Common Types of Computer Viruses and Other Malicious Programs. What is Computer Virus Computer viruses are small software programs that are designed to spread from one computer to another and to interfere with computer operation. A virus might corrupt or delete data on your computer, use your e mail program to spread itself to other computers, or even erase everything on your hard disk. Disk Cleanup cleanmgr. Microsoft Windows designed to free up disk space on a computers hard drive. Anondroid%20Proxy%20Client.png' alt='Cain 20 Exe Download' title='Cain 20 Exe Download' />Im Kouta Koikawa, and Im having a problem with my studies. Its not that my classmates ruckus bothers me, I sit at the front of the room to avoid their antics. CainAbel.png' alt='Cain 20 Exe Download' title='Cain 20 Exe Download' />Computer viruses are often spread by attachments in e mail messages or instant messaging messages. That is why it is essential that you never open e mail attachments unless you know who its from and you are expecting it. Viruses can be disguised as attachments of funny images, greeting cards, or audio and video files. Computer viruses also spread through downloads on the Internet. They can be hidden in illicit software or other files or programs you might download. How Computer Viruses Work Here is the general way that viruses work An infected program is run. This is either a program file in the case of a file infecting virus or a boot sector program at boot time. In the case of a Microsoft Word document the virus can be activated as soon as the document that contains it is opened for reading within Microsoft Word. If the NORMAL. DOT document template is infected and this is the most common target of these viruses then the virus may be activated as soon as Microsoft Word is started up. The infected program has been modified so that instead of the proper code running, the virus code runs instead. This is usually done by the virus modifying the first few instructions to jump to where the virus code is stored. The virus code begins to execute. The virus code becomes active and takes control of the PC. There are two ways that a virus will behave when it is run direct action viruses will immediately execute, often seeking other programs to infect andor exhibiting whatever other possibly malicious behavior their author coded into them. Many file infector viruses are direct action. In contrast, memory resident viruses dont do anything immediately they load themselves into memory and wait for a triggering event that will cause them to act. Many file infectors and all boot infectors do this boot infectors have to become memory resident, because at the time they are executed the system is just starting up and there isnt that much interesting for them to do immediately. What exactly the virus does depends on what the virus is written to do. Their primary goals however include replication and spreading, so viruses will generally search for new targets that they can infect. For example, a boot sector virus will attempt to install itself on hard disks or floppy disks that it finds in the system. File infectors may stay in memory and look for programs being run that they can target for infection. Malevolent viruses that damage files or wreak havoc in other ways will often act on triggers. There are viruses that will only activate on particular days of the year such as the infamous Friday the 1. Some viruses do nothing other than trying to maximize their own infection to as many files and systems as possible. Most Common Types of Viruses and Other Malicious Programs. Resident Viruses This type of virus is a permanent which dwells in the RAM memory. From there it can overcome and interrupt all of the operations executed by the system corrupting files and programs that are opened, closed, copied, renamed etc. Examples include Randex, CMJ, Meve, and Mr. Klunky. 2. Multipartite Viruses. Multipartite viruses are distributed through infected media and usually hide in the memory. Gradually, the virus moves to the boot sector of the hard drive and infects executable files on the hard drive and later across the computer system. Direct Action Viruses The main purpose of this virus is to replicate and take action when it is executed. When a specific condition is met, the virus will go into action and infect files in the directory or folder that it is in and in directories that are specified in the AUTOEXEC. BAT file PATH. This batch file is always located in the root directory of the hard disk and carries out certain operations when the computer is booted. Overwrite Viruses Virus of this kind is characterized by the fact that it deletes the information contained in the files that it infects, rendering them partially or totally useless once they have been infected. The only way to clean a file infected by an overwrite virus is to delete the file completely, thus losing the original content. Examples of this virus include Way, Trj. Reboot, Trivial. 