Ama-virus ahlalayo: ukuthi uyini nokuthi ungayichitha kanjani. Amagciwane wekhompyutha

Abasebenzisi abaningi baye babhekana nomqondo wegciwane le- computer. Yiqiniso, akubona abantu abaningi abazi ukuthi ukuhlukaniswa kwezinsongo ezisemqoka kubandakanya izigaba ezimbili ezinkulu: amagciwane angewona ahlala futhi ahlala khona. Sizoyeka ekilasini lesibili, ngoba abamele bayo abayingozi kunazo zonke, futhi ngezinye izikhathi ngisho nangenzuzo, ngisho nalapho ukwahlukana kwediski noma ukuhlelwa kwendlela kuhlelwa.

Yiziphi amagciwane ahlala kuyo?

Ngakho-ke, yini umsebenzisi okufanele abhekane nayo? Ukuze uthole incazelo ecacile yesakhiwo nemigomo yokusebenza kwalezi zinambuzane, kubalulekile ukuqala ngencazelo yalokho uhlelo oluhlala kulo lonke.

Kukholelwa ukuthi uhlobo olunjalo lwezinhlelo lufaka izicelo eziqhubekela phambili ngokuqhubekayo kwimodi yokuqapha, ngokucacile hhayi ukubonisa izenzo zabo (isibonelo, okufanayo okujwayelekile okulwa ne-anti-virus). Ngokuqondene nezinsongo ezingena emakhompyutheni ekhompiyutha, azigcini nje ngokuhlala njalo ememori yekhompuyutha, kodwa zakha iziqu zazo. Ngakho, amakhophi ama-virus ahlale eqapha uhlelo, futhi azungeze, okwenza kube nzima kakhulu ukuwathola. Ezinye izinsongo nazo ziyakwazi ukushintsha isakhiwo sabo, futhi ukutholakala kwabo okusekelwe ezindleleni ezivamile kungenakwenzeka. Ngemva kwesikhashana, sizobuka indlela yokususa amagciwane alolu hlobo. Okwamanje, ake sihlale ezinhlobonhlobo eziyinhloko zokusongela abahlala kuzo.

DOS izinsongo

Ekuqaleni, lapho ama-Windows- noma i-UNIX-like systems ayengabikho, futhi ukukhulumisana komsebenzisi nekhompiyutha kwenzeke ezingeni lomyalo, kwavela uhlelo lokusebenza lokusebenzisa i- "DOS", okwathi isikhathi eside ludlula ekuthandeni.

Futhi kwakungenxa yezinhlelo ezinjalo ezaqala ukudala izidakamizwa ezingezona izakhamuzi nezakhamuzi, izenzo ezaqale ziqondiswe ngokuphula ukusebenza komsebenzi noma ukususa amafayela omsebenzisi namafolda.

Isimiso sokwesabisa okunjalo, okungukuthi, esetshenziswa kabanzi, kuze kube manje, ukuthi banqamulela ukufinyelela kwefayela, bese bethola into ebizwa ngokuthi into. Noma kunjalo, iningi lalezi zingongelo eziyaziwayo zisebenza ngalolu hlobo. Kodwa ama-virus angena ohlelweni noma ngokudala imodemu ehlala ngendlela yomshayeli, ecaciswe efayeleni yokucushwa kwesistimu ye-Config.sys, noma ngokusebenzisa umsebenzi okhethekile we-KEEP ukuqapha ukuphazamiseka.

Isimo sibi nakakhulu uma amagciwane ahlala kulolu hlobo asebenzisa ukunikezwa kwezindawo zememori yesistimu. Isimo ukuthi okokuqala igciwane "liyakhipha" ingqikithi yenkumbulo yamahhala, bese ibonisa ukuthi le ndawo iyimatasa, bese igcina ikhophi yayo kuyo. Okudabukisayo kakhulu, kunamacala lapho amakhophi akhona kwimemori yevidiyo, ezindaweni ezigcinwe ebhodini lokunamathisela, nasematafuleni okuphazamisa ama-vectors, nasezindaweni zokusebenzela ze-DOS.

Konke lokhu kwenza amakhophi ezinsongo zegciwane aqiniseke kangangokuthi, ngokungafani namagciwane angewona ahlala lapho uhlelo oluthile lusebenza noma uhlelo lokusebenza lusebenza, luyakwazi ukuvuselelwa ngisho nangemva kokuqala kabusha. Ngaphezu kwalokho, uma ufinyelela into enesifo, igciwane liyakwazi ukudala ikhophi yalo ngisho naku-RAM. Ngenxa yalokho, ikhompiyutha iqhafaza ngokushesha . Njengoba sekuveziwe kakade, ukwelashwa kwamagciwane alolu hlobo kufanele kwenziwe ngosizo lwezinkinobho ezikhethekile, okungcono hhayi ezimilayo, kodwa eziphathekayo noma lezo ezingalayishwa kusuka kuma diski optical noma USB-carrier. Kodwa okuningi ngalokhu kamuva.

