Main types of computer viruses. Types of Computer Viruses

For comfortable and safe work Using a computer, you must have a minimum of knowledge about ensuring the protection of personal data. To do this, first of all, you need to know what a computer virus is. You also need to remember that the best way to combat it is antivirus software. software.

The definition of a computer virus is as follows: “A computer virus is software with the ability to copy itself, insert itself into system code, and other software products, as well as causing irreparable damage to the computer hardware and information stored on its media.

The main goal of any virus is to cause harm, steal information or monitor a computer. Other actions of computer viruses can also be traced. The tendency to reproduce allows you to inflict maximum damage. The fact that viruses can reproduce not only within a local machine, but also travel across networks, including global ones, suggests that outbreaks of computer virus epidemics are possible.

Phases and states characteristic of computer viruses

• Passive existence: in this state the virus is recorded on HDD, but does not take any action until the conditions specified by the programmer are met.
• Reproduction: a condition in which a virus creates an uncountable number of copies of itself and is placed on the computer’s hard drive, and is also transmitted to the local network with service packets.
• Active existence: in this mode, the virus begins to fulfill its purpose - to destroy and copy data, artificially occupy disk space and consume RAM.

How did computer viruses appear?

Officially, the history of computer viruses begins in 1981. Computer Engineering was in its infancy. Back then no one knew what a computer virus was. Richard Skrenta wrote the first boot virus for Apple computer II. It was relatively harmless and displayed a poem on the screen. Later, viruses began to appear for MS-DOS. In 1987, three virus epidemics were recorded at once. This was facilitated by the entry into the market of a relatively inexpensive IBM computer and the growth of computerization throughout the globe.

The first epidemic was caused by the Brain malware, or "Pakistan virus." It was developed by the Alvey brothers to punish users who use hacked versions of their software. The brothers did not expect the virus to spread beyond Pakistan, but it did, and the Brain virus infected computers around the world.

The second epidemic originated at Lehigh University in the United States of America, and several hundred floppy disks were in the library. computing center universities were destroyed. The epidemic had an average scale for those times, and the virus affected only 4 thousand computers.

The third virus, Jerusalem, emerged in several countries around the world. The virus destroyed all files immediately when they were launched. Among the epidemics of 1987-1988, this was the largest.

1990 was the starting point for the active fight against viruses. By this time, many programs had already been written that harmed computers, but until the 90s this was not a big problem.

In 1995, complex viruses began to appear, and an incident occurred in which all disks with a beta version of Windows 95 were infected with viruses.

Today, the expression “computer virus” has become familiar to everyone, and the industry of programs for causing harm is rapidly growing and developing. New viruses appear every day: computer, telephone, and now watch viruses. In defiance of them, various companies produce protective systems, but computers are still infected in all corners of the world.

Computer virus "Ebola"

The Ebola computer virus is very relevant today. Hackers send it by email, hiding behind the names of well-known companies. The virus attacks software installed on computers and is capable of very quickly deleting everything installed on the machine. In addition, it can reproduce, including by local network. Thus, Ebola is considered one of the most dangerous objects today.

Classification of malware

Computer viruses classified according to various criteria. Depending on their behavior, they were conditionally divided into 6 categories: by habitat, by the structural features of the code, by the method of infecting a computer, by integrity, by capabilities, and additionally there is a category of unclassified viruses.

Depending on their habitat, there are the following types of computer viruses:

• Network- these viruses spread across local or global networks, infecting a huge number of computers around the world.
• File- are embedded in a file, infecting it. The danger begins the moment an infected file is executed.
• Boot- are introduced into the boot sector hard drive and begin execution when the system boots.

Based on the structural features of their code, viruses are divided into:

Based on the method of infecting code, viruses are divided into two groups:

• Resident- malware that infects RAM.
• Non-resident- viruses that do not infect RAM.

By integrity they are divided into:

• Distributed- programs divided into several files, but having a script for the sequence of their execution.
• Holistic- a single block of programs that is executed by a direct algorithm.

Based on capabilities, viruses are divided into the following four categories:

• Harmless- types of computer viruses that can slow down a computer by multiplying and absorbing free space on the hard drive.
• Non-hazardous- viruses that slow down your computer take up a significant amount of space random access memory and create sound and graphic effects.
• Dangerous- viruses that can lead to serious system failures, from freezing the computer to destroying the operating system.
• Very dangerous- viruses that can erase system information, as well as lead to physical destruction of the computer by disrupting the power distribution of the main components.

