INTRODUCTIONThis document covers the basics on computer viruses.

Computer Virus is a kind of malicious software written intentionally to enter a computer without the user’s permission or knowledge, with an ability to replicate itself, thus continuing to spread. Some viruses do little but replicate others can cause severe harm or adversely affect program and performance of the system. A virus should never be assumed harmless and left on a system. You have heard about them, read the news reports about the number of incidents reported, and the amount of damage they inflict. Maybe you have even experienced one firsthand. And if you haven’t, count yourself fortunate. Computer viruses are real— and they’re costly. Springing up seemingly from nowhere, spreading like wildfire; computer viruses attack computer systems lightly or heavily, damaging files and rendering computers and networks unusable. They proliferate through e-mail, Internet file downloads, and shared diskettes. And they don’t play favorites; your home computer is just as likely as a Fortune 500 company’s network to experience an infection.

A computer virus is a computer program. , a block of executable code, which attach itself to, overwrite or otherwise replace another program in order to reproduce itself without a knowledge of a PC user .The term "virus" is also commonly but erroneously used to refer to other types of malware, including but not limited to adware and spyware programs that do not have the reproductive ability. A true virus can spread from one computer to another (in some form of executable code) when its host is taken to the target computer; for instance because a user sent it over a network or the Internet, or carried it on a removable medium such as a floppy disk, CD, DVD, or USB drive. Viruses can increase their chances of spreading to other computers by infecting files on a network file system or a file system that is accessed by another computer. As stated above, the term "computer virus" is sometimes used as a catch-all phrase to include all types of malware, even those that do not have the reproductive ability. Malware includes computer viruses, computer worms, Trojan horses, spyware, dishonest adware and other malicious and unwanted software, including true viruses. Viruses are sometimes confused with worms and Trojan horses, which are technically different. A worm can exploit security vulnerabilities to spread itself automatically to other computers through networks, while a Trojan horse is a program that appears harmless but hides malicious functions. Worms and Trojan horses, like viruses, may harm a computer system's data or performance. Some viruses and other malware have symptoms noticeable to the computer user, but many are surreptitious or simply do nothing to call attention to themselves. Some viruses do nothing beyond reproducing themselves.


and his brother. as it was created in Lahore. Brain is considered the first IBM PC compatible virus and the program responsible for the first IBM PC compatible virus epidemic. catch me if you can!" was displayed. held lectures at the University of Illinois about the "Theory and Organization of Complicated Automata". Appearance of the Vienna virus. an experimental self-replicating program. which was subsequently neutralized—the first time this had happened on the IBM platform. Amjad Farooq Alvi.    2 . When HARLIE Was One. The work of von Neumann was later published as the "Theory of self-reproducing automata". Pakistan by 19 year old Pakistani programmer. In his essay von Neumann postulated that a computer program could reproduce. "I'm the creeper. TIMELINE OF VIRUS PROGRAMS 1970-1979  The Creeper virus. The Virdem model represented the first programs that could replicate themselves via addition of their code to executable DOS files in COM format. is written by Bob Thomas at BBN Technologies. Ralf Burger presented the Virdem model of programs at a meeting of the underground Chaos Computer Club in Germany. Creeper infected DECPDP-10 computers running the TENEX operating system. The Reaper program was later created to delete Creeper. Basit Farooq Alvi. Christmas Tree EXEC was the first widely disruptive replicating network program.HISTORYThe first academic work on the theory of computer viruses (although the term "computer virus" was not invented at that time) was done by John von Neumann in 1949 who. In that novel. 1980-1989  The Brain boot sector virus (aka Pakistani flu) was released. a sentient computer named HARLIE writes viral software to retrieve damaging personal information from other computers to blackmail the man who wants to turn him off. Pakistani. which paralyzed several international computer networks in December 1987. The actual term 'virus' was first used in David Gerrold's 1972 novel. Creeper gained access via the ARPANET and copied itself to the remote system where the message. The virus is also known as Lahore. Pakistani Brain.

