think so.


  contain viruses.


  bad news..and the second extension is what the file REALLY is.


  files in .zip files can contain them.


  give you a good idea what you are working with.


  effective if it has up-to-date patterns to look for.


I am hoping this helped someone out there with a introduction to viruses and
how to protect yourself from them.