Various viruses that do not fall under the general classification:

• Network worms- viruses that calculate the addresses of available computers on the network and reproduce. As a rule, they are classified as non-dangerous viruses.
• Trojan horses, or Trojans. These types of computer viruses got their name in honor of the famous Trojan horse. These viruses disguise themselves as useful programs. Designed mainly for theft confidential information, but there are also varieties of more dangerous malware.

How to detect a virus on a computer?

Viruses can be invisible, but at the same time perform unwanted actions on your computer. In one case, the presence of a virus is almost impossible to detect, and in another, the user observes a number of signs of computer infection.

For those who do not know what a computer virus is, the following actions on the computer should raise suspicion of danger:

• The computer started to work slower. Moreover, the slowdown in work is more than significant.
• The appearance of files that the user did not create. Particular attention should be paid to files that have a set of characters or an unknown extension instead of an adequate name.
• Suspicious increase in the occupied area of ​​RAM.
• Spontaneous shutdown and reboot of the computer, its non-standard behavior, flickering of the screen.
• Inability to download programs.
• Unexpected errors and crash messages.

All these signs indicate that the computer is most likely infected, and it is urgent to check it for files with malicious code. There is only one way to check your computer for viruses - antivirus software.

Antivirus programs, or antiviruses,- these are software systems that have extensive databases of computer viruses and perform a thorough check of the hard drive for the presence of familiar files or code. Antivirus software can disinfect, delete, or isolate the file to a specially designated area.

Ways and methods of protection against malware

Protection against computer viruses is based on technical and organizational methods. Technical methods are aimed at using tools to prevent virus threats: antiviruses, firewalls, antispams and, of course, timely updating of the operating system. Organizational - methods that describe the correct user behavior at the computer from the point of view of information security.

Technical methods prevent viruses from entering a computer through software.

Antiviruses- control file system, tirelessly check and look for traces of malicious code. The firewall is designed to control incoming traffic network channels information and blocking unwanted packets.
The firewall allows you to block certain type connections based on various criteria: ports, protocols, addresses and actions.

Antispam- control the flow junk mail, and when a suspicious message arrives in the mail client, they block the ability to execute attached files until the user forces them to be executed. There is an opinion that antispams are the most ineffective way to fight, but every day they block tens of millions of letters with embedded viruses.

Operating system update- a process in which developers correct errors and shortcomings in the operation of the OS, which are used by programmers to write viruses.

Organizational methods describe the rules of work for personal computer, information processing, launching and using software, based on four basic principles:

1. Run and open only those documents and files that came from reliable sources and in which you have a strong confidence. In this case, the user takes responsibility by launching this or that program.
2. Check all incoming information from any external sources, be it the Internet, optical disk or flash drive.
3. Always keep anti-virus databases and the version of the software shell for catching and eliminating threats up to date. This is due to the fact that antivirus software developers are constantly improving their products based on the emergence of new viruses;
4. Always agree to antivirus software offers to check the flash drive or hard drive connected to the computer.

With the advent of viruses, programs began to appear that made it possible to find and neutralize them. New viruses appear in the world every day. Troubleshooting computer products are updated several times a day to stay current. So, without letting up, there is a constant struggle against computer viruses.

Today, the choice of antivirus programs is very large. New offers appear on the market every now and then, and they are very diverse: from full-fledged software packages to small subroutines focused on only one type of virus. You can find security solutions that are free or available with a paid term license.

Antiviruses store in their signature databases excerpts from the code of a huge number of objects dangerous to computer systems and during scanning they compare the codes of documents and executable files with their database. If a match is found, the antivirus will notify the user and offer one of the security options.

Computer viruses and antivirus programs- integral parts of each other. There is an opinion that, for the sake of commercial gain, antivirus programs independently develop dangerous objects.

Antivirus software utilities are divided into several types:

• Detector programs. Designed to search for objects infected with one of the currently known computer viruses. Typically, detectors only look for infected files, but in some cases they can perform treatment.
• Auditor programs - these programs remember the state of the file system, and after some time they check and verify changes. If the data does not match, the program checks whether the suspicious file was edited by the user. If the scan result is negative, the user is prompted with a message about possible infection of the object.
• Healing programs- designed to treat programs and entire hard drives.
• Filter programs- check information coming to the computer from outside and deny access to suspicious files. As a rule, a request is displayed to the user. Filter programs are already being implemented in all modern browsers in order to detect computer viruses in a timely manner. This is a very effective solution, taking into account the current level of development of the Internet.

The largest antivirus complexes contain all the utilities that are combined into one large protective mechanism. Prominent representatives of anti-virus software today are: Kaspersky Anti-Virus, Eset NOD32, Dr.Web, Norton Anti-Virus, Avira Antivir and Avast.

