Virus (computer).
Publié le 11/05/2013
Extrait du document
«
how closely it resembles a virus.
It relies on experience with previous viruses to predict the likelihood that a suspicious file is an as-yet unidentified or unclassified newvirus.
Other types of antiviral software include monitoring software and integrity-shell software.
Monitoring software is different from scanning software.
It detects illegal orpotentially damaging viral activities such as overwriting computer files or reformatting the computer's hard drive.
Integrity-shell software establishes layers throughwhich any command to run a program must pass.
Checksumming is performed automatically within the integrity shell, and infected programs, if detected, are notallowed to run.
C Containment and Recovery
Once a viral infection has been detected, it can be contained by immediately isolating computers on networks, halting the exchange of files, and using only write-protected disks.
In order for a computer system to recover from a viral infection, the virus must first be eliminated.
Some antivirus software attempts to removedetected viruses, but sometimes with unsatisfactory results.
More reliable results are obtained by turning off the infected computer; restarting it from a write-protectedfloppy disk; deleting infected files and replacing them with legitimate files from backup disks; and erasing any viruses on the boot sector.
V VIRAL STRATEGIES
The authors of viruses have several strategies to circumvent antivirus software and to propagate their creations more effectively.
So-called polymorphic viruses makevariations in the copies of themselves to elude detection by scanning software.
A stealth virus hides from the operating system when the system checks the locationwhere the virus resides, by forging results that would be expected from an uninfected system.
A so-called fast-infector virus infects not only programs that areexecuted but also those that are merely accessed.
As a result, running antiviral scanning software on a computer infected by such a virus can infect every program onthe computer.
A so-called slow-infector virus infects files only when the files are modified, so that it appears to checksumming software that the modification waslegitimate.
A so-called sparse-infector virus infects only on certain occasions—for example, it may infect every tenth program executed.
This strategy makes it moredifficult to detect the virus.
By using combinations of several virus-writing methods, virus authors can create more complex new viruses.
Many virus authors also tend to use new technologieswhen they appear.
The antivirus industry must move rapidly to change their antiviral software and eliminate the outbreak of such new viruses.
VI VIRUS-LIKE COMPUTER PROGRAMS
There are other harmful computer programs that can be part of a virus but are not considered viruses because they do not have the ability to replicate.
Theseprograms fall into three categories: Trojan horses, logic bombs, and deliberately harmful or malicious software programs that run within a Web browser, an applicationprogram such as Internet Explorer and Netscape that displays Web sites.
A Trojan horse is a program that pretends to be something else.
A Trojan horse may appear to be something interesting and harmless, such as a game, but when itruns it may have harmful effects.
The term comes from the classic Greek story of the Trojan horse found in Homer’s Iliad.
A logic bomb infects a computer’s memory, but unlike a virus, it does not replicate itself.
A logic bomb delivers its instructions when it is triggered by a specificcondition, such as when a particular date or time is reached or when a combination of letters is typed on a keyboard.
A logic bomb has the ability to erase a hard driveor delete certain files.
Malicious software programs that run within a Web browser often appear in Java applets and ActiveX controls.
Although these applets and controls improve theusefulness of Web sites, they also increase a vandal’s ability to interfere with unprotected systems.
Because those controls and applets require that certain componentsbe downloaded to a user’s personal computer (PC), activating an applet or control might actually download malicious code.
A History
In 1949 Hungarian American mathematician John von Neumann, at the Institute for Advanced Study in Princeton, New Jersey, proposed that it was theoreticallypossible for a computer program to replicate.
This theory was tested in the 1950s at Bell Laboratories when a game called Core Wars was developed, in which playerscreated tiny computer programs that attacked, erased, and tried to propagate on an opponent's system.
In 1983 American electrical engineer Fred Cohen, at the time a graduate student, coined the term virus to describe a self-replicating computer program.
In 1985 the first Trojan horses appeared, posing as a graphics-enhancing program called EGABTR and as a game called NUKE-LA.
A host of increasingly complex viruses followed.
The so-called Brain virus appeared in 1986 and spread worldwide by 1987.
In 1988 two new viruses appeared: Stone, the first bootstrap-sector virus, and the Internetworm, which crossed the United States overnight via computer network.
The Dark Avenger virus, the first fast infector, appeared in 1989, followed by the firstpolymorphic virus in 1990.
Computer viruses grew more sophisticated in the 1990s.
In 1995 the first macro language virus, WinWord Concept, was created.
In 1999 the Melissa macro virus,spread by e-mail, disabled e-mail servers around the world for several hours, and in some cases several days.
Regarded by some as the most prolific virus ever, Melissacost corporations millions of dollars due to computer downtime and lost productivity.
The VBS_LOVELETTER script virus, also known as the Love Bug and the ILOVEYOU virus, unseated Melissa as the world's most prevalent and costly virus when it struckin May 2000.
By the time the outbreak was finally brought under control, losses were estimated at U.S.$10 billion, and the Love Bug is said to have infected 1 in every5 PCs worldwide.
The year 2003 was a particularly bad year for computer viruses and worms.
First, the Blaster worm infected more than 10 million machines worldwide by exploiting aflaw in Microsoft’s Windows operating system.
A machine that lacked the appropriate patch could be infected simply by connecting to the Internet.
Then, the SoBigworm infected millions more machines in an attempt to convert systems into networking relays capable of sending massive amounts of junk e-mail known as spam.SoBig spread via e-mail, and before the outbreak was 24 hours old, MessageLabs, a popular e-mail filtering company, captured more than a million SoBig messages andcalled it the fastest-spreading virus in history.
In January 2004, however, the MyDoom virus set a new record, spreading even faster than SoBig, and, by mostaccounts, causing even more damage.
Contributed By:Eddy WillemsMicrosoft ® Encarta ® 2009. © 1993-2008 Microsoft Corporation.
All rights reserved..
»
↓↓↓ APERÇU DU DOCUMENT ↓↓↓
Liens utiles
- Prénom : Cycle 3 Comprendre comment un virus se multiplie Date : Le virus transforme la cellule en fabrique à virus.
- Computerspiele 1 EINLEITUNG Computerspiele, Form der Videospiele, die im Unterschied zu Konsolenspielen auf einem Personal Computer (PC) gespielt werden.
- virus.
- virus informatique.
- sida (syndrome d'immunodéficience acquise), terme qui regroupe l'ensemble desmanifestations pathologiques provoquées par un rétrovirus, le virus VIH (virus del'immunodéficience humaine), ou HIV (Human Immunodeficiency Virus) selon la terminologieanglo-saxonne.