computer science crazy|
Joined: Dec 2008
22-09-2008, 10:23 AM
A computer virus is a self-replicating program containing code that explicitly copies itself and that can "infect" other programs by modifying them or their environment such that a call to an infected program implies a call to a possibly evolved copy of the virus.
These software "pranks" are very serious; they are spreading faster than they are being stopped, and even the least harmful of viruses could be life-threatening. For example, in the context of a hospital life-support system, a virus that "simply" stops a computer and displays a message until a key is pressed, could be fatal. Further, those who create viruses can not halt their spread, even if they wanted to. It requires a concerted effort from computer users to be "virus-aware", rather than continuing the ambivalence that has allowed computer viruses to become such a problem.
Computer viruses are actually a special case of something known as "malicious logic" or "malware".
Consider the set of programs which produce one or more programs as output. For any pair of programs p and q, p eventually produces q if and only if p produces q either directly or through a series of steps (the "eventually produces" relation is the transitive closure of the "produces" relation.) A viral set is a maximal set of programs V such that for every pair of programs p and q in V, p eventually produces q, and q eventually produces p. ("Maximal" here means that there is no program r not in the set that could be added to the set and have the set still satisfy the conditions.) For the purposes of this paper, a computer virus is a viral set; a program p is said to be an instance of, or to be infected with, a virus V precisely when p is a member of the viral set V. A program is said to be infected simpliciter when there is some viral set V of which it is a member. A program which is an instance of some virus is said to spread whenever it produces another instance of that virus. The simplest virus is a viral set that contains exactly one program, where that program simply produces itself. Larger sets represent polymorphic viruses, which have a number of different possible forms, all of which eventually produce all the others.
Use Search at http://topicideas.net/search.php wisely To Get Information About Project Topic and Seminar ideas with report/source code along pdf and ppt presenaion
Active In SP
Joined: Mar 2010
16-03-2010, 07:11 AM
computer virus.docx (Size: 112.6 KB / Downloads: 198)
A computer virus is a specially developed program that can copy itself and infect the computer system and harms your files in the system without the permission of Administrator. Now a days most commonly the term "virus" is used to refer to other types of malware, adware, and spyware programs that do not have the reproductive ability. Virus will be spread from one computer to another we transfer files via CD, DVD, USB etc. Virus will affect the performance of the computer system and slows down the PC to great extent.
Youâ„¢ve heard about them. Youâ„¢ve read the news reports about the number of incidents reported,
and the amount of damage they inflict. Maybe youâ„¢ve even experienced one firsthand. And if
you havenâ„¢t, count yourself fortunate.
Computer viruses are realâ€and theyâ„¢re costly.
Springing up seemingly from nowhere, spreading like wildfire, computer viruses attack computer
systems large and small, damaging files and rendering computers and networks unusable.
They proliferate through e-mail, Internet file downloads, and shared diskettes. And they donâ„¢t
play favorites; your home computer is just as likely as a Fortune 500 companyâ„¢s network to experience
This first section of the book is about protecting your computer from these destructive virus
programs. Read this chapter to learn more about the background of computer viruses; then proceed
to the following chapters to learn how to avoid and recover from specific types of virus attacks.
The Dangers of Computer Viruses
Not a month goes by without another big-time virus scare.
Tens of millions of computers are infected by computer viruses every year. In 2001, 2.3 million
computers were infected by the SirCam virus, and another million computers were hit by
CodeRed. Even worse, the LoveLetter virus hit an estimated 45 million computersâ€on a single
day in 2000.
ICSA Labs (icsalabs.com), a leading provider of security research, intelligence, and
certification, found that the rate of virus infection in North America in 2001 was 113 infections
per 1000 computersâ€meaning that more than 10% of all computers they surveyed had been hit
by a virus. And this rate is increasing; ICSA says that the likelihood of contracting a computer
virus has doubled for each of the past five years.
Viruses hit the corporate world especially hard; a single infected computer can spread the
virus among the entire corporate network. McAfee.com (mcafee.com), a company specializing
in virus protection, estimates that two-third of U.S. companies are attacked by viruses each
year. A third of those companies reported that viruses knocked out their servers for an average of
5.8 hours per infection, and 46% of the companies required more than 19 days to completely
recover from the virus incident.
These incidents come with a heavy cost. The research firm Computer Economics (www
.computereconomics.com) estimates that companies spent $10.7 billion to recover from virus
attacks in 2001. Technology magazine The Industry Standard (thestandard.com) puts the
cost much higher, at upwards of $266 billion. Whatever the real number, itâ„¢s clear that computer
viruses are costly to all concernedâ€in terms of both money and the time required to clean up
Just look at the costs inflicted by individual viruses. For example, Computer Economics estimates
that the Nimda virus alone cost companies $590 million in cleanup costs; CodeRed and
LoveLetter were even more costly, running up costs of $2.6 billion apiece.