These programs have all the basic features to qualify as security software. software systems. Some of them have extremely limited free versions, and some are provided only for a monetary reward.

Types of antivirus programs

There are antiviruses for home computers, office networks, file servers and network gateways. Each of them can find and remove viruses, but the main focus is different versions Such programs are done for their intended purpose. The most complete functionality, of course, is provided by home antivirus software, which has to perform the task of protecting all possible vulnerabilities.

What to do if you suspect your computer has been infected?

If the user thinks that the computer is infected with a virus, the first thing to do is not panic, but strictly follow the following sequence of actions:

• Close all programs and files that the user is currently working with.
• Launch an anti-virus program (if the program is not installed, install it).
• Find function full check and run.
• After the scan is completed, the antivirus will offer the user several options for dealing with the detected malicious objects: files - disinfect, malicious programs - delete, those that cannot be deleted - quarantine.
• It is advisable to strictly follow the recommendations of your antivirus software.
• Once cleaning is complete, rerun the scan.

If the antivirus did not find a single threat during the scan, it means that the non-standard operation of the computer is caused by problems in the PC hardware or internal errors operating system, which also happens quite often, especially if the operating system is rarely updated.

Almost every computer owner, even if he is not yet familiar with viruses, has certainly heard various tales and stories about them. Most of which, of course, are exaggerated by other novice users.

So what is a virus?

Virus is a self-replicating program. Many viruses do nothing destructive to your PC at all; some viruses, for example, do a little mischief: display some picture on the screen, launch unnecessary services, open Internet pages for adults, etc. But there are also those that can cause your computer fails, formatting the disk, or corrupting Bios motherboard fees.

To begin with, it’s probably worth understanding the most popular myths about viruses floating around the Internet.

1. Antivirus - protection against all viruses

Unfortunately, it is not. Even if you have a sophisticated antivirus with the latest database, you are not immune from virus attack. However, you will be more or less protected from known viruses; only new ones, unknown to the anti-virus database, will pose a threat.

2. Viruses spread with any files

This is wrong. For example, with music, videos, pictures, viruses do not spread. But it often happens that a virus disguises itself as these files, forcing an inexperienced user to make a mistake and launch a malicious program.

3. If you become infected with a virus, your PC is under serious threat

This is also not true. Most viruses don't do anything at all. It is enough for them that they simply infect programs. But in any case, it’s worth paying attention to this: at least check the entire computer with an antivirus with the latest database. If they got infected with one, then why couldn’t they get the second?!

4. Do not use mail - a guarantee of safety

I'm afraid this won't help. It happens that you receive letters by mail from unfamiliar addresses. It's best to simply not open them, deleting them and emptying the trash immediately. Usually the virus comes in a letter as an attachment, and if you launch it, your PC will be infected. It’s quite easy to protect yourself: don’t open letters from strangers... It’s also a good idea to set up anti-spam filters.

5. If you copied an infected file, you are infected

In general, until you run the executable file, the virus, like a regular file, will simply lie on your disk and will not do anything bad to you.

Types of computer viruses

The very first viruses (history)

This story began approximately in the 60-70s in some laboratories in the USA. On the computer, in addition to the usual programs, there were also those that worked on their own, not controlled by anyone. And everything would be fine if they didn’t heavily load the computer and waste resources.

Some ten years later, by the 80s, there were already several hundred such programs. In 1984, the term “computer virus” itself appeared.

Such viruses usually do not hide their presence from the user in any way. Most often they interfered with his work by showing him some messages.

In 1985, the first dangerous (and most importantly quickly spreading) computer virus, Brain, appeared. Although, it was written with good intentions - to punish pirates who illegally copy programs. The virus only worked on illegal copies of software.

The heirs of the Brain virus existed for about another ten years and then their numbers began to decline sharply. They did not act cleverly: they simply recorded their body in a program file, thereby increasing its size. Antiviruses quickly learned to determine the size and find infected files.

Software viruses

Following the viruses that were attached to the body of the program, new types began to appear - in the form of a separate program. But the main difficulty is how to force the user to run such a malicious program? It turns out to be very simple! It is enough to call it some kind of breaker for the program and put it on the network. Many people will simply download it, and despite all the antivirus warnings (if there is one), they will still launch it...

In 1998-1999, the world was shaken by the most dangerous virus - Win95.CIH. It disabled the motherboard's Bios. Thousands of computers around the world were disabled.

A virus spread through email attachments.

