September 3rd, 2004, 06:15 PM
Virus Research Information: What Are The Different Kinds?
Greeting's AntiOnliner's. This will probably be my last attempt at a tutorial since I'm not much of a good tutorial writer. For those interested in part two of my other tutorial, PM me and if I get enough of a "demand" so to speak for it then I'll finish it and post it. Anyways, this tutorial will introduce people to viruses and what they are, how they damage data, systems, networks, etc, and what are different kinds of viruses. Let's get started with what a virus is and how they damage data.
What Is A Virus?
A virus can be described in many forms and can be said many ways. The way I look at it, a virus can be any bit of code or any program meant to cause harm of malicious nature, or destroy/damage data on any given system. This whether being a PC (personal computer) or even a network server. Viruses are written as programs or applications with lines of coding in them designed to perform a certain task. These "tasks" usually involve data corruption/deletion, data retrieval, replication and spreading of the virus itself. Some (most of today's viruses) viruses like to copy itself to the user's e-mail client (usually Microsoft's Outlook Express) and send itself to the address book of the user, thus the reason why viruses spread so quickly. During the "coding" or programming stages, the virus creator codes into the application what he want's it to do. In most cases, the virus creator has no specific target and just wants to cause alot of harm and damage to computer system's. However, he can simply rely on user stupidity when it comes to downloading and running the viruses as well. User ignorance has proven to be an effective and rather scary method for virus creator's/blackhat hackers in general. Using method's like the "Outlook Express Trick" and Instant Messaging applications only further's the speed and amount of systems affected. Sometimes downloaded programs from website's or friends can also contain viruses, as well as the ever popular p2p applications. These applications which allow users to share their files with others on certain networks (ex. KaZaa, E-Donkey, WinMX) have proven to be running rampant with viruses.
So in a short sense, a virus can be anything (any program, any application, any line of code) meant to do harm of malicious purpose or intent on a computer machine. Now let's get into how a few lines of code can damage so much data and can cause companies to lose million's in dollars.
How Does A Virus Damage Data and Files?
Rival Company A posted their monthly chart's and are doing great. Stocks are rising, revenues are up, and things look great all around for everyone. Rival Company B couldn't be any worse. Stocks are dropping like hailstorms, people are getting cutback/laid off, and they are in debt. Something needs to be done to their rival (Rival Company A) and their product. If something isn't done soon, Rival Company B can be out of business.
At their next meeting, they (a group of "higher-up's") decide they are going to try to infect their rival companies network systems with a virus. They want the virus to delete all software, all documents, and every last inch of data on their systems. Sure, they can hire a hacker or something to hack it themselves, but why not rely on the stupidness of one of their one users? Pretend it's from a friend or something and send it as an e-mail download. Or even better.. Pretend to be an employee and see if you can get physical access. Ahh, so many way's to infect their system.
Sound's somewhat evil, right? Well unfourtunately this has been done in the past and happens even today. Companies who are desperate try to either hack or send a virus to a rival company. Anything to screw up their systems data, documents, software, hardware, WHATEVER. Whatever it takes to help them get an advantage or achieve a goal. So back to the point: How does a virus damage files/data?
Well, whoever creates a virus first need's to know a programming language. One of the popular languages for creating viruses in is VisualBasic. It's fairly simple to learn and use, easy to issue a command in, and creates simple applications. I personally would like to learn a little more than I know so I can create some basic applications. But anyways, virus creators usually use this programming language because it's quick and easy. If not this one, then they use the C/C++ programming language. This language however is (IMO) harder to learn and require's a little more skill.
So when it come's to coding time, they start off with the basic's. Usually they add in lines of code to ensure the virus runs when opened and sometimes write some code so that the virus can not be shut off. Sadly, in today's world, 90% of the viruses coded place a file in the system's registry so that even if deleted, it remains whats called "resident" in the systems registry. This make's life a hell of a lot harder for your everyday home user who probably couldn't work his/her way around the registry (nor am I suggesting you should). In any sense, virus creator's have different techniques to ensure the virus (unless carefully and properly removed) stay's in the system.
A virus/malicious application that I messed around with alot awhile back is Hackology Network's "Hard Drive Killer Pro" application. The name genuinely speaks for itself, however here's a brief overview of the program from the Hackology site:
I've played with this application numerous times (as well as other viruses like it) and it's coding structure and event process is simplistic. It run's a "Format C:" as well as on any other drives the system has on it and then reboot's the system. When booted back up, the system has everything erased and the hard drive is destroyed. This is how easy it is to cause damage to data through a virus just by injecting a few simple lines of coding into a program/application.
