Read the text and define what network viruses are.

 

Harmful Programs

 

Harmful programs, besides viruses, are Trojan horses (logical bombs), hidden (hacker’s) remote administration tools («backdoors»), passwords and other confidential information stealing programs, as well as intended viruses, virus construction sets and polymorphic generators.

 

Trojan Horses (Logical Bombs)

 

Trojan horses are programs, doing some kind of harm, that is depending on some circumstances or with each execution destroying information on disks, crashing the system, etc.

Most part of the Trojan horses are programs, which «imitate» some other useful programs, new versions of popular utility software or software updates for them. Very often they are being sent to BBS stations or Usenet groups. In comparison with viruses Trojan horses are not widely spread. The reasons of this are quite simple – they either destroy themselves together with the rest of the data on disks, or unmask their presence and are deleted by victimized users.

Virus «droppers» may also be considered Trojan horses. There are the files infected in such way, that known anti- viruses do not determine virus presence in the file. For example a file is encrypted in some special way or packed by an rarely used archiver, preventing anti- virus from «seeing» the infection.

Hoaxes are also worth mentioning. These are programs not doing any direct harm to computers, but displaying messages falsely stating that this harm has already been done, or will be done under some circumstances, or warn user about sotome kind of nonexistent danger. Hoaxes are for example, programs which «scare» user with messages about disk formatting (although actually no formatting takes place), detect viruses in not infected files, display strange virus like messages (CMD640X disk driver from some commercial software package) etc. – it depends on the sense of humor of the author of such program. Apparently the string «CHOLEEPA» in the second sector of Seagate hard disks is also a hoax.

 

Backdoors (remote administration hacker’s tools)

 

The programs that are classified as «backdoors» are network administration utilities that allows to control remove computers on the network, and they are similar to commercial network administration packages that are developed and distributed by software companies.

The only feature makes this utilities to be classified as malicious (Trojan) software – the silent installing and execution. When such program runs, it installs itself into the system and then monitors it without any requests or messages. If you already have it installed on the computer, you cannot find this application in task list in most of cases. The most of known backdoor Trojans also do not manifest their activity in any way.

Being installed on the computer, the backdoors may do everything their author had embedded into their «feature list»: send / receive files to / from affected computer, execute / delete / rename files there, display message boxes, hook keyboard input, etc. As a result the backdoors are able to monitor almost everything on affected computers, steal data from them, upload and run viruses on the remote PC, erase information there, etc.

 

Intended Viruses

 

They look like viruses at a glance, but not quite so; they are unable to propagate because of errors. For example, a virus, «forgetting» to place a jump command to its own code to the top of file it infects, or places a jump to incorrect address, or sets the erratic address of the intercepted interrupt (which in most cases hangs the computer) etc.

The main reason of the appearance of intended viruses is incompetent re-compilation of the already existing virus, either because of insufficient knowledge of programming language, or because of not knowing of all the technical subtleties of operating system.

 

Virus Construction Sets

 

A virus construction set is an utility program, intended for creating computer viruses. They allow generating of source code of the viruses, object modules and / or infected files themselves.

Some construction sets (VLC, NRLG) have standard windowed interface, allowing menu selection of virus type, target objects (COM and/or EXE), presence or absence of self encrypting, debugging counter measures, internal text strings, etc. Other construction sets (PS-MPC, G2) don’t have an interface and read information about the type of virus from configuration file.

 

Polymorphic Generators

 

Polymorphic generators, like virus construction sets, are not viruses in the full sense of the word, because their algorithm does not contain propagation functions, that is opening, closing and writing files, reading and writing sectors etc. The main function of programs such kind is encrypting virus body and generating the corresponding decryptor routine.

Polymorphic generators are usually distributed by their authors without restrictions in the form of an archive file. In any generator archive the main file is an object module, containing this generator.