The key word in defining a virus is “malicious.” The same programs that are called the first viruses did not cause any harm to the computer. It was, for example, computer game“Animal”, which consists of guessing animals and has gathered a countless number of fans. The author of the game was tired of endless requests from users to send them this game (and in 1974 this was not an easy task - it was necessary to record the game on magnetic tape and send it by mail). Therefore, he created a subroutine “Pervade”, which independently “traveled” from computer to computer and recorded the game “Animal” in each of them. It is unlikely that at least one computer suffered from this simple “surprise”.

Creeper, which appeared in the early 1970s, was a self-moving demonstration program: when a new copy of Creeper was launched on a new computer, the previous one would stop working. And her job was simply to display the message “I am a Creeper... catch me if you can” on the screen. Later, the Reaper program was written, which also moved from computer to computer and “hunted” for the Creeper, blocking it.

A little more annoying and similar to a real virus was the “Cookie monster”. This program displayed the phrase “Give me a cookie” on the terminal and blocked it until the operator entered the word “cookie”.

Real pioneer viruses

One of the real first viruses is considered to be Elk Cloner, written by a 15-year-old schoolboy for personal computers Apple II. It also did not affect the operation of the computer, but it could unintentionally damage disks containing a non-standard DOS image and overwrite backup tracks regardless of their contents. After every 50th download, the virus displayed a rhyme on the screen saying that Elk Cloner is a program with a personality that will “get into all your drives, get into all your chips, stick to you like glue, and change your RAM.”

Its contemporary, Virus 1,2,3, acted approximately the same way, although it appeared independently of Cloner. Both viruses were created in 1981.
Soon the era began for real harmful viruses, which were “masquerading” as useful programs and destroyed user data. Fred Cohen even wrote an article about file viruses - and this was the first academic study on this topic. It is Cohen who is generally considered to be the author of the term “virus,” although this term was proposed by his supervisor.

Computer virus- a type of malicious software that can create copies of itself and embed itself in the code of other programs, system memory areas, boot sectors, and also distribute its copies through various communication channels.

Even if the author of the virus has not programmed harmful effects, the virus can cause computer crashes due to errors and unaccounted for subtleties of interaction with the operating system and other programs. In addition, viruses, as a rule, take up space on storage devices and consume some other system resources.

In everyday life, all malicious software is called “viruses,” although in fact this is only one type of it.

The creation and distribution of malicious programs (including viruses) is prosecuted in Russia according to the Criminal Code of the Russian Federation ().

Encyclopedic YouTube

1 / 2

What's happened computer virus

WannaCry virus! How to protect Microsoft Windows(XP, 7, 8, 10) by WannaCry.

Subtitles

Story

The foundations of the theory of self-replicating mechanisms were laid by an American of Hungarian origin, John von Neumann, who in 1951 proposed a method for creating such mechanisms. Working examples of such programs have been known since 1961.

The first known viruses are Virus 1,2,3 and Elk Cloner for the Apple II PC, which appeared in 1981. In the winter of 1984, the first antivirus utilities- CHK4BOMB and BOMBSQAD by Andy Hopkins Andy Hopkins). In early 1985, Guy Wong Gee Wong) wrote the DPROTECT program - the first resident antivirus.

The first viral epidemics date back to -1989: Brain.A (spread in boot sectors floppy disks, caused the largest epidemic), Jerusalem (appeared on Friday May 13, 1988, destroying programs when they were launched), Morris worm (over 6200 computers, most networks were out of order for up to five days), DATACRIME (about 100 thousand infected PCs only in the Netherlands).

At the same time, the main classes of binary viruses took shape: network worms (Morris worm, 1987), Trojan horses (AIDS, 1989), polymorphic viruses (Chameleon, 1990), stealth viruses (Frodo, Whale, 2nd half of 1990).

At the same time, organized movements of both pro- and anti-virus orientation were taking shape: in 1990, a specialized BBS Virus Exchange, “The Little Black Book of Computer Viruses” by Mark Ludwig, and the first commercial antivirus Symantec Norton AntiVirus appeared.

