Have You Faced with problem of computer virus ?

Computer Virus Threats and Solutions


Strategies of Computer virus

A computer virus is a computer program th

at can copy itself and infect a computer

without permission or knowledge of the user. In order to avoid detection by users,

some viruses employ different kinds of deception such as the following

Strategies[5], [6]:

•Overwriting Virus:

this type of virus overwrites files with their own copy.

Of course, this is a very primitive technique, but it is certainly the easiest

approach of all. Overwriting viruses cannot be disinfected from a system.

Infected files must be deleted from the disk.

 

•Companion Infection

: one approach to becoming a companion to an EXE

file is to give the virus the same base name as the targeted program, but use a

.COM extension instead of .EXE. This technique was employed by the Globe

virus, first detected in 1992. When the victim attempts to launch an EXE

program, he or she usually types its name without the extension. In such

cases, Windows gives priority to a file with the .COM extension over a file

with the same base name but with the .EXE extension.

•Appending Virus:

In this technique, a jump (JMP) instruction is inserted at

the front of the host to point to the end of the original host. A typical example

of this virus is Vienna

.

The appender technique can be implemented for any

other type of executable file, such as EXE, NE, PE, and ELF formats, and so

on. Such files have a header section that

stores the address of the main entry

point, which, in most cases, will be replaced with a new entry point to the

start of the virus code appended to the end of the file.

•Prepending Virus:

This virus inserts its code at the front of host programs.

This is a simple kind of infection, and it is often very successful. 

Static Detection Methods

With static analysis, a virus is detected by examining the files or records for the

occurrences of virus patterns without actually running any code. Static Methods

include the following methods [7]:

•String Scanning method

: Searches for sequence of bytes (strings) that are

typical of a specific virus but not likely to be found in other programs.

•Wildcards method

: allows to skip bytes or byte ranges. For example "?"

character are skipped and the wildcard % means that the scanner will try to

match the next byte.

•Mismatches method

: allows any given number of bytes in a string to be of

arbitrary value, regardless of their position.

•Generic Detection method

: This technique uses one common string to detect

several or all known variants of a family of viruses.

•Bookmarks method

: calculates the distance between the start of the virus

body and the detection string.

•Smart Scanning

: Smart scanning could skip junk instructions, such as NOPs,

in the host file and also did not store them in the virus signature. To enhance

the likelihood of detecting related variants of viruses, an area of the virus body

was selected which had no references to data or other subroutines.

•Skeleton Detection

: The scanner parses the statements of the virus line-by-line

and drops all nonessential statements. What is left is the skeleton of the body

that has only essential macro code common in macro virus.

•Heuristics Analysis

: Heuristic analysis is an expert based analysis that

determines the susceptibility of a system towards particular threat/risk using

various decision rules or weighing methods. MultiCriteria analysis (MCA) is

one of the means of weighing.

•Virus specific detection

: There are cases when the standard algorithm of the

virus scanner cannot deal with a virus. In cases like this, a new detection code

must be introduced to implement a virus-specific detection algorithm. This

method includes Filtering, Decryptor Detection and X-Ray scanning. 

Thanks You subscribe  our blog