"a computer virus is a

computer program, hidden

within another, that can
infect other computer
programs by modifying
them in such a way as to
include a (possibly
evolved) copy of itself
These usually infect arbitrary COM and/or
EXE programs,though some can infect any
program for which execution or
interpretation is requested, such as SYS,
OVL, OBJ, PRG, MNU and BAT files.

Origins
People create viruses. A person has to
write the code, test it to make sure it
spreads properly and
then release the virus. A person also
designs the virus's attack phase, whether
it's a silly message or
destruction of a hard disk. So why do
people do it?
There are at least three reasons. The first is
the same psychology that drives vandals
and arsonists.
Why would someone want to bust the
window on someone else's car, or spray-
paint signs on
buildings or burn down a beautiful forest?
For some people that seems to be a thrill. If
that sort of
person happens to know computer
programming, then he or she may funnel
energy into the creation
of destructive viruses.
The second reason has to do with the thrill
of watching things blow up. Many people
have a
fascination with things like explosions and
car wrecks. When you were growing up,
there was probably a kid in your
neighborhood who learned how to make
gunpowder and then built bigger and
bigger bombs until he either got bored or
did some serious damage to himself.
Creating a virus that
spreads quickly is a little like that -- it
creates a bomb inside a computer, and the
more computers that
get infected the more "fun" the explosion.
The third reason probably involves bragging
rights, or the thrill of doing it. Sort of like
Mount Everest.
The mountain is there, so someone is
compelled to climb it. If you are a certain
type of programmer
and you see a security hole that could be
exploited, you might simply be compelled to
exploit the hole
yourself before someone else beats you to
it. "Sure, I could TELL someone about the
hole. But
wouldn't it be better to SHOW them the
hole???" That sort of logic leads to many
viruses.
Of course, most virus creators seem to
miss the point that they cause real damage
to real people with
their creations. Destroying everything on a
person's hard disk is real damage. Forcing
the people
inside a large company to waste thousands
of hours cleaning up after a virus is real
damage. Even a
silly message is real damage because a
person then has to waste time getting rid of
it. For this
reason, the legal system is getting much
harsher in punishing the people who create
viruses.
History
Traditional computer viruses were first
widely seen in the late 1980s, and they
came about because of
several factors. The first factor was the
spread of personal computers (PCs). Prior
to the 1980s, home
computers were nearly non-existent or they
were toys. Real computers were rare, and
they were
locked away for use by "experts." During
the 1980s, real computers started to spread
to businesses
and homes because of the popularity of the
IBM PC (released in 1982) and the Apple
Macintosh
(released in 1984). By the late 1980s, PCs
were widespread in businesses, homes and
college
campuses.
The second factor was the use of computer
bulletin boards. People could dial up a
bulletin board
with a modem and download programs of
all types. Games were extremely popular,
and so were
simple word processors, spreadsheets, etc.
Bulletin boards led to the precursor of the
virus known as the Trojan horse. A Trojan
horse is a program that sounds really cool
when you read about it. So you
download it. When you run the program,
however, it does something uncool like
erasing your disk. So
you think you are getting a neat game but it
wipes out your system. Trojan horses only
hit a small
number of people because they are
discovered quickly. Either the bulletin board
owner would erase
the file from the system or people would
send out messages to warn one another.
The third factor that led to the creation of
viruses was the floppy disk. In the 1980s,
programs were
small, and you could fit the operating
system, a word processor (plus several
other programs) and
some documents onto a floppy disk or two.
Many computers did not have hard disks,
so you would
turn on your machine and it would load the
operating system and everything else off of
the floppy
disk.
Viruses took advantage of these three facts
to create the first self-replicating programs.

Symptoms of a
computer virus:
•The computer runs slower than usual.
•The computer crashes, and then it restarts every
few minutes.
•Applications on the computer do not work correctly.
•Disks or disk drives are inaccessible.
•You see unusual error messages.
•An antivirus program cannot be installed on the
computer, or the antivirus program will not run.
•New icons appear on the desktop that you did not
put
•Increases the use of disk space and
 growth in file size as virus gets
attached itslef to many files.
•Frequently hangs of the system.
•Shows abnormal write protect error.
•Displays a change in data against the
filename in the directory, when a
virus modifies the file.
•Reformats the hard disk.
•Erase files
•Scramble data on a hard disk
•Cause erratic screen behavior
•Halt the P
•

denial-of-service attack (A denial-

•

of-service attack is an attack that

causes a loss of service to users,
typically the loss of network
connectivity and services by
consuming the bandwidth of the
 victim network or overloading the
computational resources of the
victim system.)
… and basically any other nasty thing
•

you can think of.

