xone 2 months ago

How Computer Viruses Operate

Understanding the Basics

A virus is a self-replicating program that injects itself into user programs without your consent. You may have encountered them yourself if you downloaded files from unverified sources on the Internet. Such a virus can block your computer and demand money to decrypt information. 

Most often, viruses are created primarily for selfish reasons:

· earnings

· interception of passwords

· theft of payment data

· hooliganism

· elimination of competitors

· consolidation for further introduction into the corporate network of competitors 

Target viruses

To combat competitors, targeted development of viruses for specific operating systems, software and security tools is used. Some viruses even know how to bypass specific antiviruses, but to implement them you need to know exactly what antivirus is being used. 

The most famous example of a targeted virus is Stuxnet, which made it possible to suspend the operation of Iranian centrifuges for enriching uranium fuel. 

Bulk viruses

But most often, hackers prepare viruses for widespread distribution. The main task of viruses is their self-reproduction, that is, further spread. Thus, from year to year, the most popular remain encryption viruses (ransomware), which are embedded on a computer, block access to data (most often by encrypting data) and demand a ransom.

The first viruses

Among the first viruses we can safely include the harmless 1981 program for Apple II computers “Elk Cloner”, which self-propagated through removable storage media and displayed a poem on the monitor every 50 starts of the operating system.

Another important example is the first epidemic, caused by the Morris worm in 1988, which paralyzed more than 6,000 computers and served as the basis for the creation of computer security standards. Among other things, the virus guessed victims’ passwords in order to install itself, for which it used a small built-in password dictionary.

The DATACRIME virus, which appeared in 1989, also pushed the development of computer security and, as a result, the first antivirus appeared - the VIRSCAN program, which checked the file system for the presence of known lines of virus code (signatures).

In the early stages, most viruses did not pursue any goals, but were a joke or an incorrectly written program. Thus, the “Morris worm” was supposed to simply wander around the network and overwrite its old versions, but Robert Morris Jr. chose too small a frequency for rewriting the worm code, which is why computers were repeatedly infected with the worm, and each additional instance slowed it down. It took up space on the computer, took up RAM, which slowed down the computer to the point of failure.

Modern viruses

In addition to ransomware, the following are now widespread:

Trojans (they steal and destroy information, but do not reproduce themselves), 

worms (spread through the network, reproduce and collect information), 

backdoors (give the virus developer access to the victim’s computer), 

botnet (a virus that is dormant for the time being, which is launched when necessary to attack, including a network one), 

boot virus (injects itself into a computer and downloads another virus), 

spyware (steal user information, including logins and passwords). 

Is it difficult to write a virus yourself?

A computer virus can be written in almost any programming language, and the choice of programming language often depends on the hacker's knowledge and the distribution medium used. For example, a virus can be written either as a macro in a sent Word file or code executed in a browser, or in low-level programming languages.

Considering the number of articles available on the Internet, as well as the development of generative AI, which provides detailed information and generates computer code, writing viruses is accessible to almost any programmer. However, simple viruses are quite easily detected by antiviruses. Previously, antivirus programs were very busy on the system, but now antiviruses have moved from signature analysis (like VIRSCAN) to heuristic algorithms, which analyze the actions of programs. If a program does not behave as expected, it is blocked by the antivirus. 

Do not forget about criminal liability (Article 273 of the Criminal Code of the Russian Federation) not only for the creation, but also for the use and distribution of computer viruses. The article implies restriction of freedom for up to 7 years. 

How to protect yourself from viruses

Unless you own a megacorporation, run a government agency, or have a lot of sensitive data, you are unlikely to be a personal target for hackers. But there remains the possibility of getting into a virus epidemic, the purpose of which is to encrypt the maximum number of computers or steal data from any computers that the viruses reach before they are neutralized.

Since the goal of hackers is to infect end devices on a large scale, the popularity of the operating systems used plays a negative role. Thus, the overwhelming number of viruses are written for Android phones (installed on 71% of phones in the world) and Windows computers (69% of PCs). 

However, using iOS on a smartphone or Linux / macOS on a computer is not a panacea for viruses. Thus, in March 2016, the KeRanger ransomware virus was developed specifically for macOS, which outwardly looked like a distribution of the BitTorrent client Transmission. And in 2022, another virus appeared under macOS VirusTotal.

You cannot completely protect yourself from viruses, but you can reduce the risk of infecting your computer. If we recall the methods of spreading viruses, they most often use flash drives, the Internet, and social engineering methods.

Simple safety rules

1) the fewer flash drives, especially those accidentally found on the street, at work, or taken from colleagues, that visit your computer, the less chance of infecting it.

2) do not open dubious sites, for example, if you use the Yandex search engine, verified sites are marked with a label

3) try to avoid sites without valid ssl certificates (most sites use https, attackers are too lazy to create an appropriate encryption certificate. Sites with https usually display a closed lock icon; if it is not there, the lock is open or there is a warning, double-check the correctness of the entered URL and try to leave this site);

4) do not install programs from dubious sources, try not to download files from torrents;

5) if your friends sent you a link to an unknown site, perhaps they were hacked and the link was fraudulent (phishing).

6) do not store passwords on your computer, even in hidden folders;

7) use well-known paid antiviruses (Kaspersky, Dr.Web, ESET Nod, etc.). Remember: antivirus manufacturers must make money from something; if the antivirus is free, most likely it is either useless or your data is a way to make money;

8) Use complex passwords consisting of lowercase and uppercase letters, numbers and special characters. 

Complex passwords are difficult to remember and you want to write them down somewhere. The UK cyber security body NCSC has recommended a fairly simple idea for creating passwords: use a combination of three randomly chosen words, such as "coffeetrainfish". You can also write each beginning of a word with a capital letter, and replace some letters with similar special characters C0ffeeTrainFi$h.


Black Box Testing

2 months ago
Understanding API Authentication: A Guide to Cookie-Based,jwt

Understanding API Authentication: A Guide to Cookie-Based,jwt

10 months ago
FFUF cheat sheet for penetration testers

FFUF cheat sheet for penetration testers

10 months ago
API Basics: Understanding SOAP vs. REST, URLs

API Basics: Understanding SOAP vs. REST, URLs

10 months ago

White box testing

2 months ago