Jump to content

Know Dangerous Computer Viruses and How They Work

Virus Komputer
0
(0)

Since its first appearance in the mid-1980s, Computer viruses cause billions of dollars in economic losses every year. Along with the development of computer system technology, Computer viruses also find new ways to spread themselves through various existing communication media.

This article will provide information about dangerous computer viruses and how they work. It is important for you to know information about this virus so you can take anticipatory steps and efforts to ward off dangerous virus attacks.

What is a Computer Virus

The term computer virus was first used by Fred Cohen in his paper entitled 'Computer Viruses – Theory and Experiments’ in the year 1984. The following is an excerpt from the definition given by Cred Cohen in his paper:

“We define ‘virus’ computer as a program that can 'infect’ another program by modifying it to include the possibility of developing a copy of itself. By infectious nature, Viruses can spread throughout a computer system or network using the authorization of each user who uses them to infect their programs. Any infected program can also act as a virus and so the infection increases.”

From the definition above, it can be concluded that the basic nature of a computer virus is that it has the ability to infect other programs and spread. The use of the term virus is due to the similarities in properties between computer viruses and biological viruses. Both have two goals, namely to survive and reproduce.

You can learn more about History of Computer Viruses: From Floppy Disks to Wireless Networks

Classification of Computer Viruses

Computer viruses and other programs that harm computer systems can be classified into several groups according to how they infect a computer system., part of the computer system they infect, or their behavior.

In general, All malicious software is called Malware or malicious software. The following is an example of the classification of various types of malicious software:

  • Malware: It is an abbreviation for malicious software, refers to a program created with the aim of harming or attacking a computer system. Consists of computer viruses (computer viruses), computer worms, trojan horses, joke programs dan malicious toolkits.
  • Computer virus: Refers to a program that has the ability to replicate itself.
  • Computer worm: Refers to an independent program that has the ability to replicate itself. Independent here means that a worm does not have a host program like a virus, to ride. Worms are often grouped as a sub-class of computer viruses.
  • Trojan horse: Refers to independent programs that can have functions that seem useful, and when executed, without the user's knowledge, also carry out destructive functions.
  • Malicious toolkits:  Refers to programs designed to help create programs that can harm a computer system. Examples of this type of program are virus creation tools and programs created to assist the hacking process.
  • Joke program: Refers to programs that imitate operations that can harm a computer system, but it is actually made for joke purposes and does not contain any malicious operations.

Functional Elements of Computer Viruses

Any active computer viruses, Basically it must consist of two basic parts or subroutines, that is:

  • Search routine: This section functions to find new files or locations that will be used as the next target for attack. This section also determines how the virus reproduces, whether quickly or slowly, whether it can attack part or all of the target. But as is the tradeoff of size and functionality that each program has, if the virus has a complicated search routine, then a larger space will be needed. Thus, even a good search routine can help the virus to spread faster, but the size of the virus will increase because of it.
  • Copy routine: This section functions to copy itself in the area determined by the search routine. The size of this section depends on the complexity of the virus being copied. As an example, Viruses that attack files with the COM extension are generally smaller than viruses that attack EXE files, because EXE files have a more complex structure, so that the virus is more difficult to attach itself to the EXE file.

Apart from the two parts above, Often a virus is combined with parts that function to avoid detection, both by computer users and virus detection software. This part is called the anti-detection routine, and can be part of a search routine, copy routine, or even apart from both.

As an example, This section will activate the virus if no keyboard keys are pressed for five minutes, assuming the user is not using the computer. Sometimes viruses are still combined with other parts such as routines to damage the system being attacked or routines that function only as a joke.

How Computer Viruses Work

In general, Computer viruses work by inserting or attaching to legitimate programs or documents that support macros. After successfully attaching, The virus will remain inactive until certain conditions trigger its execution. Once the virus infects the program, file, or documents, The virus will remain inactive until the infected program is executed. When you run an infected program, the virus code will be activated, so that the program can carry out the desired action

In particular, How a virus works depends on its type and characteristics. The following is how various types of computer viruses work.