In 2003, the SoBig virus was able to infect hundreds of thousands of computers due to the fact that it itself was attached to letters sent by the user.

The main fight against such viruses: regularly update Windows OS and install an antivirus. Also refuse to run any programs obtained from dubious sources.

Macro viruses

Many users probably do not suspect that in addition to exe or com files, regular files from Microsoft Word or Excel. How is this possible? It’s just that the VBA programming language was built into these editors at one time so that macros could be added as an addition to documents. Thus, if you replace them with your own macro, you may well end up with a virus...

Today, almost all versions office programs, before running a document from an unfamiliar source, they will definitely ask you again whether you really want to run macros from this document, and if you click on the “no” button, nothing will happen, even if the document had a virus. The paradox is that most users themselves click on the “yes” button...

One of the most famous macroviruses can be considered Mellis’y, which peaked in 1999. The virus infected documents and through Outlook mail sent your friends a letter with contaminated filling. Thus, in a short period of time, tens of thousands of computers around the world were infected with it!

Script viruses

Macroviruses, as a specific type, are included in the group of script viruses. The point here is that not only does Microsoft Office use scripts in its products, but other software packages also contain them. For example, Media Player, Internet Explorer.

Most of these viruses are spread by attachments to letters, through email. Often investments are disguised as some newfangled picture or musical composition. In any case, do not launch, or better yet, do not even open attachments from unfamiliar addresses.

Users are often misled by file extensions... After all, it has long been known that pictures are safe, then why can’t you open a picture that was sent in the mail... By default, Explorer does not show file extensions. And if you see a picture name like “interesnoe.jpg”, this does not mean that the file has exactly that extension.

To see extensions, enable the following option.

Let's show using Windows 7 as an example. If you go to any folder and click “organize/folder and search options” you can get to the “view” menu. There is our treasured check mark.

Uncheck the option “hide extensions for registered file types”, and also enable the “show hidden files and folders."

Now, if you look at the picture that was sent to you, it may well turn out that “interesnoe.jpg” suddenly became “interesnoe.jpg.vbs”. That's the whole trick. Many novice users have fallen for this trap more than once, and will continue to fall for it...

The main protection against script viruses is to timely update the OS and antivirus. Also, avoid viewing suspicious emails, especially those that contain incomprehensible files... By the way, it wouldn’t hurt to regularly back up important data. Then you will be 99.99% protected from any threats.

Trojans

Although this species has been classified as a virus, it is not directly one. Their penetration into your PC is in many ways similar to viruses, only their tasks are different. If the virus’s goal is to infect as many computers as possible and perform the action of deleting, opening windows, etc., then the Trojan program, as a rule, has one goal - to copy your passwords from various services, find out some information. It often happens that a Trojan program can be controlled via a network, and by order of the owner, it can instantly reboot your PC, or, even worse, delete some files.

It is also worth noting one more feature. If viruses often infect others executable files, Trojans do not do this; it is a self-sufficient separate program that works on its own. She often disguises herself as some kind of system process, so that it would be difficult for a novice user to catch it.

To avoid becoming a victim of Trojans, firstly, do not download any files, such as hacking the Internet, hacking some programs, etc. Secondly, in addition to the antivirus, you will also need special program, for example: The Cleaner, Trojan Remover, AntiViral Toolkit Pro, etc. Thirdly, it would not be superfluous to install a firewall (a program that controls Internet access of other applications), with manual setting, where all suspicious and unknown processes will be blocked by you. If the Trojan program does not get access to the network, half the work is already done, at least your passwords will not go anywhere...

To summarize, I would like to say that all the measures and recommendations taken will be useless if the user himself, out of curiosity, launches files, disables anti-virus programs, etc. The paradox is that virus infection occurs in 90% of cases through the fault of the PC owner himself. Well, in order not to become a victim of those 10%, it’s enough to produce sometimes. Then you can be almost 100% sure that everything will be OK!

Computer viruses also include so-called Trojan horses (Trojan programs, Trojans).

Software viruses.

Software viruses are blocks program code, purposefully embedded inside other application programs. When you run a program that carries a virus, the virus code implanted in it is launched.

This code causes changes to the file system that are hidden from the user. hard drives and/or in the content of other programs. For example, viral code can reproduce itself in the body of other programs - this process is called replication. After a certain time, having created a sufficient number of copies, a software virus can proceed to destructive actions: disrupting the operation of programs and the operating system, deleting information stored on the hard drive. This process is called a virus attack.

