We've all heard about the dangers of malware, especially online. Special protection programs against various threats cost a lot of money, but is there any point in these expenses? Let's consider the most common types of infection of information carriers, especially the most dangerous of them - polymorphic viruses.
The meaning of infection
By analogy with medicine, computer systems are considered as separate "organisms" that are able to pick up "infection" during interaction with the digital environment: from the Internet or through the use of unverified removable media. Hence the name of most malicious programs - viruses. At the beginning of their appearance, polymorphic viruses served as entertainment for specialists, something like testing their abilities, as well as testing protection systems for certain computer systems and network resources. Now hackers have moved from pampering to outright criminal acts, and all because of the globalization of digital banking systems, which opened up access to electronicwallets from almost anywhere in the world. The information itself, which is now also hunted by the authors of viruses, has now become more accessible, and its value has increased tens and hundreds of times compared to pre-digital times.
Description and history of occurrence
Polymorphic viruses, as the name suggests, are capable of modifying their own code when making a copy of themselves. Thus, a multiplied virus cannot be detected by anti-virus tools using a single mask and detected in its entirety in a simple scan cycle. The first virus with the technology of modifying its own code was released back in 1990 under the name chameleon. The technology for writing viruses received serious development a little later with the advent of polymorphic code generators, one of which, called the Trident Polymorphic Engine, was distributed with detailed instructions in the BBS archives. Over time, the technology of polymorphism has not undergone major changes, but other ways to hide malicious actions have appeared.
Spread of viruses
In addition to mail systems popular with spammers and virus writers, mutant viruses can enter a computer along with downloaded files when using infected Internet resources via special links. For infection, it is possible to use infected duplicates of known sites. Removable media, usually with an overwrite function, can also become a source of infection, as they may contain infected files that the user is able to run himself. Various requests from installerstemporarily disabling anti-virus software should be a signal to the user, at least for deep checking of executable files. Automatic distribution of viruses is possible if attackers detect deficiencies in protection systems; such software implementations are usually aimed at certain types of networks and operating systems. The popularization of office software has also attracted the attention of intruders, resulting in specially infected macros. Such virus programs have a serious drawback, they are “tied” to the file type, virus macros from Word files cannot interact with Excel spreadsheets.
Types of polymorphism
Polymorphic constructions are divided into several groups according to the complexity of the algorithms used. Oligomorphic ones - the simplest ones - use constants to encrypt their own code, so even a light antivirus is able to calculate and neutralize them. This is followed by codes with several instructions for encryption and the use of an "empty" code, to detect such viruses, security programs must be able to filter out junk commands.
Viruses that change their own structure without loss of functionality, as well as implement other low-level encryption techniques, already present a serious difficulty for anti-virus detection. Incurable polymorphic viruses, consisting of program blocks, can insert parts of their code into various places of the infected file. In fact, such viruses do not need to use an "empty" code, whichthe executable code of the infected files is used. Fortunately for users and developers of anti-virus software, writing such viruses requires serious knowledge of assembly language and is only available to programmers of a very high level.
Goals, objectives and principle of operation
The virus code in a network worm can pose a great threat, since, in addition to spreading speed, it provides a malicious effect on data and infection of system files. The head of a polymorphic virus in the composition of worms or in the basis of their program code makes it easier to bypass the protections of computers. The goals of viruses can be very different, from simple theft to complete destruction of data recorded on permanent media, as well as disruption of operating systems and their complete destabilization. Some virus programs are capable of transferring control of the computer to intruders for explicitly or covertly launching other programs, connecting to paid network resources, or simply transferring files. Others are able to silently "settle" in RAM and monitor the current process of application execution in search of suitable files to infect or interfere with the user's work.
Protection methods
Installing an antivirus is a must for any computer connected to the network, since operating systems are not able to independently protect against malware, except for the simplest ones. Timely database updates and systematic file checks, in addition toconstant monitoring of the system will also help to recognize the infection in time and eliminate the source. When using outdated or weak computers, today you can install a light antivirus that uses cloud storage of virus databases. The choice of such programs is very wide, and all of them are effective to varying degrees, and the price of anti-virus software does not always indicate its high reliability. An undoubted plus of paid programs is the presence of active user support and frequent updates of virus databases, however, some free analogues also respond in time to the appearance of new virus signatures on the network.
