Computer Virus Project

Download as docx, pdf, or txt
Download as docx, pdf, or txt
You are on page 1of 13
At a glance
Powered by AI
The key takeaways are that viruses are self-replicating programs that spread by inserting copies of themselves into other programs or documents. They behave similarly to biological viruses. The main negative effect of viruses is their uncontrolled self-reproduction, which wastes computer resources. Anti-virus software has expanded to cover worms and other threats beyond just viruses.

The main difference is that a computer virus requires human action to spread, usually by executing an infected file. A worm can spread automatically through networks without human interaction. A trojan also requires human action to install but appears harmless while hiding malicious functions.

Viruses spread by inserting copies of themselves into other executable files or documents when those files are run. This allows them to spread uncontrolled. They can cause damage by destroying data, overwhelming computer resources through replication, or having delayed payloads like messages or deleting files once a threshold is reached.

INTRODUCTION:

In computer security technology, a virus is a self-replicating program


that spreads by inserting copies of itself into other executable code or
document. Thus, a computer virus behaves in a way similar to a biological
virus, which spreads by inserting itself into living cells. Extending the analogy,
the insertion of the virus into a program is termed infection, and the infected
file (or executable code that is not part of a file) is called a host.
Viruses are one of the several types of malware or malicious software.
In common parlance, the term virus is often extended to refer to computer
worms and other sorts of malware. This can confuse computer users, since
viruses in the narrow sense of the word are less common than they used to
be, compared to other forms of malware such as worms. This confusion can
have serious consequences, because it may lead to a focus on preventing
one genre of malware over another, potentially leaving computers open for
more damage.
While viruses can be intentionally destructive (for example, by
destroying data), many other viruses are fairly benign or merely annoying.
Some viruses have a delayed payload, which is sometimes called a bomb.
For example, a virus might display a message on a specific day or wait until it
has infected a certain number of hosts. However, the predominant negative
effect of viruses is their uncontrolled self-reproduction, which wastes or
overwhelms computer resources. Anti-virus software, originally designed to
protect computers from viruses, has in turn expanded to cover worms and
other threats such as spyware.

Use of the word "virus


1

The term "virus" was first used in an academic publication by Fred


Cohen in his 1984 paper Experiments with Computer Viruses, where he
credits Len Adleman with coining it. However, a mid-1970s science fiction
novel by David Gerrold, When H.A.R.L.I.E. was One, includes a description of
a fictional computer program called "VIRUS" that worked just like a virus (and
was countered by a program called "ANTIBODY"); and John Brunner's 1975
novel The Shockwave Rider describes programs known as "tapeworms"
which spread through a network for deleting data. The term "computer virus"
with current usage also appears in the comic book "Uncanny X-Men" No. 158,
published in 1982. And even earlier, in 1973, the phrase "computer virus" was
used in the movie Westworld to describe a malicious program that emerged in
the computer system of the theme park. Therefore, we may conclude that
although Cohen's use of "virus" may, perhaps, have been the first "academic"
use, the term has been used earlier.

The term "virus" is often used in common parlance to describe all


kinds of malware (malicious software), including those that are more properly
classified as worms or trojans. Most popular anti-viral software packages
defend against all of these types of attack.
The English plural of "virus" is "viruses". Some people use "virii" or
"viri" as a plural, although computer professionals seldom or never use these
words. For a discussion about whether "viri" and "virii" are correct alternatives
for "viruses", see plural of virus.
Viruses cause much damage to computers, today worse than
before. A good way to stop viruses,is to
keep a healthy firewall,and not let anyone put their own floppy disks, or cd's
in your home computer.

Difference Between a Worm and a Trojan


Viruses are sometimes confused with Worms and Trojan. Worms
and Trojans are two kinds of malicious software, or "malware," that get into

your computer without your knowledge or consent, usually for a harmful


purpose. The key difference is in how they spread. They are technically
different.
A worm can exploit security vulnerabilities to spread itself automatically
to other computers through networks, while Trojan is a program that appears
harmless but hides behind malicious functions. Worms can spread without
any action by a computer user; example once a worm is in your system, it can
automatically send copies to every name in your address book whereas a
Trojan gets into your system because you were tricked into putting it there,
such as downloading a seemingly useful browser toolbar with the Trojan
hidden in the Code.
Worms and Trojan can have the same effects in that they may do
something immediately harmful, such as generating pop-up ads or logging
keystrokes, or they may open back to door for someone else to control of
your computer.