The most destructive viruses can initiate formatting of hard drives. Since formatting a disk is a fairly lengthy process that should not go unnoticed by the user, in many cases software viruses are limited to multiplying data only in system sectors of hard disk, which is equivalent to the loss of file system tables. In this case, the data on the hard drive remains untouched, but it cannot be used without the use of special tools, since it is not known which sectors of the disk belong to which files. Theoretically, it is possible to restore data in this case, but the labor intensity of this work can be extremely high.

It is believed that no virus can incapacitate Hardware computer. However, there are times when the hardware and software are so interconnected that software corruption must be resolved by replacing the hardware. For example, in most modern motherboards basic system input/output (BIOS) is stored in rewritable read-only storage devices (called flash memory).

The ability to overwrite information in a flash memory chip is used by some software viruses to destroy BIOS data.

In this case, to restore the computer's functionality, it is necessary to either replace the chip storing the BIOS or reprogram it using special software.

Software viruses enter the computer when running unverified programs received on external media (floppy disk, CD, etc.) or received from the Internet. Particular attention should be paid to the words when starting. If you simply copy infected files, your computer cannot become infected. In this regard, all data received from the Internet must undergo mandatory security checks, and if unsolicited data is received from an unfamiliar source, it should be destroyed without examination. A common method for distributing Trojan programs is the appendix to email with a “recommendation” to extract and run a supposedly useful program.

Boot viruses.

From software viruses Boot viruses differ in how they spread. They do not attack program files, but specific system areas of magnetic media (floppy and hard drives). In addition, when the computer is turned on, they can be temporarily located in RAM.

Typically, infection occurs when a computer boots from a magnetic medium whose system area contains a boot virus. For example, when you try to boot a computer from a floppy disk, the virus first penetrates into the RAM and then into the boot sector of the hard drive. Then this computer itself becomes a source of distribution of the boot virus.

Macroviruses.

This special type of virus infects documents created in certain application programs. Having the means to execute so-called macro commands. In particular, such documents include Microsoft Word word processor documents (they have the .Doc extension). Infection occurs when a document file is opened in a program window, unless the ability to execute macro commands is disabled in the program.

As with other types of viruses, the result of an attack can range from relatively harmless to destructive.

Main types of computer viruses.

Currently, more than 5,000 software viruses are known; they can be classified according to the following criteria (Fig. 1):

• -habitat;
• -method of contamination of the habitat;
• -impact;
• -features of the algorithm:

Depending on their habitat, viruses can be divided into network, file, boot, and file-boot viruses.

Network viruses spread across various computer networks.

File viruses are embedded mainly in executable modules, i.e. to files with COM and EXE extensions. File viruses can be embedded in other types of files, but as a rule, once written in such files, they never gain control and, therefore, lose the ability to reproduce.

Boot viruses are embedded in the boot sector of the disk or in the sector containing the boot program system disk(Master Boot Record).

File-boot viruses infect both files and boot sectors of disks.

Based on the method of infection, viruses are divided into resident and non-resident.

• - When a resident virus infects a computer, it leaves its resident part in the RAM, which then intercepts the operating system’s access to objects of infection (files, boot sectors, etc.) and injects itself into them. Resident viruses reside in memory and are active until the computer is turned off or rebooted.
• - Non-resident viruses do not infect computer memory and are active for a limited time.

Based on the degree of impact, viruses can be divided into the following types:

• - non-hazardous, do not interfere with the operation of the computer, but reduce the amount of free RAM and disk memory; the actions of such viruses are manifested in some graphic or sound effects;
• - dangerous viruses, which can lead to various problems in the operation of the computer;
• - very dangerous, the impact of which can lead to loss of programs, data destruction, erasing information in system areas of the disk.

Hello again.
The topic of today's article. Types of computer viruses, principles of their operation, ways of infection by computer viruses.

What are computer viruses anyway?

A computer virus is a specially written program or assembly of algorithms that are written for the purpose of: making a joke, harming someone’s computer, gaining access to your computer, intercepting passwords or extorting money. Viruses can self-copy and infect your programs and files, as well as boot sectors, with malicious code.

Types of malware.

Malicious programs can be divided into two main types.
Viruses and worms.

