Breaking News

Thursday, 10 September 2020

What is a computer Virus | Types of viruses | How to be safe

 

What is a computer Virus | Types of viruses | How to be safe



1. what is a computer virus?

What is a computer virus? Basically, A computer virus is a malicious program that infects your computer. It uses files and folders as media to establish itself in your machine and spread. In the virtual world, the virus is extremely contagious since it can use a network to damage all the machines linked together: PC but also printers, internal servers, NAS, and any other connected device.

2. Definition of Computer Virus

  • It is encrypted so that the information it contains remains hidden. This is how malware masks its presence.
  • Polymorphism: it can take many forms and act in different ways. It is therefore more difficult to identify it and put it out of harm's way.
  • Metamorphism: here the computer virus modifies all of its structure and instructions. It thus becomes even more difficult to flush out and recognize.
  • Stealth: in this case the virus tricks your operating system and your antivirus. In this game, rootkit type malware is the most effective. There are different methods for tricking antiviruses, including erasing traces of its passage or directing the protection software towards an uninfected portion of the hard disk that the virus will have previously copied.

3. What do viruses do on your computer?

Damage caused by viruses can range from temporary computer malfunction to serious damage. In general, a virus can:
  • Send you links to unwanted sites;
  • Erase your data;
  • Spy on you by copying your personal information (passwords, emails, etc.) and send them to a third party;
  • Cause the computer system to overheat to the point of rendering the computer unusable.

4. Main types of computer viruses

Modern viruses fall into several categories. Each can have different types of objectives and attack techniques. Among the main ones, we highlight:

4.1 Keylogger


The keylogger is a type of virus whose main objective is to capture all the information that is typed on the computer. This data collection will be permanent and all information will be sent to the person responsible for distributing the malware. Thus, it is possible to collect data such as passwords for social networks, emails, and credit cards.

4.2 Ransomware


Ransomware is one of the worst types of today's computer viruses. Attacks carried out with this type of malware can cause great damage to companies, ranging from loss of critical data to financial values.

In addition, while the attack is being carried out, the establishment will not be able to perform its daily activities that depend on the computer system, which makes it vital to use techniques to prevent this type of threat.

The attack of a ransomware virus is done through a complex social engineering process. Hackers send messages to users of a corporate system, simulating real content and encouraging the download of an infected file. After opening the file, the malicious software scans the company's network, looking for loopholes that allow access to internal systems and private data.

Once this step is completed, all available information is encrypted and access to the data is blocked.

In order for the company to resume its activities, a payment (usually in bitcoin) of variable value is required. And if the company tries to release access to your data without payment, commands can be triggered to permanently delete files.

4.3 Spyware


Spyware is software that aims to capture information from users without their knowledge. As in the case of keyloggers, everything obtained is sent to the distributor of the infected files.

In general, this type of computer virus tracks a person's steps on the Internet and modifies the content of pages to display advertising that leads to the download of other types of computer viruses.

This is a feature that takes spyware to a higher level compared to the keylogger. In addition to capturing information such as passwords and credit card numbers, they can also modify computer settings and add additional software.

Its distribution can be done through fake websites, SPAM emails, and legitimate software, which are modified and published on pages that simulate famous program distribution sites.

4.4 Worms


Worms are a variant of viruses that became famous during the 2000s. They are characterized by their high ability to replicate on a network or set of computers without human interaction. In addition, they create additional copies of themselves inside the machines on which they are stored, making it difficult to completely remove them.

Despite being distributed using traditional techniques, such as spam messages and fake websites, worms gained strength by exploiting operating system flaws (especially Windows XP) that allowed automatic software to run through the pen-drive autorun. Thus, whenever a storage unit was connected to a new computer, the malware automatically installed itself on the system.

4.5 Trojan Horse


Trojan horses are among the most dangerous threats on the computer network. They disguise themselves as legitimate software so that, during their execution, other threats are installed on the user's computer.

Thus, exploiting flaws in the operating system, the hacker can control the machine, obtain personal data and even transform the device into a member of a zombie network (when the computer performs automated functions and is part of a network created to execute targeted attacks ).

4.6 Trojan Banking


It is a trojan characterized by access to bank details, shopping sites, social networks and email servers. Its attack is similar to the Trojan Horse, by sharing a file or software camouflaged as legitimate on infected pages or emails.

4.7 Blended Threats 


Also called compound threats, this type of computer virus is a combination of various malicious codes that can act as a large set of viruses simultaneously. This type of computer virus is able to reproduce itself, capture data, and allow the installation of other malware.

This type of software is distributed through fake emails and infected flash drives. Given their versatility, they can infect a wide range of devices and operating systems.

4.8 Adware


Adware or advertising malware is malware that can be easily identified. It presents itself as unwanted advertising. In some cases they are just annoying in others they undermine the security settings by tracking their activities to show ads where they generally would not have access.