The Hard Drive Killer Pro series of programs offer one the ability to fully and permanently destroy all data on any given Dos or Win3.x/9x/NT/2000 based system. In other words, 90% of the computers world wide.
The program, once executed, will start eating up the hard drive, and/or infect and reboot the hard drive within a few seconds. After rebooting, all hard drives attached to the system would be formatted (in an unrecoverable manner) within only 1 to 2 seconds, irregardless of the size of the hard drive. The program has reported to have caused physical damage to some hard drives (on many occasions). However, the program was not in any way designed to cause physical damage, only data.
What Are Different Types Of Viruses?
Ever since the creation of the very first virus, there have always been many different types and forms of viruses that each infect different parts of a system or are triggered by different circumstances. Here are some of the different types of viruses and a brief description of them, as well as an example:
-- Boot Viruses: Speaks mostly for itself, these types of viruses infects the boot sectors and boot records of the system and run's on bootup. One specific boot virus, the "Zappa" virus, infects the floppy and master boot records of the computer. It is a mere 520 bytes and remains resident in the memory of the system.
-- Stealth Viruses: Also kind of speaks for itself, except these viruses infect programs instead of boot sectors/records and these types of viruses enter the system through "stealth" type methods. By that, I mean they use methods such as being embedded into other programs and applications to gain entry to a system without being detected (although this sometimes doesn't work, most A/V applications can pick this up). For example, a person running a website can offer programs and/or downloads on his website and if someone chooses to download them they are running a risk. The user should download always from the vendors direct site because this site's owner could have embedded a virus or malicious code into the download. An example of a stealth virus is the "Zero Bug" virus. This virus infects .com files, is 1,536 bytes big, work's off a triggered event, and also remains resident in the systems memory.
-- Polymorphic Viruses: Somewhat a cross between the above, except these viruses are polymorphic and their damage varies on many factors. A fine example is the "Morphic.218" virus. It is a small 218 bytes big and infects .com files whereas another polymorphic virus, "ACG" infects .com AND .exe files, is 0 bytes, and remains resident in the memory. It also encrypt's itself. This is how polymorphic viruses differentiates itself from other viruses.
-- Macro Viruses: These types of viruses still exist today, but barely. They were more popular (atleast in my belief and opinion) more so in the mid 90's, during the Windows 95 era. Anyways, these type of viruses infect documents on the system, such as Microsoft's Word and Excel programs. An example would be the "Bloodhound.ExcelMacro" virus. In it's name you can determine it infects the Microsoft Excel program. This virus is pretty simplistic and it's 1,024 bytes in size. Another macro virus, "W97M.Barras" infects Microsoft's Word 97 application and is 1,234 bytes in size.
-- Window's Viruses: These are your everyday, annoying worms and viruses. Nothing particularly special about these although some have made a big name for themselves in the Computer Security scene. A particular virus, "W32.Teddybear.Worm" is a virus/worm I dealt with on one of my friends system when it infected him. This worm/virus infects .exe files and is 11,776 bytes in size.
-- Malicious Viruses: Ahh, the juicy part. In this category, you'll find your ever famous, your ever popular, and your ever malicious trojan applications. These application's (also called Trojan Horse applications) are very malicious and are used in some notorious programs. The ever popular "Backdoor.Subseven" aka SubSeven (created by Mobman) is probably the most famous and notorious of these kinds and has infected almost everyone at one point or another (not including myself ). Anyways, Backdoor.SubSeven (the original) is 1,234 bytes in size and is worth ten times more the trouble. People have gone out of their way to make Sub Seven Detection programs just to detect whether they have the server on their system.
Those are the main types of viruses out there in the wild. Of course there are probably more, but as of the time I'm writing this little paper I could only get those off the top of my head.
How Can I Protect Myself From This Crap?
Ahh, glad I asked . It's fairly simple, download a popular and efficient AntiVirus (A/V for short) program/software and be sure to keep it's virus definition's up to date. If you do this and run periodical scans (I run one once a day at 12:00 on the dot) and scan after you download something, you should be fine. Below I have compiled a small list of A/V software programs and scans. Enjoy!
-- AVG AntiVirus Protection
-- TrendMicro's HouseCall Online Scan
-- PandaSoftware's ActiveScan Online Scan
-- TrendMicro's PC-Cillin
Anyways, those are my personal favorites along with McAfee and Norton AntiVirus. In whichever you choose, you should always have a AntiVirus software program installed on your system and always running, and you should always consult a second opinion: an online virus scanner.
I really hope someone benefited from this tutorial, and if not don't worry because this is my last one on AntiOnline.