Computer Virus,trojan &

worms

Gurjinder Singh
RG1001A26
11007251
 What do you mean by virus
• They are programs which can destroy or
cause damage to data stored on a
computer system and to the computer itself!

• Virus program must be executed in order to

infect a computer system. Viruses can
attach themselves to other programs in
order to ensure that this happens.
 Viruses can ...
• Corrupt or delete data.
• Disable the computer by changing the
operating system
• Cause silly messages to be displayed or
sounds to be produced
• Use your computer to ATTACK other
computer by generating spam (junk emails) or
overloading a company website with
data.
 History of virus
• The first computer virus popularly known as
the 'Brain virus' was created in 1986 by two
Pakistani brothers, Amjad and Basit Farooq
Alvi. This virus, which spread via floppy
disks, was known only to infect boot records
and not computer hard drives like most
viruses today. The virus also known as the
Lahore, Pakistani, Pakistani Brain, Brain-A
and UIUC would occupy unused space on
the floppy disk so that it could not be used
and would hide from detection.
 Common Symptoms of Virus
Infections

• Displaying unwanted messages

• Unusual visual or SFX (sound effects)
• Loss of Data from a storage medium
• Computers restarting unexpectedly
• Unwanted generation of emails
 Virus Protection
• With an estimated 40,000 viruses already
identified and some 300 new viruses
created each month, keeping a computer
free of viruses is a daunting but not
impossible task. The following are steps
every computer user should follow to
protect his or her computer from viruses.
• Install an anti-virus software program to
identify and remove viruses before they
can cause any damage.
• Because the number of viruses is
increasing all the time, it is important to
keep anti-virus software up to date with
information on newly identified viruses.
• Do not open email from unknown
recipients or messages that contain
unexpected attachments. A user should
delete these types of messages. As a
general rule, a user should scan every
email attachment for viruses before
opening it. even an expected attachment
as the sender may have unknowingly sent
an infected file.
 Worms
• Worms operate differently to viruses
• Worms can spread themselves to other
computers without needing to be
transferred as part of a host program.
• The first time a user may notice the
presence of a worm is when the computers
memory UNEXPECTEDLY fills up
 Example of an email worms…
• Mimail .I and Mimail.
F are email worms
disguise themselves
as an email from the
PayPal on-line
payment service and
try to steal credit
cards info.
• This method of fraud
is known phishing
 TROJAN HORSES
• Trojan horse, also known
as Trojan, describes a list
of computer threats
(malware) that appear to
perform good functions,
but actually performs
malicious functions that
allow unauthorized access
to the hosting machine

• FOR EXAMPLE – If a
program is designed in
such a way, it could open a
THATS WHAT A REAL TROJAN
gateway for hackers to
HORSE LOOKS LIKE!
control and attack the
computer of the user, then
that program is said to be
a Trojan horse
 Virus Examples
• Office Macro Virus – A never ending
threat!
• Pakistani Flu – First PC virus, used FAT
boot sector on disks (1986)
• Michelangelo – Boot sector Virus (1991)
• Chernobyl – Spread through windows
Portable Executables (1998)
• Samy – A virus that spreads through
MySpace blurs the boundaries (2005)
 Worms – Examples
• Morris Worm – The original gangster, originally
intended to gauge size of internet… whoops!
(1988)
• 1260 – Polymorphic worm, first member of the
chameleon family (1990)
• Code Red – HACKED BY CHINESE! Stupid
worm, incredible results… created Botnet’s for
DoS attacks (2001)
• Storm Worm – Starting Jan 2007, largest
Botnet ever being assembled! The storm is
coming! (2007)
 Trojan – Examples
• Road Apples – Using a physical medium
to distribute a Trojan (such as leaving a
USB key or floppy disk on the ground,
hoping someone will plug it in)
• WMFS – A curious design decision by
Microsoft allowed windows meta files
(WMF) to run arbitrary code… much
hackaged ensued
• AIDS – A trojan that used cryto-extortion to
(allegedly) raise money for AIDS research
(1989)
 Types of Trojan horse payloads
• Remote Excess Trojans
• Data Sending Trojans
• Destructive Trojans
• Proxy Trojans
• FTP Trojans
• security software disabler Trojans
• denial-of-service attack (DOS) Trojans
 Types of virus
• Resident Viruses
• Direct Action Viruses
• Overwrite Viruses
• Boot Virus
• Macro Virus
• Directory Virus
• Polymorphic Virus
• Resident Viruses:-This type of virus is a
permanent which dwells in the RAM
memory. From there it can overcome and
interrupt all of the operations executed by
the system: corrupting files and programs
that are opened, closed, copied, renamed
etc. 
Examples include: Randex, CMJ, Meve,
and MrKlunky.
• Direct Action Viruses
The main purpose of this virus is to replicate
and take action when it is executed. When a
specific condition is met, the virus will go into
action and infect files in the directory or folder
that it is in and in directories that are specified
in the AUTOEXEC.BAT file PATH. This batch
file is always located in the root directory of the
hard disk and carries out certain operations
when the computer is booted.
• Overwrite Viruses
Virus of this kind is characterized by the
fact that it deletes the information
contained in the files that it infects,
rendering them partially or totally useless
once they have been infected.
The only way to clean a file infected by an
overwrite virus is to delete the file
completely, thus losing the original
content. 
Examples of this virus include: Way,
Trj.Reboot, Trivial.88.D.
Boot Virus
This type of virus affects the boot sector of a
floppy or hard disk. This is a crucial part of a
disk, in which information on the disk itself is
stored together with a program that makes it
possible to boot (start) the computer from the
disk.

The best way of avoiding boot viruses is to

ensure that floppy disks are write-protected
and never start your computer with an
unknown floppy disk in the disk drive.
• Macro Virus
Macro viruses infect files that are created
using certain applications or programs that
contain macros. These mini-programs make it
possible to automate series of operations so
that they are performed as a single action,
thereby saving the user from having to carry
them out one by one.

Examples of macro viruses: Relax, Melissa.A,

Bablas, O97M/Y2K.
• Directory Virus
Directory viruses change the paths that indicate
the location of a file. By executing a program
(file with the extension .Exe or .Com) which has
been infected by a virus, you are unknowingly
running the virus program, while the original file
and program have been previously moved by
the virus. 
• Once infected it becomes impossible to locate
the original files.