A. Origin VIRUS
1949, John Von Neuman, menggungkapkan "self-altering automata theory"which is the result of research mathematicians.
1960, lab BELL (AT & T), experts in the lab BELL (AT & T) trial and error theoryrevealed by john v neuman, they play around with the theoryis for a type of game / game. The experts makeprogram that can reproduce itself and to destroy the programartificial lawan.Program which can survive and destroy all programsanother, it will be considered a winner. The game was eventuallya favorite game in each and every lab komputer.semakin their oldwas conscious and started to be aware of this game because the programcreated more and more dangerous, so they dosupervision and strict security.
1980, the program that became known as the "virus" ismanaged to spread beyond the lab environment, and began to circulate incyber world.
1980, the start is known viruses that spread in the cyber world.
B. UNDERSTANDING THE VIRUS
"A program cans That Infect other programs by modifying Them to includea slighty altered copy of itself.A virus spreads cans Throughout a computersystem or network using the authorization of every user using it toTheir programs Infect. That gets infected every programs act as cans AlsoThat a virus infection grows "(Fred Cohen)
The first time the term "virus" is used by Fred Cohen in 1984 inUnited States. A computer virus called "virus" because it has somefundamental equation with the virus in medical terms (biological viruses).
Computer viruses can be interpreted as a computer program biasa.Tetapihave fundamental differences with other programs, namelyvirus designed to infect other programs, change,manipulate it even hurt it. There is to be noted here,virus will infect only if a trigger program or programs you haveinfected was executed, where it differs with the "worm". WritingThis worm will not be discussed because the later will divert us fromdiscussion of this virus.
C. CRITERIA FOR VIRUS
A program called the new virus can be said is completely truevirus when at least have 5 criteria:
1. The ability of a virus to obtain information
2. His ability to examine a program
3. His ability to reproduce and transmit
4. His ability to manipulate
5. His ability to conceal themselves.
Now will try to explain briefly what is meant from eachEvery ability is and why it is needed.
1.Kemampuan to obtain information
In general, a virus requires a list of file names that exist ina directory, for what? so that he can identify what programsJust who will he tulari, such as macro viruses that will infect allfiles ending in *. doc after the virus was found, this is where the abilitygather the information necessary for the virus to create a list /all data files, continue to sort them by looking for files that can beditulari.Biasanya this data is created when a program infected / infectedor even a virus program is executed. The virus will immediately takedata collection and put it in RAM (usually: P), so that ifcomputer is turned off all the data is lost but will be created each programbervirus run and is usually created as hidden files by virus.
2.Ability check divulging program
A virus must also be biased to examine a program that willtransmitted, for example, he served infect *. doc extension program, hemust check if a file document has been infected or not,because if it is then he will be useless menularinya 2 times. It's veryuseful to improve the ability of a virus in terms of speedinfect a file / program.Yang commonly performed by the virus ishave / give a mark on the files / programs that have been infectedso easy to recognize by the virus. Sample markingis such as to provide a unique bytes in each filehave been infected.
3.Kemampuan to multiply
This Kalo emang virus "bang-get", meaning without this is not a virus.
The core of the virus is the ability mengandakan itself by infecting
other programs. A virus if the victim has found candidates
(either a file or program), then he will recognize it with a check,
if it is not infected then the virus will initiate action to infect
by writing the byte identifiers in the program / file, and
onwards mengcopikan / write virus code above object files / programs
infected. Some common ways that done by the virus to
infect / reproduce itself are:
a.File / programs that will be transmitted deleted or renamed. then
created a file using that name by using the virus
it (ie virus name change by the name of the deleted file)
b.Program virus already in the execution / memory load to be directly
infect other files by way of riding all the files / programs
existing.
4.Kemampuan entered manipulation
Routine (routine) owned by a virus will be executed after the virus
infect a file / program. contents of this routine can be varied
ranging from the lightest to destruction. This routine is generally used
to manipulate the program or popularizing the creators! This routine
advantage of the ability of an operating system (Operating System),
so have the same ability with the present system
operation. example:
a.Membuat image or message on the monitor
b.Mengganti / change to change the label of each file, directory, or the label of
drive on the pc
c.Memanipulasi programs / files that infected
d.Merusak programs / files
e.Mengacaukan working printer, etc.
Hiding self 5.Kemampuan
The ability to hide themselves must be owned by a virus for all
good job from the beginning to the success of transmission can be accomplished.
the usual steps are:
-original program / virus is stored in coded form and machines combined with
Other programs that are considered useful by the user.
