Posted By Anatra

Copyright: Anatra for 2003


We learn to know better them to fight more effectively them

From a few years to this part we are assisting to a great evolution of the computer technologies turned to the safety, and particularly antivirus and firewall have become tools of diffusion of mass, especially with the use of some geographical nets as internet.
Problems caused by virus and by other malignant programs (malware) are by now on the mouth of everybody, and sometimes speak of it (often to blunder) also newscasts and telecasts.
Some years ago to create a virus was indeed an arduous assignment: it needed to have specific knowledges of low-level languages as the Assembler, besides it was necessary to boss in detail the architecture of the systems IBM compatible to be able to check the memory RAM and to be resident in it (TSR) with the purpose to be reproduced themselves on other Files and to infect the whole Computer.
The concepts to be held to mind are simple and proceeding with order we will examine all the principal techniques of viral attack.

Categories of

First of all it needs to distinguish the virii in numerous categories, classifying them as we would do with some biological fetterses, with the purpose to be able to delineate differences and peculiarity.
Departing from the origins the term virus has been coined a few decades ago and therefore today a lot of things are changed and numerous malwares are often considered like virii.
Particularly different from the virii was considered the logical bombs and finally the Worms (today very diffused).
For Logical Bomb we intend a program servant to the purpose to bring damage activating itself in determined conditions.
Numerous of they has often been considered virii, and they have given some bothers to the consumers in determined days of the year, in opportune recurrences chosen by the authors.
The rabbits was called all that programs that, today with modern terminology we would define Denial of Service (DOS). In practice their intent was that to saturate the resources software of a system as time of the CPU, memory, net, etc. Lately we have assisted to bug as that of some controls ActiveX that for a problem of Buffer Overflow could exhaust the resources of system provoking a crash of the whole PC.
Characteristic common to the two introduced typologies it is the fact that both cannot be reproduced themself contrarily of the Worms whose principal purpose is essentially this.
The Worm has the ability to propagate itself online and to install itself on other machine and it often exploits some known bugs that the incompetent or lazy system administrators have not resolved with any patches yet.
Sometimes it is even assisted to real epidemicsto world level that in the arc of few times have struck strategic server and paralysed the traffic of numerous Intranet.

Under categories of Virii

In the eternal struggle to avoid to make to be identified by the antivirii the authors of Malware have given more and more variations to their codes. Here are some examples:

Mutants Virii : they modify their own code every time that they are copied so that not to be able to easily be identified by the antivirii.
Monogrammed virii : the code of the virus is ciphered so that the harmful instructions not to make from the antiviruses recognizable. Before the esecution the crittographic motor decodes all and performs it.
Virii Multiparty : they act both as virus of the boot sector because they enter execution to the start but they spread attaching themself to .exe File.
Polymorphous virii : they are a more sophisticated evolution of the mutants virii.

Trojan and Keylogger

Another category of reference of which I would like to speak to separate way is that of the Trojans of which today there is especially a real thick diffusion from all those people who assuming themself to Hacker tries to cross the road briefest to enter the computer of the victim.
Trojan some years ago meant program that it apparently had function to complete one determined operation while in reality it was destined to mine the safety of a system and to create a breach to be able to enter you an any moment (same meaning of Backdoor: accessed the door of service left open from the malignant author).
Today however the things are changed and in fact the Backdoor or the trojans are often more and more assuming characteristics Stealth disguising themself to the eyes of the consumers (often also of the more sceptics) and allowing a full control of the PC from remote both for what it concerns the visualization of the keys (Keylogging) both through the listen to some conversations of the unaware consumer through the microphone of system.
Examples of backdoor to ample diffusion are Back Orifice and Netbus.
Other programs with function of trojan are really the already quoted Keylogger, applications also used in the investigations developed to computer (computer forsenic) in degree to capture every key pressed by the consumer and able to memorize some vital information as the criptographic keys of programs as PGP.

Macro Virus : with the introduction of new and you advance functionality in application as software of video engages and of spreadsheet has spread this type of attack even unthinkable some years ago.

Rav Antivirus has a page with the statistics of diffusion of the virii adjourned in real time
http// /

another interesting source is the encyclopedia of the virii of AVP that is:

If you look for some information on the antiviruses these pages of the Cert are a good point of departure: there are Links to the present documentation on the various sites of various producers of antivirus, university and public and private corporate body: