82     Chapter 2 • General Security Concepts: Attacks

             they report it to the software vendor, who typically works on quickly developing a
             fix to the flaw.The vulnerability (without an exploit) is reported once a fix has
             been found and is available.Although there are exceptions to the rule, this is stan-
             dard operating procedure. However, if the flaw is discovered by hackers, it is pos-
             sible than an exploit is developed and disseminated through the hacking
             community before the vendor is aware of the flaw or a patch is developed. Such an
             exploit is called a zero-day attack, because there is no warning before the attack can
             take place.The best defenses against zero-day attacks are security devices that can
             detect attacks without the need for attack signatures.

             Viruses

             A computer virus is defined as a self-replicating computer program that interferes
             with a computer’s hardware, software or OS.Viruses are designed to replicate and to
             elude detection. Like any other computer program, a virus must be executed to
             function (it must be loaded into the computer’s memory) and then the computer
             must follow the virus’s instructions.Those instructions constitute the payload of the
             virus.The payload may disrupt or change data files, display a message, or cause the
             OS to malfunction.
                 Using that definition, let’s explore in more depth exactly what a virus does and
             what its potential dangers are.Viruses spread when the instructions (executable
             code) that run programs are transferred from one computer to another.A virus can
             replicate by writing itself to floppy disks, hard drives, legitimate computer pro-
             grams, across the local network, or even throughout the Internet.The positive side
             of a virus is that a computer attached to an infected computer network or one that
             downloads an infected program does not necessarily become infected. Remember,
             the code has to actually be executed before your machine can become infected.
             However, chances are good that if you download a virus to your computer and do
             not explicitly execute it, the virus may contain the logic to trick your OS into
             running the viral program. Other viruses exist that have the ability to attach them-
             selves to otherwise legitimate programs.This could occur when programs are cre-
             ated, opened, or even modified.When the program is run, so is the virus.
                 Let’s take a closer look at the different categories that a virus could fall under
             and the definitions of each:

                  ■   Parasitic Parasitic viruses infect executable files or programs in the com-
                      puter.This type of virus typically leaves the contents of the host file
                      unchanged, but appends to the host in such a way that the virus code is
                      executed first.



          www.syngress.com