A multipartite virus, Crimeware and Cryptovirology

A multipartite virus is a computer virus that infects and spreads in multiple ways. The term was coined to describe the first viruses that included DOS executable files and PC BIOS boot sector virus code, where both parts are viral themselves. For a complete cleanup, all parts of the virus must be removed. The term was coined, as prior to the discovery of the first of these, viruses were categorized as either file infectors or boot infectors. Because of the multiple vectors for the spread of infection, these viruses could spread faster than a boot or file infector alone.

Crimeware is a class of malware designed specifically to automate cybercrime.^[1] The term was coined by Peter Cassidy, Secretary General of the Anti-Phishing Working Group to distinguish it from other kinds of malevolent programs.^{[citation needed]}

Crimeware (as distinct from spyware, adware, and malware) is designed (through social engineering or technical stealth) to perpetrate identity theft in order to access a computer user's online accounts at financial services companies and online retailers for the purpose of taking funds from those accounts or completing unauthorized transactions that enrich the thief controlling the crimeware. Crimeware also often has the intent to export confidential or sensitive information from a network for financial exploitation. Crimeware represents a growing problem in network security as many malicious code threats seek to pilfer confidential information.

Cryptovirology is a field that studies how to use cryptography to design powerful malicious software. The field was born with the observation that public key cryptography can be used to break the symmetry between what an antivirus analyst sees regarding a virus and what the virus writer sees. The former only sees a public key whereas the latter sees a public key and corresponding private key. The first attack that was identified in the field is called "cryptoviral extortion"^[1]. In this attack a virus, worm, or trojan hybrid encrypts the victim's files and the user must pay the malware author to receive the needed session key (which is encrypted under the author's public key that is contained in the malware) if the user does not have backups and needs the files back.

The field also encompasses covert attacks in which the attacker secretly steals private information such as private keys. An example of the latter type of attack are asymmetric backdoors. An asymmetric backdoor is a backdoor (e.g., in a cryptosystem) that can be used only by the attacker, even after it is found. This contrasts with the traditional backdoor that is symmetric, i.e., anyone that finds it can use it. Kleptography, a subfield of cryptovirology, is concerned with the study of asymmetric back doors in key generation algorithms, digital signature algorithms, key exchanges, and so on.

Wikipedia.org

Computer virus

A computer virus is a computer program that can copy itself and infect a computer without the permission or knowledge of the owner. The term "virus" is also commonly but erroneously used to refer to other types of malware, adware, and spyware programs that do not have the reproductive ability. A true virus can only spread from one computer to another (in some form of executable code) when its host is taken to the target computer; for instance because a user sent it over a network or the Internet, or carried it on a removable medium such as a floppy disk, CD, DVD, or USB drive. Viruses can increase their chances of spreading to other computers by infecting files on a network file system or a file system that is accessed by another computer.^[1][2]

The term "computer virus" is sometimes used as a catch-all phrase to include all types of malware. Malware includes computer viruses, worms, trojan horses, most rootkits, spyware, dishonest adware, crimeware, and other malicious and unwanted software), including true viruses. Viruses are sometimes confused with computer worms and Trojan horses, which are technically different. A worm can exploit security vulnerabilities to spread itself to other computers without needing to be transferred as part of a host, and a Trojan horse is a program that appears harmless but has a hidden agenda. Worms and Trojans, like viruses, may cause harm to either a computer system's hosted data, functional performance, or networking throughput, when they are executed. Some viruses and other malware have symptoms noticeable to the computer user, but many are surreptitious.

Most personal computers are now connected to the Internet and to local area networks, facilitating the spread of malicious code. Today's viruses may also take advantage of network services such as the World Wide Web, e-mail, Instant Messaging, and file sharing systems to spread.

Wikipedia.org

CARA MENGEMBALIKAN FILE/FOLDER YANG DISEMBUNYIKAN OLEH VIRUS

Ini biasanya terjadi pada Flash Disk. Setiap membuka folder ia akan kembali ke folder tersebut untuk  membuka folder lainnya, dan foldernya selalu kosong. Setelah di scan dengan AVG Free edition + update terbaru, maka akan ditemukan banyak virus, dan virus-virus itu menduplikasi dirinya dengan ICON dan nama folder yang bersangkutan, sehingga ketika membuka folder sebenarnya malah akan menjalankan virusnya. Sedangkan folder aslinya disembunyikan (hidden).

 

Untuk menampilkan folder yang disembunyikan, tidak cukup dengan melalui Folder option → View→ Show hidden files and folder,tetapi harus menghilangkan tanda cek (√ ) pada kotak disebelah kiri " Hide protected operating system files (Recommended )". Namun kadang menu ini dihilangkan oleh virus sehingga kita tidak bisa mengubahnya.

 

Setelah folder ditampilkan, icon akan tampak samar-samar yang menunjukan File/Folder di-hidden. Jika di klik kanan, kemudian pilih Properties, maka opsi Hidden tidak akan bisa diubah (karena Hidden system).

 

Untuk menampilkannya lagi bisa dilakukan langkah berikut :

1.      Buka Command Prompt dengan cara berikut ini :

Klik Start → All Program → Accessories → Command Prompt atau

Klik Start → Run, kemudian cmd atau command

 

2.      Cari dimana folder yang disembunyikan.

3.      ketik perintah ATTRIB *.* -s –h –r /s/d

4.      keterangan mengenai perintah itu, ketik ATTRIB/?

 

selamat mencoba semoga berhasil ……………………………………

Mediakita 2009/