To an individual company, these costs can be staggering. ICSA Labs estimates that virus
cleanup costs large companies anywhere from $100,000 to $1 million each per year.
Thatâ„¢s real money.
Unfortunately, this problem doesnâ„¢t look like itâ„¢s going to go away. In fact, the problem just
keeps getting worse. To date, more than 53,000 different viruses have been identified and cataloguedâ€
with another half-dozen or so appearing every day.
Just what is it about computer viruses that makes them so deadlyâ€and so easily spread
How Computer Viruses Work
As youâ„¢ll see in the next section, the term virus was applied to this type of software very early in
its history. Itâ„¢s an apt metaphor, because a computer virus is, in many ways, similar to the biological
viruses that attack human bodies.
A biological virus isnâ„¢t truly a living, independent entity; as biologists will tell you, a virus is
nothing more than a fragment of DNA sheathed in a protective jacket. It reproduces by injecting its
DNA into a host cell. The DNA then uses the host cellâ„¢s normal mechanisms to reproduce itself.
A computer virus is like a biological virus in that it also isnâ„¢t an independent entity; it must
piggyback on a host (another program or document) in order to propagate.
Many viruses are hidden in the code of legitimate software programsâ€programs that have
been infected, that is. These viruses are called file infector viruses, and when the host program
is launched, the code for the virus is also executed, and the virus loads itself into your computerâ„¢s
memory. From there, the virus code searches for other programs on your system that it can
infect; if it finds one, it adds its code to the new program, which, now infected, can be used to
infect other computers.
This entire process is shown in Figure 1.1.
Figure 1.1 How a virus infects your computer
If all a virus did was copy itself to additional programs and computers, there would be little
harm done, save for having all our programs get slightly larger (thanks to the virus code). Unfortunately,
most viruses not only replicate themselves, they also perform other operationsâ€many
of which are wholly destructive. A virus might, for example, delete certain files on your computer.
It might overwrite the boot sector of your hard disk, making the disk inaccessible. It might write
messages on your screen, or cause your system to emit rude noises. It might also hijack your
e-mail program and use the program to send itself to all your friends and colleagues, thus replicating
itself to a large number of PCs.
Viruses that replicate themselves via e-mail or over a computer network cause the subsidiary
problem of increasing the amount of Internet and network traffic. These fast-replicating virusesâ€
called wormsâ€can completely overload a company network, shutting down servers and forcing
tens of thousands of users offline. While no individual machines might be damaged, this type of
communications disruption can be quite costly.
As you might suspect, most viruses are designed to deliver their payload when theyâ„¢re first
executed. However, some viruses wonâ„¢t attack until specifically prompted, typically on a predetermined
date or day of the week. They stay on your system, hidden from sight like a sleeper
agent in a spy novel, until theyâ„¢re awoken on a specific date; then they go about the work they
were programmed to do.
In short, viruses are nasty little bits of computer code, designed to inflict as much damage
as possible, and to spread to as many computers as possibleâ€a particularly vicious combination.
The History of Computer Viruses
Where, exactly, do computer viruses come from To answer that question, itâ„¢s helpful to examine
the history of computer viruses.
Technically, the concept of a computer virus was first imagined in 1949, well before computers
became commonplace. In that year, computer pioneer John von Neumann wrote a paper
titled Theory and Organization of Complicated Automata. In this paper, von Neumann postulated
that a computer program could be self-replicatingâ€and thus predicted todayâ„¢s self-replicating
The theories of von Neumann came to life in the 1950s, at Bell Labs. Programmers there
developed a game called Core Wars, where two players would unleash software organisms
into the mainframe computer, and watch as the competing programs would vie for control of the
machineâ€just as viruses do today.
In the real world, computer viruses came to the fore in the early 1980s, coincident with the
rise of the very first personal computers. These early viruses were typically spread by users sharing
programs and documents on floppy disks; a shared floppy was the perfect medium for spreading
The first virus in the wild, as they say, infected Apple II floppy disk in 1981. The virus went
by the name of Elk Cloner, and didnâ„¢t do any real damage; all it did was display a short rhyme
It will get on all your disks
It will infiltrate your chips
Yes itâ„¢s Cloner!
It will stick to you like glue
It will modify ram too
Send in the Cloner!
At the time, Elk Cloner wasnâ„¢t identified as a virus, because the phrase computer virus had
yet to be coined. That happened in 1983, when programmer Len Adleman designed and demonstrated
the first experimental virus on a VAX 11/750 computer. From Adlemanâ„¢s lab to the real
world was but a short step.
In 1986, the Brain virus became the first documented file infector virus for MS-DOS computers.
That same year, the first PC-based Trojan horse was released, disguised as the thenpopular
shareware program PC Write.
From there, things only went downhill, with the popularity of computer bulletin board services
(BBSs) helping to spread viruses beyond what was previously physically possible. BBSs were
the online precursors to the Internet; users could use their low-speed modems to dial into public
and private BBSs, both to exchange messages and to download files. As any Monday-morning
quarterback could predict, there were viruses hiding among the standard utilities and applications
that users downloaded, thus facilitating the spread of those viruses.
