A resolution of 800x600 and the use of the Netscape Navigator v4.x or Internet Explorer 5 is recommended.

Virus - any one of a group of substances that cause certain infectious diseases. Viruses are composed of protein and nucleic acid. They are smaller than any ordinary bacteria and cannot be seen through most microscopes. They are dependent upon living tissue for their reproduction and growth but computer viruses are much more interesting, sophisticated and complex. Anybody who like to share interest, knowledge, information or anything about computer viruses, please  email me. :)

| News | History | Anatomy | Pictures | Jokes | Links | Email |


      Guestbook by GuestWorld     

 


Computer viruses are only one of the many possible forms of attack on computer systems ,other common forms are Trojan horses, Logic Bombs and Worms. For example, a virus may often incorporate a logic bomb which triggers on a certain date. Similarly, a virus is often  introduced into a computer system attached to a legitimate program, which makes the program an unwitting Trojan Horse.

Computer viruses (and worms) are best define by 4 essential characteristics :

 REPLICATION : Viruses make copies of themselves, spreading across floppy disks, computer systems and networks.

 EXECUTABLE PATH : For a viruses to do anything, it must be executed. This normally occurs in a parasitic way, so
 that the user is not aware that the virus has been executed. The operating system, which executed  automatically on startup are good 'vehicles' on which to hitch a free ride. To do this, a virus needs to make some modification to make some modification to the program involved. The extent of this modification can be surprisingly small.

 SIDE EFFECT : Viruses do not normally consist only of self-replicating code, they also contain a 'Payload'. This is comparable to a missile carrying a warhead, the self-replicating code is analogous to the missile and the side-effect to the warhead.

 DISGUISE : The successful spread of a virus depends on how long it can be replicate unnoticed, before its presence is made by the activation of side-effects. Replicating longevity is achieved through 2 methods of disguise-encryption (scrambling) and interception. These are also known as 'Virus Hiding Mechanisms'.

TROJAN HORSES

A Trojan Horses is a program which performs services beyond those stated in its specifications. These effects can be (and often are) malicious. Trojan horses are often used as a means of infecting an unsuspecting user with a virus. If a legitimate program becomes infected with a virus, it becomes a Trojan Horse and if a user executes it in the belief that he is executing a bona-fide copy, his computer will become infected.

LOGIC BOMBS

A logic bomb is a program which causes damage when triggered by some condition such as time, or the presence or  absence of data such as a name. A hypothetical example of a logic bomb would be a maliciously modified copy of a spreedsheet which zeroed a particular cell every Tuesday between 10 and 11 A.M, but otherwise did not reveal its presence. The result would be very confusing and difficult to trace.

WORMS

Worms are similar to viruses but unlike viruses (which need a carrier in order to replicate), worms replicate in their entirety,
creating exact copies of themselves. Worms are normally found on computer networks and multi-user computers, and use inter-computer or inter-user communications as the transmission medium.

A new generation of viruses are being born and there are :

Bootsector/MBR Infectors : Those were the most common viruses some years ago. Today most users use CD-Roms or the internet to backup/copy their files, but some years ago floppy disks were common place. Even today BS/MBR viruses do get around at least according to the Wild-List. The most common and also first BS/MBR viruses were Stoned and Form-A. Bootsector/MBR infectors spread by replacing the MBR on hardrives with the virus body, when the computer boots up the virus will go resident and infect all floppies and hardrives that is accessed. To get infected by a BS/MBR infector you have to boot up from an infected hardrive or floppy disk, or leave a floppy disk accidentlly in the computer during boot up.

 File Infectors : Viruses infecting executables, that means exe, com, bat, bin, ini, hlp, obj,sys,dll,Newexe, exe(PE). There might be some
more files that I forgot. There are a lot of different ways to infect the executable the most common way is to append the virus to the end of
the file and then modify the header or start of the file to point to the virus. When the infected file is started virus first get control and gets
resident/infect some more files or what ever the author coded it to. After the virus has finished its work it restores control back to the host by "disinfecting" the file in memory. This physical file on HD will still be infected but the "image" in the memory will be clean. Not all executable formats are infected this way and there are tons of ways to infect a file. Most file infects can be divided into runtime viruses and resident. The most effective is probably the resident once. They have full control over the system once they are active and can infect any file opened/closed executed, you name it. There are file infectors for most OS. All Microsoft OS have been exploited except maybe Windows CE. A new generation of viruses are being introduced, the Win32 infectors. They have been around for some years now but they haven't been very common. Antivirus vendors will have a hard time stopping the virus glut that soon will come.

 Macro viruses : Viruses infecting documents (.doc), html documents (.html) they also might infect document templates (.dot). Those viruses are coded in HLL included in the Microsoft Office products. The older macro viruses like concept were coded for Word95 and used WordBasic. It looks very much like usual Qbasic and other basic languages. It's not very fast and powerful but with only some lines selfreplicating code can be done. Due to the nature of the .doc files the macro viruses can get spread world wide pretty fast, sometimes in a couple of months. To prevent macro virus from spreading you should disable the macros or at least turn on the virus protection. I think that macro viruses spread because of human stupidity. They could easily be stopped if the average user were a bit more educated. The latest macro viruses like Melissa for instance use Outlook to spread over email. Still you won't be infected just because of getting a mail, you'll have to open the attachment that follows the message. Some people say it's impossible to get infected if there is no attachment. This is not true, because due to bugs in Inter net Explorer 5.0 a virus is able to autoreplicate itself without any attachment. Read about Outlook.Bubbleboy for more information.