4.9 Browser Hijacker


It is an unauthorized alteration of browser settings by malware. The home page and search pages are changed, display ads on legitimate sites, and redirect access to specific and malicious sites.

4.10 Rootkit


A rootkit is a trojan that integrates with the operating system, allowing access to the computer while hiding its files and processes in some parts of the system. A rootkit is able to give hackers administrative access to your device or your network without you realizing it.

This malware can be installed via commercial security products and application extensions. The use of some antiviruses can detect the behavior of rootkits but they must be deleted manually.

4.11 crossRAT


It is the newest computer virus discovered and is a dangerous threat to espionage characteristics. It can be found in several virtual environments that are considered safe in URLs that are shared without restriction over the web. CrossRAT makes a complete scan of your system allowing a hacker to send commands remotely to your PC, that is, he can spy and perform various activities on your machine.

5. How to be safe from viruses?


There are things you can do to avoid viruses, Install an antivirus program, Don't click on suspicious links or emails. Keep your operating systems and computer programs updated with the latest security patches.

6. How to remove a computer virus?

There are several ways to remove a computer virus depending on its dangerousness and the extent of the damage. First of all check that your antivirus is up to date. If it is not, perform the recommended update. In particular, the virus definitions of the program should be kept up to date. These are robot portraits of circulating viruses that allow the software to identify malicious intruders and notify you of their presence.

If you bought a new antivirus, don't let the two coexist. If you are under Windows 10 it is possible that you have Windows Defender activated. As native software, this program cannot be removed. However, you can deactivate it. To do this go to the Start menu> Settings> Update & security> Windows security> Virus and threat protection> Manage settings. If the switch is set to Real-time protection set it to Disable.



If your antivirus does not detect anything, despite obvious malfunctions, there is software without installation specialized in the identification of malware, horses of three, spyware, or attempts of pishing. They can be used without problems along with your antivirus to maximize your chances of success. We can cite ESET Online Scanner, with its one-time scan functionality, or Online Scan / Clean Tool from Trend Micro compatible with Windows 64 or 32 bit. The latter also makes it possible to analyze systems running Android.


6.1 Removal of Virus or Malware

Once your antivirus has detected the intruder, it will offer to remove it. And this deletion will erase all traces. But it is not always that simple. Especially if the malware causes significant malfunctions. In the most extreme cases you may have to entrust your computer to a professional, especially if nothing works. There is also a way to free yourself from malware, as long as you know a little about it. Here's the procedure to follow :

  • Save all of your data on an external medium: external hard drive for example. This step is fundamental to the risk of losing important information that you do not otherwise have.
  • Format your computer's hard drive. Keep in mind that this process deletes all of the data on it, including software. If you had programs, whether paid or free, make sure you have kept the installation CDs or can find them on the internet in the correct version.
  • Install your operating system again.

Several antivirus designers offer ISO standard software to disinfect an operating system. They are usually free like Kaspersky Rescue Disk or Ultimate Boot CD.


7. Top 5 Most Dangerous Computer Viruses


When we talk about a computer virus, we usually mean any kind of code designed to do harm and spread itself to more computers.

Viruses are created by malicious programmers who might want to use your computer to attack other targets or make money by stealing your personal information. They could also just be trying to see how far their virus will spread.

Different viruses can affect Windows, Mac OS, and Linux computers, and even data servers that keep companies, and the internet itself, running. Antivirus program help, but they can have trouble dealing with threats they've never seen before. 


Over the years, there have been thousands and thousands of viruses spread online, and they've caused billions of dollars of damage from lost productivity, wasted resources, and broken machines. A few dozen of the viruses stand out, some spread especially quickly, or affected a lot of people, or created a ton of damage all by themselves. Some did all of the above. 

Since a lot of viruses were very bad in a lot of different ways, it's hard to pick out which ones will objectively the worst. But with that in mind here are 5 those extra destructive viruses. These are snippets of code that changed the way people thought about computer security, both the people designing the viruses and people trying to protect them. So let's get started.


7.1 Melissa Virus


Say it's March 1999. You're an unsuspecting computer user who's never gotten a virus, let alone been trained to look for the signs that an email might be malicious. You get an email from someone you know, with a subject line that says it an important message. The message inside just says "Here's that document you asked for don't show it to anyone. 

The attachment is a Word document labeled "LIST" so you click on it because you're curious and a list of porn sites pops up. At this point, you realize that the email was probably some kind of virus. But it's too late, the first 50 people in your address book have already gotten a copy of the exact same email, with a subject list saying that the message is from you. That was the Melissa Virus.

The Melissa virus was spread through Microsoft's Outlook email program, and even though the attachment seemed like an innocent word document, it was able to infect the computer because of something called a macro. A macro is a specific kind of computer program that's used to create shortcuts. They're meant to make it easier to edit a document. Instead of making manually a set of changes to the document. Macro is the piece of code that would let you do with 1 click.


