Antivirus Ratings: Viruses

Showing posts with label Viruses. Show all posts

2010-05-20

Antiviruses attack!

Company Usenix conducted research, which showed that the fake anti-virus programs account for 15% of all malicious programs, reports BBC News. To study the experts analyzed the 240 million web pages for 13 months.

When you visit certain pages, users get a message that their computer is infected with the virus and offer to download antivirus. After installing the program steals personal data, or forcing people to pay for the registration of a fake product. Experts pointed out that it's amazing how many people are becoming victims of fraud.

Manufacturers of fake antivirus products use search engines to force consumers to buy this useless software. If a user searches a popular word or name of the resource, written with spelling errors in the search results are displayed links to scam sites. Once a user enters such a resource on the screen of his computer pops up a message box that the PC "damaged and corrupted" any malicious software. Then invited to install an application that will eliminate a nonexistent threat. On average, users pay for the download of a fake anti-virus about $ 50.

Fake antivirus programs are often associated with other malicious software, which remains in the victim's computer, even after the payment. During the research specialists Usenix Workshop found 11 thousand domains associated with the spread of false detection. More than half of counterfeit software delivered to PCs via advertising. Experts recommend to be cautious when a site offers to download some additional software, and not to download antivirus software from an unknown site, if you have one already.

By Antivirus ratings

See more:
fastest antivirus software
recommended antivirus for windows 7

The malicious worm could hide in the printer

An expert on computer security Conficker Working Group Rodney Joffe, when cleaning computers from malicious worm Conficker IT-administrators are often overlooked one potential source of reinfection. According to him, should pay more attention to other devices permanently connected to the network - such as printers.

Some printers use an operating system based on Windows, to automatically connect with suppliers of consumables, cartridges when resources are at an end, and these printers can not even figure in the network as the computers and this makes them vulnerable to the virus.

"Conficker" affects all Windows-devices in the network, which means that devices such as network printers can be a source of rapid re-infection, even if the organization already had an expensive procedure for cleaning each computer on your network.

Such re-infection is difficult to detect because these devices are no consoles, allowing to inspect the operating system, so the blame for the re-infection is often passed on to external sources, such as removable disk drives.

Therefore, administrators must re-examine the structure of its network to ensure that all network devices over which they do not have full control, carefully isolated.

Joffe cautioned commercial organizations that they have no illusions about by the fact that the problem is solved Conficker or no longer a threat. According to him, Conficker able not only to disable the entire network, as was the case in Ealing, but remain robust botnet that its creators may still be used to steal sensitive information or conducting cyber attacks.

In addition, he emphasized the outstanding contribution that an organization Conficker Working Group has made in the development of international cooperation in the field of cybernetic solutions of problems.

See more:
Norton Internet Security protects your chicken and caterpillar
Hackers fulfilled the annual plan for six months
Avast Free Antivirus 5.0

ESET announces new virus Win32/Induc.A

Virus Win32/Induc.A has no destructive payload, but its original and effective mechanism for distribution is very interesting. First, contamination of the environment is Delphi, resulting in the program compiled on the infected computer, also become carriers of the virus code. Since no financial profit program to bring virus writers can not, apparently, it was created out of academic interest or as a prototype for other malicious software.

The programming language Delphi, mainly used in industries using large databases, for example, in banking. In such organizations Win32/Induc.A received the most distribution.

Early detection of threats ESET ThreatSense.Net recorded more than 30 000 unique samples of malicious software Win32/Induc.A within the first 24 hours after the introduction of the virus signature database August 18, 2009.

«Win32/Induc.A able to infect a large number of PC software developers using Delphi. Despite the fact that we've been proactively recognize this software as malware, many software vendors have ignored the warning ESET NOD32 about a new virus, mistakenly taking him for a false positive. As a result, multiple copies of licensed software, created on infected computers that were sold to users »

- commented the head of the virus laboratory ESET Juraj Malcho.

It is noteworthy that the virus is also distributed with a Trojan program Win32/Spy.Banker. Apparently, the creators of Trojans themselves become victims of the same virus, and the program Win32/Spy.Banker was compiled by hackers in Delphi Win32/Induc.A on infected computers.

Source – ESET.

See more:

Antivirus Ratings

Cyberdefender antivirus

How to provide anti-virus protection?

