[virusinfo] Oxygen3 24h-365d [(II) Evolution of computer viruses - 04/29/04]
- From: "Mike" <mikebike@xxxxxxxxx>
- To: virusinfo@xxxxxxxxxxxxx
- Date: Fri, 30 Apr 2004 16:06:45 -0700
From; Panda Oxygen3 24h-365d:
"All things are possible until they are proved impossible
- and even the impossible may only be so, as of now."
Pearl Buck (1892 - 1973); US author.
- (II) Evolution of computer viruses -
Oxygen3 24h-365d, by Panda Software (http://www.pandasoftware.com)
Madrid, April 29, 2004 - This second installment of 'The evolution of
viruses' will look at how malicious code used to spread before use of the
Internet and e-mail became as commonplace as it is today, and the main
objectives of the creators of those earlier viruses.
Until the worldwide web and e-mail were adopted as a standard means of
communication the world over, the main mediums through which viruses spread
were floppy disks, removable drives, CDs, etc., containing files that were
already infected or with the virus code in an executable boot sector.
When a virus entered a system it could go memory resident, infecting other
files as they were opened, or it could start to reproduce immediately, also
infecting other files on the system. The virus code could also be triggered
by a certain event, for example when the system clock reached a certain date
or time. In this case, the virus creator would calculate the time necessary
for the virus to spread and then set a date -often with some particular
significance- for the virus to activate. In this way, the virus would have
an incubation period during which it didn't visibly affect computers, but
just spread from one system to another waiting for 'D-day' to launch its
payload. This incubation period would be vital to the virus successfully
infecting as many computers as possible.
One classic example of a destructive virus that lay low before releasing its
payload was CIH, also known as Chernobyl. The most damaging version of this
malicious code activated on April 26, when it would try to overwrite the
flash-BIOS, the memory which includes the code needed to control PC devices.
This virus, which first appeared in June 1998, had a serious impact for over
two years and still continues to infect computers today.
Because of the way in which they propagate, these viruses spread very
slowly, especially in comparison to the speed of today's malicious code.
Towards the end of the Eighties, for example, the Friday 13th (or Jerusalem)
virus needed a long time to actually spread and continued to infect
computers for some years. In contrast, experts reckon that in January 2003,
SQLSlammer took just ten minutes to cause global communication problems
across the Internet.
Notoriety versus stealth
For the most part, in the past, the activation of a malicious code triggered
a series of on screen messages or images, or caused sounds to be emitted to
catch the user's attention. Such was the case with the Ping Pong virus,
which displayed a ball bouncing from one side of the screen to another. This
kind of elaborate display was used by the creator of the virus to gain as
much notoriety as possible. Nowadays however, the opposite is the norm, with
virus authors trying to make malicious code as discreet as possible,
infecting users' systems without them noticing that anything is amiss.
More information on the IT threats mentioned above as well as others is
available in Panda Software's Virus Encyclopedia at:
http://www.pandasoftware.com/virus_info/encyclopedia/
NOTE: The address above may not show up on your screen as a single line.
This would prevent you from using the link to access the web page. If this
happens, just use the 'cut' and 'paste' options to join the pieces of the
URL.
------------------------------------------------------------
The 5 viruses most frequently detected by Panda ActiveScan, Panda Software's
free online scanner:
1)Netsky.P; 2)Netsky.D; 3)Downloader.L; 4)Nachi.B; 5)Netsky.B.
------------------------------------------------------------
*********** MIKE"S REPLY SEPARATOR ***********
Mike ~ It is a good day if I learned something new.
Editor MikesWhatsNews see a sample on my web page
http://www3.telus.net/mikebike
<mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=subscribe>
http://www3.telus.net/mikebike/worm_removal.htm
See my Anti-Virus pages http://virusinfo.hackfix.org/index
<virusinfo-request@xxxxxxxxxxxxx?Subject=subscribe>
A Technical Support Alliance and OWTA Charter Member
Other related posts:
