Did U Know Basics of IT security; Introduction to Viruses

Basics of IT security; Introduction to Viruses

Basics of IT security. Introduction to Viruses

We have been infected with a virus! This using a Windows system is nothing new! We can say that Windows is very vulnerable, but at the same time it is very easy to use, which is why it is used by many people and is targeted by all cyber criminals. So this topic gives introduction to Viruses and IT security basics.

What does virus itself mean by itself? Viruses are programs written specifically to damage a Machine or to take control of it and steal sensitive data. Viruses can be classified into many categories, each with a different method of attack (intrusion).

Below we show the most popular viruses:

Flooder vi

They are those viruses designed to over-flow the machine. The task of this type of virus is to burden our computer as much as possible with system processes that take up most of the resources (ram memory and CPU), making the system unusable.

These flooders are sometimes used in IRC channels to block channel traffic and send it haywire.

BackDoor

It’s a fairly common type of virus. As the name itself says, Back (behind) and Door (door), this virus opens a door in our system without our knowledge. The purpose of the virus is to open as many ports as possible on our PC and send data to a remote server with the information obtained.

At this point a hacker, in possession of this information, can enter our system and do whatever he wants.

Trojan Horse

It is similar to a BackDoor virus only that it tries to trace our IP and send it as always to a remote server to allow a hacker to access our system.

Keylogger

This virus is never alone. Work in tandem with a Trojan Horse or a BackDoor. This type of virus allows you to memorize all the keys pressed by the keyboard. It can store large amounts of data, but above all it is a method to easily discover the passwords of the sites to which we are registered.

Once a certain amount of data has been recovered, the data is sent to a remote server via a Trojan Horse or a BackDoor and used by hackers. Today Keyloggers can also take screenshots of our screen and send it as additional information to a remote server.

Rootkit

This virus tries to take control of our computer and the privileges reserved for the administrator (Administrator account). Once we gain access to the services as an administrator, this virus disables all our privileges and takes over for us. From this moment it is possible that we are not allowed to access our computer.

MBR Virus

These viruses spelled the end of an operating system! In fact, they changed the startup parameters and allowed to start a malicious script together with the operating system. This meant that it was an impossible task to eliminate it, now thanks to new removal and detection tools it is possible to locate and delete them.

FAT & NTFS Injection

It is a little known virus, in fact this virus modifies file associations to start. Let me explain better, if we wanted to open a file called learn-online.swf as soon as we double click, the virus will start first and then the real file, or nothing will be started.

Macro Viruses

These viruses are usually written in Visual Basic in the form of macros in Word and Excel. In short, through a macro that can be started by opening the .doc or .xls file, causes damage to the system, silently executes procedures through some scripts assigned to the macro itself.

ANSI virus

Sometimes we say that we accidentally pressed a button and we see that some files with that format are deleted … But is it us or a wrong configuration or made on purpose by a program or rather a virus? Well we are faced with this variant of MS-DOS virus, old but still very widespread now.

In practice, the file just started associates the letters of the keyboard, for example H or a word like Hpmezzo to an MS-DOS command like if we press H we associate the command DEL / Q *. * Or DEL / Q * .exe in the first case if we press all files with undetermined name and extension will be deleted in the second case all files with .exe extension.

They basically modify config.sys which is a system file.

Time Bomb Virus

Sometimes we need to set an application to run at a certain day and time. This is what is called scheduled execution (3:00 – defragmentation run, 5:00 – Disk Cleanup, etc …) But what if we actually scheduled a virus to run at a certain time each day? What could happen? Well this is the characteristic of a Time Bomb Virus, it will run after a certain period of time.

Polymorfic Virus

These are viruses whose source code is modified using a specific algorithm. Each time the system is opened, to ensure that their code is not detected by antivirus, they always change, changing each time into a new variant. Often these viruses are accompanied by Updates, i.e. updates.

In fact, to prevent many antivirus houses from detecting the infection in the system, through an update they allow you to modify and correct some internal bugs.

Sniffer Virus

These programs are used to track down packets that are inside a network, decrypt them and make them readable to the user in question. This is good for seeing who is using our Wi-Fi connection without our permission.

This program also has the reverse function of tracing the WEP or in any case our password assigned to the Wi-Fi network and entering the network.

Worms

Classic virus now known by most users. This virus has the ability to self-replicate within the system and infect other systems connected to the network. The methods of spread like all viruses are:

Email: Bugs that are present in the system and that need a patch to protect the system;
P2P networks: programs such as Emule, Bearshare, Bittorent, which use file sharing;
Chat: Windows Live Messenger;

Spyware

As the term spy component itself says. This program, let’s say it is not harmful to the system, but harmful to our privacy. In fact, this little program, just installed in the system, can collect our sensitive data.

Hijackers

These viruses open fake antivirus advertisements on our browser and change our home page to that of a pirated site.

Rabbit

They are viruses that spread quickly, named Rabbit (rabbit). In fact, it replicates itself in our system and opens processes to consume as much as possible the resources present in our machine.

P2P

This is a method of spreading viruses within file exchange networks by “passing off” a Malware as a software such as CCleaner, Comodo, Avast Antivirus etc … Be careful what you download!

PREVENTION

To prevent the usual recommendations are not enough:

Always keep the antivirus updated.

But beyond that there are endless recommendations, I will list some of them:

  • Update your browser in use because it is always subject to vulnerabilities, therefore computer attacks and viruses;
  • Never open executables under one megabyte, in fact sometimes many viruses are small in size;
  • Don’t open attachments from unknown senders;
  • Never open a file if the source is not one hundred percent secure;
  • Checking the digital signature of a file will let you know if the file is reliable or not;
  • Always have a safety copy of your personal data (Photos, Music, Documents in general);
  • Using your PC with a limited account prevents virus infection by 50%;
  • Block the automatic execution of scripts in your browser;
  • Never use only an antivirus, better use the Firewall + Antivirus pair to be more protected;

Leave a Reply