8. D. 5. Boot Virus This type of virus affects the boot sector of a floppy or hard disk. This is a crucial part of a disk, in which information on the disk itself is stored together with a program that makes it possible to boot start the computer from the disk. The best way of avoiding boot viruses is to ensure that floppy disks are write protected and never start your computer with an unknown floppy disk in the disk drive. Examples of boot viruses include Polyboot. B, Anti. EXE. 6. Macro Virus Macro viruses infect files that are created using certain applications or programs that contain macros. These mini programs make it possible to automate series of operations so that they are performed as a single action, thereby saving the user from having to carry them out one by one. Examples of macro viruses Relax, Melissa. A, Bablas, O9. 7MY2. K. 7. Directory Virus Directory viruses change the paths that indicate the location of a file. By executing a program file with the extension. EXE or. COM which has been infected by a virus, you are unknowingly running the virus program, while the original file and program have been previously moved by the virus. Once infected it becomes impossible to locate the original files. Polymorphic Virus Polymorphic viruses encrypt or encode themselves in a different way using different algorithms and encryption keys every time they infect a system. This makes it impossible for anti viruses to find them using string or signature searches because they are different in each encryption and also enables them to create a large number of copies of themselves. Examples include Elkern, Marburg, Satan Bug, and Tuareg. File Infectors This type of virus infects programs or executable files files with an. EXE or. COM extension. When one of these programs is run, directly or indirectly, the virus is activated, producing the damaging effects it is programmed to carry out. The majority of existing viruses belongs to this category, and can be classified depending on the actions that they carry out. This type of viruses consists of encrypted malicious code, decrypted module. The viruses use encrypted code technique which make antivirus software hardly to detect them. The antivirus program usually can detect this type of viruses when they try spread by decrypted themselves. Companion Viruses Companion viruses can be considered file infector viruses like resident or direct action types. They are known as companion viruses because once they get into the system they accompany the other files that already exist. In other words, in order to carry out their infection routines, companion viruses can wait in memory until a program is run resident viruses or act immediately by making copies of themselves direct action viruses. Some examples include Stator, Asimov. Terrax. 1. 06. 91. Top 1. 5 Security Utilities Download Hacking Tools. This is a list of some of the most common hacking tools, security utilities with direct links for the most relevant like ethereal hacking and best to download hacking tools. Nmap. I think everyone has heard of this one, recently evolved into the 4. Nmap Network Mapper is a free open source utility for network exploration or security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services application name and version those hosts are offering, what operating systems and OS versions they are running, what type of packet filtersfirewalls are in use, and dozens of other characteristics. Nmap runs on most types of computers and both console and graphical versions are available. Nmap is free and open source. Can be used by beginners s. T or by pros alike packettrace. A very versatile tool, once you fully understand the results. Get Nmap Here. 2. Nessus Remote Security Scanner. Recently went closed source, but is still essentially free. Works with a client server framework. Nessus is the worlds most popular vulnerability scanner used in over 7. Many of the worlds largest organizations are realizing significant cost savings by using Nessus to audit business critical enterprise devices and applications. Get Nessus Here. Also see Open. VAS Open Vulnerability Assessment System Nessus is Back. John the Ripper. John the Ripper is a fast password cracker, currently available for many flavors of Unix 1. DOS, Win. 32, Be. OS, and Open. VMS. Its primary purpose is to detect weak Unix passwords. Besides several crypt3 password hash types most commonly found on various Unix flavors, supported out of the box are Kerberos AFS and Windows NT2. XP2. 00. 