To make things worse, in 1990 the first BBS specifically for virus writers was created. This
virus exchange BBS, housed on a computer in Bulgaria, provided a means for virus writers to
exchange virus code and learn new tricks.
Computer viruses hit the big time in 1992, when the Michelangelo virus hit. Michelangelo
was one of the first viruses to spread worldwide, and garnered much media attention. Fortunately,
its bark was worse than its bite, and little actual damage occurred.
NOTE Michelangelo was more of a virus scare than a virus threat. In the days building
up to Michelangeloâ„¢s threatened March 6 delivery date, news stories worldwide
project and implimentationed that millions of computers would have their hard disks destroyed. In reality,
fewer than 20,000 computers were hit, butâ€thanks to all the publicityâ€the
world was forever made aware of the perils posed by computer viruses.
The year 1996 saw the first virus designed specifically for Windows 95 and the first macro
viruses for Word and Excel files. That year also saw the first virus for the Linux operating system.
By 1999, viruses had become almost mainstream. The Melissa virus, released that year, was
a combination macro virus and worm that spread itself by e-mailing contacts in a userâ„¢s Outlook
or Outlook Express Address Book. Melissa did untold amounts of damage to computers and company
networks around the world, and was followed (in 2000) by the LoveLetter worm (also known
as the Love Bug), which shut down tens of thousands of corporate e-mail systems. Since then,
viruses have continued to proliferate and mutate, with viruses being developed for personal digital
assistants (PDAs), file-swapping networks, instant messaging systems, and more.
And the chaos continues.
Different Types of Viruses
Technically, a computer virus is a piece of software that surreptitiously attaches itself to other programs
and then does something unexpected. There are other types of programsâ€such as Trojan
horses and wormsâ€that do similar damage but donâ„¢t embed themselves within other program
code. These programs arenâ„¢t technically viruses, but they pose the same danger to computer systems
everywhere. For that reason, all these programsâ€virus and non-virus, alikeâ€are typically
lumped together and referred to, in common parlance, as viruses. (Or, as some experts prefer,
malwareâ€for malicious software.) The following chapters will examine all these different types
of malicious programs, since the best defense against one is a defense against all.
Thatâ„¢s not to say that all malicious programs work the same way, or pack the same potential
punch. They donâ„¢t. So it helps to know a little bit about each type of virus, to help better protect
NOTE Some virusesâ€called hybrid virusesâ€include aspects of more than one virus
type. An example would be a worm that can infect program files, such as the Hybris
virus. This sometimes makes it difficult to precisely classify a virusâ€and, in fact,
many viruses fall into more than one category.
File Infector Viruses
The most traditional form of computer virus is the file infector virus, which hides within the
code of another program. The infected program can be a business application, a utility, or even
a gameâ€just as long as itâ„¢s an executable program, typically with an EXE, COM, SYS, BAT, or PIF
When an infected program is launched, the virus code copies itself into your computerâ„¢s
memory, typically before the program code is loaded. By loading itself into memory separately
from the host program, the virus can continue to run in your systemâ„¢s memory, even after the
host program is closed down.
Before the advent of the Internet and coincident creation of macro viruses, file infector
viruses accounted for probably 85% of all virus infections. Today that number is much lower,
because the other types of viruses are much easier to propagate.
NOTE Learn more about file infector viruses in Chapter 3, Boot Sector and File
Boot Sector Viruses
Boot sector viruses reside in the part of the disk that is read into memory and executed when your
computer first boots up. (On a floppy disk, thatâ„¢s the boot sector; on a hard disk, the equivalent area
is called the Master Boot Record.) Once loaded, the virus can then infect any other disk used by the
computer; a disk-based boot sector virus can also infect a PCâ„¢s hard disk.
Most boot sector viruses were spread by floppy disk, especially in the days before hard disks
were common. Since removable disks are less widely used today, boot sector viruses have become
much less prevalent than they were in the early 1990s.
TIP Learn more about boot sector viruses in Chapter 3.
Some computer viruses are created with the macro coding languages used with many of todayâ„¢s
software applications. Macros are small programs that are created to do highly specific tasks
within an application and are written in a pseudo-programming language designed to work with
the application. The most common macro language, used in all Microsoft applications, is called
Visual Basic for Applications (VBA). VBA code can be added to a Word document to create
custom menus and perform automatic operations; unfortunately, VBA code can also be used to
modify files and send unwanted e-mail messages, which is where the virus writers come in.
What makes macro viruses potentially more dangerous than file infector or boot sector viruses
is that macrosâ€and thus macro virusesâ€can be attached to document files. Older virus types
had to be embedded in executable programs, which made them relatively easy to find and stop.
But when any Word or Excel document you open could contain a macro virus, the world is suddenly
a much more dangerous place.
