Sunday, 7 February 2010

Computer Viruses

I was working on reverse engineering one of the mid-infecting virus and when i searched google for "mid infecting", i couldn't find much details explaining these terms. So i'll explain these terms briefly .

Computer Viruses are the ones which replicate themselves using different techniques. Viruses should not be confused with Trojans and Worms (they don't infect other files). Malware is the generic term used to cover all the different malicious files or detection.

Coming back to Viruses they are further classified into different types based on the way they reproduce themselves (or replicate ) .

* Boot Virus
   Boot (or boot sector) virus is a virus that can duplicate itself from the boot sector of the disk. ( Boot sector is the area of the disk which runs at the start (or booting ) of your machine )
* Appending Virus
   Appending virus is a virus which appends itself to the host (ie it attaches it viral code to the end of the clean file). 

* Prepending Virus 
  Prepending virus does the opposite of  appending virus , it attaches itself before the host.

* Midinfecting Virus
   Midinfecting viruses are the ones you see often in the real world. Midinfecting viruses incorporates itself somewhere inside the hostIn Mid infectors some parts of the host file runs first and then it runs the viral code.

* PolyMorphic Virus 
    Polymorphic virus (poly -many , morph-forms) is a virus which has a mutation engine which makes it appear different everytime it runs. The working of the virus is same but the appearance of the logic of the code changes every time. (This is done mainly to evade Antivirus detections, which detect on signature of the virus).

Friday, 5 February 2010

New IE Vulnerability

Microsoft have disclosed a advisory that there is a vulnerability in different versions of Internet Explorer.
Looks like a there's lot more IE users should bare with , Microsoft had recently issued a out of band Critical Patch for a IE vulnerability.
This one was discovered in recent Blackhat conference in Washington DC. The exploit can allow the remote user to verify the file's on the victim's computer ,potentially turning into a file server for malicious activities.