Sunday, 25 March 2012

Virus Dissemination


In today's world where everyone is attached with the tools and applications of the modern era, where the technology facilitates every persons in all aspects throughout the world in different manners according to their goals and objectives. In the process to facilitate the people in this era Internet and Network Technologies plays a great role the main role of this is it combines and connects people in a couple of seconds no matter how far they are physically.

Internet facilitates peoples in Business, Banking, Education, Medical, Bio-Medical Technologies, Security Personnel, Government bodies etc etc. so in this global mess there are several kinds of risks involved. This main risk and threat is on information sharing and UN-authorize access of the information, Simply called Hacking.

There are three types of Hackers White Hat hackers, Greay Hat hackers and Black Hat hackers in this post i.e. related to Virus Dissemination we are talking about Black Hat Hackers.


Black Hat Hackers are the persons also know as "Intruders" who hackes the information that is not for them simply the stole the information and compromises the computer systems by using various kinds of tools and techniques. This is not an issue that we start talking here about the tolls and techniques they are using to hack the information simply want to say that "If you think that you have a safe lock where you keep the important things safely, then there is a key you have to access the safe after locking it". It's just like if there is a lock then there should a key to open it if there is no key then there is no safe or secure mechanism to call a safe, lock or anything else.

Virus Dissemination is a process of a Malicious software that attaches itself to other software. (virus, worms, Trojan Horse, Time bomb, Logic Bomb, Rabbit and Bacterium are examples of malicious software that destroys the system of the victim.

Several Trojan-generator tools enable hackers to create their own Trojans. Such toolkits help hackers construct Trojans that can be customized. These tools can be dangerous and can backfire if not executed properly. New Trojans created by hackers usually have the added benefit of passing undetected through virus-scanning and Trojan-scanning tools because they don’t match any known signatures. Some of the Trojan kits available in the wild are Senna Spy Generator, the Trojan Horse Construction Kit v2.0, Progenic Mail Trojan Construction Kit, and Pandora’s Box.

Viruses and worms can be used to infect a system and modify a system to allow a hacker to gain access. Many viruses and worms carry Trojans and backdoors. In this way, a virus or worm is a carrier and allows malicious code such as Trojans and backdoors to be transferred from system to system much in the way that contact between people allows germs to spread.

A virus and a worm are similar in that they’re both forms of malicious software (malware). A virus infects another executable and uses this carrier program to spread itself. The virus code is injected into the previously benign program and is spread when the program is run. Examples of virus carrier programs are macros, games, email attachments, Visual Basic scripts, and animations. A worm is similar to a virus in many ways but does not need a carrier program. A orm can self-replicate and move from infected host to another host. A worm spreads from system to system automatically, but a virus needs another program in order to spread.
Viruses and worms both execute without the knowledge or desire of the end user.
Types of Viruses
Viruses are classified according to two factors: what they infect and how they infect. A virus can infect the following components of a system:
i) System sectors
ii) Files
iii) Macros (such as Microsoft Word macros)
iv) Companion files (supporting system files like DLL and INI files)
v) Disk clusters
vi) Batch files (BAT files)
vii) Source code
A virus infects through interaction with an outside system. Viruses need to be carried by another executable program. By attaching itself to the benign executable a virus can spread fairly quickly as users or the system runs the executable. Viruses are categorized according to their infection technique, as follows:

Polymorphic Viruses These viruses encrypt the code in a different way with each infection and can change to different forms to try to evade detection.
Stealth Viruses These viruses hide the normal virus characteristics, such as modifying the original time and date stamp of the file so as to prevent the virus from being noticed as a new file on the system.
Fast and Slow Infectors These viruses can evade detection by infecting very quickly or very slowly. This can sometimes allow the program to infect a system without detection by an antivirus program.
Sparse Infectors These viruses infect only a few systems or applications.
Armored Viruses These viruses are encrypted to prevent detection.
Multipartite Viruses These advanced viruses create multiple infections.
Cavity (Space-Filler) Viruses These viruses attach to empty areas of files.
Tunneling Viruses These viruses are sent via a different protocol or encrypted to prevent detection or allow it to pass through a firewall.
Camouflage Viruses These viruses appear to be another program.
NTFS and Active Directory Viruses These viruses specifically attack the NT file system or Active Directory on Windows systems.

Note: This information is purely for educational purpose not for any experimental or destructive purpose or to effect any organization, government and any other person. So please kindly do not use it in un ethical manner. Rest you will find yourself in trouble.

References: All the references taken from my C|EH (Certified Ethical Hacker) book. I am glad to share the little knowledge with those people who really want to learn and serve in proper and ethical manner.

"I would like to pay my regards to my esteemed professor Mr. Muhammad Ayaz Ghazi & my friend Mr. Adnan Fayyaz for their unconditional efforts and attention regarding my studies specially in Network Security and the Specialized Server side."

 Thanks & Best Regards,
Syed Muhammad Ahmed