Different Types of Viruses 9
The widespread, relatively nonchalant sharing of data files has contributed to the huge rise
in macro virus attacks. Even users who are extra-vigilant about the programs they download
often donâ„¢t think twice about opening a Word or Excel document they receive from another user.
Because data files are shared so freely, macro viruses are able to spread rapidly from one machine
to anotherâ€and run, automatically, whenever the infected document is opened.
NOTE Learn more about macro viruses in Chapter 4, Macro Viruses.
Script viruses are based on common scripting languages, which are macro-like pseudo-programming
languages typically used on Web sites and in some computer applications. These viruses are written
Web page or open a Word or Excel application. With the increasing use of the Web, these script
viruses are becoming more commonâ€and more deadly.
A Trojan horse is a program that claims to do one thing but then does something totally different.
A typical Trojan horse has a filename that makes you think itâ„¢s a harmless type of file; it
looks innocuous enough to be safe to open. But when you run the file, itâ„¢s actually a virus program
that proceeds to inflict its damage on your system. It delivers its payload through deception,
just like the fabled Trojan horse of yore.
Trojan horses are becoming more common, primarily through the spread of Internet-based
e-mail. These e-mail Trojans spread as innocent-looking attachments to e-mail messages; when
you click to open the attachment, you launch the virus.
NOTE Learn more about Trojan horses in Chapter 6, Trojan Horses and Worms.
A worm is a program that scans a companyâ„¢s network, or the Internet, for another computer that
has a specific security hole. It copies itself to the new machine (through the security hole), and
then starts replicating itself there. Worms replicate themselves very quickly; a network infected
with a worm can be brought to its knees within a matter of hours.
Worms donâ„¢t even have to be delivered via conventional programs; so-called fileless worms
are recent additions to the virus scene. While in operation, these programs exist only in system
memory, making them harder to identify than conventional file-hosted worms. These wormsâ€
such as the CodeRed and CodeBlue virusesâ€could cause considerable havoc in the future.
NOTE Learn more about worms in Chapter 6.
An e-mail virus is a program that is distributed as an attachment to an e-mail message. These
viruses are typically separate programs (Trojan horses, mainly) that do their damage when theyâ„¢re
manually executed by you, the user. These viruses masquerade as pictures, Word files, and other
common attachments, but are really EXE, VBS, PIF, and other types of executable files in disguise.
Many e-mail viruses hijack your e-mail program and send themselves out to all the contacts
in your address book.
Because of the proliferation of the Internet, e-mail is the fastest-growing medium for virus
delivery today. According to Kaspersky Lab, the research arm of the company that produces
Kaspersky Anti-Virus software, e-mail viruses accounted for 90% of all virus attacks in 2001.
NOTE Learn more about e-mail viruses in Chapter 7, E-Mail, Chat, and Instant
Chat and Instant Messaging Viruses
Many computer users like to chat online, either in public chat rooms or in private instant messaging
(IM) conversations. Most chat and IM programs let you send files across to other users,
and itâ„¢s that capability that has contributed to the spread of so-called instant viruses.
Just as many users are in the habit of automatically opening all attachments to their incoming
e-mail messages, many users are also accustomed to accepting any files sent to them when
theyâ„¢re chatting. Unfortunately, a significant percentage of files sent via chat or IM are virus files,
often Trojan horses masquerading as photographs or helpful utilities. Downloading and then
opening one of these files begins the infection process.
NOTE Learn more about these instant viruses in Chapter 7.
Todayâ„¢s Top Viruses
With so many different types of viruses out there, what are the most widespread computer
Unfortunately, thatâ„¢s a bit of a trick question. Thatâ„¢s because most viruses have a defined and
relatively short life cycle; they appear on the scene with a bang, doing considerable damage, but
thenâ€as protective methods are employedâ€just as quickly disappear from the radar scope. So
the top viruses as Iâ„¢m writing this chapter will be much different from the top viruses when youâ„¢re
reading it a few months from now.
(Figure 1.2 illustrates the typical virus life cycle, from creation to eradication.)
Figure 1.2 The life cycle of a computer virus
You can see this phenomenon for yourself by comparing two different virus Top Ten Lists.
Both lists were compiled by Kaspersky Lab. Table 1.1 details the ten most widespread viruses for
the last quarter of 2001, along with the percentage of the total number of infections that each
Why Viruses Exist
Computer viruses, unlike biological viruses, donâ„¢t spring up out of nowhereâ€theyâ„¢re created. By
And the peopleâ€programmers and developers, typicallyâ€who create computer viruses
know what theyâ„¢re doing. These code writers deliberately create programs that they know will
wreak havoc on huge numbers of computer users.
The question is why
It takes some degree of technical skill to create a virus. To that end, creating a computer
virus is no different than creating any other computer application. Any computer programmer or
developer with a minimal amount of skill can create a virusâ€all it takes is knowledge of a programming
language, such as C, Visual Basic, or Java, or a macro language, such as VBA.
