Computer Computer Viruses Viruses Susan Rascati Susan Rascati

CS30 Section 11CS30 Section 11

George Washington George Washington UniversityUniversity

What is a Virus? What is a Virus?

A virus is a self-reproducing A virus is a self-reproducing program that can infect other program that can infect other programs by modifying them programs by modifying them to include, a possibly to include, a possibly evolved, copy of itself.evolved, copy of itself.

What is meant by What is meant by infection? infection?

A virus infects by inserting A virus infects by inserting itself into the chain of itself into the chain of command so that when one command so that when one attempts to execute the attempts to execute the original program the virus as original program the virus as well (or in more extreme well (or in more extreme cases, instead) is executedcases, instead) is executed

3 Main Components 3 Main Components

INFECTION : The method in INFECTION : The method in which the virus spreadswhich the virus spreads

PAYLOAD: What the virus PAYLOAD: What the virus does besides replication.does besides replication.

TRIGGER: The routine that TRIGGER: The routine that decides when the payload is decides when the payload is delivered.delivered.

Mandatory Components Mandatory Components

Only the INFECTION Only the INFECTION mechanism is mandatory mechanism is mandatory component of a viruscomponent of a virus

Viral DamageViral Damage

Deliberate Damage Deliberate Damage

Deliberate damage is what is Deliberate damage is what is inflicted by the virus payloadinflicted by the virus payload

Can range from completely benign Can range from completely benign results such as running the screen results such as running the screen message “I WANT A COOKIE” to message “I WANT A COOKIE” to corrupting files and destroying a corrupting files and destroying a hard drive hard drive

Accidental Damage Accidental Damage

Damage is caused when a virus Damage is caused when a virus attempts to attach itself to the system attempts to attach itself to the system

The virus can accidentally corrupt The virus can accidentally corrupt areas and inadvertently inhibit a user areas and inadvertently inhibit a user from opening files or booting up the from opening files or booting up the computercomputer

Such actions are considered Such actions are considered accidental because they are not the accidental because they are not the part of the payload mechanismpart of the payload mechanism

Incidental Damage Incidental Damage

All viruses, even benign ones, All viruses, even benign ones, causecause

some loss of computer some loss of computer performance:performance:MemoryMemoryDisk spaceDisk spaceClock cyclesClock cycles

How to prevent a virus How to prevent a virus

Avoid opening email attachment Avoid opening email attachment from senders you do not knowfrom senders you do not know

Be very particular about the type of Be very particular about the type of freeware and software that you freeware and software that you chose to use and download chose to use and download

Use anti-virus software to scan ALL Use anti-virus software to scan ALL files and documents before they are files and documents before they are opened on the hard drive opened on the hard drive

Anti-Virus Software Anti-Virus Software

The greatest method of virus prevention The greatest method of virus prevention isis

anti-virus software.anti-virus software.

It will scan your hard drive every time theIt will scan your hard drive every time thecomputer is turned on. Ideally, these programscomputer is turned on. Ideally, these programssearch for behaviors characteristic to viruses,search for behaviors characteristic to viruses,isolate the infected files, and remove the virusisolate the infected files, and remove the virusfrom the software. from the software.

Update Anti-Virus Update Anti-Virus SoftwareSoftware

In order to ensure complete In order to ensure complete protection, one must do more protection, one must do more than simply buy and install such than simply buy and install such programsprograms

While most software can identify While most software can identify the most common viruses, on the most common viruses, on average 3-5 new strains are average 3-5 new strains are discovered every day discovered every day

Update Anti-Virus Update Anti-Virus SoftwareSoftware

Many anti-virus companies such as Many anti-virus companies such as Symantec and McAfee maintain websites Symantec and McAfee maintain websites that contain the most up-to-date virus that contain the most up-to-date virus informationinformation

The most recent virus information can The most recent virus information can be downloaded to your existing software be downloaded to your existing software allowing you to detect the new strains allowing you to detect the new strains

These websites also offer instruction on These websites also offer instruction on how to remove certain viruses should how to remove certain viruses should your computer become infected your computer become infected

OH NO! I have a virus! OH NO! I have a virus!

If all prevention methods fail If all prevention methods fail and yourand your

computer manages to get computer manages to get infected – don’t panic!infected – don’t panic!

Is it even a Virus? Is it even a Virus?

It may look like a virus, but it might It may look like a virus, but it might be a JOKE or a TROJAN HORSE be a JOKE or a TROJAN HORSE

The main difference: Viruses modify The main difference: Viruses modify other files, jokes and Trojan horses other files, jokes and Trojan horses exist in only one file and thus can be exist in only one file and thus can be removed through the deletion of that removed through the deletion of that file file

How to Tell How to Tell

Most likely it is a Virus if:Most likely it is a Virus if:1.1. It reads as a common, older virusIt reads as a common, older virus

2.2. Scanner finds it in file or boot Scanner finds it in file or boot sector today, it wasn’t found sector today, it wasn’t found yesterday, and you have not yesterday, and you have not updated your scanner files updated your scanner files

3.3. Scanner finds two instances of the Scanner finds two instances of the virus in the same computer virus in the same computer

How to Tell How to Tell

Most likely it is NOT a virus if: Most likely it is NOT a virus if: 1.1. Your scanner only finds one Your scanner only finds one

infected file, and it is a file you use infected file, and it is a file you use all the time all the time

2.2. Scanner only identifies something Scanner only identifies something as a “possible virus” as a “possible virus”

Virus vs. HoaxVirus vs. Hoax

Don’t believe all that you read. Don’t believe all that you read.

Many emails you receive warning of Many emails you receive warning of deadly viruses are HOAXES; they deadly viruses are HOAXES; they

describe phony viruses! describe phony viruses!

It is Probably a Hoax if It is Probably a Hoax if it…it…

Reports that it will cause horrific Reports that it will cause horrific damage to the PCdamage to the PC

Uses very technical language to which Uses very technical language to which the user is most likely not familiarthe user is most likely not familiar

Is written in very motive language, Is written in very motive language, such as all capital letters to influence such as all capital letters to influence its power and urgency its power and urgency

Tells you that you MUST email it to as Tells you that you MUST email it to as many people as possible in order to many people as possible in order to avoid an awful, viral fate! avoid an awful, viral fate!

If it If it definitelydefinitely is a virus is a virus

Don’t panic, instead: Don’t panic, instead: Contain, Contain, Control, KillControl, Kill

First you want to prevent further First you want to prevent further spread of the virus. spread of the virus.

Limit the use of the infected Limit the use of the infected workstation workstation

Learn everything you can about the Learn everything you can about the virus so that you are fully prepared virus so that you are fully prepared for all that it might do to the PCfor all that it might do to the PC

Kill the Virus Kill the Virus

Search for solutions, either on-line at Search for solutions, either on-line at subscriber anti-virus sites such as subscriber anti-virus sites such as www.service.symantec.comwww.service.symantec.com

or public sites such as or public sites such as www.virusinformationcenter.comwww.virusinformationcenter.com

Follow the directions for virus Follow the directions for virus extermination extermination

If you cannot alone exterminate the If you cannot alone exterminate the virus, call in the experts virus, call in the experts