HISTORY :
The first computer virus popularly known as the 'Brain virus' was
created in 1986 by two Pakistani brothers, Amjad and Basit Farooq Alvi. This
virus, which spread via floppy disks, was known only to infect boot records
and not computer hard drives like most viruses today. The virus also known as
the Lahore, Pakistani, Pakistani Brain, Brain-A and UIUC would occupy
unused space on the floppy disk so that it could not be used and would hide
from detection. It would also disguise itself by displaying the uninfected
bootsector on the disk.

In 1987, the Lehigh virus was discovered at Lehigh University in the


United States. The Lehigh virus was the first memory resident file infector that
attacked executable files and took control when a file was opened. The
Jerusalem virus also appeared around this time at Hebrew University in Israel.
Like the Lehigh virus, the Jerusalem virus was also a memory resident file
infector. It contained bugs to re-infect programs that were already infected.

In March 1988, the first anti-virus was designed to detect and remove
the Brain virus. The anti-virus also immunized floppy disks to get rid of the
Brian infection. At the same time, the Cascade virus appeared in Germany.
The Cascade virus was the first encrypted virus, which was coded and could
not be changed or removed.

Thus, during the late 1980's and the early 1990's, viruses on the loose
which infected files, disks etc. on the computer and caused a great deal of
damage received a lot of media attention. Magazines such a Business Week,
Newsweek, Fortune, PC magazine, and Time began publishing articles about
these destructive viruses running wild and demanded a solution for all these
problems.

In 1991, Symantec released the Norton Anti-virus software. Anti-virus


products from IBM, McAfee, Digital Dispatch and Iris also became available.

In 2000, the ILOVEYOU virus wreaked havoc around the world. The
virus that was created in the Philippines was sent through email and spread
around the world in one day infecting 10 percent of computers connected to
the Internet and causing $ 5.5 billion dollars in damage. Hence, viruses are
still common and still create chaos even today. It is hard to determine the
reasons for all these actions and why virus writers create computer viruses.
Some do it for their personal gain, for research projects, pranks, vandalism,
etc., while others want to help make improvements in programs.

Types of Viruses And Its Effects


1.

File Viruses (Parasitic Viruses)

File viruses are pieces of code that attach themselves to executable


files, driver files or compressed files, and are activated when the host program
is run. After activation, the virus may spread itself by attaching itself to other
programs in the system, and also carry out the malevolent activity it was
programmed for. Most file viruses spread by loading themselves in system
memory and looking for any other programs located on the drive. If it finds
one, it modifies the programs code so that it contains and activates the virus
the next time its run. It keeps doing this over and over until it spreads across
the system, and possibly to other systems that the infected program may be
shared with. Besides spreading themselves, these viruses also carry some
type of destructive constituent that can be activated immediately or by a
particular trigger. The trigger could be a specific date, or the number of times
the virus has been replicated, or anything equally trivial.
Examples of file viruses are Randex, Meve and MrKlunky.
5

2.

Boot Sector Viruses

A boot sector virus affects the boot sector of a hard disk, which is a
very crucial part. The boot sector is where all information about the drive is
stored, along with a program that makes it possible for the operating system
to boot up. By inserting its code into the boot sector, a virus guarantees that it
loads into memory during every boot sequence. A boot virus does not affect
files; instead, it affects the disks that contain them. Perhaps this is the reason
for their downfall. During the days when programs were carried around on
floppies, the boot sector viruses used to spread like wildfire. However, with the
CD-ROM revolution, it became impossible to infect pre-written data on a CD,
which eventually stopped such viruses from spreading. Though boot viruses
still exist, they are rare compared to new-age malicious software. Another
reason why theyre not so prevalent is that operating systems today protect
the boot sector, which makes it difficult for them to thrive.
Examples of boot viruses are Polyboot.B and AntiEXE.
3.

Multipartite Viruses

Multipartite viruses are a combination of boot sector viruses and file


viruses. These viruses come in through infected media and reside in memory.
They then move on to the boot sector of the hard drive. From there, the virus
infects executable files on the hard drive and spreads across the system.
There arent too many multipartite viruses in existence today, but in their
heyday, they accounted for some major problems due to their capacity to
combine different infection techniques.
A significantly famous multipartite virus is Ywinz.
4.

Macro Viruses

Macro viruses infect files that are created using certain applications or
programs that contain macros. These include Microsoft Office documents
such as Word documents, Excel spreadsheets, PowerPoint presentations,
Access databases, and other similar application files such as Corel Draw,
AmiPro, etc. Since macro viruses are written in the language of the
application, and not in that of the operating system, they are known to be
platform-independentthey can spread between Windows, Mac, and any
other system, so long as theyre running the required application. With the
ever-increasing capabilities of macro languages in applications, and the
possibility of infections spreading over net-works, these viruses are major
threats. The first macro virus was written for Microsoft Word and was
discovered back in August 1995. Today, there are thousands of macro viruses
in existence.
Some examples of Macro viruses are Relax, Melissa.A and Bablas.

