Professional Documents
Culture Documents
Computer Virus
Submitted at:
Electronics & Communication Engineering Department Institute of Diploma Studies Nirma University
Submitted By:
DarjiNirav M (08DEC048) ParmarYogesh N. (08DEC041)
Guided By:
Mr. AmitRaval
Computer Virus
Page 1
CERTIFICATE
This is to certify that Mr.DarjiNirav M A Reg. No. 08DEC048 of Semester VI Diploma in Electronics & Communication Engineering has satisfactorily completed the practical work in the course of SEMINAR at institute. He has prepared the seminar entitled Computer Virus and presented the same.
Computer Virus
Page 2
CERTIFICATE
This is to certify that Mr.ParmarYogesh N. A Reg. No. 08DEC041 of Semester VI Diploma in Electronics & Communication Engineering has satisfactorily completed the practical work in the course of SEMINAR at institute. He has prepared the seminar entitled Computer Virus and presented the same.
Computer Virus
Page 3
ACKNOWLEDGEMENT
In the accomplishment of any task there is not a contribution of a single person but many people contribute in it. My Seminar is also not different than this. So now I got the chance to acknowledge those people who contributed significantly throughout my Seminar. First of all I would like to heartily thank my seminar guide, Mr. AmitRaval. He gave me basic and primary knowledge about my topic and also guided me how to prepare seminar with report. He also gave me important tips in improving presentation skills. Thank you Sir for your support and sir without your support this seminar presentation would have been unimaginable. At this occasion I would also like to thank my colleagues. I have learnt many things about my topic through discussing with them. I would also like to thank our Head of the Department, Prof. Jayesh Patel and Electronics & Communication Engineering Department, Institute of Diploma Studies, Nirma University for providing me this golden opportunity. Regardless of the source, I wish to express my gratitude to those who may have contributed to this work even though anonymously.
Computer Virus
Page 4
Abstract
COMPUTER VIRUS Virus = [Vital Information Resources Under Seize]
In recent years the detection of computer viruses has become common place. It appears that for the most part these viruses have been benign or only mildly destructive. However, whether or not computer viruses have the potential to cause major and prolonged disruptions of computing environments is an open question.
Computer Virus
Page 5
Index
Sr. No. 1 2 3 4 5 History of Computer Virus What is Computer Virus & How it works? How Does A Computer Get A Virus ? Symptoms Of A Computer Virus Different Types Of Computer Virus 1. 2. 3. 4. 5. 6. 7. 6 7 8 9 10 Trojan Horse & Resident Visrus Direct Action & Overwrite Virus Boot Virus Macro Virus & Worms Email Virus Stealth Virus Companion Virus 16 17 19 20 21 Topics Page no. 7 8 9 11 12
Difference Between A Virus, Worm & Trojan Horse Top 5 Deadliest Viruses How Antivirus Software Works? Different Antivirus Software Reference
Computer Virus
Page 6
Computer Virus
Page 7
Computer Virus
Page 8
1. Accepting without reading By far one of the most common ways a computer becomes infected is the user accepts what he or she sees on the screen without reading the prompt or understand what it's asking. Some common examples: 1. While browsing the Internet, an Internet advertisement or window appears that says your computer is infected or that a unique plug-in is required. Without fully understanding what it is you're getting, you accept the prompt. 2. When installing or updating a program, you're prompted (often checkboxes already checked) if it's ok to install additional programs that you may not want or are designed to monitor your usage of the program. 2. Opening e-mail attachments Another very common way people become infected with viruses and other spyware is by opening e-mail attachments, even when from a co-worker, friend, or family member. E-mail addresses can be easily faked and even when not faked your acquaintance may unsuspectingly be forwarding you an infected file. When receiving an e-mail with an attachment, if the e-mail was not expected or from someone you don't know delete it. If the e-mail is from someone you know, be cautious when opening the attachment.
3. Not running the latest updates Many of the updates, especially those associated with Microsoft Windows and other operating systems and programs, are security updates. Running a program or operating system that is not up-to-date with the latest updates can be a big security risk and can be a way your computer becomes infected.
Computer Virus
Page 9
4. Pirating software, music, or movies If you or someone on your computer is participating in underground places on the Internet where you're downloading copyrighted music, movies, software, etc. for free, often many of the files can contain viruses, spyware or malicious software. 5. No anti-virus spyware scanner If you're running a computer with Microsoft Windows it's highly recommended you have some form of anti-virus and spyware protection on that computer to help clean it from any infections currently on the computer and to help prevent any future infections. 6. Downloading infected software Finally, downloading any other software from the Internet can also contain viruses and other malware. When downloading any software (programs, utilities, games, updates, demos, etc.), make sure you're downloading the software from a reliable source and while installing it you're reading all prompts about what the program is putting on your computer.