Protect your computer from viruses can be only to you. To prevent infecting your computer, or to minimize the damage if contamination does occur, can only be properly and timely use of anti-virus programs. The existence of anti-virus tools, if you use them correctly, does not guarantee against infection. To properly secure your computer, follow these rules:

• Check for viruses on all diskettes, CD-RW, ZIP-disks, flash-drives visited on another computer, all bought CD.
• Use anti-virus program known firms audited regularly (ideally - every day!) Update their base
• Do not upload a resident monitor of the anti-virus programs from your computer's memory
• Use only the programs and data from reliable sources. The most common viruses are infected with pirated copies of programs, especially games
• Do not open any files attached to e-mails coming from senders unknown to you, and do not go to sites advertised through spam list

As practice shows, buy a good antivirus program is usually not enough. Need a set of programs - firewall, antispyware, etc. In addition, the need to continuously update the operating system. Microsoft Corporation periodically publishes special security updates that can help protect your computer. These updates can prevent viral and other attacks on your computer, removing the potentially dangerous entry points. Make sure that Windows receives the data update, including Automatic Updates Windows. Necessary information, see Enabling and disabling automatic updates. Enjoy your protection!

See more:
Antivirus ratings
Cyberdefender antivirus
Online antivirus scan

History of early computer viruses. Part 3.

I hope you have read the History of early computer viruses. Part 1 and Part 2. Today is the final part, covering the period until 2000.

1996

January 1996: two notable events - the appearance of the first Windows95 virus ("Win95.Boza") and the epidemics of the extremely complicated polymorphic virus "Zhengxi" in St. Petersburg (Russia).

March 1996: the first Windows 3.x virus epidemic. The name of the virus is "Win.Tentacle".

June 1996: "OS2.AEP" - the first virus for OS/2, correctly infecting EXE files of this operating system.

July 1996: "Laroux" - the first virus for Microsoft Excel caught live.

December 1996: "Win95.Punch" - the first "memory resident" virus for Windows95.

In general the year 1996 is the start of widespread virus intervention into the Windows32 operating system (Windows95 and WindowsNT) and into the Microfoft Office applications.

1997

February 1997: "Linux.Bliss" - the first virus for Linux (a Unix clone).

February-April 1997: macro viruses migrated to Office97.

March 1997: "ShareFun" - macro-virus hitting Microsoft Word 6/7.

April 1997: "Homer" - the first network worm virus, using File Transfer Protocol (FTP) for propagation.

June 1997: There appears the first self encrypting virus for Windows95.

November 1997: The "Esperanto" virus. This is the first virus that intends to infect not only DOS and Windows32 executable files, but also spreads into the Mac OS (Macintosh).

December 1997: new virus type, the so-called "mIRC Worms", came into being.

The KAMI ltd. anti-virus department has braked away from the mother company constituting the independent one what, certainly, is considered the main event of 1997. Currently the company known as Kaspersky Labs and proved to be a recognized leader of the anti-virus industry.

October 1997: the agreement on licensing of AVP technologies use in F-Secure Anti-Virus (FSAV) was signed.

1998

The year beginning: Epidemic of the "Win32.HLLP.DeTroie" virus family, not just infecting Windows32 executed files but also capable to transmit to the "owner" the information on the computer that was infected, shocked the computer world.

February 1998: One more virus type infecting the Excel tables "Excel4.Paix" (aka "Formula.Paix) was detected.

February - March 1998: "Win95.HPS" and "Win95.Marburg" - the first polymorphous Windows32-viruses were detected and furthermore they were "in-the-wild".

March 1998: "AccessiV" - the first Microsoft Access virus was born.

March 1998: The "Cross" macro-virus, the first virus infecting two different MS Office applications - Access and Word, is detected.

May 1998 - The "RedTeam" virus infects Windows EXE-files and dispatches the infected files through Eudora e-mail.

June 1998 - The "Win95.CIH" virus epidemic at the beginning was mass, then became global and then turned to a kind of computer holocaust - quantity of messages on computer networks and home personal computers infection came to the value of hundreds if not thousands pierces.

August 1998: Nascence of the sensational "BackOrifice" ("Backdoor.BO") - utility of latent (hacker's) management of remote computers and networks. After "BackOrifice" some other similar programs - "NetBus", "Phase" and other - came into being.

November 1998: "VBScript.Rabbit" - The Internet expansion of computer parasites proceeded by three viruses infecting VisualBasic scripts (VBS files), which being actively used in Web pages development.