-virus program is put on the boot record or tracks that rarely
note by the computer itself
-virus program is made as short as possible, and the results are not infected files
changing size
-The virus does not change the description of time a file
, etc.
D. VIRUS LIFE CYCLE
Viral life cycle in general, through 4 stages:
o Dormant phase (Phase Rest / Sleep)
In this phase the virus is not active. The virus will be activated by a condition
specific, such as: the date specified, the presence of other programs / execution
other programs, etc.. Not all viruses through this phase
o Propagation phase (Phase Distribution)
In this phase the virus will unite himself to a program or
to a place of storage media (both hard drives, ram etc). Each
Infected programs will be the result of "klonning" virus
(depending on how the virus infects)
o Trigerring phase (Phase Active)
In this phase the virus becomes active and this is also the trigger by some
conditions as in Dormant phase
o Execution phase (Phase Execution)
In this phase the virus is active before going to perform its function.
Such as deleting files, display messages, etc.
E. TYPE - TYPE VIRUS
To further refine our knowledge about the virus, I will try
provide an explanation of the types of viruses that often roam
in the cyber world.
Macro 1.Virus
This virus type is very often we would have written this dengar.Virus
with the programming language of an application rather than by language
programming of an Operating System. The virus is able to walk when
constituent applications to run well, meaning if the
mac computer can run the application word so this virus works on
Mac operating system computers.
virus samples:
W97M-variant, for example W97M.Panther
1234 bytes long,
akanmenginfeksi normal.dot and infect the document when opened.
-WM.Twno.A; TW
41 984 bytes long,
Ms.Word document will infect that use macro languages, usually
DOT and the extension *. DOC *.
, etc.
2.Virus Boot Sector
Boot sector viruses is very common in doubles this menyebar.Virus
he will move or replace the original boot sector with the program
boot virus. Thus, whenever booting the virus will be loaded kememori
and then the virus will have the ability to control the hardware standard
(ex:: monitor, printer, etc.) and from this memory is also the virus will spread
eseluruh existing drives and connect kekomputer (ex: floppy, another drive
other than drive c).
virus samples:
Wyx virus-variant
ex: wyx.C (B) infects the boot record and floppy;
length: 520 bytes;
characteristics: memory resident and encrypted)-Variant of the V-sign:
infect: Master boot record;
520 bytes long;
characteristics: living in the memory (memory resident), encrypted, and polymorphic)4th-Stoned.june / bloody!:
infect: Master boot record and floppy;
520 bytes long;
characteristics: living in the memory (memory resident), encrypted and display
message "Bloody! june 4th 1989 after the computer is booting 128 times
3.Stealth VirusThis virus will master table at the DOS interrupt table that often we knowwith "Interrupt interceptor". this virus is capable to controlDOS level instruction and the instruction they usually hidden as its nameeither full or size.virus samples:-Yankee.XPEH.4928,
infect files *. COM and *. EXE;
4298 bytes long;
characteristics: living in memory, ukurantersembunyi, has a trigger-WXYC (which includes any category because the boot record into stealth kategri
Also included here), an infected floppy motherboot record;
520 bytes long;
living in the memory; size and hidden viruses.-Vmem (s):
infect files *. EXE, *. SYS and *. COM;
fie 3275 bytes long;
characteristics: living in memory, the size of the hidden, is encrypted., Etc.
4.Polymorphic VirusThe virus is designed to make misleading antivirus program, meaning the virus is alwaystrying to avoid being recognized by antivirus software is always changing the way foxstructure after each infected files / programs.
virus samples:
-Necropolis A / B,
infect files *. EXE and *. COM;
files 1963 bytes long;
characteristics: living in memory, the size and viruses hidden, encrypted and
can be changed to change the structure-Nightfall,
infect files *. EXE;
files 4554 bytes long;
characteristics: living in memory, the size and hidden viruses, has a trigger,
terenkripsidan can change the structure, Etc.
5.Virus File / ProgramThis virus infects an executable file directly from the operating system,whether the application configuration file (*. EXE), or *. com is usually also the result of infectionof this virus can be identified by changing the size of files that attacked.
Partition 6.Multi VirusThis virus is a combination dariVirus boot sector and file viruses: it meansthe work performed resulted in two, that he can infect files*. EXE file and also infect the Boot Sector.
F. HOW TO SPREAD SOME VIRUS
Viruses as biological viruses must have the media to spread, viruscomputer can control every aspect spread a computer / other machinery as well as through variousways, including:
1.Disket, storage media R / WExternal storage media can be an easy target for the virus tobe the media. Whether as a place to settle or as a distribution media.Media bias operation R / W (read and Write) it is possible tocarrying the virus and serve as media distribution.