In addition, monolithic viruses are largely giving way to complex malware with separation of roles and auxiliary tools (Trojans, downloaders/droppers, phishing sites, spambots and spiders). Social technologies - spam and phishing - are also flourishing as a means of infection that bypasses software security mechanisms.

At the beginning based Trojans, and with the development of p2p network technologies - and independently - the most modern type of viruses - botnet worms - is gaining momentum (Rustock, 2006, about 150 thousand bots; Conficker, 2008-2009, more than 7 million bots; Kraken, 2009, about . 500 thousand bots). Viruses, among other malware, are finally being formalized as a means of cybercrime.

Etymology of the name

The computer virus was named by analogy with biological viruses due to a similar mechanism of spread. Apparently, the word “virus” was first used in relation to a program by Gregory Benford in the science fiction story “The Scarred Man,” published in Venture magazine in May 1970.

The term “computer virus” was subsequently “discovered” and rediscovered more than once. Thus, the variable in the PERVADE() subroutine, the value of which determined whether the ANIMAL program would be distributed across the disk, was called VIRUS. Also, Joe Dellinger called his programs a virus, and this was probably what was first correctly labeled as a virus.

Formal definition

There is no generally accepted definition of a virus. In an academic environment, the term was used by Fred Cohen in his work “Experiments with Computer Viruses,” where he himself attributes the authorship of the term to Len Edleman.

Formally, the virus is defined by Fred Cohen with reference to the Turing machine as follows:

M: (S M , I M , O M: S M x I M > I M , N M: S M x I M > S M , D M: S M x I M > d)

with a given set of states S M, a set of input symbols I M and mappings (O M, N M, D M), which based on its current state s ∈ S M and input character i ∈ I M, read from a semi-infinite tape, determines: the output symbol o ∈ I M to write to tape, the next state of the machine s" ∈ S M and movements along the tape d ∈ (-1,0,1).

For this machine M, sequence of characters v: v i ∈ I M can be considered a virus if and only if the sequence is processed v at a point in time t, entails that at one of the following moments of time t, subsequence v′(not intersecting with v) exists on the tape, and this sequence v′ was recorded M at the point t′, lying between t And t″:

∀ C M ∀ t ∀ j: S M (t) = S M 0 ∧ P M (t) = j ∧ ( C M (t, j) … C M (t, j + |v| - 1)) = v ⇒ ∃ v" ∃ j" ∃ t" ∃ t": t< t" < t" ∧ {j" … j" +|v"|} ∩ {j … j + |v|} = ∅ ∧ { C M (t", j") … C M (t", j" + |v"| - 1)} = v" ∧ P M (t") ∈ { j" … j" + |v"| - 1 }

• t ∈ N number of basic “movement” operations performed by the machine
• P M ∈ N position number on the machine belt at a time t
• S M 0 initial state of the machine
• C M (t, c) cell contents c at a point in time t

This definition was given in the context of the viral set VS = (M, V)- a pair consisting of a Turing machine M and many character sequences V: v, v" ∈ V. From this definition It follows that the concept of a virus is inextricably linked with its interpretation in a given context, or environment.

It was shown by Fred Cohen that "any self-replicating sequence of symbols: singleton VS, according to which there are an infinite number VS, and not- VS, for which there are machines for which all sequences of characters are a virus, and machines for which no sequence of characters is a virus, makes it possible to understand when any finite sequence of characters is a virus for some machine.” He also provides evidence that in general the question of whether a given pair is (M, X) : X i ∈ I M virus, unsolvable (that is, there is no algorithm that could reliably identify all viruses), by the same means by which the unsolvability of the stopping problem is proven.

Other researchers have proven that there are types of viruses (viruses containing a copy of a program that catches viruses) that cannot be accurately identified by any algorithm.

Classification

Nowadays, there are many varieties of viruses, differing in the main method of distribution and functionality. If initially viruses were distributed on floppy disks and other media, now viruses spreading via the Internet dominate. The functionality of viruses, which they adopt from other types of programs, is also growing.

