VIRUS TYPE

To further refine our knowledge about the virus, I will try to give an explanation of the types of viruses that often roam in the general population.

1.  Macro Virus

This strain must have been very often we hear.  The virus is written in the programming language of an application rather than with the programming language of an Operating System.  This virus can start if the constituent applications to run well.  For example if on mac computers run applications Word, the macro virus created from Word macro language to work on this Mac computer operating system.

Examples of viruses:

- Varian W97M, eg W97M.Panther

The length of 1234 bytes, akanmenginfeksi normal.dot and infect the document when opened.

- WM.Twno.A; TW

The length of 41,984 bytes, will infect documents Ms.Word that use macro languages, usually with extension *. DOC and *. DOT

2.  Boot Sector Virus

Boot sector viruses are spread is very common.  This virus multiplies in, will remove or replace the original boot sector with boot virus program.  Thus, whenever booting the virus will be loaded into memory and then the virus will have the ability to control the standard hardware (eg monitors, printers, etc.) and from this memory is also the virus will spread to all drives and are connected to the computer (eg, floppy,  drive other than drive c:).

Examples of viruses:

- Variant virus wyx

ex: wyx.C (B) infects the boot record and floppy;

Length: 520 bytes;

Characteristics: memory resident and encrypted.

- Varian V-sign:

Infect: Master Boot Record;

The length of 520 bytes;

Characteristics: living in the memory (memory resident), encrypted, and polymorphic)

- Stoned.june 4th / bloody!:

Infect: Master Boot Record and floppy;

The length of 520 bytes;

Characteristics: living in the memory (memory resident), encrypted and displays the message "Bloody! June

3.  Stealth Virus

This virus will dominate the DOS interrupt table that often we are familiar with "Interrupt interceptor".  The virus is capable to control the DOS level instructions and usually they are hidden as its name either full or size.

Examples of viruses:

- Yankee.XPEH.4928,

Infect files *. COM and *. EXE;

The length of 4298 bytes;

Characteristics: living in memory, ukurantersembunyi, has a trigger

- WXYC (which includes any category because the boot record into stealth kategri also included here), an infected floppy motherboot record;

The length of 520 bytes;

Characteristics: living in the memory; size and hidden viruses.

- Vmem (s):

Infect files *. EXE, *. SYS and *. COM;

Fie 3275 bytes long;

Characteristics: living in memory, the size of a hidden, encrypted.

- Etc.

4.  Polymorphic Viruses

The virus is designed to make misleading antivirus program, meaning the virus is always trying to avoid being recognized by antivirus in a way is always changing its structure change after each infected files / programs.

Examples of viruses:

- Necropolis A / B,

Infect files *. EXE and *. COM;

The length of the file 1963 bytes;

Characteristics: living in memory, the size and viruses hidden, encrypted and is subject to change structure

- Nightfall,

Infect files *. EXE;

The length of the file 4554 bytes;

Characteristics: living in memory, the size and hidden viruses, has a trigger, terenkripsidan can change the structure

- Etc.

5.  Virus Files / Program

This virus infects files that can be executed directly from the operating system, be it a file *. EXE, *. COM and usually also the result of infection from this virus can be identified by changing the file size is attacked.

6.  Multi Partition Virus

This virus is a combination of boot sector viruses and file viruses.  This means that the work performed resulted in two, that he can infect files *. EXE or *. COM and also infect the boot sector.

VIRUS LIFE CYCLE

Viral life cycle in general, through 4 stages:

Dormant phase ( Phase Rest / Sleep )

In this phase the virus is not active.  The virus will be activated by a particular condition, such as: the date specified, the presence of other programs / execution of other programs, etc..  Not all viruses through this phase.

Propagation phase ( Phase Distribution )

In this phase the virus will unite himself to a program or to a place of storage media ( both hard drives, RAM etc ).  Each infected program will be the result of " cloning " of the virus ( depending on how the virus infects ).

Trigerring phase ( Phase Active )

In this phase the virus becomes active and this is also the trigger by some conditions such as the Dormant Phase.

Execution phase ( Phase Execution )

In this phase the virus is active before going to perform its function.  Such as deleting files, display messages.