Computer Virus
Page 10
The computer runs slower than usual. The computer stops responding, or it locks up frequently. The computer crashes, and then it restarts every few minutes. The computer restarts on its own. Additionally, the computer does not run as usual. Applications on the computer do not work correctly. Disks or disk drives are inaccessible. You cannot print items correctly. You see unusual error messages. You see distorted menus and dialog boxes. There is a double extension on an attachment that you recently opened, such as a .jpg, .vbs, .gif, or .exe. extension. An antivirus program is disabled for no reason. Additionally, the antivirus program cannot be restarted. An antivirus program cannot be installed on the computer, or the antivirus program will not run. New icons appear on the desktop that you did not put there, or the icons are not associated with any recently installed programs. Strange sounds or music plays from the speakers unexpectedly. A program disappears from the computer even though you did not intentionally remove the program.
Computer Virus
Page 11
2. Resident Virus
A resident virus is a computer virus which embeds itself into the memory on a computer, activating whenever the operating system performs a specific function so that it can infect files on the computer. This method of viral infection is in contrast with a non-resident virus, which actively seeks out files to infect. Resident viruses can be quite pernicious, as they may spread through a system so thoroughly that they even attach to antivirus programs, infecting the very things they scan for signs of viral infection. Removing a resident virus which has embedded itself in a computer's memory can be a challenge. The virus may be designed to resist the actions of conventional antivirus software, or as discussed above, to exploit the software. A specialized virus removal tool may be needed to extract the virus from memory. In some cases, the services of an information technology professional may be needed to completely clear a computer of infection. When a resident virus is identified by an antivirus company or a designer of operating systems, a patch is often released. This may be an update to an antivirus program which allows the program to remove the virus, or it may take the form of a virus removal tool which the computer user can run to get the resident virus out of memory. Computer Virus Page 12
4. Overwrite Virus
Virus of this kind is characterized by the fact that it deletes the information contained in the files that it infects, rendering them partially or totally useless once they have been infected. The only way to clean a file infected by an overwrite virus is to delete the file completely, thus losing the original content. Examples of this virus include: Way, Trj.Reboot, Trivial.88.D.
5. Boot Virus
This type of virus affects the boot sector of a floppy or hard disk. This is a crucial part of a disk, in which information on the disk itself is stored together with a program that makes it possible to boot the computer from the disk. The best way of avoiding boot viruses is to ensure that floppy disks are write-protected and never start your computer with an unknown floppy disk in the disk drive.
6. Macro Virus
Macro viruses infect files that are created using certain applications or programs that contain macros. These mini-programs make it possible to automate series of operations so that they are performed as a single action, thereby saving the user from having to carry them out one by one.
7. Worms
Computer worms are programs that reproduce, execute independently and travel across the network connections. The key difference between a virus and worm is the manner in which it reproduces and spreads. A virus is dependent upon the host file or boot sector, and the transfer of files between computers to spread, whereas a computer worm can execute completely independently and spread on its own accord through network connections.
Computer Virus
Page 13
The security threat from worms is equivalent to that of viruses. Computer worms are skilled of doing an entire series of damage such as destroying crucial files in your system, slowing it down to a large degree, or even causing some critical programs to stop. Two types: 1) NETWORK- Computer Worms Network worms consist of multiple parts, called "segments. They each run on different machines (and possibly perform different actions) using the network for several communication purposes. Moving a segment from one machine to another is only one of their purposes. Network worms that have only one main segment will coordinate the work of the other segments; which are sometimes called "octopuses." 2) HOST- Computer Worms Host computer worms are entirely contained in the computer they run on and use network connections only to copy themselves to other computers. Host computer worms are the original terminates after it launches a copy on to another host (so there is only one copy of the worm running somewhere on the network at any given moment). They are sometimes called "rabbits."
8. E-Mail Virus
The virus was originally created as a Word document and was then uploaded via email to an internet newsgroup. Any recipient who opened the email, downloaded the document and opened it on their computer, unknowingly triggered Melissa's payload. From there, the virus sent itself as a document to the first 50 contacts in the victim's address book. The email was attached with a friendly note which included the recipient's name. This was done to make the virus appear harmless and trick them into opening it. It then created 50 new infected documents from that victim's machine. At this continuous rate, Melissa quickly became the fastest spreading virus seen by anyone at the time. The virus was so severe that it resulted in a number of large commercial companies disabling their email systems. Melissa was so powerful because it capitalized on a vulnerability found in the Microsoft Word programming language known as VBA (Visual Basic for Applications). VBA is a complete language that can be programmed to perform actions such as modifying files and distributing emails. It also includes a rather useful yet dangerous function known as "auto-execute". The Melissa virus was programmed by inserting malicious code into a document, enabling it to be executed whenever someone opened it. The ILOVEYOU virus, which was first detected in May of 2000, was much more simple than Melissa. The malicious code it contained came in the form of an attachment. Any recipient who clicked on the attachment unknowingly executed the code. This email virus then distributed copies of itself to contacts in the user's address book, enabling the infection to spread at a rapid rate. Because ILOVEYOU was also known to unload different types of infections, some experts have labeled it a Trojan rather than a virus.
