What is virus?
Computer virus is a program able to copy itself and thus being a thread for users and their computers. However, viruses can also perform many other actions without user's participation and awareness.
The term "computer virus" is based by analogy to biological viruses being also able to replicate themselves (in biology term "self-replication" is used).
Computer virus like biological one has several stages:
Latent
The system already contains a virus, but it is not active yet.
Incubation
The virus becomes active, starts replicating itself and sending the copies to all available resources using system resources and slowing down all running applications.
Active
The virus goes on copying itself actively and performs all actions it was programmed to. As a result some files may disappear; services are shutting down; some network failures occur etc.
There are several conditions for malware to exist:
- Popularity of a certain operating system. It is logically that the danger of a virus attack is rather higher when an operating system is heavily used if compared to a system having only a few copies.
- Openness of an operating system (abundance of manuals, technical literature about it). It is clear that creating a virus is impossible without knowledge about it and its applications.
- System exposure or information about its vulnerabilities and trouble spots.
OS vulnerabilities can be of programming origin, that is bugs in its source code leaving a loophole for viruses; or they can be logical (legal ways for viruses to get into the system). Of course, there is a possibility to limit functions available for a new application (prohibition on getting full access to data stored on the hard disk, etc.), which blocks almost any virus thread but at the same time limits functionality of useful software. This fact also slows down the development of new programs and limits the variety of services they offer.
Why then create viruses? The answer is rather simple. Any invention or technological innovation sooner or later is used in order to gain profits or because of hooliganism and fraud. Should a technology become the mainstream it is immediately used for deriving profits.
The majority of viruses were created by students wanting to get some experience in the sphere of programming. They did to assert themselves. As a rule such viruses are not spread by their authors and very soon they disappear. With the lapse of time the number of traditional viruses decreased significantly.
There were some reasons for that:
- Technically MS DOS operating system was easier than modern Windows in 1990s;
- There exist legislative acts precepting fines for creating spyware;
- Network games opened new opportunities.
Another category of people are dissatisfied with themselves, that's why they create malicious programs. All the more so, there are sites offering virus manuals. Besides, there you can always find this or that way of penetrating into this or that operating system, methods of distributing viruses, methods of disguising from antiviruses etc. very often such sites offers virus signatures, samples of writing a virus and virus source codes which you can use as a basis and add some new features.
Some people are professionals at creating viruses. Such programs are usually thoroughly thought-out and use a lot of original ways of penetration into an operating system, various software and hardware errors and bugs, social engineering methods etc.
Category of researchers represents people engaged into developing new viruses and methods of infecting, penetration into an operating system and searching for bugs. Such programmers write viruses in order to analyze features of new programs and don't make their developments widely-spread. However, they make them available on special sites dedicated to viruses.
With appearance of paid services in the Internet new programs appear stealing logins and passwords in order to get money for them. Such threads intercept key data, registry files and use computer resources for their own purposes.
The most dangerous are hackers writing viruses to achieve various aims:
- stealing data for access to bank accounts;
- non-stop tiresome Internet ads;
- personal usage of infected computer resources;
- network attacks for further spying.
The main kinds of criminal activities can be classified into:
1. Spam. Special networks are created for sending it with the help of Trojan proxy servers.
2. DDoS attacks. Web servers are able to process the limited number of requests. If this number is exceeded then a server slows down or stops functioning. That's why hackers exceed this limit deliberately by organizing a network attack, which results in the fact that the selected resource. Most commonly such attacks are aimed at companies successful operation of which directly depends on network resource functionality (Internet shops, bookmaker's, etc.). As a rule it is done to ruin business rivals or extort money from the owners.
3. Sending paid SMS or making paid calls. In the beginning a company is founded which signs an agreement with a telephone provider without user's or the provider's awareness of it. Then a Trojan program makes paid calls and its creator receives the money gained from them.
4. Web money theft. Trojans searches and detects information about access codes to user's electronic purse and then sends it to their developers.
5. receiving personal bank information. In this case a number of various methods are used to make a user enter their card number and secret pin code. The ways of program penetrating into a system can be divided into two groups:
- social engineering;
- technical methods.
Social engineering techniques in some way urge a user on installing a virus program or go to a dangerous web page via the link. The aim of such viruses is to attract users, get them interested into an infected link or application.
Technical methods are used by hackers to penetrate into a user's system without their knowing about it. To do that system vulnerabilities and software bugs are used. Because of their complicated structure it is impossible to avoid them.
However, as a rule both methods are used to attract users and to ensure maximal probability of virus penetrating into the system.
6. Theft of confidential information
Generally speaking, frauds steal any information being more or less important: documents, technical characteristics, various databases, etc.
7. Blackmail. After penetrating into a system a special program codes user's personal data and leaves a message like "your data can't be recovered. To do that you must buy a decoding program". Or there is another way that is creating an archive with user's information protected by a password. It is clear that to get the password you should exchange it for money.
8. Creating active viruses. To commit criminal activities various network worms are created. Their aim is to install a Trojan program onto as many computers as possible.
9. Local attacks. They are aimed at infecting a certain company or firm to receive the certain information.
10. Other kinds of criminal activities. There are many other kinds of fraud, namely theft of email addresses and selling them to spammers; finding vulnerabilities and bugs in operating systems or programs and selling them to third parts, etc. Also there is a half-legal business of constant foisting off ads, applications and services on users. All this is done in order to penetrate into a system without any traces.
There are many ways for viruses to spread. Thus, they can replicate themselves, penetrate into codes of other programs or replace programs by masquerading as they. There are numerous ways of virus penetrating into a system: disks, floppy disks, various flash drives, Email, web pages, local area networks, etc.
However, there is no generally accepted definition of computer virus. This term encompasses all types of harmful software including those unable to replicate themselves (like spyware, spam). Formally term "virus" was described by F. Cohen on the basis of Turing machine (a kind of non-existing abstract computing machine) choosing the most probable algorithm. This description postulates that the notion of virus depends on its interpretation in certain environment.
There are incontestable evidences of existing viruses that can't be described by any algorithm.