This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Computer Viruses

From OWASP
Jump to: navigation, search



Description

A Computer Virus is a small program designed to cause some kind of damage in the infected computer, by deleting data, capturing information, or by altering the normal operation of the machine.

Like the human virus has different levels of gravity, such as the Ebola virus and the influenza virus, computer viruses range from slightly disturbing to totally destructive. A virus does not spread without human action; we need to send someone a file or email to spread it. The virus can be disguised as an image, audio, or video attachment.

The first computer virus was written in 1982 by a 15 year old student in the U.S, Rich Skrenta. This computer virus was identified as Elk Cloner, and affected the Apple II system and did not cause major problems. This virus showed a small poem on the screen, and was able to make copy of itself when a floppy was inserted into the computer. When the media was used in another system, the process spread.

In general there are 3 main types of computer virus:
Boot Virus - Stays in the boot sector of the floppy and in the Master Boot Record (MBR) of hard disks.

Macro Virus - The most common and most easily created virus, but less harmful. The macro virus uses the macro language of the application (such as Visual Basic or VBScript) to infect and duplicate documents and models. They attack any platform, but generally are made for Microsoft Office, using the programming environment from Microsoft for self-implementing the code of macro virus. When an infected document is opened, the virus runs and infects the models of the application user and can insert words, numbers or phrases in documents or change command functions. Once a macro virus infects the machine of a user, it can incorporate all the documents created in the future with the application.

Program Virus - Normally be enforced with extensions .com, .exe and .bat and are activated only with a command from the user. Many of them are sent by e-mails or Instant Mesages.

Crypto Virus - Hybrid method of infection using asymmetric cryptography, undetectable by antivirus generic.

Risk Factors

A Computer Virus could steal or delete information, make the computer slower, or simply mess with the Operating System. In present days the most commom are viruses which steal information from Internet Banking, so the attacker can transfer your money to his account, pay bills or buy something on the Internet.

Examples

Some famous and dangers computer virus:
Chernobyl or Spacefiller on April 26 if the computer is infected the virus is activated and deletes the content of ROM memory (BIOS).

Melissacomes via an e-mail with an attached Microsoft Word document. When this message is opened, the virus is activated and infects the file Normal.dot, then every document created by this text editor is infected and automatically send a infected e-mail to the first 50 contacts from the catalog of Outlook Express.

Codered attacks the Microsoft IIS 4.0 and 5.0 modifys the main page with the message "Welcome to http:// www.worm.com ! Hacked By Chinese!" and also programs the infected computer to make a denial-of-service attack to the White House website (www.whitehouse.gov).

Worm32Worm encrypted hidden under the RSA algorithm with 1660 bit's length(key to the botnet's)


Related Attacks

TBD

Related Vulnerabilities

TBD

References