NOTE In reality, you can create a virus even if you have very little technical knowledge,
by using a build your own virus programâ€of which there are several available,
via the Internet underground.
So, by definition, a virus writer is a person with a certain amount of technical expertise. But
instead of using that expertise productively, virus writers use it to generate indiscriminate mayhem
among other computer users.
This havoc-wreaking is, in almost all instances, deliberate. Virus writers intend to be destructive.
They get some sort of kick out of causing as much damage as possible, from the relative
anonymity of their computer keyboards.
14 Chapter 1 Â¢ Understanding Computer Viruses
In addition, some developers create viruses to prove their technical prowess. Among certain
developers, writing a successful virus provides a kind of bragging right, and demonstrates, in
some warped fashion, that the writer is especially skilled.
Unfortunately, the one attribute that virus writers apparently lack is ethical sense. Virus programs
can be enormously destructive, and it takes a peculiar lack of ethics to deliberately perpetrate
such destruction on such a wide scale.
In the end, a virus writer is no better than a common vandal. Except for the technical expertise
required, the difference between throwing a rock through a window and destroying PC files
via a virus is minimal. Some people find pleasure in destruction, and in our high-tech age, such
pleasure can come from writing destructive virus code.
What You Can Do About Computer Viruses
Thereâ„¢s very little you can do, on a personal level, to discourage those high-tech vandals who create
virus programs. There are plenty of laws already on the books that can be used to prosecute
these criminals, and such criminal investigationsâ€and prosecutionsâ€have become more common
in recent years. However, as with most criminal activity, the presence of laws doesnâ„¢t always
mean there are fewer criminals; the truth is, thereâ„¢s a new batch of virus writers coming online
All of which means that you canâ„¢t rely on anyone else to protect you from these virus-writing
criminals. Ultimately, you have to protect yourself.
The next 11 chapters go into more detail about the specific types of viruses, and they offer
detailed instructions about protecting yourself from those viruses. In general, however, there are
some simple steps you can take to reduce your chances of becoming a virus-related statistic.
Reducing Your Chances of Infection
To make yourself less of a target for virus infection, take the following steps:
Restrict your file downloading to known or secure sources. The surest way to catch
a virus is to download an unknown file from an unknown site; try not to put yourself at risk
like this unless you absolutely have to.
Donâ„¢t open any e-mail attachments you werenâ„¢t expecting. The majority of viruses
today arrive in your mailbox as attachments to e-mail messages; resist the temptation to open
or view every file attachment you receive.
What You Can Do About Computer Viruses 15
Use an up-to-date anti-virus program or service. Antivirus programs work; they scan
the files on your computer (as well as new files you download, and e-mail messages you
receive) and check for any previously identified viruses. Theyâ„¢re a good first line of defense,
as long as you keep the programs up-to-date with information about the very latest virusesâ€
and most antivirus programs make it easy to download updates.
Enable macro virus protection in all your applications. Most current Microsoft
applications include special features that keep the program from running unknown macrosâ€
and thus prevent your system from being infected by macro viruses.
Create backup copies of all your important data. If worse comes to worst and your
entire system is infected, you may need to revert to noninfected versions of your most critical
files. You canâ„¢t do this unless you plan ahead and back up your important data.
NOTE Learn more about protecting your system from virus attacks in Chapter 11,
Preventing Virus Attacks.
Diagnosing a Virus Infection
How do you know if your computer has been infected with a virus In short, if it starts acting
funnyâ€doing anything it didnâ„¢t do beforeâ€then a probable cause is some sort of computer
virus. Here are some symptoms to watch for:
Programs quit working or freeze up.
Documents become inaccessible.
Computer freezes up or wonâ„¢t start properly.
The CAPS LOCK key quits workingâ€or works intermittently.
Files increase in size.
Frequent error messages appear onscreen.
Strange messages or pictures appear onscreen.
Your PC emits strange sounds.
Friends and colleagues inform you that theyâ„¢ve received strange e-mails from you, that
you donâ„¢t remember sending.
NOTE Learn more about diagnosing virus attacks in Chapter 2, How to Catch a
16 Chapter 1 Â¢ Understanding Computer Viruses
Recovering from a Virus Attack
If youâ„¢re unfortunate enough to be the victim of a virus attack, your options narrow. You have to
find the infected files on your computer, and then either disinfect them (by removing the virus
code) or delete themâ€hopefully before the virus has done any permanent damage to your system.
You donâ„¢t, however, have to give up and throw your computer away. Almost all viruses can be
recovered fromâ€some quite easily. All you need is a little information, and the right tools.
The right tools include one of the major antivirus programs discussed in Chapter 9, Anti-
Virus Software and Services. These programsâ€such as Norton AntiVirus and McAfee Virus-
Scanâ€identify infected files and then either disinfect or delete them, as appropriate.
Quite often, running an antivirus program is all you need to do to recover from a virus infection.
