INTRODUCTION
This time, surely we all as consumers / users of computer services and network (Internet) has been very often hear the term 'virus' that sometimes troubling us. This paper will explore more about the virus, which might be expected to make us all know and understand about the virus.
A. Origin of Viruses
1949, John Von Neuman, menggungkapkan "self altering automata theory" which is the result of research mathematicians.
1960, the lab BELL (AT & T), experts in the lab BELL (AT & T) to experiment theory expressed by john v Neuman, they play around with the theory to a type of game / games. The experts made a program that can reproduce itself and can destroy lawan.Program artificial programs are able to survive and destroy all other programs, it will be deemed the winner. This game eventually became a favorite game in each and every lab komputer.semakin long they were unconscious and began to be aware of this game is because the program created more and more dangerous, so they conduct strict supervision and security.
1980, the program that became known as the "virus" is successfully spread beyond the lab environment, and began circulating in cyberspace.
1980, the start is known viruses that spread in the cyber world.
B. VIRUS DEFINITIONS
"A program That can infect other programs by modifying Them to include a copy of itself.A slighty Altered viruses can spread throughout a computer system or network using the authorization of every user using it to infect Their programs. Every That gets infected programs can also act asThat a virus infection grows "(Fred Cohen)
The first time the term "virus" is used by Fred Cohen in 1984 in the United States. A computer virus named "Virus" because it has some fundamental similarities with the virus in medical terms (biological viruses).
Computer viruses can be interpreted as a computer program biasa.Tetapi have fundamental differences with other programs, which created the virus to infect other programs, convert, manipulate and even destroying it. There is to be noted here, the virus will infect only if the trigger program or programs that have beeninfected was executed, where it differs from the "worm". This paper will not discuss the worm because it would divert us from our later discussion of this virus.
C. CRITERIA FOR VIRUS
A program called the new virus can be said is really true if the virus has at least 5 criteria:
1. The ability of a virus to get information2. His ability to examine a program3. His ability to copy itself and infect4. His ability to manipulate5. His ability to hide itself.
Now it will try to explain briefly what is meant the ability of each and why is it so necessary.
1.Kemampuan to obtain information
In general, a virus requires a list of the names of files in a directory, for what? so that he can identify what programs will he tulari, such as macro viruses that will infect all files ending in *. doc after the virus was found, this is where the ability to gather information necessary for the virus that can make a list / all data files, continue to sort them by searching files that can ditulari.Biasanya this data created when the program that infected / infected with a virus or even a program is executed. The virus will soon begin collecting data and put it in RAM (usually: P), so if the computer is turned off all the lost data but it will be created each bervirus program is run and is usually created as hidden files by virus.
2.Kemampuan check divulging program
A virus must also be biased to examine a program that will be infected, for example, he served infect *. doc extension program, he should check whether a file of this document have been infected or not, because if it is then he will be useless menularinya 2 times. This is very useful to enhance the ability of a virus in terms of speed infect a file / program.Yang commonly performed by a virus is to have / give a mark on file / program that has infected so it is easy to recognize by the virus. Examples of such labeling is to give a unique byte in every file that has been infected.
3.Kemampuan to multiply
If this virus Quote "bang-get", meaning without this is not a virus. The core of the virus is the ability mengandakan itself by infecting other programs. A virus has been found that a candidate if the victim (either a file or program) then he will recognize him with a look, if not already infected then the virus will begin to infect the action by writing the bytes of the identifier in the program / file, and so on mengcopikan / write the object code of the virus above the file / program infected. Some common ways are done by the virus to infect / reproduce itself are:
a.File / program that will be infected deleted or renamed. then created a file using that name by using a virus (a virus meant to replace his name with the name of the deleted file) b.Program virus that is already in execution / loads into memory will directly infect other files by riding all files / programs that exist .
4.Kemampuan held a manipulation
Routine (routine) owned by a virus will be started after a virus infects a file / program. contents of this routine can range from the lightest to the destruction. This routine is commonly used to manipulate programs or popularize its maker! This routine utilize the ability of an operating system (Operating System), so it has similar capabilities to those of the operating system. eg:
a.Membuat image or message on the monitorB.Change / change change the label of each file, directory, or the label of the drive in pcc.Memanipulasi programs / files are infectedd.Merusak program / filee.Mengacaukan working printers, etc.
Hiding himself 5.Kemampuan
The ability to hide itself should be owned by a virus so that all the good work from the beginning to the success of transmission can be accomplished. the usual steps are:
-The original program / virus is stored in coded form and machines combined with other programs that are considered useful by the user.-Virus program is placed on Boot Record or the tracks that are rarely noticed by the computer itself-Virus program is made as short as possible, and the results of an infected file does not change its size-The virus does not change the description of the time a file, Etc.
D. VIRUS LIFE CYCLE
The life cycle of viruses in general, through 4 stages:
o Dormant phase (Phase Rest / Sleep)In this phase the virus is not active. The virus will be activated by a particular condition, such as: the date specified, the presence of another program / execution of other programs, etc.. Not all of the virus through this phase
o Propagation phase (Phase Distribution)In this phase the virus copies itself to a program or to a place of storage media (both hard drives, ram, etc.). Any infected program will be the outcome "klonning" virus (depending on how the virus infects)
o Trigerring phase (Phase Active)In this phase the virus will be active and this is also in the trigger by several conditions such as the Dormant phase
o Execution phase (Execution Phase)In this phase the virus that have been active earlier will perform its function. Such as deleting files, display messages, etc.
E. TYPE - TYPE VIRUS
To further refine our knowledge about the virus, I'll try to give an explanation of the types of viruses that often roam the cyber world.