Viruses- are distributed through a malicious file that you could download on the Internet, or may end up on a pirated disk, or they are often transmitted via Skype under the guise of useful programs(I noticed that schoolchildren often fall for the latter; they are allegedly given a mod for the game or cheats, but in fact it may turn out to be a virus that can cause harm).
The virus introduces its code into one of the programs, or disguises itself separate program in a place where users usually do not go (folders with the operating system, hidden system folders).
The virus cannot run itself until you run the infected program yourself.
Worms already infect many files on your computer, for example all exe file s, system files, boot sectors, etc.
Worms most often penetrate the system themselves, using vulnerabilities in your OS, your browser, or a specific program.
They can penetrate through chats, communication programs such as skype, icq, and can be distributed through email.
They can also be on websites and use a vulnerability in your browser to penetrate your system.
Worms can spread across a local network; if one of the computers on the network is infected, it can spread to other computers, infecting all files along the way.
Worms try to write for the most popular programs. For example, now the most popular browser is “Chrome”, so scammers will try to write for it and make malicious code to sites under it. Because it is often more interesting to infect thousands of users who use popular program than a hundred with an unpopular program. Although chrome is constantly improving protection.
Best protection from a network worm This is to update your programs and your operating system. Many people neglect updates, which they often regret.
Several years ago I noticed the following worm.

But it clearly did not come through the Internet, but most likely through a pirated disk. The essence of his work was this: he allegedly created a copy of each folder on the computer or on a flash drive. But in fact, it did not create a similar folder, but an exe file. When you click on such an exe file, it spreads even more throughout the system. And so, as soon as you got rid of it, you came to a friend with a flash drive, downloaded his music, and you returned with a flash drive infected with such a worm and had to remove it again. I don’t know whether this virus caused any other harm to the system, but soon this virus ceased to exist.

Main types of viruses.

In fact, there are many types and varieties of computer threats. And it’s simply impossible to consider everything. Therefore, we will look at the most common and most unpleasant ones recently.
Viruses are:
— File— are located in an infected file, are activated when the user turns on this program, but cannot be activated themselves.
— Boot- can be loaded at loading windows getting into startup, when inserting a flash drive or the like.
- Macro viruses - This various scripts which can be located on the site, can be sent to you by mail or in Word and Excel documents, perform certain functions inherent in the computer. They exploit the vulnerabilities of your programs.

Types of viruses.
-Trojan programs
— Spies
— Extortionists
— Vandals
— Rootkits
— Botnet
— Keyloggers
These are the most basic types of threats that you may encounter. But in reality there are many more.
Some viruses can even be combined and contain several types of these threats at once.
— Trojan programs. The name comes from the Trojan horse. It penetrates your computer under the guise of harmless programs, and then can open access to your computer or send your passwords to the owner.
Recently, Trojans called stealers have become widespread. They can steal saved passwords in your browser and in game email clients. Immediately after launch, it copies your passwords and sends your passwords to the attacker’s email or hosting. All he has to do is collect your data, then either sell it or use it for his own purposes.
— Spies (spyware) track user actions. What sites the user visits or what the user does on his computer.
— Extortionists. These include Winlockers. The program completely or completely blocks access to the computer and demands money for unlocking, for example, to deposit it into an account, etc. Under no circumstances should you send money if you fall into this situation. Your computer will not be unlocked, and you will lose money. You have a direct route to the Drweb company website, where you can find how to unlock many winlockers by entering a certain code or performing certain actions. Some Winlockers may disappear within a day, for example.
— Vandals can block access to antivirus sites and access to antiviruses and many other programs.
— Rootkits(rootkit) are hybrid viruses. May contain various viruses. They can gain access to your PC, and the person will have full access to your computer, and they can merge to the kernel level of your OS. Came from the world Unix systems. They can disguise various viruses and collect data about the computer and all computer processes.
— Botnet quite an unpleasant thing. Botnets are huge networks of infected “zombie” computers that can be used to DDoS websites and other cyber attacks using infected computers. This type is very common and difficult to detect; even antivirus companies may not know about their existence for a long time. Many people can be infected with them and not even know it. You are no exception, and maybe even me.
— Keyloggers(keylogger) - keyloggers. They intercept everything you enter from the keyboard (websites, passwords) and sends them to the owner.

Ways of infection by computer viruses.

Main routes of infection.
— Operating system vulnerability.

— Browser vulnerability

— The quality of the antivirus is poor

— User stupidity

- Removable media.
OS vulnerability— no matter how hard you try to rivet protection for the OS, security holes appear over time. Most viruses are written for Windows, as this is the most popular operating system. The best protection is to constantly update your operating system and try to use a newer version.
Browsers— This happens due to browser vulnerabilities, especially if they are old. Treated in the same way frequent updates. There may also be problems if you download browser plugins from third-party resources.
Antiviruses — free antiviruses which have less functionality than paid ones. Although paid ones do not give 100 results in defense and misfire. But it is still advisable to have at least a free antivirus. I have already written about free antiviruses in this.
User stupidity- clicking on banners, following suspicious links from letters, etc., installing software from suspicious places.
Removable media— viruses can be installed automatically from infected and specially prepared flash drives and other removable media. Not long ago the world heard about the BadUSB vulnerability.

https://avi1.ru/ - you can buy very inexpensive promotion on social networks on this site. Also you will really get profitable offer for purchasing resources for your pages.