The anti-virus manufacturers world was also considerably rearranged. In May 1998 Symantec and IBM announced the union of their forces on the anti-virus market.

1999

The infamous "Melissa" virus infects thousands of computers with alarming speed, causing an estimated $80 million in damage and prompting record sales of anti-virus products. The virus starts a program that sends copies of itself to the first 50 names listed in the recipient's Outlook e-mail address book. It also infects Microsoft Word documents on the user's hard drive, and mails them out through Outlook to the same 50 recipients.

2000

The "I Love You" virus infects millions of computers virtually overnight, using a method similar to the Melissa virus.

See more:
Top 7 free downloadable antivirus
Main types of computer viruses
What is a virus
What is Antivirus Ratings

History of early computer viruses. Part 2.

In the article "History of early computer viruses. Part 1." covered the history of computer viruses in 1989, continued today.

1990

This year brought several notable events. The first one was the appearance of the first polymorphic viruses "Chameleon" (a.k.a. "V2P1", "V2P2", and "V2P6"). Until then the anti-virus programs used "masks" - fragments of virus code - to look for viruses. After "Chameleon"'s appearance anti-virus program developers had to look for different methods of virus detection.

The second event was the appearance of Bulgarian "virus production factory": enormous amounts of new viruses were created in Bulgaria. Disease wears the entire families of viruses "Murphy", "Nomenclatura", "Beast" (or "512", "Number-of-Beast"), the modifications of the "Eddie" virus etc.

In July 1990 there was an incident with "PC Today" computer magazine (Great Britain). It contained a floppy disk infected with "DiskKiller" virus. More than 50,000 copies were sold.

In the second half of 1990 there appeared two Stealth monsters - "Frodo" and "Whale".

1991

Programmer Philip Zimmerman releases "Pretty Good Privacy" (PGP), a free, powerful data-encryption tool.

Symantec releases the Norton Anti-Virus software.

In April a full-scale epidemic broke out, caused by file and boot polymorphic virus called "Tequila", and in September the same kind of story happened with "Amoeba" virus.

Summer of 1991: "Dir_II" epidemic.

1992

Non-IBM PC and non-MS-DOS viruses are virtually forgotten: "holes" in global access network are closed, errors corrected, and network worm viruses lost the ability to spread themselves. File-, boot- and file-boot viruses for the most widely spread operating system (MS-DOS) on the most popular computer model (IBM PC) are becoming more and more important.

Early 1992: the first polymorphic generator MtE, serving as a base for several polymorphic viruses which follow almost immediately.

March 1992: "Michelangelo" virus epidemics (a.k.a. "March6") and the following hysteria took place.

July 1992: The first virus construction sets were made, VCL and PS-MPC.

Late 1992: The first Windows virus appears, infecting this OS's executables, and starts a new page in virus making.

1993

Virus makers are starting to do some serious damage: besides hundreds of mundane viruses which are no different than their counterparts, besides the whole polymorphic generators and construction sets, besides new electronic editions of virus makers there appear more and more viruses, using highly unusual ways of infecting files, introducing themselves into the system etc.

1994

The problem of CD viruses is getting more important. Having quickly gained popularity CD disks became one of the main means of spreading viruses.

Early in the year in Great Britain there popped out two extremely complicated polymorphic viruses, "SMEG.Pathogen" and "SMEG.Queeg".

Another wave of panic was created by a message about a supposed virus called "GoodTimes", spreading via the Internet and infecting a computer when receiving E-mail.

There appear some new unusual enough viruses:
January 1994: "Shifter" - the first virus infecting object modules (OBJ files). "Phantom1" - the cause of the first epidemic of polymorphic virus in Moscow.

April 1994: "SrcVir" - the virus family infecting program source code (C and Pascal).

June 1994: "OneHalf" - one of the most popular viruses in Russia so far starts a total epidemics.

September 1994: "3APA3A" - a boot-file virus epidemic. This virus uses a highly unusual way of incorporating into MS-DOS. No anti-virus was ready to meet such kind of a monster.

1995

Microsoft Corp. releases Windows 95. Anti-virus companies worry that the operating system will be resistant to viruses.

February 1995: an incident with Microsoft: Windows95 demos disks are infected by "Form".

Spring 1995: two anti-virus companies - ESaSS (ThunderBYTE anti-virus) and Norman Data Defense (Norman Virus Control) announce their alliance.