Computer Virus
Page 14
9. Stealth Virus
In computer security, a stealth virus is a computer virus that uses various mechanisms to avoid detection by antivirus software. Typically, when an antivirus program runs, a stealth virus hides itself in memory, and uses various tricks to also hide changes it has made to any files or boot records. The virus may maintain a copy of the original, uninfected data and monitor system activity. When the program attempts to access data that's been altered, the virus redirects it to a storage area maintaining the original, uninfected data. A good antivirus program should be able to find a stealth virus by looking for evidence in memory as well as in areas that viruses usually attack.
Computer Virus
Page 15
Computer Virus
Page 16
2. Slammer
SQL Slammer is a computer worm that caused a denial of service on some Internet hosts and dramatically slowed down general Internet traffic, starting at 05:30 UTC on January 25, 2003. It spread rapidly, infecting most of its 75,000 victims within ten minutes. So named by Christopher J. Rouland, the CTO of ISS, Slammer was first brought to the attention of the public by Michael Bacarella (see notes below). Although titled "SQL slammer worm", the program did not use the SQL language; it exploited a buffer overflow bug in Microsoft's flagship SQL Server and Desktop Engine database products, for which a patch had been released six months earlier in MS02-039. Other names include W32.SQLExp.Worm, DDOS.SQLP1434.A, the Sapphire Worm, SQL_HEL, W32/SQLSlammer and Helker
3. Storm
The latest virus on our list is the dreaded Storm Worm. It was late 2006 when computer security experts first identified the worm. The public began to call the virus the Storm Worm because one of the e-mail messages carrying the virus had as its subject "230 dead as storm batters Europe." Antivirus companies call the worm other names. For example, Symantec calls it Peacomm while McAfee refers to it as Nuwar. This might sound confusing, but there's already a 2001 virus called the W32.Storm.Worm. Computer Virus Page 17
5. Nimda
The Nimda worm retrieves the list of addresses found in the address books of Microsoft Outlook and Eudora, as well as email addresses contained in HTML files found on the infected machine's hard drive. Next, the Nimda virus sends all of these recipients an email with an empty body and a subject chosen at random (and often very long). It adds to the message an attachment named Readme.exe or Readme.eml (file containing an executable). The viruses use an .eml extension to exploit a security flaw in Microsoft Internet Explorer 5. What's more, in Microsoft Windows the Nimda virus can spread over shared network folders, infecting executable files found there. Viewing Web pages on servers infected by the Nimda virus may lead to infection when a user views pages with the vulnerable Microsoft Internet Explorer 5 browser. The Nimda virus is also capable of taking control of a Microsoft IIS (Internet Information Server) Web server, by exploiting certain security holes. Finally, the virus infects executable files found on the contaminated machine, meaning that it can also spread by file transfers.
Computer Virus
Page 18
1. Signature-Based Detection
This is the most commonly employed method which involves searching for known patterns of virus within a given file. Every antivirus software will have a dictionary of sample malware codes called signatures in its database. Whenever a file is examined, the antivirus refers to the dictionary of sample codes present within its database and compares the same with the current file. If the piece of code within the file matches with the one in its dictionary then it is flagged and proper action is taken immediately so as to stop the virus from further replicating. The antivirus may choose to repair the file, quarantine or delete it permanently based on its potential risk. As new viruses and malwares are created and released every day, this method of detection cannot defend against new malwares unless their samples are collected and signatures are released by the antivirus software company. Some companies may also encourage the users to upload new viruses or variants, so that the virus can be analyzed and the signature can be added to the dictionary.
2. Heuristic-based detection
Heuristic-based detection involves identifying suspicious behavior from any given program which might indicate a potential risk. This approach is used by some of the sophisticated antivirus softwares to identify new malware and variants of known malware. Unlike the signature based approach, here the antivirus doesnt attempt to identify known viruses, but instead monitors the behavior of all programs. For example, malicious behaviors like a program trying to write data to an executable program is flagged and the user is alerted about this action. This method of detection gives an additional level of security from unidentified threats. File emulation: This is another type of heuristic-based approach where a given program is executed in a virtual environment and the actions performed by it are logged. Based on the actions logged, the antivirus software can determine if the program is malicious or not and carry out necessary actions in order to clean the infection.
Computer Virus
Page 19
Computer Virus
Page 20
References
y y y y y http://www.mines.edu/academic/computer/viri-sysadmin.htm http://www.google.com http:// www.shashachu.com http://www.wikipedia.org http://www.youtube.com
Computer Virus
Page 21