Computer Name

Story About the Virus (episode two) 

VIRUS LIFE CYCLE

Viral life cycle in general, through 4 stages:

o Dormant phase (Phase Rest / Sleep) In this phase the virus is not active. The virus will be activated by a condition specific, such as: the date specified, the presence of other programs / execution other programs, etc.. Not all viruses through this phase

o Propagation phase (Phase Distribution) In this phase the virus will unite himself to a program

or to a place of storage media (both hard drives, ram etc). Each Infected programs will be the result of "cloning" virus (Depending on how the virus infects)

o Trigerring phase (Phase Active) In this phase the virus becomes active and this is also the trigger by some conditions as in Dormant phase

o Execution phase (Phase Execution) In this phase the virus is active before going to perform its function. Such as deleting files, display messages, etc. 

VIRUS Types

To further refine our knowledge about the virus, I will try provide an explanation of the types of viruses that often roam in the cyber world.

1.Macro Virus This virus type must have been very often we hear. The virus is written with the programming language of an application rather than by language programming of an Operating System. The virus is able to walk when constituent applications to run well, meaning if the mac computer can run the application word so this virus works on Mac operating system computers 

virus samples:

- Variant W97M, eg W97M.Panther 1234 bytes long, will infect the Normal.dot and infect the document when opened. - WM.Twno.A; TW 41 984 bytes long, Ms.Word document will infect that use macro languages, usually DOT and the extension *. DOC *.

2.Boot Sector Virus Boot sector viruses are spread is very common. The virus is in the double he will move or replace the original boot sector with the program boot virus. Thus, whenever booting the virus will be loaded into memory and then the virus will have the ability to control the hardware standard (Ex: monitor, printer, etc.) and from this memory is also the virus will spread to all existing drives and connect to the computer (ex: floppy, another drive other than drive c). 

virus samples:

- Variant virus wyx ex: wyx.C (B) infects the boot record and floppy; length: 520 bytes; characteristics: memory resident and encrypted) 

- Variant V-sign: infect: Master boot record; 520 bytes long; characteristics: living in the memory (memory resident), encrypted, and polymorphic) 

- Stoned.june 4th / bloody! infect: Master boot record and floppy 520 bytes long; characteristics: living in the memory (memory resident), encrypted and display message "Bloody! june 4th 1989 after the computer is booting 128 times

3.Stealth Virus This virus will master table at the DOS interrupt table that often we know with "Interrupt interceptor". this virus is capable to control DOS level instruction and the instruction they usually hidden as its name either full or size. 

virus samples: 

- Yankee. XPEH.4928, infect files *. COM and *. EXE; 4298 bytes long; characteristics: living in memory, the size of the hidden, has a trigger - WXYC (which includes any category because the boot record into stealth category Also included here), an infected floppy motherboot record 520 bytes long; living in the memory; size and hidden viruses.

- Vmem (s): infect files *. EXE, *. SYS and *. COM; fie 3275 bytes long; characteristics: living in memory, the size of the hidden, is encrypted.

4. Polymorphic Viruses The virus is designed to make misleading antivirus program, meaning the virus is always trying to avoid being recognized by the anti virus is always changing the way fox structure after each infected file / other programs

- Necropolis A / B, infect files *. EXE and *. COM; files 1963 bytes long characteristics: living in memory, the size and viruses hidden, encrypted and can be changed to change the structure 

- Nightfall, infect files *. EXE files 4554 bytes long; characteristics: living in memory, the size and hidden viruses, has a trigger, encrypted and can change structure

5. Virus Files / Program This virus infects an executable file directly from the operating system, whether the application configuration file (*. EXE), or *. com is usually also the result of infection of this virus can be identified by changing the size of files that attacked.

6. Multi Partition Virus This virus is a combination dariVirus boot sector and file viruses: it means the work performed resulted in two, that he can infect files *. EXE file and also infect the Boot Sector.