August 1995: one of the turning points in the history of viruses and anti-viruses: there has actually appeared the first "alive" virus for Microsoft Word ("Concept").

Read "History of early computer viruses. Part 1."

Read "History of early computer viruses. Part 3."

See more:
Top 7 free downloadable antivirus
Main types of computer viruses
What is a virus
What is Antivirus Ratings

History of early computer viruses. Part 1.

I decided to gather from various sources of the history of computer viruses. I have chosen in my opinion the most important events in the period from the late 60's to 2000. Chronology compiled through articles of THE HISTORY OF COMPUTER VIRUSES, and A Short History of Computer Viruses and Attacks.

Late 1960s - early 1970s

Periodically on the mainframes at that period of time there appeared programs called "the rabbit". These programs cloned themselves, occupied system resources, thus lowering the productivity of the system.

The first incident which may be well called an epidemic of "a computer virus", happened on the Univax 1108 system. The virus called "Pervading Animal" merged itself to the end of executable files - virtually did the same thing as thousands of modern viruses do.

The first half of 1970s

"The Creeper" virus created under the Tenex operating system used global computer networks to spread itself. The virus was capable of entering a network by itself by modem and transfer a copy of itself to remote system. "The Reeper" anti-virus program was created to fight this virus, it was the first known anti-virus program.

1979

Engineers at Xerox Palo Alto Research Center discover the computer "worm" a short program that scours a network for idle processors. Designed to provide more efficient computer use, the worm is the ancestor of modern worms - destructive computer viruses that alter or erase data on computers, often leaving files irretrievably corrupted.

1981

"Elk Cloner" bootable virus epidemics started on Apple II computers. The virus attached itself to the boot sector of diskettes to which there were calls. It showed itself in many ways - turned over the display, made text displays blink and showed various messages.

1983

The FBI busts the "414s," a group of young hackers who break into several U.S. government networks, in some cases using only an Apple II+ computer and a modem.

University of Southern California doctoral candidate Fred Cohen coins the term "computer virus" to describe a computer program that can "affect other computer programs by modifying them in such a way as to include a (possibly evolved) copy of itself." Anti-virus makers later capitalize on Cohen's research on virus defense techniques.

1984

In his novel, "Neuromancer" author William Gibson popularizes the term "cyberspace" a word he used to describe the network of computers through which characters in his futuristic novels travel.

1986

One of the first PC viruses ever created, "The Brain" is released by programmers in Pakistan.

Also in 1986 a programmer named Ralph Burger found out that a program can create copies of itself by adding its code to DOS executables. His first virus called "VirDem" was the demonstration of such a capability.

1987

"Vienna" virus appears. Ralph Burger, whom we already now, gets a copy of this virus, disassembles it, and publishes the result in his book "Computer Viruses: a High-tech Disease".

Some more IBM PC viruses are being written independently in the same year. They are: "Lehigh", infecting the COMMAND.COM file only; "Suriv-1" a.k.a. "April1st", infecting COM files; "Suriv-2", infecting (for the first time ever) EXE files; and "Suriv-3", infecting both COM and EXE files. There also appear several boot viruses ("Yale" in USA, "Stoned" in New Zealand, "PingPong" in Italy), and the first self encrypting file virus "Cascade". Non-IBM computers are also not forgotten: several viruses for Apple Macintosh, Commodore Amiga and Atari ST have been detected.

In December of 1987 there was the first total epidemics of a network virus called "Christmas Tree", written in REXX language and spreading itself under the VM/CMS operating environments.

1988

Twenty-three-year-old programmer Robert Morris unleashes a worm that invades ARPANET computers. The small program disables roughly 6,000 computers on the network by flooding their memory banks with copies of itself. Morris confesses to creating the worm out of boredom. He is fined $10,000 and sentenced to three years' probation.

On Friday the 13 1988 several companies and universities in many countries of the world "got acquainted" with the "Jerusalem" virus. On that day the virus was destroying files which were attempted to be run.

"Jerusalem" together with several other viruses ("Cascade", "Stoned", "Vienna") infected thousands of computers still being unnoticed - anti-virus programs were not as common then as they are now, many users and even professionals did not believe in the existence of computer viruses.

Notoriously false messages about new computer viruses started to appear, causing panic among the computer users.

November 1988: a total epidemic of a network virus of Morris (a.k.a. Internet Worm). This virus infected more than 6000 computer systems in USA (including NASA research Institute) and practically paralyzed their work.

