OVERVIEW OF VIRUS
1949, John Von Neuman, say "self altering automata theory" which is the result of research mathematicians. 1960, the lab BELL (AT & T), experts in the lab BELL (AT & T) to experiment the theory expressed by john v Neuman, they play around with the theory to a type of game / game. The experts make a program that can reproduce itself and can destroy lawan.Program-made program that is able to survive and destroy all other programs, it will be deemed the winner. This game eventually became a favorite game in each and every time they also realize komputer.semakin lab and began to be aware of this game is because the program created more and more dangerous, so that they do surveillance and strict security.
1980, the program that eventually became known as the "virus" was successfully spread beyond the lab environment, and began circulating in cyberspace. 1980, begin to known viruses that spread in the cyber world.
B.PENGERTIAN VIRUS
"A That program can infect other programs by modifying them to include a copy of itself.A slighty altered virus can spread throughout a computer system or network using the authorization of every user using it to infect Their programs. Every That gets infected programs can also act as a viral infection That Grows "(Fred Cohen)
The first time the term "virus" is used by Fred Cohen in 1984 in the United States. A computer virus named "Virus" because it has some fundamental similarities with the virus in medical terms (biological viruses).
Computer viruses can be interpreted as a computer program biasa.Tetapi have a fundamental difference with other programs, which created the virus to infect other programs, convert, manipulate and even destroying it. There is to be noted here, the virus will infect only when the trigger program or programs that have been infected had been executed, where it differs from the "worm". This paper will not discuss the worm because it would divert us from our later discussion of this virus.
C.KRITERIA VIRUS
A program called the new virus could be said is really true if the virus has at least five criteria:
A. The ability of a virus to get information 2. Ability to examine a program 3. Its ability to multiply and spread 4. His ability to manipulate 5. Its ability to hide itself.
Now will try to explain briefly what is meant the ability of each and why this is necessary.
1.Kemampuan to obtain information
In general, a virus requires a list of the names of files in a directory, for what? so that he can identify what programs will he tulari, such as macro viruses that will infect all files ending in *. doc after the virus was found, this is where the ability to gather information necessary for the virus that can make a list / all data files, continue to sort them by looking for files that can ditulari.Biasanya this data is created when an infected program / virus infected or even the program is executed. The virus will immediately undertake to collect data and put it in the RAM (usually: P), so that when the computer shuts down all the lost data but it will be created each bervirus program is run and are usually made as a hidden file by the virus.
2.Kemampuan check divulging program
A virus must also be biased to examine a program that will be infected, for example, he served infect program extension *. Doc, he should check whether the document file has been infected or not, because if it is then he will be useless infecting her 2 times. This is very useful to enhance the ability of a virus infecting one in terms of speed of file / program.Yang common practice is to have a virus / mark the file / program that has infected so it is easy to recognize by the virus. Examples of such labeling is to give a unique byte in every file that has been infected.
3.Kemampuan to multiply
If this virus emang "bang-get", this does not mean without the virus. The core of the virus is the ability mengandakan itself by infecting other programs. A virus has been found when his victim (either a file or program) then it will recognize it by check, if not already infected then the virus will begin to infect the action by writing a byte identifier in the program / file, and so on mengcopikan / write the object code of the virus above the file / program infected. Some common ways the virus to infect / reproduce itself is:
a.File / Program to be infected deleted or renamed. then created a file using that name with the virus (ie virus changed his name to the name of the deleted file) b.Program virus is already in execution / loads into memory will directly infect other files by riding the entire file / program.
4.Kemampuan held manipulation
Regular (routine) owned by a virus will be started after a virus infects a file / program. contents of this routine can range from the lightest to the destruction.This routine use of the ability of an operating system (Operating System), so it has the same ability to those of the operating system. for example:
a.Membuat image or message on the monitor B.Change / change change the label of each file, directory, or the label of the drive in pc c.Memanipulasi program / file is infected d.Merusak program / file e.Mengacaukan printer working, etc.
Hiding himself 5.Kemampuan
Hiding is the ability of self to be possessed by a virus so that all the good work from the beginning to the success of transmission can terlaksana.langkah the usual steps are:
-The original program / virus is stored in coded form and machines combined with other programs that are considered useful by the user. -Virus program is put on the boot record or track that is rarely noticed by the computer itself -Virus program is made as short as possible, and the infected file does not change its size -The virus does not change the description of the time a file , Etc.
D.SIKLUS LIFE VIRUS
Virus life cycle in general, through four stages:
o Dormant phase (Phase Rest / Sleep) In this phase the virus is not active. The virus is activated by a particular condition, such as: the date specified, the presence of another program / execution of other programs, etc.. Not all of the virus through this phase
o Propagation phase (Phase Distribution) In this phase the virus copies itself to a program or to a place of storage media (both hard drives, ram, etc.). Each infected program would be the "klonning" virus (depending on how the virus infects)
o Trigerring phase (Phase Active) In this phase the virus is active and this will also trigger by several conditions such as the Dormant phase
o Execution phase (Execution Phase) At this phase the virus that have been active earlier will perform its function. Such as deleting files, display messages, etc.
E.JENIS - TYPE VIRUS
To further refine our knowledge about the virus, I'll try to give an explanation of the types of viruses that often roam the cyber world.
