Header Ads

How to prevent computer virus attacks.

Computer viruses are the oldest form of malicious programs. True to its name, a virus infects a file (for example an executable) and uses that file as a carrier. It infects a file by copying its code into it and typically needs a carrier file to hold it. It then spreads when the carrier program infected with the virus code gets executed. A typical characteristic of a virus is that the infected file must be executed for the virus to run. For instance, you might have an infected word file on your system. Once you try opening the word file it executes the virus, but if you never open the word file the virus never gets executed.

As if this is not bad enough, viruses can be executed indirectly. This is because many systems support an auto-play function which once a user inserts a CD, DVD OR USB looks for an application on the media and runs it, if the application is infected, the virus runs and infect the system.

Viruses have two major components, a replication part, and an activation part. A virus replicates itself as already discussed by copying its code into other applications. When an infected application is run, the virus looks for other applications to infect. A classic example of this is how viruses are spread through flash drives. When a flash drive is inserted into an infected system, the virus copies itself onto a file on the flash drive. When the same flash drive is inserted into a new system, the virus tries to copy itself onto files in the new system. The activation aspect is when the virus delivers its payload or runs the malicious part of the program.

Viruses come in many different forms depending on how they work or what they attack. The table below isn’t exhaustive but comprise of the methods viruses have used over the years and may combine several methods to remain undetectable or persistent.

Table Types of Viruses.1
Virus Type
Important Characteristics
System or Boot
Sector Virus
These typically move the Master Boot Record (MBR) to some other location on the disk and
copy their own code to the MBR and thus get executed first when the system boots. These are
basically, shell viruses which form a shell around the executable to which it is attached and
gets executed first before the control is passed on to the executable.
Macro Virus
These are usually written in Visual Basic Applications (VBA) and infect the files created by MS Office programs like Microsoft Word, Microsoft Excel.
File Virus
These infect files which are executed or interpreted, e.g., *.EXE, *.SYS, *.COM, *.PRG, *.BAT etc.
Encryption Virus
These viruses encrypt themselves and use a different key each time they infect a new file.
Encryption leads to difficulty in its being recognized as a virus.
Multipartite Virus
These viruses infect multiple parts of the system at the same time. Example: Boot Sector as
well as *.EXE files.
Stealth Virus
These escape anti-virus software by intercepting the anti-virus software calls to the Operating
System and pointing it to the actual virus which provides a clean copy of the requested
program to the anti-virus software.
Cluster Virus
These modify directory entries and point system processes to virus code, then the actual
program, leading to the execution of the virus code. As usual, the virus executes itself first and
then hands over the control to the file, the execution of which was requested.
Polymorphic Virus
These are viruses which transform themselves while keeping the original intent intact.
These have mutation engines which enable them to mutate to various forms.
Metamorphic Virus
These are viruses which rewrite themselves before each infection.
Sparse Infecting
These infect less. They infect occasionally. Example: Some viruses infect when they are executed for the 100th time or the file length is between two values or conditions like Friday the 13th.

The most common ways viruses spread are through e-mail attachments; games; scripts; macros; through already infected genuine programs; installing of pirated software; carrying out downloads without checking the authenticity or genuineness of such programs and files; and compromised legitimate websites.
To protect systems from viruses, user/organizations can take the following measures:
·         Have a strong Anti-Virus software installed on your system and keep it updated
·         Use an endpoint device firewall and configure appropriately
·         Have a strong Anti-Virus Policy and train all resources on the do’s and don’ts
·         Push the Anti-Virus software to all the connected systems from the Anti-Virus server. Do not leave it to the users.
·         Have strong policies against unauthorized downloads
·         Do not open attachments received from unknown persons
·         Do not open strange attachments from even known persons
·         While downloading the programs, check the error messages and carefully review the instructions. When in doubt, do not proceed with the installation.
·         Regularly scan for the integrity of the system and other important files
·         Scan the disks or USBs before copying the files from them
·          Take regular backups of all critical files and programs so that they can be restored back if they are corrupted
·          Give attention to unusual activities on your system, investigate them and resolve if they are on account of virus infection
·         Do not use pirated software
·          Do not download free, music, video files from the internet from untrusted sites
·         Run regular system scans using the deployed Anti-Virus software
·         Understand the latest virus threats and take countermeasures as suggested by competent authorities, like the operating system provider or the utility provider or Anti-Virus Tool vendors.

1. Umesh Hodeghatta Rao and Umesha Nayak. The InfoSec Handbook.

No comments

Powered by Blogger.