December 1988: the season of worm viruses continues this time in DECNet. Worm virus called HI.COM output and image of spruce and informed users that they should "stop computing and have a good time at home!!!"

There also appeared new anti-virus programs for example, Doctors Solomon's Anti-virus Toolkit.

1989

New viruses "Datacrime", "FuManchu" appear, as do the whole families like "Vacsina" and "Yankee".

September 1989: 1 more anti-virus program begins shipping - IBM Anti-virus.

October 1989: one more epidemic in DECNet, this time it was worm virus called "WANK Worm".

December 1989: an incident with a "Trojan horse" called "AIDS". 20,000 copies were shipped on diskettes marked as "AIDS Information Diskette Version 2.0".

Read "History of early computer viruses. Part 2."

See more:
Top 7 free downloadable antivirus
Main types of computer viruses
What is a virus
What is Antivirus Ratings

Main types of computer viruses

From the article «what is a virus» you know a bit about viruses. Today I suggest to talk about the types of viruses. There are quite a number of viruses. There are different classifications, and each of them has some differences. So my list is only main types of computer viruses. Maybe I will, if possible, its complement. All the more so that the bad guys constantly improving technology, and invent something new -).

So the main types of viruses:

Resident Viruses
This type of virus is a permanent which dwells in the RAM memory. From there it can overcome and interrupt all of the operations executed by the system: corrupting files and programs that are opened, renamed, copied etc.

Boot sector viruses
One of the most ancient types of computer viruses. Boot sector viruses infect the boot record on hard disks, floppy оr other disks. This type of virus does not need to be able to successfully boot the victims computer to infect it.

Master Boot Record (MBR) viruses
MBR viruses which infect the Master Boot Record on fixed disks and the DOS boot sector on diskettes. All common boot sector and MBR viruses are memory resident.

File infector viruses
This type of virus infects programs or executable files (.EXE or .COM extension). Though some can infect any program for which execution or interpretation is requested, such as SYS, OVL, OBJ, PRG, MNU and BAT files. When one of these programs is run, directly or indirectly, the virus is activated, producing the damaging effects it is programmed to carry out. The majority of existing viruses belong to this category, and can be classified depending on the actions that they carry out.

Macro viruses
Macro viruses infect certain types of data files. Most macro viruses infect Microsoft Office files (such as MS Word Documents, Excel Spreadsheets, and other).
Macro viruses use the Visual Basic macro language which is built into Microsoft applications. Continual use of the program results in the spread of the virus. Some macros replicate, while others infect documents.

Multi-partite viruses
Multi-partite may fall into more than one of the top classes. For example, a multi-partite computer virus might infect both the boot record and other files.

Polymorphic Virus
Polymorphic viruses encrypt or encode themselves in to avoid detection from anti-virus software.

It was a story about the main types of computer viruses. In subsequent publications we will talk about how viruses work, how they find and get rid of them.

Image from.

What is a virus?

Any modern man, even the 100 year old grandmother (who saw the computer 2 times) know that this virus. We hear about viral epidemics in the news, our friends regularly complain that they have problems due to viruses, one who reads this article does not once encountered viruses. So what is a virus?

Computer virus - a kind of computer programs, a distinctive feature of which is the ability to reproduce. Through this they are able to infect other computers, as well as the influenza virus is transmitted from person to person. In addition, viruses can damage or completely destroy files and user data, as well as to damage or even destroy the operating system with all files as a whole.

"Dummies" is sometimes referred to as computer viruses and other malware such as trojans, spyware and even spam. A true virus can only spread from one computer to another when its host is taken to the target computers.

There are tens of thousands of computer viruses that spread via the Internet worldwide, by viral epidemics. Viruses spread, introducing themselves to executable code from other programs or replacing other programs. For some time it was thought that, as a program, the virus can infect only program. Changing the file are not the program - no contamination, but only damage to data. Because it did not use the processor as instructions. Thus, for example, unformatted text could not be a carrier of the virus.

But the latest bad guys have that viral behavior could not only executable code containing the machine code processor. Viruses have been written in the language of a batch file. Then there macroviruses implementing through macros in documents such programs as Microsoft Word and Excel.

After the crackers have created viruses that use vulnerabilities in popular software (eg, Adobe Photoshop, Internet Explorer, Outlook), the normal data processing. Viruses have been spread through the introduction of images, texts, etc.

The following publications you more details about what is a virus. To be continued!