Ama-Boot Izinsongo

Ama-boot amagciwane angena ohlelweni ngendlela efanayo. Kodwa ziziphatha, njengoba zisho, ngokumnandi, kuqala "ukudla" inkumbulo yesistimu (ngokuvamile 1 KB, kodwa ngezinye izikhathi lesi sibalo singakwazi ukufinyelela ku-30 KB), bese ubhalisa ikhodi yayo njengekhophi, emva kwalokho iqala ukufuna ukuqala kabusha. Lokhu kubhekene nemiphumela emibi, ngoba ngemva kokuqala kabusha igciwane libuyisela imemori encishisiwe kusayizi langempela, futhi ikhophi yayo ingaphandle kwememori yesistimu.

Ngaphandle kokuphazamiseka kokuqapha, ama-virus anjalo akwazi ukubeka amakhodi awo kumkhakha we-boot (irekhodi le-MBR). Imikhuba ye-BIOS ne-DOS isetshenziswa kaningi, kanti amagciwane alayishwa kanye kuphela, ngaphandle kokuhlola ukuthi kukhona ikhophi yalo.

Ama-virus ngaphansi kwe-Windows

Ngokufika kwama-Windows based systems, ukuthuthukiswa kwegciwane kufinyelele ezingeni elisha, ngeshwa. Namuhla iWindows yanoma yiluphi uhlobo olubhekwa njengoluhlelo olusengozini kakhulu, naphezu kwemizamo eyenziwe ochwepheshe be-Microsoft emkhakheni wokuthuthukiswa kwamamojula okuphepha.

Ama-virus awenzelwe i-Windows, sebenzisa ngemigomo efana nezingozi ze-DOS, kodwa kunezindlela eziningi zokungena kukhompyutha. Kokuvamile, kunezinto ezintathu eziyinhloko, ngokusho ukuthi igciwane linganikeza ikhodi yalo ohlelweni:

• Ukubhalisa igciwane njengesicelo esisebenza njengamanje;
• Ukunikezwa kwebhokisi lememori bese urekhoda kukho ikhophi yakhe;
• Sebenzisa ohlelweni ngaphansi kokushayela umshayeli we-VxD noma ukuguqula njengomshayeli we-Windows NT.

Amafayela aphethwe noma izindawo zenkumbulo yesistimu, ngokuyinhloko, angelashwa ngezindlela ezijwayelekile ezisetshenziselwa ukuskena i-antivirus (ukutholakala nge-virus mask, ukuqhathanisa nolwazi lwesignesha, njll). Kodwa-ke, uma kusetshenziselwa izinhlelo zokukhululeka ezingenamahloni, azikwazi ukuthola igciwane, futhi ngezinye izikhathi ngisho nokunikeza inkohliso engamanga. Ngakho-ke, i-ray isebenzisa izinsiza eziphathekayo ezifana noDokotela Web (ikakhulukazi, uDkt Web CureIt!) Noma imikhiqizo yeKaspersky Lab. Noma kunjalo, namuhla ungathola okuningi okusizayo kwalolu hlobo.

Ama-macro

Ngaphambi kwethu kukhona olunye uhlobo lwesongo. Igama livela egameni elithi "macro", okungukuthi, i-applet esebenzayo noma isengezo esetshenziswa kwabanye abahleli. Akumangazi ukuthi igciwane lenziwa uma uhlelo luqalisiwe (iZwi, Excel, njll), ukuvula idokhumenti yehhovisi, ukuliphrinta, ukubiza izinto zezinto, nokunye.

Izinsongo ezinjalo ngendlela ye-macros yesistimu ziyakhumbula konke isikhathi somsebenzi womhleli. Kodwa ngokujwayelekile, uma sicabangela umbuzo wokukhipha amagciwane alolu hlobo, isixazululo silula. Kwezinye izimo, ngisho nokukhubazeka okujwayelekile kokungeza noma ukwenza ama-macros kumhleli ngokwawo kusiza, kanye nokusetshenziswa kokuvikelwa kwe-antivirus ye-applets, ukungasho ukuskena okusheshayo kwesistimu ngama-anti-virus amaphakheji.

Ama-virus asekelwe ku-tekhnoloji ye-stealth

Manje ake sibheke ama-masking virus, ngoba aziwa ngegama lawo kusukela ezindiza engabonakali.

Okubalulekile kokusebenza kwabo ngokuqondile ukuthi benza sengathi bayisistimu, futhi ukuwachaza ngezindlela ezijwayelekile ngezinye izikhathi kuyinkinga enzima kakhulu. Phakathi kwezinsongo ezinjalo zingatholakala futhi amagciwane amakhulu, nezinsongo zokuqala, ne-DOS-virus. Kukholelwa ukuthi kuma-Windows, ama-stealth ama-stealth azange akhiwe, nakuba ochwepheshe abaningi bethi lokhu kuyindaba nje yesikhathi.

