Studying The Three Main Types Of Malware Computer Science Essay

Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

Viruses get around by inserting copies of themselves into a program and becoming part of it. They spread from one computer to another infecting files as they go. A virus cannot send itself through a network, though. A person or program must send the virus through the network. Viruses are often attached to a host program, usually an executable file. They do this because they cannot copy themselves unless they have permission to write to memory and execute code. An executable file containing a virus can sometimes be part of a legitimate program. When this program is launched the virus is launched too, usually in the background.

Viruses can be classified into two types, Resident and Nonresident. Resident viruses do not look for new hosts when they are started. They load a replication module into memory upon execution. The replication module then infects the host program. When another program, or even the operating system itself, tries to access this program it too, becomes infected. Resident viruses come in two flavors, fast infectors and slow infectors. Fast infectors were created to infect every file it can, some can infect any potential host that is accessed. This can be catastrophic if it manages to avoid detection during a system scan by an anti-virus because when a system scan is preformed every potential host file is accessed, helping the virus instead of stopping it. Slow infectors were designed to do just that, slowly infect a computer over a period of time. They reduce their chances of being detected by liming their actions. They are less likely to slow down a computer because they infect fewer files, unlike their faster cousin. Due to their limited actions, though, they are less successful than fast infectors.

Moving on to Nonresident viruses, they are made up of two major components. These components are the finder module and the replication module. The finder module scours a computer looking for executable files. When it finds one, the replication module infects it. Then, the replication and finder modules then move on to the next executable.

Worms are a kind of self-replicating malware and can use a network to send copies of itself to other computers on a network. Worms usually consume a lot of bandwidth, so even a worm that was not written to cause damage can accidentally do. Many worms were just designed to spread, but just passing through a computer can slow it down considerably given the bandwidth a worm uses. A payload worm is written to do a great deal more, however. They can open backdoors for other malware; they can erase files or e-mail documents and more. The worst part about payload worms is that they often do this without the consent or knowledge. Unlike viruses, which are only designed to cause damage, a couple of worms have been written with good intentions. XSS worms were designed to research how worms spread, while, The Nachi worms attempted to download and install patches that would fix the weakness in the system that allowed the worm access in the first place.

Trojan Horses are pieces of malware that appear to be useful software, but when they are activated they can have results that range from disastrous to mildly annoying, They could change a system's desktop, cause pop-ups, or install an unwanted toolbar on an internet browser, and those are just the annoyances. They could also do more malicious things like stealing data, open a backdoor, modify or delete files, log keystrokes, and even crash a system. Software downloads, e-mail attachments, and websites that have executable content can all contain Trojans, so be careful when downloading or executing these things. With the main three types of malware explained it's time to move on to a more detailed history of malware attacks.

The Creeper Virus, as it is often called, is actually more akin to a worm due to the self-replicating nature of it's programming and was created in 1971, pre dating the term "computer virus" by twelve years. A gentleman by the name of Bob Thomas designed it while he was working at BBN Technologies. The Creeper's targets were DEC PDP-10 computers running the TENEX operating system. The Creeper accessed these computers by using the ARPANET, a very early precursor to the Internet and copying itself to the remote system. After accomplishing this task the Creeper would display a message that said, "I'M THE CREEPER, CATCH ME IF YOU CAN!" The Creeper would then initiate the printing of a file, immediately stop, then attempt to find another compatible computer, once it had found one The Creeper would then gather up its parts, occasionally leaving a few parts behind unintentionally and then move on to the system it had previously found. The Creeper is classified as a work due to its use of a network to "creep" its way from one computer to another. The ARPANET was the network in question. The panic The Creeper caused ushered in the creation of one of the first "anti-virus" programs. This "anti-virus" was known as The Reaper. The same man who created The Creeper, Bob Thomas, after he found out about the panic it caused created The Reaper. Unlike the anti-viruses of today The Reaper was technically a piece of malware in and of itself, a worm to be precise. It penetrated the defenses of any and every computer that could have possibly been infected with the Creeper in a way virtually identical to The Creeper itself. Once it had infiltrated a computer, using the same method that The Creeper used, it removed any and everything that was left of The Creeper. The Creeper wasn't originally created as a malicious program. In fact, aside from its slightly threatening message ad tendencies to accidentally leave pieces of itself behind The Creeper was a relatively harmless experiment when compare to the viruses, worms and Trojans of today.