CRITERIA FOR VIRUS

A program can be called as a virus if they meet the minimum 5 following criteria:

1.  The ability to obtain information

2.  The ability to check a file

3.  The ability to replicate and transmit themselves

4.  The ability to manipulate

5.  The ability to hide themselves.

Now will try to explain briefly what is meant from each ability is and why it is needed.

1.  The ability to obtain information

In general, a virus requires a list of the names of files in a directory.  For what?  So that he can get a list of files that can he tulari.  For example, the macro virus will infect all the data files MS Word, will find a list of files ending in *. doc.  This is where the ability to gather the information necessary for the virus to create a list / data of all files, then sort them by looking for files that can be infected.  Normally this data is created when the file is infected / infected with a virus or a program file virus itself was opened by the user.  The virus will immediately undertake to collect data and put it (usually) in RAM, so when the computer is turned off all the data is lost.  But these data will be created again each time the virus is activated.  Normally this data is also stored as hidden files by virus.

2.  The ability to check a program

A virus must also be able to check a file to be infected, for example, he served infect program extensions *. doc, then he should check whether the document files have been infected or not, because if it is, will be useless menularinya again.  This is very useful to enhance the ability of a virus in terms of speed of infecting a file / program.  Commonly done by the virus is to have / give a mark on a file / program that has infected so easy to recognize by the virus.  Examples of such labeling is to provide a unique byte in every file that has been infected.

3.  The ability to multiply

If this is indeed a virus "bang-get", that is, without this ability is not a virus.  The core of the virus is the ability mengandakan itself by infecting other files.  A virus if it has found a candidate

victim so she would recognize him with a look.  If not infected then the virus will begin transmission action by writing the byte identifiers on the file, and so on mengcopikan / write virus code object above the target file.  Some common ways that done by the virus to infect / reproduce itself are:

a.  Infected files to be deleted or renamed.  Then created a file containing the virus program itself using the original file name.

b.  Virus programs that have been executed / loaded into memory will directly infect other files by riding all existing files.

4.  Their ability to manipulate

Routine (routine) owned by a virus will be executed after the virus infects a file.  The contents of this routine can range from harmless to doing vandalism.  This routine is generally used to manipulate files or even popularizing the creators!  This routine use of the ability of an operating system (Operating System), which has the same ability to those of the operating system.  For example:

a.  Create a picture or message on the monitor

b.  Replacing / changing the label of each file, directory, or labels from the drive on your PC

c.  Manipulate file infected

d.  Damaging files

e.  Disrupting the work printer, etc.

5.  The ability to hide themselves

The ability to hide it should be owned by a virus for all the good work from the beginning to the success of transmission can be accomplished.

The usual steps are:

- Program viruses are stored in coded form and machines combined with other programs that are considered useful by the user

- Program Boot Record virus or placed on tracks on the disk that is rarely noticed by the computer itself

- Program viruses are made as short as possible, and the infected file is not changed in size

- The virus does not change the description / information when a file is

Origin VIRUS and UNDERSTANDING VIRUS

Origin VIRUS

1949, John von Neumann, menggungkapkan "self-altering automata theory" which is the result of research mathematicians.

1960, Lab BELL (AT&T), experts in the lab BELL (AT&T) dabbled in theory expressed by John von Neumann, by creating a type of game / game.  They create a program that can reproduce itself and to destroy the opponent artificial program.  Programs that are able to survive and destroy all other programs, will be considered a winner.  This game eventually became the favorite game in each computer lab.  However, the longer the program that created the more dangerous, so they conduct strict supervision and security of this game.

1980, these programs are ultimately known as the "virus" is successfully spread beyond the laboratory environment, and begin circulating in public.

UNDERSTANDING VIRUS

"A program cans That Infect other programs by modifying Them slighty altered to include a copy of Itself. A virus spreads cans Throughout a computer system or network using the authorization of every user using it to Infect Their programs. Every programs" That gets infected cans Also  That acts as a viral infection grows "The first time the term" virus "is used by Fred Cohen in 1984 in the United States. A computer virus called" virus "because it has some fundamental similarities with the virus in medical terms (biological viruses).

Computer viruses can be interpreted as an ordinary computer program.  But a fundamental difference with other programs, namely a virus designed to infect other programs, convert, manipulate and even destroying it.  There is to be noted here, the virus will infect only if a trigger program or programs that have been infected had been executed, where it differs with the "worm".  This paper will not discuss the worm because the later will divert us from the discussion of this virus.