causing upwards of 5. 3 . In 1995 the first Macro virus. As of 2004 this was the most costly virus to businesses. October 26: The Klez worm is first identified. 2004   Late January: MyDoom emerges. "Ply" ." is created.5 to 10 billion dollars in damage. 2001   February 11: The Anna Kournikova virus hits e-mail servers hard by sending e-mail to contacts in the Microsoft Outlook address book.e. called "Concept. August 20: Vundo. its most current version was released October 3. more commonly known as a RAT (Remote Administration Tool). and currently holds the record for the fastest-spreading mass mailer worm. 95 through XP. or the Vundo Trojan (also known as Virtumonde or Virtumondo and sometimes referred to as MS Juan) is a Trojan Horse that is known to cause popup and advertising for rogue antispyware programs.1990-1999  Mark Washburn working on an analysis of the Vienna and Cascade viruses with Ralf Burger develops the first family of polymorphic virus: the Chameleon family.   2000 and later 2000  The I LOVE YOU worm appears. 2002  Beast is a Windows based backdoor Trojan horse. Written in Delphi and Released first by its author Tataye in 2002. It is capable of infecting almost all Windows OS i. 2004 2003  June 13: ProRat is a Turkish-made Microsoft Windows based backdoor Trojan horse. more commonly known as a RAT (Remote Administration Tool). It exploits vulnerability in Microsoft Internet Explorer and Microsoft Outlook and Outlook Express. It attacked Microsoft Word documents.DOS 16-bit based complicated polymorphic virus appeared with built-in permutation engine.

a low-threat Trojan-horse known as OSX/Leap-A or OSX/Oompa-A. It was first detected in late 2005. 2007  January 17: Storm Worm identified as a fast spreading email spamming threat to Microsoft systems. Zlob is a Trojan horse which masquerades as a required video codec in the form of ActiveX. turning off anti-virus applications.7 million computers. comprised between 1 and 10 million computers by September. is a Trojan horse that affects Windows. was announced to have been detected on Microsoft systems and analyzed. is announced. which was found in a digital photo frame in February 2008. having been in the wild and undetected since October 2007 at the very least. It begins gathering infected computers into the Storm botnet. also known as Sinowal and Mebroot.  2009  July 15: Symantec discovered Daprosy Worm. Said Trojan worm is intended to steal online-game passwords on internet cafes. modifies data. By around June 30 it had infected 1.C. 2006  February 16: discovery of the first-ever malware for Mac OS X.2005   Late 2005: The Zlob Trojan. 2005: Bandook or Bandook Rat (Bandook Remote Administration Tool) is a backdoor Trojan horse that infects the Windows family. a client and a server to take control over the remote computer. also known as Trojan. May 6: Rustock. 2010  February 18: Microsoft announced that a BSoD problem on some windows machines which was triggered by a batch of Patch Tuesday updates was caused by the Alureon Trojan 4 . steals confidential information (such as user passwords and other sensitive data) and installs more malware on the victim's computer. It allows others to access the computer. 2008   February 17: Mocmex is a Trojan. It uses a server creator. a hitherto-rumoured spambot-type malware with advanced rootkit capabilities. It was the first serious computer virus on a digital photo frame March 3: Torpig.

rendering them partially or totally useless once they have been infected. These mini-programs make it possible to automate series of operations so that they are performed as a single action. This batch file is always located in the root directory of the hard disk and carries out certain operations when the computer is booted.B. types of files they infect. thereby saving the user from having to carry them out one by one.Reboot. the type of operating system or platform they attack etc.A.Resident Viruses This type of virus is a permanent which dwells in the RAM memory. the virus will go into action and infect files in the directory or folder that it is in and in directories that are specified in the AUTOEXEC. 5 . examples include: Randex. Examples of boot viruses include: Polyboot. This is a crucial part of a disk. 5. techniques. and MrKlunky. AntiEXE. Examples of macro viruses: Relax. When a specific condition is met. Trivial. Trj. The best way of avoiding boot viruses is to ensure that floppy disks are write-protected and never start your computer with an unknown floppy disk in the disk drive. Bablas. Melissa. Most common types of viruses are mentioned below: 1. thus losing the original content.Overwrite Viruses Virus of this kind is characterized by the fact that it deletes the information contained in the files that it infects. From there it can overcome and interrupt all of the operations executed by the system: corrupting files and programs that are opened. Macro Virus Macro viruses infect files that are created using certain applications or programs that contain macros.TYPES OF COMPUTER VIRUSESThere are Different Types of Computer Viruses could be classified considering origin. Examples of this virus include: Way. 3. closed. renamed etc.D. 2. in which information on the disk itself is stored together with a program that makes it possible to boot (start) the computer from the disk. Meve. the kind of damage they cause. Boot Virus This type of virus affects the boot sector of a floppy or hard disk.88. copied. The only way to clean a file infected by an overwrite virus is to delete the file completely. CMJ.Direct Action Viruses the main purpose of this virus is to replicate and take action when it is executed.BAT file PATH. and O97M/Y2K. 4. where they hide.