2.Jaringan (LAN, WAN, etc.)The relationship between multiple computers directly was possible aviruses follow to move the event of an exchange / execution of files / programswhich contains a virus.
3.WWW (Internet)Very likely a site deliberately induced in a 'virus' that willinfect the computers that access it.
4.Software a Freeware, Shareware or even piracyLots of viruses are deliberately induced in a program that indisseminate good for free, or trial version, which would havevirus embedded in it.
5.Attachment on email, transferring filesAlmost all types of virus spread recently using email attachmentsbecause all Internet service users must be using email tocommunicate, these files are deliberately striking / attract attention, evenoften have a double extension on the file naming.
G. PENANGULANGANNYA
1.Langkah-Step to PreventionFor prevention you can do some of the following steps:o Use Antivirus you trust with the latest updatean, tdak
appun care about brand as long as it is always updated, and turn the Auto protecto Always scan all external storage media that will be used,
maybe this is a bit inconvenient but if your anti-virus Autoprotect
working then this procedure can be skipped.o If you are connected directly to the Internet try to combine
Your antivirus with Firewall, Anti-spamming, etc.
Once-Lagkah 2.Langkah Infected
o Detection and determine roughly where the source of the virus if the diskette,
network, email etc., if you connect to your network so it's good
isolate your computer first (either by unplugging the cable or disable
from the control panel)o Identify and classify what type of virus that attacks your pc,
by:
- Symptoms that arise, for example: messages, files are corrupted or missing, etc.
- Scan with your antivirus, if you hit when walking Autoprotect
vius definition in the computer means you do not have data of this virus,
try to update manually or download a virus definitionnya for
you install. If the virus is blocking your efforts to update it
then, try to use other media (computer) with antivirus
Latest updatean.o Clean, after you've managed to detect and recognize it then try
immediately to seek removal or the means to destroy it on site
-Site that provides information on virus growth. This is when antivirus
latest updates of you do not succeed destroy it.o Step worst, if all the above does not work is the format
reset your computer.
CLOSING
Hopefully the discussion about this virus can provide benefits in particularfor writers who are studying and for all of us generally, writingis intended to merely learning so it is expected criticismand suggestions. If the many flaws in this article please understandable.
1949, John Von Neuman, menggungkapkan "self-altering automata theory"which is the result of research mathematicians.
1960, lab BELL (AT & T), experts in the lab BELL (AT & T) trial and error theoryrevealed by john v neuman, they play around with the theoryis for a type of game / game. The experts makeprogram that can reproduce itself and to destroy the programartificial lawan.Program which can survive and destroy all programsanother, it will be considered a winner. The game was eventuallya favorite game in each and every lab komputer.semakin their oldwas conscious and started to be aware of this game because the programcreated more and more dangerous, so they dosupervision and strict security.
1980, the program that became known as the "virus" ismanaged to spread beyond the lab environment, and began to circulate incyber world.
1980, the start is known viruses that spread in the cyber world.
B. UNDERSTANDING THE VIRUS
"A program cans That Infect other programs by modifying Them to includea slighty altered copy of itself.A virus spreads cans Throughout a computersystem or network using the authorization of every user using it toTheir programs Infect. That gets infected every programs act as cans AlsoThat a virus infection grows "(Fred Cohen)
The first time the term "virus" is used by Fred Cohen in 1984 inUnited States. A computer virus called "virus" because it has somefundamental equation with the virus in medical terms (biological viruses).
Computer viruses can be interpreted as a computer program biasa.Tetapihave fundamental differences with other programs, namelyvirus designed to infect other programs, change,manipulate it even hurt it. There is to be noted here,virus will infect only if a trigger program or programs you haveinfected was executed, where it differs with the "worm". WritingThis worm will not be discussed because the later will divert us fromdiscussion of this virus.
C. CRITERIA FOR VIRUS
A program called the new virus can be said is completely truevirus when at least have 5 criteria:
1. The ability of a virus to obtain information
2. His ability to examine a program
3. His ability to reproduce and transmit
4. His ability to manipulate
5. His ability to conceal themselves.
Now will try to explain briefly what is meant from eachEvery ability is and why it is needed.
1.Kemampuan to obtain information
In general, a virus requires a list of file names that exist ina directory, for what? so that he can identify what programsJust who will he tulari, such as macro viruses that will infect allfiles ending in *. doc after the virus was found, this is where the abilitygather the information necessary for the virus to create a list /all data files, continue to sort them by looking for files that can beditulari.Biasanya this data is created when a program infected / infectedor even a virus program is executed. The virus will immediately takedata collection and put it in RAM (usually: P), so that ifcomputer is turned off all the data is lost but will be created each programbervirus run and is usually created as hidden files by virus.
