The definition could be as follows:
any program capable of infecting another program by modifying it so that it, in turn, can reproduce is a computer virus
The real name given to computer viruses is "Self-Propagating Code", but by analogy with the medical field, the name "Virus" has been given.
They reproduce by infecting "host applications", that is, by copying a portion of executable code within an existing program. However, in order not to have a chaotic operation, they are programmed not to infect the same file several times.
Viruses range from the simple ping-pong ball that crosses the screen, to the most dangerous computer viruses that destroy data.
The latter being the most virulent form of the virus. Thus, given that there is a wide range of viruses with actions as diverse as they are varied,
computer viruses are not classified according to their damage but according to their mode of spread and infection.
Antiviruses are able to detect them if they know about them, thus making it possible to clean it as far as possible if one or more viruses are found.
This is called virus eradication to designate the computer cleaning procedure.
They thus integrate into the infected application a series of bytes allowing them to check whether the program has been infected beforehand:
this is the viral signature. Antiviruses thus rely on this signature specific to each of them to detect them.
This is the signature search method (scanning), the oldest method used by antiviruses. This method is only reliable if the antivirus has an up-to-date viral database, that is to say including the signatures of all known viruses.
However, this method does not allow detection of all that has not yet been listed by antivirus vendors.
In addition, malicious programmers have now given them the ability to camouflage, so as to make their signature undetectable,
these are “polymorphic viruses”. Some antiviruses use an integrity checker to check if files have been modified.
Thus the integrity checker builds a database containing information on the executable files of the system (modification date, size, and possibly a checksum).
Thus, when an executable file changes characteristics, the antivirus warns the user of the machine.
The 3 Categories of a Computer Virus:
- Worms are viruses that can spread across a network.
- Trojans (Trojan horses) are viruses that make it possible to create a vulnerability in a system, generally to allow its designer to enter the infected system in order to take control.
- Logic bombs are viruses capable of triggering following a particular event (system date, remote activation, etc.)
The 6 Different Types of Computer Virus
1. The Mutant Computer Virus, In reality, most viruses are clones, or more exactly "mutants", that is to say, having been rewritten by other programmers in order to modify their behavior or else only their signature. The fact that there are several versions (we speak of variants) of the same virus makes it all the more difficult to spot insofar as antivirus companies must add these new signatures to their databases ...
2. The polymorphic computer virus Since antiviruses detect (among other things) computer viruses thanks to their signature (the succession of bits that identifies them), some malicious creators have thought of giving them the possibility of automatically modifying their appearance, such as a chameleon, by endowing them with the function of encryption and decryption of their signature so that only the virus is able to recognize its own signature. This type of computer virus is called polymorphic (this word coming from the Greek means which can take several forms).
3. The retroviruses We call “retrovirus” or “virus bounty hunters” (in English bounty hunters) a virus having the capacity to modify the signatures of antivirus in order to make them inoperative.
4. The computer boot virus We call a boot virus, a computer virus capable of infecting the boot sector of a disk (MBR, or Master Boot Record), that is to say, a sector of the disk copied into memory when the computer starts up, then run to initiate the operating system startup.
5. The Trojan Horse represents a breach in the security of a network by creating a hidden connection that a hacker can use to break into the system or to provide it with information. These viruses mark systems in such a way that they can be detected by their creators. Such computer viruses reveal all of a machine's information systems and thus break the confidentiality of the documents it contains, they are called Trojan horses.
6. Computer virus macros With the proliferation of programs using macros, Microsoft has developed a common scripting language that can be inserted into most documents that may contain macros, it is VBScript, a subset of Visual Basic. These computer viruses currently manage to infect the macros of Microsoft Office documents, that is to say, that it can be located inside an ordinary Word or Excel document, and execute a portion of code when opened. of this allowing it on the one hand to propagate in the files, but also to access the operating system (Windows). This has the possibility when it is opened on a Microsoft mail client, to access the entire address book and to distribute itself over the network. This type is called a worm (or worm in English). I invite you to participate by commenting. Sharing will help us all to be well informed of all these dangers
Comments
Post a Comment