The problem is that functionality gives macros a lot of power over your computer. In just a few days, Melissa spread to hundreds of thousands of computers. It didn't do any damage to computers. But it did make an email service a slow way down and cost companies about $80 million overall.

The programmer behind this virus was David L.Smith, was caught about a week after Melissa was first released. He spends 20 months in prison and paid a $5000 fine. Why Melissa? Apparently, that was the name of a stripper he met in Florida.

7.2 I LOVE YOU VIRUS  


It was spread on 5 May 2000, was also successful because of social engineering, It reached around 45 million computers in just two days, and caused by $10 billion in damage. The infected mail had the subject line "I LOVE YOU", and came with the attachment title with "love letter for you.txt". 

When you click on the attachment the virus will go to your system's files looking for media like documents, images, and audio files. Then it would overwrite them with copies of itself, so if you didn't have your file backup, you'd lose all your data. Meanwhile, the virus would send itself to everyone in your address book. It was a type of virus called a worm, which means that it was a standalone program.

It looked like a text document but that virus file was actually a type of visual basic script which uses the file extension .vbs. Users couldn't see VBS at the end of the filename, though, because the windows OS that they were using was hiding file extension by default. Visual basic script sends your computers a set of instructions to execute. So if they're meant to cause harm it could be very dangerous.


The Virus was attributed to two programmers in the Philippines. But even though they were both arrested, they were realized at the time, there wasn't any law against what they'd done. 

7.3 SQL slammer


On 25 January 2003 just before 6 a.m, the internet broke. South Korea lost both internet and cell phone service. 300,000 people in Portugal couldn't connect to the internet. Airlines couldn't process tickets and had to cancel flights. Bank ATM's went down. 911 in Seattle had to start using paper to log calls. Even for a lot of devices that were still connected to the internet, the connections had become suddenly very slow, even by 2003 standards.

SQL Slammer was a worm that targeted SQL servers, which store databases using a piece of Microsoft software called. Microsoft SQL Server. It worked by taking advantage of a bug in the software it sends the server a specially formatted piece of code, one that looked like it was just an ordinary request for information, but actually reprogrammed the server to send out more copies of the same
worm. 

The worm spread faster than any other virus ever had, infecting 75,000 servers in just 10 minutes. Those servers were all sending requests to thousands of other servers, which couldn't handle all the traffic. In all millions of servers were affected, and the internet went kaput for a while.


Slammer is thought to have caused about $1.2 billion in damage before it was stopped, and the programmer behind it was never caught. The whole mess could have been prevented, though six months earlier, Microsoft released a fix for the bug but lots of people just hadn't installed it yet. 

7.4 Storm Worm 

On the 19 January, 2007 Storm worm was another worm that spread through email. But its purpose wasn't to destroy your computer or information, it wanted to take over your computer instead. The original subject line read "230 dead as storm batters Europe", which is where the virus gets its name.

But instead of an attachment, the email contained a link to a website, which promptly downloaded the virus onto the user's machine. Storm worm was designed to be as invisible as possible so that you wouldn't detect and destroy it. This way it was able to use your computer to do all kinds of stuff in the background.

The virus would connect your machine to a  botnet a collection of computers that form a network. But at first, the network didn't do actually very much, it just grew up. To make matter worse the anti-virus program had trouble finding a virus on an infected machine. The code form storm worm was designed to change every half hour, so it always looked different. They just sold the network to other criminals and scammers. After a while companies did figure out how to stop the virus from spreading. The people behind it were never caught.

7.5 Mebroot/Torpig


Mebroot is also a virus that slowly started to spread in 2007. And its main goal was also to hook you up with botnet called torpid. Both are especially sophisticated. It usually gets into your computer via a drive-by download, where you visit a malicious web page and the program starts to download in the background without you even knowing it. From there, it overwrites the master boot record. It is a part of your computer hard drive that stores the instruction that tells your computer how to start up. 


It can tell your computer what to do right from the start, And what it tells your computer is to connect to the torpid botnet which then steals all of your information. Torpig uses a spying technique known as Man-in-the-browser, which is creepy as it sounds. 

It lurks in your browser, logging everything you do and any private information you enter. It also tries actively to steal the information, using a fake website that looks and behaves exactly the same as the originals but sends the data to the torpid servers instead. By late 2008 torpid had stolen info connected to 500,000 bank accounts, and again the people who created it haven't been caught.

0 comments:

Post a Comment

'; (function() { var dsq = document.createElement('script'); dsq.type = 'text/javascript'; dsq.async = true; dsq.src = '//' + disqus_shortname + '.disqus.com/embed.js'; (document.getElementsByTagName('head')[0] || document.getElementsByTagName('body')[0]).appendChild(dsq); })();
'; (function() { var dsq = document.createElement('script'); dsq.type = 'text/javascript'; dsq.async = true; dsq.src = '//' + disqus_shortname + '.disqus.com/embed.js'; (document.getElementsByTagName('head')[0] || document.getElementsByTagName('body')[0]).appendChild(dsq); })();