EXE or .C. When one of these programs is run.Some examples include: Stator. Directory Virus Directory viruses change the paths that indicate the location of a file. Sobig.COM extension). Trile. File Infectors This type of virus infects programs or executable files (files with an .Polymorphic Virus Polymorphic viruses encrypt or encode themselves in a different way (using different algorithms and encryption keys) every time they infect a system. FAT Virus The file allocation table or FAT is the part of a disk used to connect information and is a vital part of the normal functioning of the computer. Examples of worms include: PSWBugbear. 9. This makes it impossible for antiviruses to find them using string or signature searches (because they are different in each encryption) and also enables them to create a large number of copies of themselves.6. and can be classified depending on the actions that they carry out. Lovgate. 6 . directly or indirectly.B. and Mapson. In other words. the virus is activated.F. By executing a program (file with the extension . Asimov. They are known as companion viruses because once they get into the system they "accompany" the other files that already exist.1069 10. 7. 8. Marburg. Satan Bug. Damage caused can result in information losses from individual files or even entire directories. while the original file and program have been previously moved by the virus. in order to carry out their infection routines. and can lead to negative effects on your system and most importantly they are detected and eliminated by antivirus. 11.D. Examples include: Elkern. The majority of existing viruses belongs to this category.COM) which has been infected by a virus. producing the damaging effects it is programmed to carry out. it has the ability to self-replicate. Companion Viruses Companion viruses can be considered file infector viruses like resident or direct action types. companion viruses can wait in memory until a program is run (resident viruses) or act immediately by making copies of themselves (direct action viruses). you are unknowingly running the virus program.1539. This type of virus attack can be especially dangerous. Once infected it becomes impossible to locate the original files. and Terrax. by preventing access to certain sections of the disk where important files are stored. Worms A worm is a program very similar to a virus.EXE or . and Tuareg.

and the results can be destructive. 13.12. Logic bombs go undetected until launched. 7 . which unlike viruses do not reproduce by infecting other files. Logic Bombs They are not considered viruses because they do not replicate. They are not even programs in their own right but rather camouflaged segments of other programs. nor do they self-replicate like worms. Trojans or Trojan Horses Another unsavory breed of malicious code are Trojans or Trojan horses. Their objective is to destroy data on the computer once certain conditions have been met.

or cause your system to emit rude noises. typically on a predetermined date or day of the week. most viruses not only replicate themselves. was copy itself to additional programs and computers.HOW COMPUTER VIRUSES WORK AND HOW DO THEY SPREAD? A computer virus is.” that is. if it finds one. Viruses that replicate themselves via e-mail or over a computer network cause the subsidiary problem of increasing the amount of Internet and network traffic. most viruses are designed to deliver their payload when they’re first executed. which. can be used to infect other computers. It might overwrite the boot sector of your hard disk. They stay on your system. making the disk inaccessible. hidden from sight 8 . It might write messages on your screen. delete certain files on your computer. A virus is nothing more than a fragment of DNA sheathed in a protective jacket. for example. Unfortunately. A virus might. it adds its code to the new program. shutting down servers and forcing tens of thousands of user’s offline. A biological virus isn’t truly a living. thus replicating itself to a large number of PCs. It might also hijack your e-mail program and use the program to send itself to all your friends and colleagues. A computer virus is like a biological virus in that it also isn’t an independent entity. It reproduces by injecting its DNA into a host cell. As you might suspect. Many viruses are hidden in the code of legitimate software programs—programs that have been “infected. now infected. save for having all our programs get slightly larger. This entire process is shown in Figure virus programe is lunched virus code is loaded into pc memory virus delivers its destructive payload virus copies itself to other programe If all a virus did. However. it must piggyback on a host (another program or document) in order to propagate. While no individual machines might be damaged. similar to the biological viruses that attack human bodies. These viruses are called file infector viruses. the virus code searches for other programs on your system that it can infect. and the virus loads itself into your computer’s memory. there would be little harm done. From there. the code for the virus is also executed. they also perform other operations—many of which are wholly destructive. The DNA then uses the host cell’s normal mechanisms to reproduce itself. These fast-replicating viruses—called worms— can completely overload a company network. this type of communications disruption can be quite costly. and when the host program is launched. some viruses won’t attack until specifically prompted. independent entity. in many ways.