However, if a virus has deleted or corrupted any document or program files on your PC,
youâ„¢ll probably have to restore those files from backup copiesâ€or reinstall any damaged programs
from their original CD-ROMs. In a worst-case scenario, where your operating system files
have been affected, you may need to reinstall your entire operating systemâ€or even, in some
instances, reformat your hard disk and rebuild your entire system from scratch.
NOTE Learn more about recovering from a virus attack in Chapter 12, Dealing
with a Virus Attack.
Learning More About Computer Viruses
Sometimes the best defense is a good education. To that end, there are several Internet-based
resources you can use to learn more about computer virusesâ€how they work, and how to protect
against them. Many of these sites also provide lists of the most menacing viruses, as well as
alerts for newly created viruses.
Here are some of the best Web sites to visit:
Computer Associates Virus Information Center (www3.cavirus/)
Computer Security Resource Center Virus Information (csrc.ncsl.nist.gov/virus/)
F-Secure Security Information Center (datafellowsvirus-info/)
IBM Antivirus Research Project (research.ibmantivirus/)
McAfee AVERT (mcafeeb2bnaicommon/avert/)
Sophos Virus Analyses (sophosvirusinfo/analyses/)
Symantec Security Response (symantec.com)
What You Can Do About Computer Viruses 17
Trend Micro Virus Information Center (antivirusvinfo/)
Virus Bulletin (virusbtn.com)
The WildList Organization International (wildlist.org)
Computer viruses are malicious computer programs, designed to spread rapidly and deliver various
types of destructive payloads to infected computers. Viruses have been around almost as
long as computers themselves, and they account for untold billions of dollars of damage every
year. While there are many different types of viruses
Use Search at http://topicideas.net/search.php wisely To Get Information About Project Topic and Seminar ideas with report/source code along pdf and ppt presenaion
Active In SP
Joined: Feb 2011
02-03-2011, 02:48 PM
Computer Viruses.ppt (Size: 2.23 MB / Downloads: 125)
Several important topics on Computer Viruses...
Computer Viruses – Artificial Life .
Since the age of technology arose, and the twentieth century of computers came about, there have always been an attempt from those trying to be “smarter” then the average computer.
The very famous Fred Cohen who "wrote the book" on computer viruses.
He was able to use his logic to test several hypothesis about computer virus’s.
How can A viruses Attack Computer.
1. Viruses can infect your computer by reading, or even, previewing, email. There are many ways that you can find out what these email infectors are and take the steps to prevent an infection.
2. Spreads from computer to computer when the host is taken to the uninfected computer over a network such as over the Internet or carrying it on a removable medium - a floppy disk, CD, or USB drive
Typically, its first objective is to replicate (or reproduce)
“Virus programs, typically written in machine code, usually employ DOS commands to commandeer system resources that the virus must use.”
ANTI VIRUSES’ STRATEGY
Active In SP
Joined: Feb 2011
14-04-2011, 12:54 PM
VIRUS.ppt (Size: 3.14 MB / Downloads: 66)
STRUCTURE OF A BIOLOGICAL VIRUS
Computer virus consists of codes, written in any programming language. Various parts of program perform various tasks and accordingly they are named.
Sources of infection
First generation: simple viruses
Do nothing very significant other than replicate.
Do nothing to hide their presence on a system.
They can be detected by an increase in size of files or the presence of a distinctive pattern in an infected file.
Problem with simple virus:
Repeated infection of the host, leads to depleted memory and early detection.
In the case of boot sector viruses, this could (depending on strategy) cause a long chain of linked sectors.
In the case of a program-infecting virus, repeated infection may result in continual extension of the host program each time it is re-infected.
These leads to early detection of the virus.
Second generation: Self-recognition
Implant a unique signature to signal that the file or system is infected.
A virus signature can be a characteristic sequence of bytes at a known offset on disk or in memory, a specific feature of the directory entry (e.g., alteration time or file length), or a special system call available only when the virus is active in memory.
Third Generation: Stealth
CLASSIFICATION OF VIRUSES
BASIS: The way virus attaches to the host
ADD ON VIRUSES
Intrusive viruses operate by overwriting some or all of the original host code with viral code.
The replacement might be 1.Selective, as in replacing a subroutine with the virus, 2.Insertion of a new interrupt vector and routine.
3.Extensive, as when large portions of the host program are completely replaced by the viral code.
BOOT SECTOR VIRUS
It is also called as bimodal virus. These viruses infect floppy disk boot records or master boot records in hard disks.
Booting means restarting the computer. It is done by BOOTSTRAP LOADER PROGRAM.
It loads BOOT SECTOR to memory.
EX: Form, Disk Killer, Michelangelo, and Stone virus
Spreading of virus from one disk to another.