Difference Between a
Virus, Worm and Trojan
Horse
•Virus cannot replicate themselves but
worm and trojan can do that.
•A virus cannot be spread without a human
action such as running an infected file or
program but worm and trojan have the
capabilities to spread themselves
automatically from computer to computer
through network connetion.
•A virus do not consume system memory
but worm consumes too much system
memory and network bandwidth because
 of their copying nature.
•Trojans are used by malicious users to
access your computer information but
viruses and worms can’t do so, they
simply infect your computer.

Trojan Horse
A Trojan virus is one that opens your
computer up to malicious users allowing
them to read your files.

Worm
It is a self­replicating program, 
similar to a computer virus. A virus 
attaches itself to, and becomes part 
of, another executable program; 
however, a worm is self­contained 
and does not need to be part of 
another program to propagate itself. 
A worm is a computer program that has
the ability to copy itself from machine to
machine. Worms normally move around
and infect other machines through
computer networks. Using a network, a
worm can expand from a single copy
incredibly quickly. For example, the Code
Red worm replicated itself over 250,000
times in approximately nine hours on July
19, 2001.
A worm usually exploits some sort of
security hole in a piece of software or the
operating system.
For example, the Slammer worm (which
caused mayhem in January 2003) exploited
a hole in Microsoft's SQL server.

How Does a Computer Get

a Virus?
•On downloading files from the
 Internet.
•On opening an e-mail attachment.
•On copying programs or files from
any other infected computer.
Here are some statistics we
found on the web:
•Over 85% of all the known viruses are
for Microsoft platforms (nearly all the
self-propagating worms are as well)
•Slightly less than 52,000 are viruses for

DOS/Windows/NT platforms
- about 6000 of these are Word macro
viruses
- about 150-200 of these are known to
be widespread "in the wild"
- in 1999, approximately 650 new
viruses were reported each month
(more than 20 a day)
•About 5 are for Linux/Unix/etc, but none

have been found in quantity "in the wild",

nor would they be likely to spread very far
 if they were "loose"
•None are for BeOS, ErOS, or other small-
population systems.

•Question: can we reduce the risk

of getting a virus infection by
not using Microsoft products?
•Fred Cohen’s example virus:
program virus := { 1234567;
subroutine infect-executable := {
loop:file = get-random-executable-file;
if first-line-of-file = 1234567 then goto loop;
prepend virus to file; }
subroutine do-damage := { whatever damage is to be
done }
subroutine trigger-pulled := { return true if some
condition holds }
main-program := {
infect-executable;
if trigger-pulled then do-damage;
goto next;}
next:
}
Different phases
of a Virus
• Most viruses have two phases
to their existence, the infection
phase and the attack phase.
All viruses have an infection
phase, but not all have an
attack phase.
• During the infection phase, the
virus spreads itself. If a virus
infects too fast, it is usually
easy for anti-virus programs to
spot. Therefore many try to be
subtle about it.
• Viruses can be spread by
innocent people that are just
doing their daily routine.
Infected files can be spread in
the following ways: by
 diskettes, networks, bulletin
boards, or e-mail attachments.
Infected files can be stored on
servers, floppy disks, hard
drives, and CDs. Infected files
can even be found on new
hardware or software.
• Example: File Virus Infection
Phase
• "Your friend gives you a game on a
disk. The game has an infected file
that you don't know about. Each
time you play the game, the virus
copies itself into another program
without you knowing. Now,
whenever either of the programs
are executed, the virus is copied.
This continues as the virus infects
the rest of the computer. If any of
the files are transferred to a floppy
disk or e-mail attachment, and they
are put on another computer, the
process starts again"
 • On viruses that do have an attack
phase, the attack phase is set off
by a trigger, such as a time or
date. The attack phase is when the
virus causes damage or other
unwanted system behavior. In
order to make sure it has spread,
viruses often delay the attack
phase, sometimes for years.
• The attack phase has a wide range
of severity. Although all viruses
take up space and use system
resources, some do little more
damage. Some viruses display
messages but then others can
crash your hard drive completely.
They can even corrupt your backup
files if you're not careful.