companies are attacked by viruses each puts the cost much higher. In 2001. These incidents come with a heavy cost. intelligence. Just look at the costs inflicted by individual viruses. ICSA says that the likelihood of contracting a computer virus has doubled for each of the past five CodeRed and LoveLetter were even more costly. But even the ones that just spread themselves are harmful. Computer Economics estimates that the Nimda virus alone cost companies $590 million in cleanup costs. the LoveLetter virus hit an estimated 45 million computers—on a single day in 2000. Whatever the real number. For example. A third of those companies reported that viruses knocked out their servers for an average of estimates that companies spent $10. and certification. a single infected computer can spread the virus among the entire corporate network.7 billion to recover from virus attacks in 2001. and 46% of the companies required more than 19 days to completely recover from the virus incident. WHAT DO VIRUSES DO TO COMPUTERS? Viruses are software programs. And this rate is and another million computers were hit by CodeRed.thestandard. 2. Tens of millions of computers are infected by computer viruses every year.computereconomics. a leading provider of security research. The research firm Computer Economics (www .mcafee. ICSA Labs (www. Technology magazine The Industry Standard (www. Even worse. Some viruses are deliberately designed to damage files or otherwise interfere with your computer's operation. and to spread to as many computers as possible—a particularly vicious a sleeper agent in a spy novel. until they’re awoken on a specific date. then they go about the work they were programmed to do. Viruses hit the corporate world especially hard. at upwards of $266 billion. they won't melt down your CPU or burn out your drive. To an individual company. designed to inflict as much damage as (www. running up costs of $2. and they can do the same things as any other programs running on a computer.8 hours per infection. found that the rate of virus infection in North America in 2001 was 113 infections per 1000 computers—meaning that more than 10% of all computers they surveyed had been hit by a virus. THE HARMS CAUSED BY COMPUTER VIRUSESNot a month goes by without another big-time virus scare. viruses are nasty little bits of computer code. since they damage files and may cause other problems in the process of spreading. McAfee. But viruses can't do any damage to hardware. while others don't do anything but try to spread themselves around.3 million computers were infected by the SirCam virus. it’s clear that computer viruses are costly to all concerned—in terms of both money and the time required to clean up after them.icsalabs. a company specializing in virus protection. these costs can be 9 . In short.S. estimates that two-third of U. The actual effect of any particular virus depends on how it was programmed by the person who wrote the virus.6 billion apiece.

then a probable cause is some sort of computer virus. In fact.  Your PC emits strange sounds. if it starts acting funny. Here are some symptoms to watch for:  Programs quit working or freeze up.  Friends and colleagues inform you that they’ve received strange e-mails from you.  The CAPS LOCK key quits working—or works intermittently. the problem just keeps getting worse.  Files increase in size. ICSA Labs estimates that virus cleanup costs large companies anywhere from $100. 10 . doing anything it didn’t do before. Diagnosing a Virus InfectionHow does one know if his/her computer has been infected with a virus? In short. that You don’t remember sending.  Computer freezes up or won’t start properly.staggering. this problem doesn’t look like it’s going to go away.  Documents become inaccessible.000 different viruses have been identified and catalogued with another half-dozen or so appearing every day. more than 53.  Strange messages or pictures appear onscreen. That’s real money.000 to $1 million each per year. Unfortunately.  Frequent error messages appear onscreen. To date.

Select an antivirus that has a consistent track record.HOW CAN YOU PROTECT YOURSELF? With dangerous viruses on the network. independent reviewers are your best bet for reasonable choices. Make some time to learn about securing your system. Some operating systems come with a firewall which only filters incoming traffic. If you want to open them. Keep your archive in a different location than the one your computer is in. because it is undesired and unsolicited and it overloads the Internet traffic.  Do not open e-mails coming from unknown or distrusted sources.  Make backups of important personal files (correspondence. Store these copies on removable media such as CD or DVD. This kind of messages is considered spam.  Avoid installing services and applications which are not needed in day-by-day operations in a desktop role.  Acquire and use a reliable firewall solution. first save them to your hard disk and scan them with an updated antivirus program.  Delete any chain e-mails or unwanted messages. what can computer users do to protect their systems? Here are just a few hints:  Don’t assume anything. Use a firewall that can control both incoming and outgoing Internet traffic. such as file transfer and file sharing servers. Make full use of this facility. Many viruses spread via email messages so please ask for a confirmation from the sender if you are in any doubt.  Do not open the attachments of messages with a suspicious or unexpected subject. Failure to patch your system often enough may leave it vulnerable to threats for which fixes already exist.  Do not copy any file if you don't know or don't trust its source. Do not forward them or reply to their senders. pictures and such) on a regular basis. Some operating systems and applications can be set to update automatically. remote desktop servers and the like. Such programs are potential hazards. and should not be installed if not absolutely necessary.  Acquire and use a reliable antivirus program.  Update your system and applications as often as possible. 11 . Check the source (provenance) of files you download and make sure that an antivirus program has already verified the files at their source. Again. documents.