Macro 1.Virus This type of virus must have been very often we dengar.Virus is written with the programming language of an application rather than the programming language of an Operating System. The virus can run its constituent if the application can run properly, that is if the computer can run applications mac word so this virus works on a Mac computer operating system. virus samples:
W97M-variant, ie the length of 1234 bytes W97M.Panther, akanmenginfeksi normal.dot and infect the document when opened. -WM.Twno.A; TW 41 984 bytes long, it will infect Ms.Word document that uses a macro language, usually the extension *. DOT and *. DOC , Etc.
2.Virus Boot Sector Boot sector viruses are common in all these menyebar.Virus reproduce itself will remove or replace the original boot sector virus boot program. So when there is booting the virus will be loaded kememori and then the virus will have the ability to control the standard hardware (ex :: monitor, printer, etc.) and from memory it also will spread eseluruh drives and connected kekomputer (ex: floppy, other drives other than drive c). virus samples: -Variant virus wyx ex: wyx.C (B) infect the boot record and floppy; length: 520 bytes; characteristics: memory resident and encrypted) -Variant of V-sign: infect the Master Boot Record; length of 520 bytes; characteristics: resident in memory (memory resident), encrypted, and polymorphic) 4th-Stoned.june / bloody!: infect: Master boot record and floppy; length of 520 bytes; characteristics: resident in memory (memory resident), encrypted and displays the message "Bloody! june 4th 1989" after the computer boots 128 times
3.Stealth Virus This virus will master table in DOS interrupt table that we often refer to as "Interrupt interceptor". virus is capable of instruction-level instructions to control the DOS and usually they are hidden as well as a full name or size. virus samples: -Yankee.XPEH.4928, infect the file *. COM and *. EXE; length of 4298 bytes; characteristics: resident in memory, ukurantersembunyi, has a trigger -WXYC (which includes any boot record category for entering stealth kategri also included here), an infected floppy motherboot record; length of 520 bytes; resident in memory; size and hidden viruses. -Vmem (s): infect files *. EXE, *. SYS and *. COM; fie 3275 bytes long; characteristics: resident in memory, the size of the hidden, in the encryption. , Etc.
4.Polymorphic Virus The virus is designed to make misleading antivirus program, meaning that the virus is always trying to avoid being recognized by the anti-virus is always changing the way the fox
virus samples:
-Necropolis A / B, infect a file *. EXE and *. COM; file 1963 bytes long; characteristics: resident in memory, the size and tesembunyi virus, encrypted, and can change the structure change -Nightfall, infect a file *. EXE; file 4554 bytes long; characteristics: resident in memory, the size and tesembunyi virus, has a trigger, terenkripsidan can change the structure , Etc.
5.Virus File / Program This virus infects files that can be executed directly from the operating system, whether it's application file (*. EXE), or *. COM is usually also the result of infection from this virus can be detected by changes in the size of the file that attacked.
Partition 6.Multi Virus This virus is a combination dariVirus boot sector and file viruses: that the work performed resulted in two, that he can infect the files *. EXE and also infect the Boot Sector.
HOW TO SPREAD VIRUS F.BEBERAPA
Viruses as biological virus must have spread to the media, computer viruses can spread control every aspect of your computer / other engines are also a number of ways, including:
1.Disket, storage media R / W External storage media can be an easy target for viruses to be used as media. Well as a place to stay or as a distribution medium. Media bias operation R / W (read and Write) is carrying the virus and allow it to serve as a distribution medium.
2.Jaringan (LAN, WAN, etc.) The relationship between multiple computers directly it is possible to move part of a virus when there is exchange / executing the file / program containing the virus.
3.WWW (internet) It is likely an accident in the plant site of a 'virus' that will infect computers that access it.
4.Software a Freeware, Shareware or even pirated Many viruses that are deliberately planted in a good program that disseminate free of charge, or trial version that would have a virus embedded in it.
5.Attachment on email, transferring files Almost all types of viruses these days use the email attachment is because all internet service users must use email to communicate, these files are intentionally striking / attract attention, and often have a double extension on the file naming.
G.PENANGULANGANNYA
1.Langkah-Steps for Prevention For prevention you can do some of the following steps: o Use Antivirus updatean you trust with the latest, never an appun matter as long as the brand is always updated, and turn on the Auto protect o Always scan all external storage media that will be used, perhaps it is a bit inconvenient, but if you work Autoprotect anti virus can be passed to this procedure. o If you are connected directly to the Internet try to combine your Antivirus with Firewall, Anti-spamming, etc.
Once Lagkah 2.Langkah-Infected
o Detection and determine roughly where the source of the virus if the diskette, network, email, etc., if you are connected to the network then there is a good idea to isolate your computer first (either by unplugging or disabling of the control panel) o Identify and classify what type of virus that attacks your pc, by the way: - The symptoms, such as: messages, files are corrupted or lost, etc. - Scan with your antivirus, if you are hit while walking Autoprotect vius definition in the computer means you do not have data of this virus, try to update manually, or download a virus definitionnya for your install. If the virus is blocking your attempt to update it, try to use other media (computer) with the latest antivirus updatean. o Clean up after you successfully detected and recognized it immediately try to find ways of removal or to destroy it at sites that provide information on the progress of the virus. It's if the latest antivirus updates you do not succeed destroy it.
No comments:
Post a Comment