Saturday, 19 November 2011

Everything about viruses and spywares.


================
What is a virus ?
================

A virus is a malicious software written in order to replicate on other computers.
It can also have the effect, desired or not, interfere in more or less seriously disrupting the functioning of the infected computer.
It can spread throughout a medium of exchange of digital data such as the Internet, as well as floppy disks, CD-ROMs, USB keys, etc..
A virus is a small program, which, when run, loads itself into memory and executes the instructions that the author has programmed. The definition of a virus may be:

"Any computer program capable of infecting another program
computer by modifying it so that it can in turn reproduce."

The actual name given to the virus or CPA Self-propagating code, but by analogy with the medical field, the name of "virus" was given to them.
Viruses residents (also know as TSR, Terminate and Stay Resident) deal in the RAM of the computer to infect executable files launched by the user. Non-resident viruses infect programs on the hard drive from their execution.
Since there are a wide range of viruses with diverse actions as diverse as the viruses are not classified according to their damage, but according to their mode of spread and infection.


==============================
Different type of viruses.

==============================

======================
Virus called "mutant".
======================

In fact, most viruses are clones, or more precisely "mutant virus", that is to say the virus has been rewritten by other users to change their behavior or signature.

The fact that there are several versions (called variants, like if you use a botkiller, "Variants of CyberGate", etc) of the same virus makes it more difficult to spot in that antivirus companies have to add the new signatures to their databases.


==========================
Virus called "polymorphic".
==========================

To the extent that the antivirus detect such viruses by their signature (the sequence of bits that identifies them), some virus writers have thought to give them the ability to automatically change their appearance, like a chameleon, by providing the virus based encryption and decryption of their signature, so that only these viruses are able to recognize their own signature. This type of virus is called "polymorphic virus".

==================
Virus called "retro".
==================

Called "retrovirus" or "bounty hunter", a virus with the ability to change the antivirus signatures to make them ineffective.


====================
The boot sector virus.
====================

Called "boot sector virus" (or boot viruses), a virus able to infect the boot sector of a hard disk (MBR or master boot record), that is to say an area the copied disc into memory to boot the computer, then run to begin the startup of the operating system.


============================================
Virus called "Trans-application" (macro viruses).
============================================

With the proliferation of programs that use macros, Microsoft has developed a common scripting language that can be inserted into most of the documents may contain macros, this is VBScript, a subset of Visual Basic. These viruses are now arriving to infect macros in Microsoft Office documents, that is to say that such a virus may be located inside an ordinary Word document or Excel, and perform a piece of code to the open it allowing one hand to spread the files, but also access to the operating system (usually Windows).
However, more and more applications support Visual Basic, these viruses can be imaginable on many other applications that support VBScript.
The beginning of the third millennium was marked by the appearance frequency of Visual Basic scripts distributed by mail as an attached file (identifiable by their extension. VBS) with a title of pushing open the mail poisoned.
This type of virus called worm.


==============================
Different type of spyware.
==============================

The family of spyware is made up of many types of malicious programs that operate according to different procedures and for specific purposes.


================
Hijacker browser.
================

The browser hijacker is a diversion program or a change in parameterization responsible for changing the behavior of the browser as the change (with inability to delete the selection imposed by the browser hijacker) of the home page, the browser preferences, etc...
There are also Search Hijacker that redirect users without the knowledge of their connection requests on certain sites to redirect to other websites, often malicious dedicated to the collection of information.
There are also Homepage Hijacker who specialize in modifying and / or redirection without the knowledge of the user to the home page of the browser to other websites, often malicious dedicated to the collection of information.


============================
BHO - Browser Helper Objects.
============================

BHOs are small programs that extend the functions of a parent program such as Internet Explorer. For example, the BHO can create navigation bars that piggyback on Internet Explorer (like navigation bars, Yahoo or Google) but can operate via diverted from its main objective to perform actions not documented without the knowledge of users. BHOs can thus serve ads, redirect Internet connections of users to different sites than those proposed or even cause the display of pages other than those requested. In addition, a view of espionage activities, the BHOs have access to all web pages visited and are able to convey much information about the habits of Internet users to third-party companies that will benefit, unfortunately often malicious purposes. BHOs are especially used in Internet Explorer.
The vast majority of toolbars for Internet Explorer BHOs exploit for their operation.


============================
LSP - Layered Service Provider.
============================

LSPs are network drivers that control all data entering and leaving the computer in network connections as is the case on the Internet. Spyware is also able to control the LSP.
Spyware LSP type are simply sniffers who have access, record and transmit to third parties any data exchanged (pages visited, information sent such as passwords for different services or even the account identifiers)


============
Trojan horse.
============

In this context, the spyware Trojan horse allows the "owner" of spyware to take remote control of infected computer.

================
Keyloggers, RATs.
================

Keyloggers, RATs are small spy programs that record all keystrokes on a keyboard connected to an infected computer. Periodically, the keylogger sends the collected information to the attacker. The most sophisticated keyloggers do not just record keystrokes but also perform screen captures.
So-called spyware monitoring are also designed. They aim to use all the facilities available to them on the computer of the slave such as:

1. Web camera - video capture of the environment around the computer.
2. Microphone - capture audio and communications environment around the computer.
3. Screenshots - capturing images of the activity of the computer
4. Capture diverse information - passwords, connection identifiers.


================
Tracking cookies.
================

The tracking cookies are the basis of cookies, nothing more than normal on the Internet, but unlike traditional cookies that are accessible and dedicated them to the only website that has passed, the tracking cookies are available at several Internet sites that which has the effect of allowing sites associated with these tracking cookies to track user activity on the Internet, the sites visited and actions made ​​on each site visited.
As such, tracking cookies are not a risk to the computer system on which they are located but can be a strong attack on the privacy of Internet users.
Companies that exploit the tracking cookies are usually set up shop and are often advertising.

0 comments:

Post a Comment