who then include information about the new viruses in their dictionaries. a known virus can be detected immediately upon receipt. opens.HOW DOES ANTI-VIRUS SOFTWARE WORK? An anti-virus software program is a computer program that can be used to scan files to identify and eliminate computer viruses and other malicious software (malware). If a piece of code in the file matches any virus identified in the dictionary. To be successful in the medium and long term. which encrypt parts of themselves or otherwise modify themselves as a method of disguise. In this way. virus authors have tried to stay a step ahead of such software by writing "polymorphic viruses". and when the files are e-mailed. civically minded and technically inclined users can send their infected files to the authors of anti-virus software. and closes them. it refers to a dictionary of known viruses that have been identified by the author of the anti-virus software. quarantine it so that the file is inaccessible to other programs and its virus is unable to spread. then the anti-virus software can then either delete the file. As new viruses are identified "in the wild". 12 . the virus dictionary approach requires periodic online downloads of updated virus dictionary entries. with an emphasis on the virus dictionary approach. The software can also typically be scheduled to examine all files on the user's hard disk on a regular basis. or attempt to repair the file by removing the virus itself from the file. Anti-virus software typically uses two different techniques to accomplish this: Examining files to look for known viruses by means of a virus dictionary  Identifying suspicious behavior from any computer program which might indicate infection  Most commercial anti-virus software uses both of these approaches. Although the dictionary approach is considered effective. when the anti-virus software examines a file. VIRUS DICTIONARY APPROACHIn the virus dictionary approach. Dictionary-based anti-virus software typically examines files when the computer's operating system creates. so as to not match the virus's signature in the dictionary.

most modern antivirus software uses this technique less and less. and users probably become desensitized to all the warnings. Yet another detection method is using a sandbox. Thus. it also sounds a large number of false positives. by contrast. If the user clicks "Accept" on every such warning. 13 . However. doesn't attempt to identify known viruses. then the anti-virus software is obviously useless to that user. for example. This problem has especially been made worse over the past 7 years. the suspicious behavior approach therefore provides protection against brand-new viruses that do not yet exist in any virus dictionaries. Because of performance issues this type of detection is normally only performed during on-demand scans. If one program tries to write data to an executable program. Unlike the dictionary approach. OTHER WAYS TO DETECT VIRUSES Some antivirus-software will try to emulate the beginning of the code of each new executable that is being executed before transferring control to the executable. the sandbox is analyzed for changes which might indicate a virus. since many more nonmalicious program designs chose to modify other .SUSPICIOUS BEHAVIOR APPROACH The suspicious behavior approach. this method results in a lot of false positives. this is flagged as suspicious behavior and the user is alerted to this. and asked what to do. one could assume that the executable has been infected with a virus. A sandbox emulates the operating system and runs the executable in this simulation. If the program seems to be using self-modifying code or otherwise appears as a virus (it immediately tries to find other executables). However. but instead monitors the behavior of all programs.exes without regards to this false positive issue. After the program has terminated.

Unfortunately. without the need of anti-virus software. such as not downloading and executing unknown programs from the Internet. would slow the spread of viruses. User education is as important as anti-virus software. many popular anti-virus programs do not have this and thus are often unable to detect encrypted viruses. if Microsoft would fix security flaws in Microsoft Outlook and Microsoft Office related to the execution of downloaded code and to the ability of document macros to spread and wreak havoc.ISSUES OF CONCERNMacro viruses. Computer users should not always run with administrator access to their own machine. and without the need of all users to buy anti-virus software. arguably the most destructive and widespread computer viruses. There are various methods of encrypting and packing malicious software which will make even well-known viruses undetectable to anti-virus software. and for the public to panic over the threat. simply training users in safe computing practices. Detecting these "camouflaged" viruses requires a powerful unpacking engine. 14 . Companies that sell anti-virus software seem to have a financial incentive for viruses to be written and to spread. If they would simply run in user mode then some types of viruses would not be able to spread. could be prevented far more inexpensively and effectively. which can decrypt the files before examining them.

CONCLUSIONComputer viruses are malicious computer programs. While there are many different types of viruses. Viruses have been around almost as Long as computers themselves. 15 . designed to spread rapidly and deliver various types of destructive payloads to infected computers. the best protection against them is to exhibit extreme caution when downloading files from the Internet and opening e-mail attachments and to religiously avail yourself of one of the many antivirus software programs currently on the market. and they account for untold billions of dollars of damage every year.


Sign up to vote on this title
UsefulNot useful