Easy virus detection tutorial by Mohammad Hossein Jazayeri, published by Barg Zaytoun: Naghsh Simorgh Publications.
History of computer virus
A virus was a program that could affect other computer programs and modify them to contain a copy of the virus. The following year, Mr. Cohen revised his definition, saying that a computer virus, not just a virus, could be transmitted through a computer system or network that uses infected programs.
Any program that is infected can act like a virus, and thus the infection will grow rapidly.
With this explanation, we understand that viruses infect program files. But viruses can often infect certain types of files, and this infection is more likely, especially for files that are executable or that their contents support execution, such as files created in Microsoft Office programs that contain macros. .
As the capabilities of programs increased, this definition was changed and it was gradually observed that there are viruses that behave similarly to infected data files but practically do not support the executable capabilities of the files. Adobe PDF files, for example, are widely used for document sharing, and JPG files in images are widely used.
In both cases the virus can penetrate while neither of them are executable files, and this changed the previous definition. On the other hand, the data file may not be affected by itself, but it allows virus code to work.
In particular, the weaknesses of some products can make it possible for data files to be manipulated in such a way that the main program (HOST) is disabled and malicious code enters the system at this point. In this way, viruses were no longer just infected files, and the definition that “Fred Cohen” originally gave, also changed like viruses. In the new definition of virus, it should be said:
A virus infects other files (either programs or data). In contrast, viruses are computer worms that are malicious programs that, instead of infiltrating legitimate and known files, infect themselves from one system to another. Copy another system. In other words, there is no need for a cover program.
For example, a bulk email cream can send copies of itself via email. A network worm can reproduce from within a network, and an Internet worm can copy copies of itself from within the reach of computers connected to the Internet.
Trojan is another type of sabotage that usually does something that is not intended by the user or user and is often considered sabotage. Trojans are often in the form of remote access programs that commit crimes such as stealing a password or turning a computer into a target for hackers.
A DOS or Denial of Service attack is a form of sending a barrage of data to a computer and causing too much traffic or giving instructions to the computer in such a way that it is paralyzed and unable to do anything. This is one of the characteristics of Trojans. When several machines attack this type of attack together, it is called DDOS or Distributed Denial of Service attack.
While obsessive people insist that the virus-worm-trojan are inseparable, many people think it’s better to tell everyone: virus. At the same time, terms such as malware or malicious can be used for all of these and may end discussions, if they do not create a new discussion.
But the term Malware is more useful when you get involved in spyware attacks, adware bombings, or theft, than to describe a virus, worm, or trojan. Therefore, malware can refer to any program, file or code that performs malicious acts on that computer without the permission and knowledge of the computer owner.
This is the exact opposite of Sneakyware, which refers to any program, file or code that a user agrees to install and run on their computer without knowing what the real meaning of the above installation and execution is and what awaits it. The best example of Sneakyware is a friendly greeting card that tricks you into using a greeting card to force you to choose yes without reading the agreement. By doing so, you have agreed to send the same email to all the people listed in your computer’s address field.
2- Introducing the book in Aparat