5.

Network Viruses

This kind of virus is proficient in quickly spreading across a Local Area


Network (LAN) or even over the Internet. Usually, it propagates through
shared resources, such as shared drives and folders. Once it infects a new
system, it searches for potential targets by searching the network for other
vulnerable systems. Once a new vulnerable system is found, the network
virus infects the other system, and thus spreads over the network.
Some of the most notorious network viruses are Nimda and SQLSlammer.
Hey
6.

E -Mail Viruses

An e-mail virus could be a form of a macro virus that spreads itself to


all the contacts located in the hosts email address book. If any of the e-mail
recipients open the attachment of the infected mail, It spreads to the new
hosts address book contacts, and then proceeds to send itself to all those
contacts as well. These days, e-mail viruses can infect hosts even if the
infected e-mail is previewed in a mail client.
7.

Nonresident Viruses

Nonresident viruses can be thought of as consisting of a finder module


and a replication module. The finder module is responsible for finding new
files to infect. For each new executable file the finder module encounters, it
calls the replication module to infect that file.

8.

Resident Viruses

Resident viruses contain a replication module that is similar to the one


that is employed by nonresident viruses. This module, however, is not called
by a finder module. The virus loads the replication module into memory when
it is executed instead and ensures that this module is executed each time the
operating system is called to perform a certain operation. The replication
module can be called, for example, each time the operating system executes
a file. In this case the virus infects every suitable program that is executed on
the computer.
Resident viruses are sometimes subdivided into a category of fast
infectors and a category of slow infectors. Fast infectors are designed to infect
as many files as possible. A fast infector, for instance, can infect every
potential host file that is accessed. This poses a special problem when using
anti-virus software, since a virus scanner will access every potential host file
on a computer when it performs a system-wide scan. If the virus scanner fails
to notice that such a virus is present in memory the virus can "piggy-back" on
the virus scanner and in this way infect all files that are scanned. Fast

infectors rely on their fast infection rate to spread. The disadvantage of this
method is that infecting many files may make detection more likely, because
the virus may slow down a computer or perform many suspicious actions that
can be noticed by anti-virus software. Slow infectors, on the other hand, are
designed to infect hosts infrequently. Some slow infectors, for instance, only
infect files when they are copied. Slow infectors are designed to avoid
detection by limiting their actions: they are less likely to slow down a computer
noticeably and will, at most, infrequently trigger anti-virus software that
detects suspicious behavior by programs. The slow infector approach,
however, does not seem very successful.
The main purpose of this virus is to replicate and take action when it is
executed. When a specific condition is met, the virus will go into action and
infect files in the directory or folder that it is in as well as directories that are
specified in the AUTOEXEC.BAT file path. This batch file is always located in
the root directory of the hard disk and carries out certain operations when the
computer is booted.
Examples of Resident viruses: Vienna virus.
9.

Overwrite Viruses

Virus of this kind is characterized by the fact that it deletes the


information contained in the files that it infects, rendering them partially or
totally useless once they have been infected. The only way to clean a file
infected by an overwrite virus is to delete the file completely, thus losing the
original content.
Examples of Overwrite Viruses : Way, Trj.Reboot, Trivial.88.D.
10.

Directory Viruses

Directory viruses change the path that indicate the location of a file.
When you execute a program file with an extension .EXE or .COM that has
been infected by a virus, you are unknowingly running the virus program,
while the original file and program is previously moved by the virus. Once
infected it becomes impossible to locate the original files.
Examples of Directory Virus: Dir-2 virus.
11.

Polymorphic Viruses

Polymorphic viruses encrypt or encode themselves in a different way


(using different algorithms and encryption keys) every time they infect a
system. This makes it impossible for anti-viruses to find them using string or
signature searches (because they are different in each encryption). The virus
then goes on creating a large number of copies.
Examples of Polymorphic viruses are: Elkern, Marburg, Satan Bug and

Tuareg.

Preventive Measures Of Computer Viruses


Anti-Virus Software
One of the best anti-virus software is for example NOD32 antivirus. Many
users install anti-virus software that can detect and eliminate known viruses
after the computer downloads or runs the executable.
There are two common methods that an anti-virus software application uses
to detect viruses.
The first, and by far the most common method of virus detection is using a list
of virus signature definitions. This works by examining the content of the
computer's memory (its RAM, and boot sectors) and the files stored on fixed
or removable drives (hard drives, floppy drives), and comparing those files
against a database of known virus "signatures". The disadvantage of this
detection method is that users are only protected from viruses that pre-date
their last virus definition update.