3 LM hashes, plus several more with contributed patches. You can get JTR Here. Also see JTR Password Cracking John the Ripper 1. Released FINALLY. Nikto. Nikto is an Open Source GPL web server scanner which performs comprehensive tests against web servers for multiple items, including over 3. CGIs, versions on over 6. Scan items and plugins are frequently updated and can be automatically updated if desired. Nikto is a good CGI scanner, there are some other tools that go well with Nikto focus on http fingerprinting or Google hackinginfo gathering etc, another article for just those. Get Nikto Here. Also see Nikto 2. Released Web Server Security Scanning Tool. Super. Scan. Powerful TCP port scanner, pinger, resolver. Super. Scan 4 is an update of the highly popular Windows port scanning tool, Super. Scan. If you need an alternative for nmap on Windows with a decent interface, I suggest you check this out, its pretty nice. Get Super. Scan Here. Also see Superscan v. Fast TCP UDP Port Scanner for Windows. P0f v. 2 is a versatile passive OS fingerprinting tool. P0f can identify the operating system on machines that connect to your box SYN mode, machines you connect to SYNACK mode, machine you cannot connect to RST mode, machines whose communications you can observe. Basically it can fingerprint anything, just by listening, it doesnt make ANY active connections to the target machine. Get p. 0f Here. Also see p. Advanced Passive OS Fingerprinting Tool. Wireshark Formely EtherealWireshark is a GTK based network protocol analyzer, or sniffer, that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial quality analyzer for Unix and to give Wireshark features that are missing from closed source sniffers. Works great on both Linux and Windows with a GUI, easy to use and can reconstruct TCPIP StreamsWill do a tutorial on Wireshark later. Get Wireshark Here. Also see Wireshark 1. Released Network Protocol Analyzer. Yersinia. Yersinia is a network tool designed to take advantage of some weakeness in different Layer 2 protocols. It pretends to be a solid framework for analyzing and testing the deployed networks and systems. Currently, the following network protocols are implemented Spanning Tree Protocol STP, Cisco Discovery Protocol CDP, Dynamic Trunking Protocol DTP, Dynamic Host Configuration Protocol DHCP, Hot Standby Router Protocol HSRP, IEEE 8. Inter Switch Link Protocol ISL, VLAN Trunking Protocol VTP. The best Layer 2 kit there is. Get Yersinia Here. Also see Yersinia 0. Released with 8. 02. Support Layer 2 Attack Framework. Eraser. Eraser is an advanced security tool for Windows, which allows you to completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns. Works with Windows 9. ME, NT, 2. 00. 0, XP and DOS. Eraser is Free software and its source code is released under GNU General Public License. An excellent tool for keeping your data really safe, if youve deleted it. Get Eraser Here. 1. Pu. TTYPu. TTY is a free implementation of Telnet and SSH for Win. Unix platforms, along with an xterm terminal emulator. A must have for any h. SSH from Windows without having to use the crappy default MS command line clients. Get Pu. TTY Here. LCPMain purpose of LCP program is user account passwords auditing and recovery in Windows NT2. XP2. 00. 3. Accounts information import, Passwords recovery, Brute force session distribution, Hashes computing. A good free alternative to L0phtcrack. LCP was briefly mentioned in our well read Rainbow Tables and Rainbow. Crack article. Get LCP Here. Also see LCP A Good FREE Alternative to L0phtcrack LC5. Cain and Abel. My personal favourite for password cracking of any kind. Cain Abel is a password recovery tool for Microsoft Operating Systems. Symbian Certificate. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute Force and Cryptanalysis attacks, recording Vo. IP conversations, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols. The program does not exploit any software vulnerabilities or bugs that could not be fixed with little effort. Get Cain and Abel Here. Also see Cain Abel Download the Super Fast and Flexible Password Cracker with Network Sniffing. Kismet. Kismet is an 8. Kismet will work with any wireless card which supports raw monitoring rfmon mode, and can sniff 8. A good wireless tool as long as your card supports rfmon look for an orinocco gold. Get Kismet Here. Also see Kismet Wireless Network Hacking, Sniffing Monitoring. Net. Stumbler. Yes a decent wireless tool for Windows Sadly not as powerful as its Linux counterparts, but its easy to use and has a nice interface, good for the basics of war driving. Net. Stumbler is a tool for Windows that allows you to detect Wireless Local Area Networks WLANs using 8. It has many uses Verify that your network is set up the way you intended. Find locations with poor coverage in your WLAN. Detect other networks that may be causing interference on your network. Detect unauthorized rogue access points in your workplace. Help aim directional antennas for long haul WLAN links. Use it recreationally for War. Driving. Get Net. Stumbler Here. Also see Net. Stumbler Windows Freeware to Detects Insecure Wireless Networks.