Page 140 - DCAP516_COMPUTER_SECURITY
P. 140
Computer Security
Notes (e) Sparse infector: The term ‘sparse infector’ is used for a virus that infects only
occasionally, e.g. every 7th executed file or only files whose size fall within a defined
range etc. By infecting less often, such viruses try to minimize the probability of
being discovered by the user.
(f) Companion virus: A companion virus is one that, instead of modifying an existing
file, creates a new program, which (unknown to the user) gets executed by the
command-line interpreter instead of the intended program. On exit, the new program
executes the original program so things appear normal. This is done by creating an
infected .COM file with the same name as an existing .EXE file. This type of malicious
code is not always considered to be a virus, since it does not modify existing files.
(g) Macro virus: A macro is a series of commands to perform an application-specific task.
Those commands can be stored as a series of keystrokes or in a special macro language.
It is a virus that spreads through only one type of program, usually either Microsoft
Word or Microsoft Excel. It can do this because these types of programs contain auto
open macros, which automatically run when user opens a document or a spreadsheet.
Along with infecting auto open macros, the macro virus infects the global macro
template, which is executed anytime the program is run. Thus, once the global
macro template is infected, any file which user opens becomes infected and the virus
spreads. The macro virus is easy to detect and to deactivate.
(h) Virus hoax: A virus hoax generally appears as an e-mail message that describes a
particular virus that does not exist. Such messages are designed to panic computer
users. The writer e-mails the warning and includes a plea for the reader to forward
it to others. The message then acts much like a chain letter, propagating throughout
the Internet as individuals receive it and then innocently forward it. The best thing
to do on receipt of such an e-mail is to ignore and delete it.
(i) Standard virus: A standard virus resides in memory where its payload executes in
three stages:
(i) Staying in memory as a resident process
(ii) Detecting programs that are loaded into the computer’s memory
(iii) Attaching itself into an available slot of that program, mostly at the end, that
resides on hard disk or floppy.
The medium should not be protected against writing. As far as is known, there is no
virus that breaks this hardware security. Even more advanced viruses try to attack
domains of other users on the network by cracking the passwords and repeat the
process.
Some viruses are only specialized at cracking firewalls, deleting files, sending
hundreds of thousands of mails, steel addresses from user’s mailbox and send them
to a secret recipient.
9. Worms: Viruses are programs that attach themselves to a computer or a file and then
circulate themselves to other files and to other computers on a network. They usually
affect the data on a computer, either by altering or deleting it. Computer worms, unlike
viruses do not need the host to attach themselves to. They merely make functional copies
of themselves and do this repeatedly till they wipe all the available space on a computer’s
memory.
A computer worm is a self-contained program or a set of programs that is able to spread
functional copies of itself or its segments to other computer systems usually via network
connections. There are two types of worms - host computer worms and network worms.
134 LOVELY PROFESSIONAL UNIVERSITY
