Compression virus

Last updated

A compression virus is an example of a benevolent computer virus, invented by Fred Cohen. It searches for an uninfected executable file, compresses the file and prepends itself to it. The virus can be described in pseudo code [1]

program compression-virus:= {01234567;  subroutine infect-executable:=  {loop:file = get-random-executable-file;  if first-line-of-file = 01234567 then goto loop;  compress file;  prepend compression-virus to file;  }  main-program:=  {if ask-permission then infect-executable;  uncompress the-rest-of-this-file into tmpfile;  run tmpfile;} } 

The 01234567 is the virus signature, and is used to make sure (if first-line-of-file = 01234567) the file is not already infected. The virus then asks for permission (ask-permission) to infect a random executable (get-random-executable-file). If the permission is granted, it compresses the executable (infect-executable), prepends itself to it (prepend), uncompresses the current executable file (uncompress the-rest-of-this-file) into a temporary file (tmpfile) and runs it (run tmpfile).

Cruncher is an example of a compression virus, [2] a strain of which – Cruncher.2092 [3] – is described by McAfee as memory-resident virus that infects all but small com files, making them smaller. The reason for excluding small programs is that their infected versions will be bigger than their originals.

Related Research Articles

Lossless compression is a class of data compression that allows the original data to be perfectly reconstructed from the compressed data with no loss of information. Lossless compression is possible because most real-world data exhibits statistical redundancy. By contrast, lossy compression permits reconstruction only of an approximation of the original data, though usually with greatly improved compression rates.

<span class="mw-page-title-main">Malware</span> Malicious software

Malware is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, deprive access to information, or which unknowingly interferes with the user's computer security and privacy. Researchers tend to classify malware into one or more sub-types.

ZIP is an archive file format that supports lossless data compression. A ZIP file may contain one or more files or directories that may have been compressed. The ZIP file format permits a number of compression algorithms, though DEFLATE is the most common. This format was originally created in 1989 and was first implemented in PKWARE, Inc.'s PKZIP utility, as a replacement for the previous ARC compression format by Thom Henderson. The ZIP format was then quickly supported by many software utilities other than PKZIP. Microsoft has included built-in ZIP support in versions of Microsoft Windows since 1998 via the "Plus! 98" addon for Windows 98. Native support was added as of the year 2000 in Windows ME. Apple has included built-in ZIP support in Mac OS X 10.3 and later. Most free operating systems have built in support for ZIP in similar manners to Windows and Mac OS X.

compress is a Unix shell compression program based on the LZW compression algorithm. Compared to more modern compression utilities such as gzip and bzip2, compress performs faster and with less memory usage, at the cost of a significantly lower compression ratio.

In computing, polymorphic code is code that uses a polymorphic engine to mutate while keeping the original algorithm intact - that is, the code changes itself every time it runs, but the function of the code will not change at all. For example, the simple math expressions 3+1 and 6-2 both achieve the same result, yet run with different machine code in a CPU. This technique is sometimes used by computer viruses, shellcodes and computer worms to hide their presence.

<span class="mw-page-title-main">Antivirus software</span> Computer software to defend against malicious computer viruses

Antivirus software, also known as anti-malware, is a computer program used to prevent, detect, and remove malware.

Utility software is software designed to help analyze, configure, optimize or maintain a computer. It is used to support the computer infrastructure - in contrast to application software, which is aimed at directly performing tasks that benefit ordinary users. However, utilities often form part of the application systems. For example, a batch job may run user-written code to update a database and may then include a step that runs a utility to back up the database, or a job may run a utility to compress a disk before copying files.

Ada is a computer virus that can affect any of the DOS operating systems. Ada was first discovered in 1991.

Win32/Simile is a metamorphic computer virus written in assembly language for Microsoft Windows. The virus was released in its most recent version in early March 2002. It was written by the virus writer "Mental Driller". Some of his previous viruses, such as Win95/Drill, have proved very challenging to detect.

Executable compression is any means of compressing an executable file and combining the compressed data with decompression code into a single executable. When this compressed executable is executed, the decompression code recreates the original code from the compressed code before executing it. In most cases this happens transparently so the compressed executable can be used in exactly the same way as the original. Executable compressors are often referred to as "runtime packers", "software packers", "software protectors".

Frederick B. Cohen is an American computer scientist and best known as the inventor of computer virus defense techniques. He gave the definition of "computer virus". Cohen is best known for his pioneering work on computer viruses, the invention of high integrity operating system mechanisms now in widespread use, and automation of protection management functions.

Alabama is a computer virus, discovered in October 1989 on the campus of the Hebrew University of Jerusalem.

CTX is a computer virus created in Spain in 1999. CTX was initially discovered as part of the Cholera worm, with which the author intentionally infected with CTX. Although the Cholera worm had the capability to send itself via email, the CTX worm quickly surpassed it in prevalence. Cholera is now considered obsolete, while CTX remains in the field, albeit with only rare discoveries.


The Vundo Trojan is either a Trojan horse or a computer worm that is known to cause popups and advertising for rogue antispyware programs, and sporadically other misbehavior including performance degradation and denial of service with some websites including Google and Facebook. It also is used to deliver other malware to its host computers. Later versions include rootkits and ransomware.

A computer virus hoax is a message warning the recipients of a non-existent computer virus threat. The message is usually a chain e-mail that tells the recipients to forward it to everyone they know, but it can also be in the form of a pop-up window.

<span class="mw-page-title-main">Self-extracting archive</span>

A self-extracting archive is a computer executable program which contains compressed data in an archive file combined with machine-executable program instructions to extract this information on a compatible operating system and without the necessity for a suitable extractor to be already installed on the target computer. The executable part of the file is known as a decompressor stub.

SQ (squeeze) is a computer program, devised by Richard (Dick) Greenlaw circa 1981, which was used in the early 1980s on both DOS and CP/M computer systems to compress files so they use less space.

RavMonE, also known as RJump, is a Trojan that opens a backdoor on computers running Microsoft Windows. Once a computer is infected, the virus allows unauthorized users to gain access to the computer's contents. This poses a security risk for the infected machine's user, as the attacker can steal personal information, and use the computer as an access point into an internal network.

<span class="mw-page-title-main">Computer virus</span> Computer program that modifies other programs to replicate itself and spread

A computer virus is a type of computer program that, when executed, replicates itself by modifying other computer programs and inserting its own code into those programs. If this replication succeeds, the affected areas are then said to be "infected" with a computer virus, a metaphor derived from biological viruses.

Uncompressed video is digital video that either has never been compressed or was generated by decompressing previously compressed digital video. It is commonly used by video cameras, video monitors, video recording devices, and in video processors that perform functions such as image resizing, image rotation, deinterlacing, and text and graphics overlay. It is conveyed over various types of baseband digital video interfaces, such as HDMI, DVI, DisplayPort and SDI. Standards also exist for the carriage of uncompressed video over computer networks.

References

  1. "Fred Cohen & Associates". all.net.
  2. Mark A. Ludwig 1995, Giant Black Book of Computer Viruses p.10
  3. "McAfee article on Cruncher.2092, read Characteristics". Archived from the original on 2010-08-23. Retrieved 2009-07-29.