Computer Virus Project
Computer Virus Project
Computer Virus Project
HISTORY :
The first computer virus popularly known as the 'Brain virus' was
created in 1986 by two Pakistani brothers, Amjad and Basit Farooq Alvi. This
virus, which spread via floppy disks, was known only to infect boot records
and not computer hard drives like most viruses today. The virus also known as
the Lahore, Pakistani, Pakistani Brain, Brain-A and UIUC would occupy
unused space on the floppy disk so that it could not be used and would hide
from detection. It would also disguise itself by displaying the uninfected
bootsector on the disk.
In March 1988, the first anti-virus was designed to detect and remove
the Brain virus. The anti-virus also immunized floppy disks to get rid of the
Brian infection. At the same time, the Cascade virus appeared in Germany.
The Cascade virus was the first encrypted virus, which was coded and could
not be changed or removed.
Thus, during the late 1980's and the early 1990's, viruses on the loose
which infected files, disks etc. on the computer and caused a great deal of
damage received a lot of media attention. Magazines such a Business Week,
Newsweek, Fortune, PC magazine, and Time began publishing articles about
these destructive viruses running wild and demanded a solution for all these
problems.
In 2000, the ILOVEYOU virus wreaked havoc around the world. The
virus that was created in the Philippines was sent through email and spread
around the world in one day infecting 10 percent of computers connected to
the Internet and causing $ 5.5 billion dollars in damage. Hence, viruses are
still common and still create chaos even today. It is hard to determine the
reasons for all these actions and why virus writers create computer viruses.
Some do it for their personal gain, for research projects, pranks, vandalism,
etc., while others want to help make improvements in programs.
2.
A boot sector virus affects the boot sector of a hard disk, which is a
very crucial part. The boot sector is where all information about the drive is
stored, along with a program that makes it possible for the operating system
to boot up. By inserting its code into the boot sector, a virus guarantees that it
loads into memory during every boot sequence. A boot virus does not affect
files; instead, it affects the disks that contain them. Perhaps this is the reason
for their downfall. During the days when programs were carried around on
floppies, the boot sector viruses used to spread like wildfire. However, with the
CD-ROM revolution, it became impossible to infect pre-written data on a CD,
which eventually stopped such viruses from spreading. Though boot viruses
still exist, they are rare compared to new-age malicious software. Another
reason why theyre not so prevalent is that operating systems today protect
the boot sector, which makes it difficult for them to thrive.
Examples of boot viruses are Polyboot.B and AntiEXE.
3.
Multipartite Viruses
Macro Viruses
Macro viruses infect files that are created using certain applications or
programs that contain macros. These include Microsoft Office documents
such as Word documents, Excel spreadsheets, PowerPoint presentations,
Access databases, and other similar application files such as Corel Draw,
AmiPro, etc. Since macro viruses are written in the language of the
application, and not in that of the operating system, they are known to be
platform-independentthey can spread between Windows, Mac, and any
other system, so long as theyre running the required application. With the
ever-increasing capabilities of macro languages in applications, and the
possibility of infections spreading over net-works, these viruses are major
threats. The first macro virus was written for Microsoft Word and was
discovered back in August 1995. Today, there are thousands of macro viruses
in existence.
Some examples of Macro viruses are Relax, Melissa.A and Bablas.
5.
Network Viruses
E -Mail Viruses
Nonresident Viruses
8.
Resident Viruses
infectors rely on their fast infection rate to spread. The disadvantage of this
method is that infecting many files may make detection more likely, because
the virus may slow down a computer or perform many suspicious actions that
can be noticed by anti-virus software. Slow infectors, on the other hand, are
designed to infect hosts infrequently. Some slow infectors, for instance, only
infect files when they are copied. Slow infectors are designed to avoid
detection by limiting their actions: they are less likely to slow down a computer
noticeably and will, at most, infrequently trigger anti-virus software that
detects suspicious behavior by programs. The slow infector approach,
however, does not seem very successful.
The main purpose of this virus is to replicate and take action when it is
executed. When a specific condition is met, the virus will go into action and
infect files in the directory or folder that it is in as well as directories that are
specified in the AUTOEXEC.BAT file path. This batch file is always located in
the root directory of the hard disk and carries out certain operations when the
computer is booted.
