- •Analogue and Digital Computers Аналоговые и цифровые компьютеры
- •Semiconductors and microprocessors
- •Programs
- •Informatisation of the Russian Society Информатизация российского общества
- •Origin of the term
- •Social impact of informatization
- •Informatization in economic systems
- •Globalization and informatization
- •Measurement of informatization
- •National laws on informatization
- •Earliest True Hardware
- •1801: Punched Card Technology
- •1880S: Punched Card Data Storage
- •Desktop Calculators
- •Advanced Analog Computers
- •Early Electronic Digital Computation
- •Colossus
- •American developments
- •Manchester "baby"
- •Early computer characteristics
- •First-Generation Machines
- •Commercial Computers
- •Second generation: transistors
- •Post-1960: Third Generation and Beyond
- •Computer Development in the usa Развитие компьютеров в сша
- •Comparison of Computerization Process in the usa and Russia Сравнение процесса компьютеризации в сша и в России
- •Computerization in Russia
- •Modernization and computerization of Russian schools
- •Introduction
- •Computer Virus. Development History of Computer Viruses Компьютерный вирус. История развития компьютерных вирусов
- •History
- •Virus programs
- •Classification
- •Nonresident viruses
- •Resident viruses
- •Vectors and hosts
- •Infection strategies
- •Stealth Read request intercepts
- •Self-modification
- •Encryption with a variable key
- •Polymorphic code
- •Metamorphic code
- •Avoiding bait files and other undesirable hosts
- •Vulnerability and countermeasures The vulnerability of operating systems to viruses
- •The role of software development
- •Anti-virus software and other preventive measures
- •Recovery methods
- •Virus removal
- •Operating system reinstallation
- •Computer Security Безопасность компьютера
- •Контрольные вопросы по 3 разделу:
- •Примерные вопросы к экзамену
- •Литература а. Основная литература
- •Б. Дополнительная литература
- •Электронные ресурсы:
- •Материально-техническое обеспечение дисциплины
Vectors and hosts
Viruses have targeted various types of transmission media or hosts. This list is not exhaustive:
Binary executable files (such as COM files and EXE files in MS-DOS, Portable Executable files in Microsoft Windows, the Mach-O format in OSX, and ELF files in Linux)
Volume Boot Records of floppy disks and hard disk partitions
The master boot record (MBR) of a hard disk
General-purpose script files (such as batch files in MS-DOS and Microsoft Windows, VBScript files, and shell script files on Unix-like platforms).
Application-specific script files (such as Telix-scripts)
System specific autorun script files (such as Autorun.inf file needed by Windows to automatically run software stored on USB memory storage devices).
Documents that can contain macros (such as Microsoft Word documents, Microsoft Excel spreadsheets, AmiPro documents, and Microsoft Access database files)
Cross-site scripting vulnerabilities in web applications (see XSS Worm)
Arbitrary computer files. An exploitable buffer overflow, format string, race condition or other exploitable bug in a program which reads the file could be used to trigger the execution of code hidden within it. Most bugs of this type can be made more difficult to exploit in computer architectures with protection features such as an execute disable bit and/or address space layout randomization.
PDFs, like HTML, may link to malicious code. PDFs can also be infected with malicious code.
In operating systems that use file extensions to determine program associations (such as Microsoft Windows), the extensions may be hidden from the user by default. This makes it possible to create a file that is of a different type than it appears to the user. For example, an executable may be created named "picture.png.exe", in which the user sees only "picture.png" and therefore assumes that this file is an image and most likely is safe, yet when opened runs the executable on the client machine.
An additional method is to generate the virus code from parts of existing operating system files by using the CRC16/CRC32 data. The initial code can be quite small (tens of bytes) and unpack a fairly large virus. This is analogous to a biological "prion" in the way it works but is vulnerable to signature based detection. This attack has not yet been seen "in the wild".
Infection strategies
In order to avoid detection by users, some viruses employ different kinds of deception. Some old viruses, especially on the MS-DOS platform, make sure that the "last modified" date of a host file stays the same when the file is infected by the virus. This approach does not fool antivirus software, however, especially those which maintain and date cyclic redundancy checks on file changes.
Some viruses can infect files without increasing their sizes or damaging the files. They accomplish this by overwriting unused areas of executable files. These are called cavity viruses. For example, the CIH virus, or Chernobyl Virus, infects Portable Executable files. Because those files have many empty gaps, the virus, which was 1 KB in length, did not add to the size of the file.
Some viruses try to avoid detection by killing the tasks associated with antivirus software before it can detect them.
As computers and operating systems grow larger and more complex, old hiding techniques need to be updated or replaced. Defending a computer against viruses may demand that a file system migrate towards detailed and explicit permission for every kind of file access.