‫كــلــيـــة هندسة الحاسوب والمعلوماتية‬

Faculty of Computer &Informatics Engineering

Information Systems Security

LAB
Eng. Christine Zenieh

Viruses
Viruses are self-replication programs that reproduce their own codes by
attaching themselves to other executable codes. They operate without the
permissions or knowledge of the computer users.

However, we should remember that viruses infect outside machines only

with the assistance of a computer user. These can happen by clicking a
file that comes attached with email from an unknown person, plugging a
USB without scanning, opening unsafe URLs for that reason.

Characteristics of Viruses
Following are the characteristics of viruses that infect our computers.

 They reside in a computer’s memory and activate themselves while

the program that is attached starts running.
For example − They attach themselves in general to
the explorer.exe in windows OS because it is the process that is
running all the time, so you should be cautious when this process
starts to consume too much of your computer capacities.

 They modify themselves after the infection phase like they source
codes, extensions, new files, etc. so it is harder for an antivirus to
detect them.
  They always try to hide themselves in the operating systems in the
following ways:

o Encrypt themselves into cryptic symbols, and they decrypt

themselves when they replicate or execute.

The virus can cause the following to your computer:

 It may delete important data from your computer to gain space for
their processes.
 It may avoid detection by redirection of disk data.
 It may perform tasks by triggering an event with itself. For
example, this happens when in an infected computer pop-up tables
etc., show up automatically on the screen.
 They are common in Windows and Mac OS because these
operating systems do not have multiple file permissions and are
more spread out.

Working Process of Viruses and how to clean them

Malwares attach themselves to programs and transmit to other programs
by making use of some events, they need these events to happen because
they cannot:

 Start by themselves
 Transmit themselves by using non-executable files
 Infect other networks or computer

Detecting a Computer Error from a Virus Infection

In this section we will treat how to detect a computer or OS fault from a
virus because sometimes people mix the symptoms.

The following events are most likely not caused by a virus:

 Error while the system is booting in bios stage, like Bios’s battery
cell display, timer error display.
 Hardware errors, like beeps RAM burn, HDD, etc.
 If a document fails to start normally like a corrupted file, but the
other files can be opened accordingly.
Syrian Private University Information Systems Security LAB
Faculty of Computer &Informatics Engineering
2
  Keyboard or mouse doesn’t answer to your commands; you have to
check the plug-ins.
 Monitor switching on and off too often, like blinking or vibrating,
this is a hardware fault.

On the other hand, if you have the following signs in your system, you
should check for viruses.

 Your computer shows a pop-up or error tables.

 Freezes frequently.
 It slows down when a program or process starts.
 Third parties complain that they are receiving invitation in social
media or via email by you.
 Files extensions changes appear or files are added to your system
without your consent.
 Internet Explorer freezes too often even though your internet speed
is very good.
 Your hard disk is accessed most of the time as you can see from
the LED light on your computer case.
 OS files are either corrupted or missing.
 If your computer is consuming too much bandwidth or network
resources this is the case of a computer worm.
 Hard disk space is occupied all the time, even when you are not
taking any action, for example installing a new program.
 Files and program sizes changes comparing to its original version.

Some Practical Recommendations to Avoid Viruses

 Don’t open any email attachment coming from unknown people or
from known people that contain suspicious text.
 Don’t accept invitation from unknown people on social media.
 Don’t open URL sent by unknown people or known people that are
in any weird form.

Syrian Private University Information Systems Security LAB

Faculty of Computer &Informatics Engineering
3
 How to Create a Virus
1- Determine what operating system you are going to attack:

The most common target is Microsoft Windows, especially older

versions. Many old Windows users do not update their operating system,
leaving them vulnerable to security holes that may be fixed in newer
versions.

Mac OS X and Linux are both fairly virus-proof due to the way
permissions work and the general architecture of the operating system.
95% of all viruses target Windows users.

2- Decide how you want it to spread

A virus is only a virus if it can spread to other users. You will need to
figure out the delivery method before beginning, as it is one of the
fundamentals of the virus's code. Common delivery mechanisms include:

 Executable file (.EXE, .BAT, .COM etc.) - This program needs to

be run by the user, and is often disguised as something else (such
as an image).
 Macro (Microsoft Office) - Macros are programs that are
embedded into a document or email. They target Word, Outlook,
and other macro-enabled products. The most common method of
delivery is via email with an infected document attached.
 Web script - These are pieces of malicious code that are injected
into sites without the webmasters' knowledge.

3- Determine the weak spot that you want to target.

Successful viruses exploit weak spots in a program's or system's security

to spread and carry out their actions. This requires a lot of research.

4- Decide what you want your virus to do.

Once your virus has infected a system, what do you want it to do? Effects
can range from nothing, to displaying a message, to deleting files, and
much worse. Be aware that creating and spreading a malicious virus is a
serious crime in most countries.

Syrian Private University Information Systems Security LAB

Faculty of Computer &Informatics Engineering
4
 5- Choose a language

More complex viruses often involve several languages. For really

effective viruses, you will need to be familiar with assembly languages.

 If you're interested in making executable viruses, C or C++ is a

good place to start.
 If you want to make macro viruses, learn the macro language for
your target programs such as Microsoft Office.
 Visual Basic can be used to create malicious programs for
Windows users.

6- Start writing your virus

Experiment as much as possible, and research ways to replicate your code

depending on the language you are using.

 Research polymorphic code. This will alter the code of your virus
every time it replicates, making it difficult to track with antivirus
programs. Polymorphic code is fairly advanced, and is
implemented differently in every language.

7- Research ways to hide your code.

Besides polymorphic coding, there are other ways to hide your

virus. Encryption is a very common tool used by virus developers.

8- Test your virus.

Once you have a prototype up and running, test it out on as many

different machines and setups as possible. This will be easiest if you are
able to set up virtual machines in different configurations.

 Make sure that you keep your tests contained so that you don't
accidentally release your virus before you are ready. Put the test
machines on an isolated network and see the effects of the virus
spreading.

Syrian Private University Information Systems Security LAB

Faculty of Computer &Informatics Engineering
5
 9- Release your virus.

If you're satisfied with your virus's performance, it's time to release it.
Before you do, however, ask yourself if you're prepared to face any
consequences that may come from releasing a virus into the wild.

Syrian Private University Information Systems Security LAB

Faculty of Computer &Informatics Engineering
6