2.Ability check divulging program
A virus must also be biased to examine a program that willtransmitted, for example, he served infect *. doc extension program, hemust check if a file document has been infected or not,because if it is then he will be useless menularinya 2 times. It's veryuseful to improve the ability of a virus in terms of speedinfect a file / program.Yang commonly performed by the virus ishave / give a mark on the files / programs that have been infectedso easy to recognize by the virus. Sample markingis such as to provide a unique bytes in each filehave been infected.
3.Kemampuan to multiply
This Kalo emang virus "bang-get", meaning without this is not a virus.
The core of the virus is the ability mengandakan itself by infecting
other programs. A virus if the victim has found candidates
(either a file or program), then he will recognize it with a check,
if it is not infected then the virus will initiate action to infect
by writing the byte identifiers in the program / file, and
onwards mengcopikan / write virus code above object files / programs
infected. Some common ways that done by the virus to
infect / reproduce itself are:
a.File / programs that will be transmitted deleted or renamed. then
created a file using that name by using the virus
it (ie virus name change by the name of the deleted file)
b.Program virus already in the execution / memory load to be directly
infect other files by way of riding all the files / programs
existing.
4.Kemampuan entered manipulation
Routine (routine) owned by a virus will be executed after the virus
infect a file / program. contents of this routine can be varied
ranging from the lightest to destruction. This routine is generally used
to manipulate the program or popularizing the creators! This routine
advantage of the ability of an operating system (Operating System),
so have the same ability with the present system
operation. example:
a.Membuat image or message on the monitor
b.Mengganti / change to change the label of each file, directory, or the label of
drive on the pc
c.Memanipulasi programs / files that infected
d.Merusak programs / files
e.Mengacaukan working printer, etc.
Hiding self 5.Kemampuan
The ability to hide themselves must be owned by a virus for all
good job from the beginning to the success of transmission can be accomplished.
the usual steps are:
-original program / virus is stored in coded form and machines combined with
Other programs that are considered useful by the user.
-virus program is put on the boot record or tracks that rarely
note by the computer itself
-virus program is made as short as possible, and the results are not infected files
changing size
-The virus does not change the description of time a file
, etc.
D. VIRUS LIFE CYCLE
Viral life cycle in general, through 4 stages:
o Dormant phase (Phase Rest / Sleep)
In this phase the virus is not active. The virus will be activated by a condition
specific, such as: the date specified, the presence of other programs / execution
other programs, etc.. Not all viruses through this phase
o Propagation phase (Phase Distribution)
In this phase the virus will unite himself to a program or
to a place of storage media (both hard drives, ram etc). Each
Infected programs will be the result of "klonning" virus
(depending on how the virus infects)
o Trigerring phase (Phase Active)
In this phase the virus becomes active and this is also the trigger by some
conditions as in Dormant phase
o Execution phase (Phase Execution)
In this phase the virus is active before going to perform its function.
Such as deleting files, display messages, etc.
E. TYPE - TYPE VIRUS
To further refine our knowledge about the virus, I will try
provide an explanation of the types of viruses that often roam
in the cyber world.
Macro 1.Virus
This virus type is very often we would have written this dengar.Virus
with the programming language of an application rather than by language
programming of an Operating System. The virus is able to walk when
constituent applications to run well, meaning if the
mac computer can run the application word so this virus works on
Mac operating system computers.
virus samples:
W97M-variant, for example W97M.Panther
1234 bytes long,
akanmenginfeksi normal.dot and infect the document when opened.
-WM.Twno.A; TW
41 984 bytes long,
Ms.Word document will infect that use macro languages, usually
DOT and the extension *. DOC *.
, etc.