Types of infected objects.

Files— They infect your programs, system and regular files.
Boot sectors- resident viruses. They infect, as the name implies, the boot sectors of the computer, attribute their code to the computer’s startup and are launched at startup operating system. Sometimes they are well camouflaged and difficult to remove from startup.
Macros — Word documents, excel and the like. I use macros and vulnerabilities in Microsoft Office tools and introduce malicious code into your operating system.

Signs of computer virus infection.

It is not a fact that the appearance of some of these signs means the presence of a virus in the system. But if they exist, it is recommended to check your computer with an antivirus or contact a specialist.
One of the common signs is This is a severe overload of the computer. When your computer is running slowly, although you don’t seem to have anything turned on, there are programs that can put a lot of stress on your computer. But if you have an antivirus, note that the antiviruses themselves load the computer very well. And if there is no such software that can load, then most likely there are viruses. In general, I advise you to first reduce the number of programs launched in startup.

It may also be one of the signs of infection.
But not all viruses can heavily load the system; some of them are almost difficult to notice changes.
System errors. Drivers stop working, some programs start to work incorrectly or often crash with an error, but let’s say this has never been noticed before. Or programs start to reboot frequently. Of course, this happens due to antiviruses, for example, the antivirus deleted it by mistake, considering the system file to be malicious, or deleted a truly infected file, but it was associated with system files programs and removal resulted in such errors.

The appearance of advertising in browsers or even banners start appearing on the desktop.
The appearance of non-standard sounds when the computer is running (squeaking, clicking for no reason, etc.).
CD/DVD drive opens by itself, or it just starts to read the disk even though there is no disk there.
Turning the computer on or off for a long time.
Stealing your passwords. If you notice that various spam are being sent on your behalf, from your mailbox or pages social network, as there is a possibility that a virus penetrated your computer and transferred passwords to the owner, if you notice this, I recommend that you check with an antivirus without fail (although it is not a fact that this is how the attacker got your password).
Frequent access to the hard drive. Every computer has an indicator that flashes when various programs are used or when you copy, download, or move files. For example, your computer is just turned on but no programs are being used, but the indicator starts blinking frequently, supposedly programs are being used. These are already viruses at the hard drive level.

So we actually looked at computer viruses that you may encounter on the Internet. But in fact, there are many times more of them, and it is not possible to completely protect yourself, except by not using the Internet, not buying disks, and not turning on the computer at all.

Lecture 14 Computer viruses

Classification of computer crimes.

Computer viruses, their properties and classification

Properties of computer viruses

First of all, a virus is a program. Such a simple statement in itself can dispel many legends about the extraordinary capabilities of computer viruses. A virus can flip the image on your monitor, but it cannot flip the monitor itself. Legends about killer viruses “destroying operators by displaying a deadly color scheme on the screen in the 25th frame” should also not be taken seriously.

A virus is a program that has the ability to reproduce itself. This ability is the only means inherent in all types of viruses. But not only viruses are capable of self-replication. Any operating system and many other programs are capable of creating their own copies. Copies of the virus not only do not have to completely coincide with the original, but may not coincide with it at all!

A virus cannot exist in “complete isolation”: today it is impossible to imagine a virus that does not use the code of other programs, information about the file structure, or even just the names of other programs. The reason is clear: the virus must somehow ensure that control is transferred to itself.

Classification of viruses

habitat

way of infecting the environment

influence

features of the algorithm

Depending on their habitat, viruses can be divided into network, file, boot, and file-boot viruses.

Network viruses distributed over various computer networks.

File viruses are embedded mainly in executable modules, i.e., in files with the COM and EXE extensions. File viruses can be embedded in other types of files, but, as a rule, written in such files, they never gain control and, therefore, lose the ability to reproduce.

Boot viruses are embedded in the boot sector of the disk (Boot sector) or in the sector containing the system disk boot program (MasterBootRe-cord).

File-boot Viruses infect both files and boot sectors of disks.

Based on the method of infection, viruses are divided into resident and non-resident.

Resident virus when a computer is infected (infected), it leaves its resident part in the RAM, which then intercepts the operating system’s access to infection objects (files, disk boot sectors, etc.) and injects itself into them. Resident viruses reside in memory and are active until the computer is turned off or rebooted.