Does not currently exist unified system classification and naming of viruses (although an attempt to create a standard was made at the CARO meeting in 1991). It is customary to separate viruses:

Via the Internet, local networks and removable media.

Mechanism

Viruses spread by copying their body and ensuring its subsequent execution: introducing themselves into the executable code of other programs, replacing other programs, registering themselves in autorun, and more. A virus or its carrier can be not only programs containing machine code, but also any information containing automatically executed commands - for example, batch files and Microsoft Word and Excel documents containing macros. In addition, to penetrate a computer, a virus can use vulnerabilities in popular software (for example, Adobe Flash, Internet Explorer, Outlook), for which distributors inject it into ordinary data (pictures, texts, etc.) together with an exploit that uses vulnerability.

Channels

• Floppy disks. The most common channel of infection in the 1980-1990s. Now practically absent due to the emergence of more common and efficient channels and the lack of floppy drives on many modern computers.
• Flash drives (flash drives). Currently, USB flash drives are replacing floppy disks and repeating their fate - a large number of viruses are spread through removable drives, including digital cameras, digital video cameras, portable digital players, and since the 2000s, mobile phones, especially smartphones, have played an increasingly important role (mobile phones have appeared viruses). The use of this channel was previously primarily due to the ability to create a special file on the drive, autorun.inf, in which you can specify the program that Windows Explorer will launch when opening such a drive. In Windows 7, the ability to autorun files from portable media was disabled.
• Email . Usually viruses are in letters Email disguised as harmless attachments: pictures, documents, music, links to websites. Some letters may actually only contain links, that is, the letters themselves may not contain malicious code, but if you open such a link, you can get to a specially created website containing virus code. Many email viruses, once on a user's computer, then use the address book from the installed mail clients like Outlook for sending yourself further.
• Instant messaging systems. It is also common here to send links to supposedly photos, music or programs that are actually viruses via ICQ and other instant messaging programs.
• Web pages. Infection through Internet pages is also possible due to the presence of various “active” content on World Wide Web pages: scripts, ActiveX components. In this case, vulnerabilities in the software installed on the user’s computer or vulnerabilities in the site owner’s software are used (which is more dangerous, since respectable sites with a large flow of visitors are exposed to infection), and unsuspecting users who access such a site risk infecting their computer .
• Internet and local networks (worms). Worms are a type of virus that penetrates a victim computer without user intervention. Worms exploit so-called “holes” (vulnerabilities) in software operating systems to penetrate the computer. Vulnerabilities are errors and flaws in software that allow machine code to be downloaded and executed remotely, resulting in a worm virus entering the operating system and, as a rule, begins actions to infect other computers through local network or Internet. Attackers use infected user computers to send spam using code encryption and polymorphism. These techniques are often used together because in order to decrypt the encrypted part of the virus, the decryptor must be left unencrypted, allowing it to be detected by its signature. Therefore, to change the decryptor, polymorphism is used - a modification of the sequence of commands that does not change the actions performed. This is possible thanks to the very diverse and flexible command system of Intel processors, in which the same elementary action, for example, adding two numbers, can be performed by several sequences of commands.

  Prevention and treatment

  IN currently there are many antivirus programs, used to prevent viruses from entering the PC. However, there is no guarantee that they will be able to cope with the latest developments. Therefore, some precautions should be taken, in particular:

  1. Do not work under privileged accounts unless absolutely necessary. ( Account administrator on Windows)
  2. Do not run unfamiliar programs from dubious sources.
  3. Try to block the possibility of unauthorized changes to system files.
  4. Disable potentially dangerous system functionality (for example, autorun media in MS Windows, hiding files, their extensions, etc.).
  5. Do not go to suspicious sites, pay attention to the address in address bar browser.
  6. Use only trusted distributions.
  7. Constantly do backups important data, preferably on media that cannot be erased (for example, BD-R) and have a system image with all the settings for quick deployment.
  8. Perform regular updates to frequently used programs, especially those that ensure system security.