Macro 1.VirusThis type of virus must have been very often we dengar.Virus is written with the programming language of an application rather than a programming language of an Operating System. The virus is able to walk when its constituent applications can run well, I mean if the computer can run applications mac word so this virus works on the Mac operating system computers.virus samples:
W97M-variant, ie the length of 1234 bytes W97M.Panther, akanmenginfeksi normal.dot and infect the document when opened.-WM.Twno.A; TW 41 984 bytes long, it will infect MS.Word document that uses a macro language, usually with extension *. *. DOT and DOC, Etc.
2.Virus Boot SectorBoot sector viruses are common in all these menyebar.Virus reproduce itself will move or replace the original boot sector virus boot program. So when there is booting the virus will be loaded kememori and then the virus will have the ability to control the standard hardware (ex:: monitor, printer, etc.) and from memory is also the virus will spread eseluruh existing drive and connected kekomputer (ex: floppy, other drives other than drive c).virus samples:
Wyx ex-virus variants: wyx.C (B) infect the boot record and floppy; length: 520 bytes; characteristics: memory resident and encrypted)-Variant of V-sign: infect: Master boot record; 520 bytes long; characteristics: resident in memory (memory resident), encrypted, and polymorphic)4th-Stoned.june / bloody!: Infect: Master boot record and floppy; length of 520 bytes; characteristics: resident in memory (memory resident), encrypted and displays the message "Bloody! June 4th 1989" after the computer is booting 128 times
3.Stealth VirusThis virus will master tables on a DOS interrupt table that often we are familiar with the "Interrupt interceptor". the virus is capable to control the DOS level instruction instructions and usually they are hidden as its name either in full or in size.virus samples:-Yankee.XPEH.4928, infect files *. COM and *. EXE; length of 4298 bytes; characteristics: resident in memory, ukurantersembunyi, has a trigger-WXYC (which includes the boot record category was due to enter stealth kategrialso included here), an infected floppy motherboot record; length of 520 bytes; resident in memory; size and hidden viruses.-Vmem (s): infects files *. EXE, *. SYS and *. COM; length of 3275 bytes fie; characteristics: resident in memory, the size of the hidden, in the encryption., Etc.
4.Polymorphic VirusThe virus is designed to make misleading antivirus program, meaning the virus is always trying to avoid being recognized by antivirus by always changing its structure change after each infected file / other programs.
virus samples:
-Necropolis A / B, infects files *. EXE and *. COM; length of the file 1963 bytes; characteristics: resident in memory, the size and tesembunyi viruses, encrypted and can be changed to change the structure-Nightfall, infect files *. EXE; length of the file 4554 bytes; characteristics: resident in memory, the size and tesembunyi virus, has a trigger, terenkripsidan can change the structure, Etc.
5.Virus File / ProgramThis virus infects files that can be executed directly from the operating system, whether the application configuration file (*. EXE), or *. com is usually also the result of infection from this virus can be identified by changing the size of the file that attacked.
Partition 6.Multi VirusThis virus is a combination dariVirus boot sector and file viruses: means the work performed resulted in two, that he can infect *. EXE files and also infect the Boot Sector.
F. HOW TO SPREAD SOME VIRUS
Viruses as biological viruses must have the media to be spread, computer viruses can spread control every aspect of a computer / other machines as well as through various ways, including:
1.Disket, storage media R / WExternal storage medium can be an easy target for the virus to be used as media. Whether as a place to stay or as a distribution media. The media is biased to operate the R / W (read and Write) are allowed to carrying the virus and serve as a distribution medium.
2.Jaringan (LAN, WAN, etc.)The relationship between multiple computers are directly involved switching allows a virus when there is an exchange / execution of files / programs that contain a virus.
3.WWW (internet)It is likely a site deliberately cultivate a 'virus' that will infect computers that access it.
4.Software a Freeware, Shareware or even PiratedLots of viruses are deliberately planted in a program where disseminate either free, or trial version that would have a virus embedded in it.
5.Attachment on email, transferring filesAlmost all types of viruses these days use email attachments due to all Internet service users must use email to communicate, these files deliberately striking / attract attention, and often has a double extension on the file naming.
G. PENANGULANGANNYA
1.Langkah-Steps for PreventionFor prevention you can do some of the following steps:o Use Antivirus updatean you trust with the latest, never an appun brand matter as long as it is always updated, and turn on the Auto protecto Always scan all external storage media that will be used, this may be a bit inconvenient but if anti-virus Autoprotect your work then this procedure can be skipped.o If you are connected directly to the Internet try to combine your Antivirus with Firewall, Anti-spamming, etc.
Once Lagkah 2.Langkah-Infected
o Detection and determine roughly where the source of the virus if the diskette, network, email, etc., if you are connected to the network then there is a good idea to isolate your computer first (either by unplugging the cable or disable the control panel)o Identify and classify what type of virus that attacks your pc, by the way:- Symptoms that arise, for example: messages, files are corrupted or missing, etc.- Scan with your antivirus, if you are hit while walking Autoprotect
vius definition in the computer means you do not have data of this virus, try to update manually or download a virus definitionnya for your install. If the virus is blocking your attempt to update it then, try to use other media (computer) with the latest antivirus updatean.
o Clean, after you successfully detect and recognize it right away then try to seek removal or ways to destroy it at sites that provide information on the progress of the virus. It's if the latest antivirus updates you do not succeed destroy it.o Step worst, if all the above does not work is to reformat your computer.
CLOSING
Hopefully the discussion about the virus is able to provide benefits, especially for writers who are learning and for us all generally, this paper aimed to study so it is expected merely criticism and advice. If a lot of flaws in this paper please understandable.
No comments:
Post a Comment