 Script Viruses : Viruses infecting mIRC,pIRCH,VBS and some scripts in coreldraw pictures. Those worms/viruses are often combined with some other form of virus type like macro or file infector. They are coded in script languages mostly not very unlike HLL like Visual Basic. mIRC worms/viruses often DCC sends infected scripts/files to people joining "infected" channels, that means channels where an infected user is chatting. They also propagate by using average users stupidity. 

 Internet Aware-viruses/worms : This is the new generation of viruses that will dominate the new millenium! They use the Net to spread themselfs, so called Autoreplicating viruses/worms. They don't have to get in physical contact with they victims they can spread over networks using email security holes, ftp and other network/internet protocols. Yet we haven't faced the REAL internet aware viruses with some AI features. Maybe the internet worm back in 1988 was the best yet, but more is to come!

WHO WRITES VIRUSES ?

It is not easy to establish the origins of viruses, since it is rare to find any firm clues in the virus code. One notable exception is the
'Brain' virus which has a name, address and telephone number embedded in the bootstrap sector. 'Brain' was written bye 2 computer  owners in Pakistan, the 'Jerusalem' virus was traced back to the Hebrew University in Jerusalem and else.

A number of groups have been identified as potential originators of viruses are:

HACKERS
Hackers are people analogous to drug addicts. They need their 'fix' and cannot leave the machine alone. Like addicts they seek novelty and new experiences. Writing a virus gives them this, but unlike addicts who get immediate relief after a fix, they are not usually present when the virus triggers and releases the payload. :)

FREAKS
This is an irresponsible subgroup of hackers, in the same way that some drug addicts remain reasonably responsible, while others (psychopaths) become irresponsible. There are several reasons why freaks write viruses, some do it for 'fun', others for money.

UNIVERSITY STUDENTS
Most universities offer free, often uncontrolled, computer facilities to students. The technical ability to write a virus is within the reach of a first-year computer science student, who may see such a project as an intellectual challenge.  But, I doubt our local grad capable of writing one.

COMPUTER CLUBS / GROUPS
Some computer clubs have been very active in providing their members with information on how to write viruses such as the Chaos Computer Club in Hamburg, Germany. In Malaysia, there are also a group known as KPV team, a macro virus coders and individual virus coders  known as Mat _IT. 

                                                            * Anyone who have information about these virus coders, please email me *                                                       

WHY WRITE VIRUSES ?
Most virus's you see today are created either to prove a point to the world that he or his group are capable of writing virus's, or to get revenge on someone. Viruses created in the early days are mostly virus's that don't really do much harm. These are pretty well harmless and is recoverable or killable with virus checkers. Today, virus normally will ruin your hard disks, your files and even your net working.

The Revenge virus is made to literally get even with someone that has done you wrong. And in most cases it will simply format everything (Twice so that all data is unrecoverable). Some will even change or erase certain files on a system in such a way to benifit it's creator (Ie: increase cheques or kill records). In any case, you can see that these go far beyond the methods used by regular virus's seen today.

THE ART OF VIRUS COLLECTING       [By Tally - March 1999]
Why in the world would anyone collect viruses or any other self-replicating program? I don't know! Why collect stamps? Why collect cars, parking tickets or rejection slips? That is, why collect at all?  Well, there is a certain amount of joy in the hunt for one thing. After hearing of a new and particularly deadly virus (CIH for instance) I want a copy. Getting a full collection of those golden oldies is fun too. It is electronic history. 

Another reason is the environment! Virus authors, collectors, groups, etc. have their own scene. It is interesting to get to know 
the people. I have made more Internet friends by collecting viruses than anywhere else on the net. Viruses are fascinating programs. Since I programmed for a living, writing database applications and other less exciting works, the "electronic life" seemed exciting by comparison. Watching a virus move about a hard drive is fun. But ultimately, I can't say there is any one good reason. I just find myself fascinated with them. While it makes better sense than collecting 'furbies', I don't pretend it has any clear, useful and defensible reason. It is just cool. :)

HOW TO AVOID THEM ?
Step 1: Be suspicious of attachments First, and most importantly: Whenever you receive files via e-mail, do not open them without scanning  for viruses first. Viruses like ExploreZip transmit themselves through your friends' e-mail programs -- just because you know the
person sending the file does not mean it is virus-free. 

Step 2: Get anti-virus updates Second, if you have anti-virus software, make sure it is up-to-date. Most programs have options to add new
virus-detection code automatically whenever the software vendor discovers a threat. This is a good feature to keep enabled. Alternatively, when you first hear about a new virus, immediately get the latest virus-detection code for your specific program.

Step 3: Double-check your system Next, run a full virus scan of your computer. You might have become infected before you updated your anti-virus software. The ExploreZip was first detected Sunday, June 6. 

Step 4: Stay informed Every major virus is quickly copied, so there will certainly be "mutant strains" of ExploreZip that vary slightly from the
original. For instance, the name of the infected attachment might change. Don't assume you know enough to protect yourself without the aid of anti-virus software, and keep aware of any mutant strains that might require additional virus-detection updates.