Examples of Resident viruses: Vienna virus.
9.
Overwrite Viruses
Directory Viruses
Directory viruses change the path that indicate the location of a file.
When you execute a program file with an extension .EXE or .COM that has
been infected by a virus, you are unknowingly running the virus program,
while the original file and program is previously moved by the virus. Once
infected it becomes impossible to locate the original files.
Examples of Directory Virus: Dir-2 virus.
11.
Polymorphic Viruses
Tuareg.
Some anti-virus programs are able to scan opened files in addition to sent and
received email messages "on the fly" in a similar manner. This practice is
known as "on-access scanning". Anti-virus software does not change the
underlying capability of host software to transmit viruses. Users must update
their software regularly to patch security holes. Anti-virus software also needs
to be regularly updated in order to recognize the latest threats.
One may also minimize the damage done by viruses by making regular
backups of data (and the operating systems) on different media, that are
either kept unconnected to the system (most of the time), read-only or not
accessible for other reasons, such as using different file systems. This way, if
data is lost through a virus, one can start again using the backup (which
should preferably be recent).
If a backup session on optical media like CD and DVD is closed, it becomes
read-only and can no longer be affected by a virus (so long as a virus or
infected file was not copied onto the CD/DVD). Likewise, an operating system
on a bootable CD can be used to start the computer if the installed operating
systems become unusable. Backups on removable media must be carefully
inspected before restoration. The Gammima virus, for example, propagates
via removable flash drives.
Recovery methods
A number of recovery options exist after a computer has a virus. These
actions depend on the virus. Some may be safely removed by functions
available in most anti-virus software products. Others may require reinstallation of damaged programs. It is necessary to know the characteristics
of the virus involved to take the correct action, and anti-virus products will
identify known viruses precisely before trying to "dis-infect" a computer;
10
otherwise such action could itself cause a lot of damage. New viruses that
anti-virus researchers have not yet studied therefore present an ongoing
problem, which requires anti-virus packages to be updated frequently.
Virus removal
One possibility on Windows Me, Windows XP, Windows Vista and Windows 7
is a tool known as System Restore, which restores the registry and critical
system files to a previous checkpoint. Often a virus will cause a system to
hang, and a subsequent hard reboot will render a system restore point from
the same day corrupt. Restore points from previous days should work
provided the virus is not designed to corrupt the restore files and does not
exist in previous restore points.[32] Some viruses disable System Restore and
other important tools such as Task Manager and Command Prompt. An
example of a virus that does this is CiaDoor. Many such viruses can be
removed by rebooting the computer, entering Windows safe mode, and then
using system tools.
Many websites run by anti-virus software companies provide free online virus
scanning, with limited cleaning facilities (the purpose of the sites is to sell antivirus products). Some websites allow a single suspicious file to be checked by
many antivirus programs in one operation. Additionally, several capable
antivirus software programs are available for free download from the internet
(usually restricted to non-commercial use), and Microsoft provide a free antimalware utility that runs as part of their regular Windows update regime.
Operating system reinstallation
Reinstalling the operating system is another approach to virus removal. It
involves either reformatting the computer's hard drive and installing the OS
and all programs from original media, or restoring the entire partition with a
clean backup image. User data can be restored by booting from a live CD, or
putting the hard drive into another computer and booting from its operating
system, using great care not to infect the second computer by executing any
infected programs on the original drive; and once the system has been
restored precautions must be taken to avoid reinfection from a restored
executable file.
11
These methods are simple to do, may be faster than disinfecting a computer,
and are guaranteed to remove any malware. If the operating system and
programs must be reinstalled from scratch, the time and effort to reinstall,
reconfigure, and restore user preferences must be taken into account.
New Computer Virus Updated News where the FBI is warning computer users
about a new type of virus known as drive-by-virus which can damage our
computer with a simple click of your mouse and it cannot be prevented by a
simple anti-virus program and the Internet Crime Complaint Centre offered
suggestions that:
Be aware that even if you are able to unfreeze your computer on your
own, the malware may still operate in the background. Certain types of
malware have been known to capture personal information such as
username, password and credit card numbers through embedded
keystroke logging programs.
File a complaint and look for updates about the Reveton virus on the
IC3 website.
12
T
H
E
E
N
D
13