PARTITATION TABLE VIRUS
Working of Partition Table Virus
Working of Partition Table Virus
Bootstrap Loader Program loads infected boot sector
Spreading of virus from one disk to another.
void interrupt our(); void interrupt (*prev)();
char far *scr=(char far *)0xB8000000L;
unsigned long int far *p;
void interrupt our()
They attach themselves with any number of system files having extensions, .EXE, .COM, .SYS, .PRG, .OVL, and .MNU.
As these files run on the machine, viruses get activated and start duplicating. Eventually, viruses spread in the whole of your machine.
Some file infector viruses may stay in your system’s memory and keep infecting files from even there.
Some may change the content of the file.
Only way to detect is to check the reduction in base memory size.
The antivirus soft wares look for the signature of the virus to detect it.
Example-signature of Jerusalem virus is 0xE9,0X92,0,0X20,0X20,0X20,0X20,0X20,0X20,0X20.
Macro viruses: They are the commonest, simplest and the easiest to spread of all the computer viruses.
Usually they affect MS Office files such as MS Word files, Excel sheets, Access databases, and PowerPoint.
Macro viruses are coded in Visual Basic (VB) and blight your system when the application with which they are associated is running.
An example of macro virus impact is insertion of some data in the spreadsheet your system processes.
Melissa.A and Bablas. Pc,DMV, Nuclear, Word Concept. is a couple of common macro viruses.
They originate from and affect computer networks such as LAN and WAN.
Network viruses defile any shared computer resources such as folders, files, drives etc.
These viruses keep spreading from one system of an infected network to another.
Nimda and SQLSlammer are two examples of network viruses
Multipartite viruses are both program and boot viruses.
Their nature is a mix of more than one type of viruses and spread through infected media.
For example, viruses acting both as MBR virus as well as file infector virus. Examples: Invader, Flip, and Tequila
For example, if you run a word processing program infected with the Tequila virus, the virus activates and infects your hard disk boot record. Then, the next time you boot your computer, the Tequila virus activates again and starts infecting every program you use, whether it is on a hard or floppy disk.
A Worm is a virus program that copies and multiplies itself by using computer networks and security flaws. Worms are more complex than Trojan viruses, and usually attack multi-user systems such as Unix environments and can spread over corporate networks via the circulation of emails. Once multiplied, the copied worms scan the network for further loopholes and flaws in the network.
They take up most of the memory space and there is lack of space to run an application.
A classic example of a worm is the ILOVEYOU virus.
Worms however, proliferate as simple emails without attachment. They cannot be spread as attachments.
Warning Signs of Virus Infection
Warning Signs of Virus
Abnormal write-protect errors as virus tries to write to a protected disk.
Strange characters appear in the directory listing of filenames.
Strange messages like "Type Happy Birthday Joshi" (Joshi Virus) or "Driver Memory Error" (kak.worm) appear on the screen and in documents.
Strange graphic displays such as falling letters or a bouncing ball appear on screen.
Junk characters overwrite text in document or data files.
What viruses do not do?
How to Protect Your Computer from Viruses
Work on a more secure operating system like unix, linux.
For an unsecured operating system, then buy virus protection software
Make sure automatic protection is turned on at all times
Perform a manual scan (or schedule a scan to occur automatically) of your hard disks weekly.
Enable automatic live update to update your virus definition files.
Buy legal copies of all software you use and make write-protected backups.
Avoid programs from unknown sources (like the internet), and instead stick with commercial software purchased on cds.
Create and maintain an antivirus rescue disk set to facilitate recovery from certain boot viruses.
You should make sure that Macro Virus Protection is enabled in all Microsoft applications, and you should NEVER run macros in a document unless you know what they do. There is seldom a good reason to add macros to a document, so avoiding all macros is a great policy.
Joined: Apr 2012
07-05-2012, 11:20 AM
Computer Virus [from www.metacafe.com].doc (Size: 156 KB / Downloads: 29)
A computer virus is a computer program which distributes copies of itself without the permission or knowledge of the user. A computer virus is often simply called a virus. The term is commonly used to refer to a range of malware, but a true virus does not need to be harmful. To distribute itself, a virus needs to execute. Viruses often hide themselves inside other programs to be executed.
A program or piece of code that is loaded onto your computer without your knowledge and runs against your wishes. Viruses can also replicate themselves. All computer viruses are manmade. A simple virus that can make a copy of it self over and over again is relatively easy to produce. Even such a simple virus is dangerous because it will quickly use all available memory and bring the system to a halt. An even more dangerous type of virus is one capable of transmitting itself across networks and bypassing security systems.
Since 1987, when a virus infected ARPANET, a large network used by the Defense Department and many universities, many antivirus programs have become available. These programs periodically check your computer system for the best-known types of viruses.
Some people distinguish between general viruses and worms. A worm is a special type of virus that can replicate itself and use memory, but cannot attach itself to other programs.
How viruses work
A computer virus will pass from one computer to another in the same way that a real life biological virus passes from person to person. For example, it is estimated by experts that the Mydoom worm infected a quarter-million computers in a single day in January 2004. Another example is the ILOVEYOU virus, which occurred in 2000 and had a similar effect. There are tens of thousands of viruses out there, and new ones are discovered every day. While a generic explanation of how viruses work is difficult due to the wide variety of infection or spreading patterns, there are broad categories commonly used to describe various types of viruses.