Jumping ahead seven years The Wabbit virus is first encountered in the annals of malware history. It was initially encountered on a System/360 at the Rensselaer Polytechnic Institute. While The Wabbit virus is called a virus, just like The Creeper and The Reaper, however, it is not a virus per se, as it did not corrupt or infect files or documents. The Wabbit virus wasn't really a worm either, though, as The Wabbit virus did not use a network to spread itself, either. The Wabbit virus was actually very similar to a fork bomb. Fork bombs are a type of program that work by starting multiple copies of itself, for example; one program starts two copies of itself, then those two programs start two more copies each, and then those eight programs start two more copies each putting the total number of running programs at sixteen. This would continue until the computer eventually crashed because it was unable to handle any more programs. Fork bombs are able to infiltrate a computer in a few different ways; they may, for example, be sent to someone through an e-mail, either unknowingly of knowingly. A user may also unwittingly download fork bombs. The fork bomb in question would have to have been labeled as a useful program in order to coax the user into downloading it. Since the incident in 1978 Wabbit-based fork bombs have appeared on many an operating system, whether they were UNIX, Windows, or Apple-based. An amateur fork bomb may be troubleshooted by restarting the system. However, some of the more advanced Wabbit programs have to be terminated by another program, something along the lines of Windows Task Manager. The trouble with these Wabbits is that if the maximum amount of programs that can be run at one time is reached, a computer may not be able to launch the Task Manager. If a user's system falls prey to one of these Wabbits or fork bombs their computer is pretty much broken beyond repair. The only way to avoid a fork bomb is to be aware of what is downloaded to a computer. Common sense is a prerequisite when it comes to downloading files that are unknown to the user.

In April of 1974 a man by the name of John Walker wrote a program called ANIMAL, which tried to guess what animal the user was thinking of by asking the user a series of questions similar to Twenty Questions. He wrote this program for the UNIVAC 1108. Many people enjoyed the game and asked for copies for themselves. However, at this point in time the only way to reliably send a program from one computer to another was to write the program to a data tape and send it to the person who wanted it via the postal service. This was an arduous process for everyone involved, so Walker decided to find a way around this in 1975 by creating a general purpose subroutine by the name of PERVADE. This program too, was written for the UNIVAC 1108. When PERVADE was called, as it could be called by any program, it would create a process that would check all of the directories available to the person who called it while the host program was running. If any of these directories did not have a copy of ANIMAL in it, PERVADE would copy one into it, or if it contained an outdated version PERVADE would update it. PERVADE also copied itself into the directories so that it could keep spreading ANIMAL. After a computer executed a program that incorporated PERVADE, every directory available to the user would contain a current copy of the programs. Those directories would be shared with multiple users, and those users' directories would be shared with other users' directories and so on and so forth until an administrator or a privileged user would execute the program containing PERVADE allowing it to copy itself and ANIMAL into the system library, allowing every user to access it. After this it was inevitable that the program would work itself in to every directory in the system. Sharing tapes containing the programs allowed ANIMAL and PERVADE to spread even faster. Though it was not malicious, as it did not edit or delete any files ANIMAL/PERVADE was the first example of a Trojan. PERVADE ceased functioning when an upgrade to the UNIVAC 1108 operating system rendered it incompatible.

The ©Brain Virus was created by two brothers in January of 1986, however, problems caused by the ©Brain Virus were not widely reported until 1988. These brothers were named Basit and Amjad Farooq Alvi. The ©Brain virus was called such because it changed the name of the disk volume label to ©Brain. ©Brain was the first virus written for MS-DOS. It infected the boot sector of 5 ¼" floppy disks that were formatted using the FAT file system. ©Brian could not infect hard disk drives because it was not designed to do so. The ©Brain infected a floppy disk whenever said disk was being referenced. For example, if a program that copied a file to or from the disk was being executed, or accessed the disk in any way the infection would be triggered. The ©Brain worked by substituting a copy of itself for the boot sector. The ©Brain virus moved the actual boot sector to an entirely different sector of the disk and falsely marked it as bad. It also hid six extension sectors, which contained the majority of the virus, in this "bad" sector as well. Basit Farooq Alvi claimed that he originally wrote the ©Brain so that it would only infect computers that contained a pirated copy of a heart-monitoring program he wrote to sell to physicians. The original ©Brain was designed to put a copyright notice containing the contact information of the Farooq Alvi brothers on the floppy disks' directory. The ©Brain did cause damage, however, it was unintentional according to the Farooq Alvi brothers. The ©Brain slowed down floppy disk drive and was known to cause time-outs that made some floppy disk drives unusable. The ©Brain avoided detection by re-routing any program that might examine the boot sector to the original boot sector that was contained on the "bad" sector of the floppy disk. The ©Brain Virus had at least eight variations created from it. One of the more notable was the "Brain-c" virus, which wouldn't re-name the disk volume label and had the ability to infect a hard drive. The © Brain virus was wiped out by the Den Zuk virus, an anti-virus virus, similar to the extermination of the Creeper by the Reaper.