Non-resident viruses do not infect the computer’s memory and are active for a limited time.

Based on the degree of impact, viruses can be divided into the following types:

non-hazardous, which do not interfere with the operation of the computer, but reduce the amount of free RAM and disk memory, the actions of such viruses are manifested in some graphic or sound effects

dangerous viruses that can lead to various problems with your computer

very dangerous, the impact of which can lead to loss of programs, destruction of data, and erasure of information in system areas of the disk.

It is difficult to classify viruses based on the characteristics of the algorithm due to their wide variety.

replicator viruses, called worms, which are distributed over computer networks, calculate the addresses of network computers and write their copies to these addresses.

Known invisible viruses, called stealth viruses, which are very difficult to detect and neutralize, since they intercept calls from the operating system to infected files and disk sectors and substitute uninfected areas of the disk in place of their body.

Most difficult to detect mutant viruses, containing encryption-decryption algorithms, thanks to which copies of the same virus do not have a single repeating string of bytes. There are also so-called quasiviral or "Trojan" programs that, although not capable of self-propagation, are very dangerous because, masquerading as a useful program, they destroy the boot sector and file system of disks.

Boot viruses

Let's look at the operation of a very simple boot virus that infects floppy disks. (boot-sector).

Suppose you have a clean floppy disk and an infected computer, by which we mean a computer with an active resident virus. As soon as this virus detects that a suitable victim has appeared in the drive - in our case, a floppy disk that is not write-protected and has not yet been infected, it begins to infect. When infecting a floppy disk, the virus performs the following actions:

allocates a certain area of ​​the disk and marks it as inaccessible to the operating system, this can be done in different ways, in the simplest and traditional case, the sectors occupied by the virus are marked as bad (bad)

copies its tail and the original (healthy) boot sector to the selected area of ​​the disk

replaces the program bootstrap V boot sector(present) with your head

organizes the chain of control transfer according to the scheme.

Thus, the head of the virus is now the first to receive control, the virus is installed in memory and transfers control to the original boot sector.

File viruses

Let us now consider how a simple file virus works.

Unlike boot viruses, which are almost always resident, file viruses are not necessarily resident. Let's consider the functioning scheme of a non-resident file virus. Let's say we have an infected executable file. When such a file is launched, the virus gains control, performs some actions and transfers control to the “host”

What actions does the virus perform? It looks for a new object to infect - a file of a suitable type that has not yet been infected. By infecting a file, the virus injects itself into its code in order to gain control when the file is executed. In addition to its main function - reproduction, the virus may well do something intricate (say, ask, play) - this already depends on the imagination of the author of the virus. If the file virus is resident, then it will install itself in memory and will be able to infect files and exhibit other abilities not only while the infected file is running. When infecting an executable file, a virus always changes its code - therefore, infection of an executable file can always be detected.

But by changing the file code, the virus does not necessarily make other changes:

he is not obliged to change the file length

unused code sections

does not have to change the beginning of the file

Thus, when any file is launched, the virus gains control (the operating system launches it itself), installs itself resident in memory and transfers control to the called file.

Boot file viruses

The main destructive effect is the encryption of hard drive sectors. Each time it is launched, the virus encrypts another portion of sectors, and, having encrypted half of the hard drive, happily reports this. The main problem in treating this virus is that it is not enough to simply remove the virus from files; you must decrypt the information encrypted by it.

Polymorphic viruses

This type of computer virus seems to be the most dangerous today. Let us explain what it is.

Polymorphic viruses are viruses that modify their code in infected programs in such a way that two copies of the same virus may not match in a single bit.

Such viruses not only encrypt their code using different encryption paths, but also contain encryptor and decryptor generation code, which distinguishes them from ordinary encryption viruses, which can also encrypt sections of their code, but at the same time have a constant encryptor and decryptor code.

Polymorphic viruses are viruses with self-modifying decryptors. The purpose of such encryption: if you have an infected and original file, you still will not be able to analyze its code using regular disassembly. This code is encrypted and is a meaningless set of commands. Decryption is performed by the virus itself during execution. In this case, options are possible: he can decrypt himself all at once, or he can perform such decryption “on the fly,” he can re-encrypt sections that have already been used. All this is done to make it difficult to analyze the virus code.

Stealth viruses

Stealth viruses trick antivirus programs and, as a result, remain undetected. However, there is a simple way to disable the camouflage mechanism of stealth viruses. It is enough to boot the computer from a non-infected system floppy disk and immediately, without launching other programs from the computer disk (which may also be infected), scan the computer with an anti-virus program.