6.0  AN OVERVIEW OF COMPUTER VIRUS

Computer virus: - Definition

You can "catch a cold" if you use handkerchief of some person who is suffering from cold. Also if you touch something that is infected, you stand a good chance of contracting a disease of some sort. In the same way Computer viruses work. When a virus attacks our body, a small, diseased cell might cling to a healthy one and begin to do its damage. When your computer is attacked, a healthy component (like your boot sector... the part of your system your computer needs when it powers up) might be damaged and cut off access to your A:\ drive.

Therefore in literally term (As per the definition of Fred Cohen's computer virus can be defined as

“A computer program that can infect other computer programs by modifying them in such a way as to include a (possibly evolved) copy of itself. Note that a program does not have to perform outright damage (such as deleting or corrupting files) in order to be called a "virus". However, Cohen uses the terms within his definition (e.g. "program" and "modify") a bit differently from the way most anti-virus researchers use them, and classifies as viruses some things which most of us would not consider viruses."

 History of viruses

On November 3, 1983, an idea was conceived of by Fred Cohen as an experiment to be presented at a weekly seminar on computer security. The idea was simple enough: design a computer program that could modify other programs to include a possibly evolved copy of itself. This evolved copy would then modify other programs and thus continue the propagation and evolution. Unknowing users throughout a computer system or network could easily spread the program.

It only took eight hours of expert work on a heavily loaded VAX 11/750 to complete the first of such programs and prepare it for demonstration. The program was inserted into the beginning of a new program on the system called 'vd,' which displayed Unix structures graphically. A new program was chosen so that details of its operation and its performance characteristics would be unknown. Users were introduced to vd via the system bulletin board.

The program inside of vd used the authorizations of every user using it to infect their programs. In all of the experiments, the program that was initially inserted into vd was granted all system rights in under an hour. The shortest time was under five minutes, with the average time under 30 minutes. Even people who knew that the experiments were taking place were unable to defend themselves. Once the surprising results of the experiments were announced, the administrators of the VAX 11/750 decided that no further computer experiments would be performed on their system. Precautions were taken to keep the experiment under control. No damage was done and only reports were sent back on the program's progress. Also, traces were generated to insure that the program could not spread without detection. All files were purged of the program after the experiment was completed. It is unfortunate that an apparent fear reaction on the part of the system administrators prohibited any further testing.

 What Do They Do?

 There are two major categories of viruses.

1)      Destructive viruses, that cause:

        Massive destruction... i.e.: Low-level format of disk(s), whereby any programs and data

       on the disk are not recoverable. Damaging the hardware: Viruses like Chernobyl over-

              write The hardware flash-bios rendering them un-usable

        Partial destruction... i.e.: Erasure or modification of a portion of a disk.

        Selective destruction... i.e.: Erasure or modification of specific files or file groups.

        Random havoc... i.e.: Randomly changing data on disk or in RAM during normal

       Program Applications, or changing keystroke values, or data from other input/output

       Devices, with the result being an inordinate amount of time to discover and repair the

       Problem, and

       Damage that may never be known about.

 2)    Non-Destructive viruses, intended to cause attention to the author or to harass the end user.

         i.e.: Displaying a message, changing display colours, changing keystroke values such as  

      Reversing the effect of the Shift and Unshift keys, etc.

For example:  

THE LEHIGH VIRUS: -  The Lehigh virus was typical of many other viruses. It sat in the COMMAND.COM file and was thus loaded into the computer whenever it was booted. The virus hid inside this file in a temporary storage space called the stack space. After infecting the same file on a number of other disks, the virus would wipe out all data and program files on the disk it was on. Backup copies were similarly infected; some users were attacked more than once.

Once the outbreak had come to light, work began immediately to identify what was happening and to find a cure. Fortunately, the virus' creator made a mistake: the date on the COMMAND.COM file was altered by the infection. (It is relatively simple to keep the date from changing, so the absence of a changed file date does not guarantee that a file is virus-free.)

Upon examination of the file, the contaminated stack space was discovered. Since this space is normally all zeros, student lab consultants wrote a simple program that looked at the stack space and wrote zeros over any code that was present. The virus was then erased from approximately 600 disks.

If it were not for the creator's date mistake, it would have taken much longer for the Lehigh Computing Centre to kill its virus. It is doubtful that any new viruses that crop up will make a similar mistake. As everything else related to computers increases in complexity, so will viruses.

Impact of Virus

Lost productivity time!!!

In addition to the time and skills required to re-construct damaged data files, viruses can waste a lot of time in many other ways.

With either type of virus, the person subjected to the attack as well as many support personnel from the attacked site and from various suppliers, will sacrifice many hours of otherwise productive time:

Time to determine the cause of the attack.

The removal of the virus code from the system.

The recovery of lost data.

The detective work required locating the original source of the virus code.

Then, there's the management time required to determine how this will be prevented in the future.

 Who develops Viruses?

Some of the reasons for someone to spend their time developing a virus program are:

A practical joke.

A personal vendetta against a company or another person.

i.e.: a disgruntled employee.

The computer-literate political terrorist.

Someone trying to gain publicity for some cause or product.

The bored, un-noticed "genius," who wants attention.

The mentally disturbed sociopath. 

 

Copyright © 2001 Selfonline-Education. All rights reserved.