2.Virus Boot Sector
Boot sector viruses is very common in doubles this menyebar.Virus
he will move or replace the original boot sector with the program
boot virus. Thus, whenever booting the virus will be loaded kememori
and then the virus will have the ability to control the hardware standard
(ex:: monitor, printer, etc.) and from this memory is also the virus will spread
eseluruh existing drives and connect kekomputer (ex: floppy, another drive
other than drive c).
virus samples:
Wyx virus-variant
ex: wyx.C (B) infects the boot record and floppy;
length: 520 bytes;
characteristics: memory resident and encrypted)-Variant of the V-sign:
infect: Master boot record;
520 bytes long;
characteristics: living in the memory (memory resident), encrypted, and polymorphic)4th-Stoned.june / bloody!:
infect: Master boot record and floppy;
520 bytes long;
characteristics: living in the memory (memory resident), encrypted and display
message "Bloody! june 4th 1989 after the computer is booting 128 times
3.Stealth VirusThis virus will master table at the DOS interrupt table that often we knowwith "Interrupt interceptor". this virus is capable to controlDOS level instruction and the instruction they usually hidden as its nameeither full or size.virus samples:-Yankee.XPEH.4928,
infect files *. COM and *. EXE;
4298 bytes long;
characteristics: living in memory, ukurantersembunyi, has a trigger-WXYC (which includes any category because the boot record into stealth kategri
Also included here), an infected floppy motherboot record;
520 bytes long;
living in the memory; size and hidden viruses.-Vmem (s):
infect files *. EXE, *. SYS and *. COM;
fie 3275 bytes long;
characteristics: living in memory, the size of the hidden, is encrypted., Etc.
4.Polymorphic VirusThe virus is designed to make misleading antivirus program, meaning the virus is alwaystrying to avoid being recognized by antivirus software is always changing the way foxstructure after each infected files / programs.
virus samples:
-Necropolis A / B,
infect files *. EXE and *. COM;
files 1963 bytes long;
characteristics: living in memory, the size and viruses hidden, encrypted and
can be changed to change the structure-Nightfall,
infect files *. EXE;
files 4554 bytes long;
characteristics: living in memory, the size and hidden viruses, has a trigger,
terenkripsidan can change the structure, Etc.
5.Virus File / ProgramThis virus infects an executable file directly from the operating system,whether the application configuration file (*. EXE), or *. com is usually also the result of infectionof this virus can be identified by changing the size of files that attacked.
Partition 6.Multi VirusThis virus is a combination dariVirus boot sector and file viruses: it meansthe work performed resulted in two, that he can infect files*. EXE file and also infect the Boot Sector.
F. HOW TO SPREAD SOME VIRUS
Viruses as biological viruses must have the media to spread, viruscomputer can control every aspect spread a computer / other machinery as well as through variousways, including:
1.Disket, storage media R / WExternal storage media can be an easy target for the virus tobe the media. Whether as a place to settle or as a distribution media.Media bias operation R / W (read and Write) it is possible tocarrying the virus and serve as media distribution.
2.Jaringan (LAN, WAN, etc.)The relationship between multiple computers directly was possible aviruses follow to move the event of an exchange / execution of files / programswhich contains a virus.
3.WWW (Internet)Very likely a site deliberately induced in a 'virus' that willinfect the computers that access it.
4.Software a Freeware, Shareware or even piracyLots of viruses are deliberately induced in a program that indisseminate good for free, or trial version, which would havevirus embedded in it.
5.Attachment on email, transferring filesAlmost all types of virus spread recently using email attachmentsbecause all Internet service users must be using email tocommunicate, these files are deliberately striking / attract attention, evenoften have a double extension on the file naming.
G. PENANGULANGANNYA
1.Langkah-Step to PreventionFor prevention you can do some of the following steps:o Use Antivirus you trust with the latest updatean, tdak
appun care about brand as long as it is always updated, and turn the Auto protecto Always scan all external storage media that will be used,
maybe this is a bit inconvenient but if your anti-virus Autoprotect
working then this procedure can be skipped.o If you are connected directly to the Internet try to combine
Your antivirus with Firewall, Anti-spamming, etc.
Once-Lagkah 2.Langkah Infected
o Detection and determine roughly where the source of the virus if the diskette,
network, email etc., if you connect to your network so it's good
isolate your computer first (either by unplugging the cable or disable
from the control panel)o Identify and classify what type of virus that attacks your pc,
by:
- Symptoms that arise, for example: messages, files are corrupted or missing, etc.
- Scan with your antivirus, if you hit when walking Autoprotect
vius definition in the computer means you do not have data of this virus,
try to update manually or download a virus definitionnya for
you install. If the virus is blocking your efforts to update it
then, try to use other media (computer) with antivirus
Latest updatean.o Clean, after you've managed to detect and recognize it then try
immediately to seek removal or the means to destroy it on site
-Site that provides information on virus growth. This is when antivirus
latest updates of you do not succeed destroy it.o Step worst, if all the above does not work is the format
reset your computer.
CLOSING
Hopefully the discussion about this virus can provide benefits in particularfor writers who are studying and for all of us generally, writingis intended to merely learning so it is expected criticismand suggestions. If the many flaws in this article please understandable.