Pages

Tuesday, April 12, 2011

Virus Type - වෛරස් වර්ග


Some Viruses can Crash you PC. Check out the Types of Viruses

People have a very general view that there are many types of computer viruses and are those programs that cause damage or make the system crash. 
Malicious code is the general word used and virus is one type of malicious code. Worms and Trojans are different from computer virus and destructive types of worms are sometimes termed as internet types of virus. Computer viruses have made their mark on the PC's since the 90's with different types of viruses causing damage to computers.

The earliest viruses made the most impact as no anti-virus programs were available. The advent of anti-virus programs spelled a death blow to many common types of computer viruses that were written by the various tools to generate types of computer virus. Those who were inept at programming used these various tool to generate the virus. Devious mind always find new ways when they found that the anti-virus software's were able to disinfect and remove the different types of computer viruses they went on to new methods and that is how Trojans and worms came up.

There are a few main types of computer viruses and these computer virus types are classified below depending upon the infection methods:




Trojan Horses..
පිටතින් වෙන වැඩ සටහනක් මෙන් පෙනීසිට, පරිගනකයට අනවසර පුදිගලයන්ට ඇතුලු වීමට සැලැස්වීම, පරිගනකයේ ඇති දත්ත පිටස්තරයන්ට ලබාදීම.



Worms..
පරිගණක ජාල හරහා පරිශීලකයාට කිසිදු දැනුම් දීමකින් තොරව පැතිරොන වෛරස වර්ගයක්. බොහෝවිට ඉලක්ක පරිගණකියේ දත්ත විනාෂ කිරීම හෝ දූෂිත කිරීම සිදු කරයි.



Boot Sector Viruses..

දෘඩ තැටියේ හෝ වෙනත් දත්ත ගබඩා කිරීමේ මාධ්‍යයක ආරම්භක කොටස් වල පැතිරෙන වෛරස.




Email Viruses..
විද්‍යුත් තැපෑල මාර්ග‍යෙන් පැතිරෙන් වෛරස. සාමාන්‍යයෙන් මෙම වෛරස ස්වයංක්‍රීයව ලිපින එකතු‍වේ (address book) ඇති අනෙකුත් විද්‍යුත් තැපැල් ලිපිනයන්ටද වෛරස‍ය තැපැල් කර යවමින් පැතිරෙයි.



Companion Viruses..


Ms Dos (PC Dos) වලදි වැඩසටනක් ආරම්භ කරනු‍යේ එම වැඩසටනේ නම කෙලින්ම තිරය මත සටහන් කිරීමෙනි. උදා- run.exe එක ධාවනය කිරීමට run කියා හෝ run.exe ලෙස ටයිප් කල යුතුය. පරිශීලකයා බොහෝ විට පළමු ක්‍රමය අනුගමනය කරයි. නමුත් පරිගණකයේ run.com නමි file එකත් තිබුනොත් වැඩ කරන්නේ run.com වැඩසටහනයි. (ඔබ dos මත වැඩ වැඩටහනක නමක් දිගුවක්(extension) නොමැතිව ධාවනය කරන වි‍ට පළමුව dos මගින් .bat ආකාරයේ වැඩටහනක් ඇත්දැයි සොයයි. පසුව .com හා ඉන් පසුව .exe ආකාරයේ වැඩටහනක් අත්දැයි සොයයි. ඉන් හමුවන පළමු වැඩසටහන ධාවනය කරයි). මෙම ගුණාංගය ප්‍රයෝජනයට ගෙන මෙම වර්ගයේ වෛරස නිර්මාණය කර ඇත. වෛරසය මගින් දැනට පරිගණකයේ ඇති .exe ආකාරයේ ‍ගොනු සඳහා .com ආකාරයේ ‍ගොනු සාදයි. ඒවා තුළ වෛරස තැන්පත් කරයි. ඒ නිසා පළමුව වෛරසය ධාවනය වී පසු‍ව වෛරසය .exe ගොනුව ධාවනය කරවයි. මේ ආකාරයට පැතිරීම සිදුකරයි.





Logic Bombs and Time Bombs..
පරිගණකයේ කිසියම් ක්‍රියාවක් හා අනුබද්දව ප්‍රතිචාර දක්වයි.(උදා - ගොනු මකා දැමීමේදී, මුද්‍රිත පිටපත් ලබා ගැනීමේදී) මෙම වෛරස නියමත කාලයකට අනුව ප්‍රතිචාර දක්වයි නම් එයට Time bomb කියා කියයි.



Macro Viruses..
Microsoft office පැකේජයන් හී භාවිතා වන නි‍‍‍‍යෝග එකලස (macro) මාර්ගයෙන් පැතිරෙයි.



Cross-site Scripting Virus..
මෙම වැඩ සටහන් සත්‍යය වශයෙන්ම වෛරස නොවූවත් සිදුවන හානිය ගැන සලකා වෛරස සේ වර්ග කරයි.