Basic types of viruses
File viruses, also known as parasitic or executable viruses, are pieces of code that attach themselves to executable files, driver files or compressed files, and are activated when the host program is run. After activation, the virus may spread itself by attaching itself to other programs in the system, and also carry out the malevolent activity for which it was programmed. Most file viruses spread by loading themselves in system memory and looking for any other programs located on the drive. If it finds one, it modifies the program’s code so that it contains and activates the virus the next time it’s run. It keeps doing this over and over until it spreads across the system, and possibly to other systems that the infected program may be shared with. Besides spreading themselves, these viruses also carry some type of destructive constituent that can be activated immediately or by a particular ‘trigger’. The trigger could be a specific date, or the number of times the virus has been replicated, or anything equally trivial. Some examples of file viruses are Randex, Meve and MrKlunky
Boot sector viruses
A boot sector virus affects the boot sector of a hard disk, which is a very crucial part. The boot sector is where all information about the drive is stored, along with a program that makes it possible for the operating system to boot up. By inserting its code into the boot sector, a virus guarantees that it loads into memory during every boot sequence. A boot virus does not affect files; instead, it affects the disks that contain them. Perhaps this is the reason for their downfall. During the days when programs were carried around on floppies, the boot sector viruses used to spread like wildfire. However, with the CD-ROM revolution, it became impossible to infect pre-written data on a CD, which eventually stopped such viruses from spreading. Though boot viruses still exist, they are rare compared to new-age malicious software. Another reason why they’re not so prevalent is that operating systems today protect the boot sector, which makes it difficult for them to thrive. Examples of boot viruses are Polyboot.B and AntiEXE.
Multipartite viruses are a combination of boot sector viruses and file viruses. These viruses come in through infected media and reside in memory. They then move on to the boot sector of the hard drive. From there, the virus infects executable files on the hard drive and spreads across the system. There aren’t too many multipartite viruses in existence today, but in their heyday, they accounted for some major problems due to their capacity to combine different infection techniques. A well-known multipartite virus is Ywinz.
Macro viruses infect files that are created using certain applications or programs that contain macros. These include Microsoft Office documents such as Word documents, Excel spreadsheets, PowerPoint presentations, Access databases and other similar application files such as Corel Draw, AmiPro etc. Since macro viruses are written in the language of the application and not in that of the operating system, they are known to be platform-independent—they can spread between Windows, Mac and any other system, so long as they are running the required application. With the ever-increasing capabilities of macro languages in applications, and the possibility of infections spreading over networks, these viruses are major threats. The first macro virus was written for Microsoft Word and was discovered back in August 1995. Today, there are thousands of macro viruses in existence—some examples are Relax, Melissa.A and Bablas.
This kind of virus is proficient in quickly spreading across a Local Area Network (LAN) or even over the Internet. Usually, it propagates through shared resources, such as shared drives and folders. Once it infects a new system, it searches for potential targets by searching the network for other vulnerable systems. Once a new vulnerable system is found, the network virus infects the other system, and thus spreads over the network. Some of the most notorious network viruses are Nimda and SQLSlammer.
An email virus could be a form of a macro virus that spreads itself to all the contacts located in the host’s email address book. If any of the email recipients open the attachment of the infected mail, the virus spreads to the new host’s address book contacts, and then proceeds to send itself to all those contacts as well. Email viruses can infect hosts even by previewing the infected email in a mail client.
Joined: Apr 2012
12-06-2012, 04:40 PM
SEMINAR ON COMPUTER VIRUSES
computerviru.ppt (Size: 439.5 KB / Downloads: 18)
Virus: A self-replicating piece of computer code that can partially or fully attach itself to files or applications, and can cause your computer to do something you don't want it to do.
TYPES OF COMPUTER VIRUS
Boot sector viruses
Parasitic virus (File virus)
Involves human interaction
Users run the program intentionally, but it does something more than user thought it would
Uses networks, email, and the Internet to infect other computers
BOOT SECTOR VIRUSES
Attach to the “boot sector” of a disk
Virus activated whenever computer reboots
Eg- Form etc…
Also known as File Virus
Attach themselves to the programs and acts as a part of the program
Various techniques to infect the executables like companion, link, overwrite etc.
Eg-CIH(Chernobyl), Jerusalem etc..
HOW VIRUSES SPREAD
Virus spreads when we executes a program that containing virus code.
When there is a try to boot the file from an infected floppy disk containing boot sector virus.
Viruses spread when users share infected files and diskette and infected documents as e-mail attachments.
When PCs have been connected together to form a network, the damage can be worse, because the virus program spreads one PC to another, thus infecting all the work stations.
Viruses spread only through illegal unlicensed, pirated software.