  • File Infector Virus: Has the ability to attach oneself (attach) on a file, which is usually an executable file. In general, this type of virus does not attack data files. But nowadays, A data file or other document can contain executable code such as macros, which can be exploited by computer virus creators, worms or Trojan horses.
  • Boot Sector Virus: Modifies programs located in the boot sector of a DOS-formatted disk. In general, a boot sector virus will first execute itself before the bootup process on the PC, so that all floppy disks used on the PC will be infected too.
  • Multipartite Virus: Has features of both types of viruses above (both as a file infector and as a boot/system sector virus). When a file infected by this type of virus is executed, then the virus will infect the boot sector of the hard disk or partition sector of the computer, and vice versa.
  • Macro Virus: Infecting macro programs from a data file or document (which is usually used for global settings such as Microsoft Word templates), so that the next document edited by the application program will also be infected by previously infected macros.
  • Stealth Virus: This virus works residentially (settle down) in memory and hides the changes it has made to the infected file. This is done by taking over the system function if a reading process occurs. If another program requests information from a part of the system that has been infected with a stealth virus, then the virus will provide information that is appropriate to the situation before being infected with the virus, so it seems as if the system is working in good condition without interference from computer viruses.
  • Polymorphic Virus: Viruses tend to make changes in their code every time they undergo a replication process, making them difficult to detect by anti-virus software.
  • Companion Virus: It is a virus that works by pretending to replace files that the user wants to access. For example in the DOS operating system, A.EXE files can be infected by creating a file with the name A.COM. DOS will first look for files with the COM extension before files with the EXE extension. Once A.COM has been executed, then A.EXE will be executed too so that the file is infected too. Another way is to place a file with exactly the same name on another branch of the file tree, so that if this fake file is placed correctly and an error occurs by not writing the complete path when running a program, will result in the execution of the fake file.
  • Tunneling Virus:  This virus tries to take over the interrupt handlers in DOS and BIOS, then install itself until it is 'under' the program- other programs. This way the virus can avoid being blocked by anti-virus programs.
  • Fast Infectors Virus: This type of virus does not only attack when the target program is executed, but also when accessed. This aims to use anti-virus devices as a distribution medium when checking files on the computer.
  • Slow Infectors Virus: This is the opposite of fast infectors, where the virus will only spread when the target files are created or modified. This aims to trick anti-viruses, a kind of integrity checkers, by overriding the 'legitimate' process of changing a file.
  • Armoured virus: These are viruses that are made in such a way that it is difficult for anti-virus researchers to study how they work.
  • Worm: A virus that can spread to other computers without the user's help. A worm can take control of a computer and send itself to email contact lists or other networks connected to the computer.
  • Ransomware: A virus that encrypts data on a computer or network and demands a ransom to regain access to that data.
  • Rootkit: This type of virus is very difficult to detect and remove. This virus hides itself in the operating system and can provide access to the computer for hackers who exploit it.
  • Adware: Viruses that display unwanted advertisements on computers. This virus is often found in free software or downloaded from the internet.
  • Spyware: Viruses can take personal information from a computer and send it to hackers. This virus can retrieve information such as passwords, credit card number, and other personal information.
  • Botnet: is a computer network that is infected with a virus and controlled by hackers to carry out attacks on other computers or networks. Botnets can cause major damage and spread viruses to many computers.
virus komputer Ransomware

Computer Virus Life Cycle

The life cycle of a computer virus can be explained using a biological analogy. Quoted from Computer security: principles and practice, The life cycle of a computer virus can be divided into four phases:

Inactive phase

The virus program is silent during this stage. The virus program has successfully accessed the target user's computer or software, but at this stage, the virus does not perform any action. The virus will ultimately be activated by a “trigger” that states which conditions will execute the virus. Not all viruses have this stage

Deployment phase

The virus started to spread, which doubles itself. The virus places a copy of itself into another program or into a specific system area on the disk. The copy may not be identical to the deployment version; viruses often “in disguise” or changed to avoid detection by IT professionals and anti-virus software. Every program now has a clone of the virus, which itself will enter the deployment phase

Trigger phase

Dormant viruses move into this phase when activated, and will now perform the intended function. The trigger phase can be caused by various conditions of the system, including a count of how many times this copy of the virus replicates itself. The trigger may occur when an employee is terminated from their job or after a certain period of time has passed, to reduce suspicion.

Execution phase

This is the real work of viruses, where the load will be released. It can be as destructive as deleting files from a disk, make the system damaged, or corrupting files or relatively harmless things like flashing funny or political messages on the screen.

Closing

The development of computer and communication systems technology influences the way computer viruses spread themselves. Starting from the spread via floppy disks and boot sectors at the beginning of the development of computers, then move on via the internet network, and it looks like viruses will find a new place in wireless communication networks either in the form of applications (aplication-based) or in the form of application content (conten-based).

With the development of PC technology today, virus creators can exploit the PC technology they have to develop their own viruses, so there is a very big possibility of creating new types of computer viruses that are more virulent and dangerous.

The saying goes, An ounce of prevention is worth a pound of cure. In an effort to prevent and anticipate computer virus threats, You can follow 9 Best Windows Computer Security Tips this is easy to implement, learn too 7 Things Every Computer User Should Know.

How useful is this article?

Click on a star to rate it!

Average rating 0 / 5. Total votes: 0

No sound so far! Be the first to rate this article.

We apologize that this article was not useful for you!

Let us improve this article!

Let us know how we can improve this article?