Boot sector/Master Boot Record Computer Virus

Means of Infection
Boot sector is that area of the computer that is accessed when the computer is turned on. A boot sector virus infects this portion. Once the boot sector is infected the virus is loaded into memory when the computer is turned on. This virus then infects boot sectors on floppies or other removable media Master Boot record virus only infects the Master boot record and not the boot sector
Damage Caused
Boot sector viruses gain complete control of the master boot record or the DOS boot sector by replacing the operating system contents with that of its own. This allows the virus to spread fast and cause damage:
  • By gaining control of the master boot record and the DOS boot sector the boot sector viruses can sometimes hide the resources that the computer has( the floppy drive even though attached may not be present)
  • Some boot sector viruses contain instructions to redirect disk reads.
  • Some boot sector viruses move the master boot record to another location causing the system to crash when it boots up. Other boot sector viruses cause damage to the master boot record
  • Some boot sector viruses damage the File Allocation Table (FAT) which is the index of all the files on the drive. This causes loss of data
Removal
The best way to remove boot sector virus is to boot the computer with using a clean boot disk and then rewrite the files with the good operating system files on the infected disk. These viruses were very much prevalent in the ninety's and a host of antivirus programs are now available to detect and clean them effectively




Program/File infector computer virus

Means of Infection
This virus infects which contain code that can be executed and usually this virus infects files that can execute code like .exe, .com, .drv, .dll, .bin, .ovl 
and .sys files. These are also known as parasitic viruses and are activated when the executable file containing the virus is executed. The virus then remains in memory and infect other executable files when these files are opened or run. The vast majority of these viruses have been on the Microsoft windows, OS/2 and Apple Computers.
Damage Caused
The File infector virus can cause irreversible damage to files. By overwriting files it permanently destroys the content of these files. Some files viruses have also operated as email worm and Trojan horse as well.
Removal
The only way to disinfect files from the file virus is that the files affected with the file virus have to be deleted and restored from back up.

Macro Computer Virus

Means of Infection
Macro is a set of commands written by the user to be executed, later. The different ways to create macros would be the macro recorder or Visual Basic for Applications. Macro Viruses uses the macro language for its program. Microsoft office has got the macro language built into its application and so most of its application programs are affected by this virus. Word Documents, Excel Spreadsheets, Power point presentations, and Access Databases are mostly affected. The document template is affected and hence every file that is opened is affected. Some macros viruses contain a trigger which is usually a date on which the virus is programmed to start the actual damage. Some other Macro viruses share the characteristics of a computer worm by spreading across networks by using the macro facility available in Microsoft Outlook.
Damage Caused
Some common macros are
  • AutoExec
  • AutoNew
  • AutoOpen
  • AutoClose
  • AutoExit
The existence of the 'auto-exec' macro makes it possible to create many macro viruses.The 'auto-exec' macro is executed in response to some event and does not depend on the user command. The autoexec macro and other auto macros are dangerous tools for the virus writer. Other existing Macro viruses are those which replace command names (existing commands like save, open etc.) with their code. Unlike the auto macros which can be disabled; commands cannot be disabled. Once the macro virus uses these commands it can copy itself to other files and even delete files.
Removal
Prevention is better than cure and the ways to prevent the virus from running is that the autoexec macro can be prevented from executing by starting word from command prompt. Use the following command to start word 'winword /m'. The auto macros are disabled if we use the command 'DisableAutoMacros' in any macro that is written. It can also be disabled by holding down the shift key while opening a document. Word documents cannot contain macros only word templates can. You can mask a template as a document file to prevent it from infection.

Removal can be done by an anti-virus scanner that needs to be updated regularly. The other ways are using the organizer to find and remove macros. In case you know you are infected just shut down word without saving and then find the normal .dot template and delete it. The other way to remove macro viruses is to open the organizer's dialog box and delete all the macro project items listed. The organizer dialog box can be opened from 'File Templates' command or from 'Tools Macro' command. Then close the file.

Other Types of Viruses

A type of computer virus that normally shares a few characteristics of worms or Trojans or other methods used by the main types of computer viruses is differently classified. The nomenclature used is different. We detail some of those below.
Multi-Partite Viruses
Some computer viruses appear to behave like many other viruses and sometimes more than one type. These are hybrids and are called as multi-partite computer viruses.
Polymorphic Viruses
These viruses are written such that it changes its code when ever it passes to another machine so that it is difficult for an anti-virus scanner to locate them. Flaws in the program code make it easy to track down these viruses. It is usually the encryption of the code that changes every time.
Stealth Viruses
Whenever a virus attaches itself onto another file the size of the file increases and this is indicated in the File allocation table. The stealth virus uses techniques to avoid detection by redirecting the disk head to read another sector or alter the file size shown in the Directory listing .
Script Viruses
A subset of file viruses these are written in a variety of script languages like Javascript, VBS, BAT, PHP etc… They are also able to infect other file formats such as HTML (if the file format allows script execution)
ActiveX & Java Applets
Active X and Java Controls are being used in Web browsers to enable and disable sound or video and a host of other controls. If not properly secured this is another area that virus writes use to get private data from your computer.

Many types of viruses do more than viruses do. Some are file type viruses and then a trigger may activate a code to make them behave like a worm. Therefore classification becomes difficult in these cases. The basic behavior of a virus which makes it different from a Trojan is that it replicates very fast.



Source ; http://www.secureurpc.com

ස‍ටහන