Izinhlobo zefayela

Ngokuvamile, wonke amagciwane angabizwa ngokuthi amafayela wefayili, ngoba ngandlela-thile ayithinta uhlelo lwefayili futhi ayithinte amafayela, noma awamthelele ngekhodi yawo, noma ngabe ayibhala, noma ayitholakali ngenxa yenkohlakalo noma ukususwa.

Izibonelo ezilula kunazo zonke ama-virtual cryptographic (ama-extortionists), kanye ne-Famous I Love You. Ngabo ngaphandle kokukhethwa okukhethekile okukhishwa, ukuphathwa kwamagciwane akuyona into enzima, kodwa ngokuvamile ayinakwenzeka. Ngisho nokuthuthukiswa kwe-software ye-anti-virus kungenwa amandla, ngoba, ngokungafani nezinqubo zokubethela ze-AES256 zanamuhla, ubuchwepheshe be-AES1024 busetshenziswa lapha. Uyakwazi ukuthi ukukhipha isinqumo kungathatha iminyaka engaphezu kwengu-12, ngokususelwa kwinani lezinketho ezingakhona zekhiye.

Izinsongo ze-polymorphic

Okokugcina, olunye uhlobo lokusongela, lapho kusetshenziselwa khona ubuciko be-polymorphism. Kuyini? Iqiniso lokuthi amagciwane aguqula ikhodi yawo siqu, futhi lokhu kwenziwa ngesisekelo sekhiye okuthiwa ihamba.

Ngamanye amazwi, awukwazi ukuchaza usongo nge-mask, ngoba, njengoba ubona, akukona kuphela isakhiwo esisekelwe kukhodi eshintshiwe, kodwa futhi nesihluthulelo sokumiswa kabusha. Ukubhekana nezinkinga ezinjalo, kusetshenzisiwe izinqumo ezikhethekile ze-polymorphic (decrypters). Kodwa-ke, njengoba umkhuba ubonisa, bayakwazi ukucacisa kuphela amagciwane alula kakhulu. Ukuhlelwa kwezinto eziyinkimbinkimbi kakhulu, ama-alas, ezimweni eziningi, imiphumela yabo ayinakusiza. Ngokuhlukile kuyadingeka ukusho ukuthi ukushintsha ikhodi yezinambuzane ezinjalo kuhambisana nokudala amakhophi ngobude obuncishisiwe, obungase buhluke kusukela ekuqaleni kakhulu.

Indlela yokubhekana nezinsongo zokuhlala

Okokugcina, siphenduka enkingeni yokubhekana namagciwane ahlalayo futhi sivikele izinhlelo zekhompyutha kwanoma iyiphi inkimbinkimbi. Indlela elula yokuzivikela ukufakwa kwephavaji ye-antivirus ephelele, ukusebenzisa kuphela izinhlelo ezingenayo, kodwa izinguquko okungenani zezinguquko ezisuka kubathuthukisi njengeDokotela Web, Kaspersky Anti-Virus, ESET NOD32 noma izinhlelo ezifana ne-Smart Security, Uma umsebenzisi esebenza njalo nge-intanethi.

Kodwa-ke, kulokhu, akekho okhunjulwa yiqiniso lokuthi ukusongela akungena ngaphakathi kwikhompyutha. Uma kunjalo, okokuqala udinga ukusebenzisa ama-scanner aphathekayo, nokusetshenziswa okungcono kwe-Disk utilities Rescue Disk. Ngosizo lwabo, ungalanda i-interface yomsebenzi bese uskena ngaphambi kokuqala kwesistimu yokusebenza eyinhloko (amagciwane angadala futhi agcine amakhophi awo ohlelweni ngisho naku-RAM).

Futhi ngaphezulu: akunconywa ukusebenzisa isofthiwe efana ne-SpyHunter, khona-ke kuyoba nzima ukukhipha iphakheji ngokwayo kanye nezinsimbi zayo ezihambisana nomsebenzisi ongekho emthethweni. Futhi, yiqiniso, ungasusi ngokushesha amafayela aphethwe noma zama ukufometha i-hard drive. Kungcono ukushiye ukwelashwa kumikhiqizo ye-anti-virus.

Isiphetho

Kuhlala ukufaka ukuthi izici eziyinhloko kuphela eziphathelene namagciwane ahlalayo nezindlela zokulwa nazo zibhekwa ngenhla. Ngemuva kwalokho, uma ubheka izinsongo zekhompiyutha, ngokusho, ngomqondo womhlaba wonke, usuku ngalunye kunombalwa omkhulu kubo abathuthukisi bamathuluzi okuphepha abanayo isikhathi sokuza nezindlela ezintsha zokulwa nalezi zinhlekelele.