Computer Viruses

By-Anubhav Sinha

IX A

What’s Inside?

• What is a virus?• More about virus • Who wrote it and why?• How do they spread?• Kinds of virus……………….

• What is a worm?• Difference between virus and

worms• 2014

What is a virus?

– An executable code

– That could make copies of itself or attach itself to other executable codes

– Most of computer viruses have their latency period.

– Attack programs or data on your hard drive on a specific day when conditions has been fulfilled.

More about Virus…..

• A virus is a small piece of software that piggybacks on real programs.

• Computer viruses are called viruses because they share some of the same traits of biological viruses.

Who write virus and why?

To prove their own theories.– To see if they can do it.– People who are political, religionary

ardor.– People usually publish their virus

source codes in BBSes or the Internet for users who are interested in computer virus programming.

–Most of them belong to specific organizations

Difference between a worm and a virus

• Virus– Usually small size programs ( 3-30k )– Designed to evade detection

•Worm– Sends itself to other systems– Bigger in size than virus– Not easy to write

From where does these virus spread?

•Medium– Hard disk , Floppy disks , Tape– Optical media– Memory

• Internet– E-mail attachments– .exe .bat .vbs

• Research : One in every five hundred e-mail messages contain a virus.

Kinds of virus

Memory Resident Virus

Hideout: This type of virus hides in the RAM and stays there even after the malicious code is executed

• Target: It can corrupt files and programs that are opened, closed, copied, renamed, etc.

• Examples: Randex, CMJ, Meve, and MrKlunky

• Protection: Install an antivirus program.

Direct Action Viruses

Hideout: The viruses keep changing their location into new files whenever the code is executed, but are generally found in the hard disk's root directory.

• Target: It can corrupt files.• Examples: Vienna virus• Protection: Install an antivirus scanner.

Overwrite Viruses

Hideout: The virus replaces the file content. However, it does not change the file size.

• Examples: Way, Trj.Reboot, Trivial.88.D

• Protection: The only way to clean a file infected by an overwrite virus is to delete the file completely, thus losing the original content.

Boot Sector Virus

• HIdeout: It hides in the memory until DOS accesses the floppy disk, and whichever boot data is accessed, the virus infects it.

• Examples: Polyboot.B, AntiEXE• Protection: Ensure that floppy disks

are write-protected

Macro Virus

Hideout: These hide in documents that are shared via e-mail or networks.Examples: Relax, Melissa. A, Bablas, O97M/Y2Protection: Avoid opening e-mails from unknown senders. Also, disabling macros can help to protect your useful data.

Polymorphic Virus

Polymorphic viruses encrypt or encode themselves in a different way (using different algorithms and encryption keys) every time they infect a system.Examples: Elkern, Marburg, Satan Bug and Tureen.Protection: Install a high-end antivirus as the normal ones are incapable of detecting this type of virus.

FAT Virus

Hideout FAT virus attacks the FAT section and may damage crucial information. It can be especially dangerous as it prevents access to certain sections of the disk where important files are stored. Examples: Link VirusProtection: Before the virus attacks all the files on the computer, locate all the files that are actually needed on the hard drive, and then delete the ones that are not needed.

Multipartite Virus

Hideout: In the initial phase, these viruses tend to hide in the memory as the resident viruses do; then they infect the hard disk.Examples: Invader, Flip and TequilaProtection: You need to clean the boot sector and also the disk to get rid of the virus, and then reload all the data in it.

Trojans

• Trojans In fact, it is a program which disguises itself as a useful program or application.

▶ Beware of the fact that these viruses copy files in your computer (when their carrier program is executed) that can damage your data, and even delete it.

2014's Worst Viruses

! Flame: It is said to be the first of its kind that uses Bluetooth as the spread medium. It was first detected in a Russian lab.

! Belgian Computer Crime Virus: This virus spread globally and asked the users for some vital information and a processing fee, claiming that it was for police records.

! Shamoon: This virus is dangerous as it creates files of the data on your hard disk, and then this compiled data is sent to the attacker.