The second method is to use a heuristic algorithm to find viruses based on


common behaviors. This method has the ability to detect novel viruses that
anti-virus security firms have yet to create a signature for.

Some anti-virus programs are able to scan opened files in addition to sent and
received email messages "on the fly" in a similar manner. This practice is
known as "on-access scanning". Anti-virus software does not change the
underlying capability of host software to transmit viruses. Users must update
their software regularly to patch security holes. Anti-virus software also needs
to be regularly updated in order to recognize the latest threats.
One may also minimize the damage done by viruses by making regular
backups of data (and the operating systems) on different media, that are
either kept unconnected to the system (most of the time), read-only or not
accessible for other reasons, such as using different file systems. This way, if
data is lost through a virus, one can start again using the backup (which
should preferably be recent).
If a backup session on optical media like CD and DVD is closed, it becomes
read-only and can no longer be affected by a virus (so long as a virus or
infected file was not copied onto the CD/DVD). Likewise, an operating system
on a bootable CD can be used to start the computer if the installed operating
systems become unusable. Backups on removable media must be carefully
inspected before restoration. The Gammima virus, for example, propagates
via removable flash drives.
Recovery methods
A number of recovery options exist after a computer has a virus. These
actions depend on the virus. Some may be safely removed by functions
available in most anti-virus software products. Others may require reinstallation of damaged programs. It is necessary to know the characteristics
of the virus involved to take the correct action, and anti-virus products will
identify known viruses precisely before trying to "dis-infect" a computer;

10

otherwise such action could itself cause a lot of damage. New viruses that
anti-virus researchers have not yet studied therefore present an ongoing
problem, which requires anti-virus packages to be updated frequently.
Virus removal
One possibility on Windows Me, Windows XP, Windows Vista and Windows 7
is a tool known as System Restore, which restores the registry and critical
system files to a previous checkpoint. Often a virus will cause a system to
hang, and a subsequent hard reboot will render a system restore point from
the same day corrupt. Restore points from previous days should work
provided the virus is not designed to corrupt the restore files and does not
exist in previous restore points.[32] Some viruses disable System Restore and
other important tools such as Task Manager and Command Prompt. An
example of a virus that does this is CiaDoor. Many such viruses can be
removed by rebooting the computer, entering Windows safe mode, and then
using system tools.
Many websites run by anti-virus software companies provide free online virus
scanning, with limited cleaning facilities (the purpose of the sites is to sell antivirus products). Some websites allow a single suspicious file to be checked by
many antivirus programs in one operation. Additionally, several capable
antivirus software programs are available for free download from the internet
(usually restricted to non-commercial use), and Microsoft provide a free antimalware utility that runs as part of their regular Windows update regime.
Operating system reinstallation
Reinstalling the operating system is another approach to virus removal. It
involves either reformatting the computer's hard drive and installing the OS
and all programs from original media, or restoring the entire partition with a
clean backup image. User data can be restored by booting from a live CD, or
putting the hard drive into another computer and booting from its operating
system, using great care not to infect the second computer by executing any
infected programs on the original drive; and once the system has been
restored precautions must be taken to avoid reinfection from a restored
executable file.

11

These methods are simple to do, may be faster than disinfecting a computer,
and are guaranteed to remove any malware. If the operating system and
programs must be reinstalled from scratch, the time and effort to reinstall,
reconfigure, and restore user preferences must be taken into account.
New Computer Virus Updated News where the FBI is warning computer users
about a new type of virus known as drive-by-virus which can damage our
computer with a simple click of your mouse and it cannot be prevented by a
simple anti-virus program and the Internet Crime Complaint Centre offered
suggestions that:

Do not pay any money or provide any personal informations.

Contact a computer professional to remove Reveton and Citadel from


your computer.

Be aware that even if you are able to unfreeze your computer on your
own, the malware may still operate in the background. Certain types of
malware have been known to capture personal information such as
username, password and credit card numbers through embedded
keystroke logging programs.

File a complaint and look for updates about the Reveton virus on the
IC3 website.

In conclusion computer viruses are harmful to our computer and is a


very serious thing now a days as that can mess up our files, delete files,
download programs without our permission and so on. They can also steal
personal information like credit cards, addresses and a lot more as such we
should try to take some simple steps so that we will be in a safer position.
Other than the above preventive measures some other examples are
avoid downloading from website that are not official, Dont download music
from programs like Limeware, Ares and so on, Avoid any website with adult
content in them.

12

T
H
E
E
N
D
13

You might also like