CONCLUSION
In just over a decade, most of us have
been familiar with the term computer
virus. Even those of us who don't
know how to use a computer have
heard about viruses through
Hollywood films such as Independence
Day or Hackers (though Hollywood's
depiction of viruses is usually highly
inaccurate). International magazines
and newspapers regularly have virus-
scares as leading stories. There is no
doubt that our culture is fascinated by
the potential danger of these viruses.
Many people believe the worst a virus
can do is format your hard disk. In
fact, this type of payload is now
harmless for those of us who back up
our important data. Much more
destructive viruses are those which

subtly corrupt data .

But don’t lay the blame for viruses
on the technology or the machines
that executes that technology. The
fundamental truth about computer
viruses is that they are a people
problem. People create viruses for
various reasons. People
disseminate virus infections either
deliberately or as a result of the
very human traits of innocence,
ignorance, or carelessness. And the
people who are the potential
victims of this phenomenon can
acquire the knowledge to turn a
real threat into a reasonably
calculated risk that they can
handle.
TYPES OF VIRUSES
Boot sector Viruses - infect the boot
sector of the boot disk of a computer
operating
system.
Non-resident Viruses - infect
application files and are run when the
application runs.
Typically the virus is prepended to the
application source code for an
interpreted
application.
Resident Viruses - install
themselves into memory when they
run. Having done this they
hand over control to the host
application.
Fast infecter Viruses - are
programmed to spread as rapidly as
possible to reduce the
risk of the virus being wiped out once
introduced into the wild.
Slow infecter Viruses - are
designed to find other targets to infect
infrequently. By
spreading slowly this kind of virus is
less likely to be detected.
Companion Viruses - do not modify
the infection target directly but are
stored in a
separate file.
Macro Viruses - use the macro
programming languages which are
embedded within
popular applications e.g. Word and
Excel.
Cross Site Scripting (XSS) Viruses
- exploit a combination of
vulnerabilities present in
both web server applications and web
browsers.
Stealth Viruses - viruses which trap
interrupts to open a file and cause any
application
that reads the file containing them to
see only the uninfected file.
Polymorphic and metamorphic
Viruses - viruses which modify their
code every time
they infect another target so they can
only be detected using heuristic
measures rather
than static code signatures.
Disabling anti-virus software. If a
virus detects the presence of a known
anti-virus
program on a system it infects, it will
modify the anti-virus software to
disable
components of this.
A computer virus can cause
devistation and chaos among the
computer industry if dangerous
enough.
For this reason, the majority of the
world has made it punishable under
the law to create computer
viruses for the intent to cause
disruption. Viruses have been around
since binary was first invented, and
will remain a threat to unmaintained
and ill formed software programs.
Only through proper measures
can an individual become educated of
possible damages of viruses, and
procedures at which to prevent
them. Viruses are commiting no illegal
action with regards to the computers
interworkings, but only
through the eyes of the user, are
viruses effective.

WHY COMPUTER VIRUS IS CALLED

VIRUS :P ??
Etymology
The word virus is derived from and
used in the same sense as the
biological
equivalent. The term "virus" is often
used in common parlance to describe
all kinds
of malware (malicious software),
including those that are more properly
classified as
worms or Trojans. Most popular anti-
virus software packages defend
against all of
these types of attack. In some
technical communities, the term
"virus" is also
extended to include the authors of
malware, in an insulting sense. The
English plural
of "virus" is "viruses". Some people
use "virii" or "viri" as a plural, but this
is rare. For
a discussion about whether "viri" and
"virii" are correct alternatives of
"viruses", see
plural of virus.
The term "virus" was first used in an
academic publication by Fred Cohen
in
his 1984 paper Experiments with
Computer Viruses, where he credits
Len Adleman
with coining it. However, a 1972
science fiction novel by David Gerrold,
When
H.A.R.L.I.E. Was One, includes a
description of a fictional computer
program called
"VIRUS" that worked just like a virus
(and was countered by a program
called
"VACCINE"). The term "computer
virus" with current usage also appears
in the
comic book Uncanny X-Men #158,
written by Chris Claremont and
published in
1982. Therefore, although Cohen's
use of "virus" may, perhaps, have
been the first
"academic" use, the term had been
used earlier.
Computer viruses are called viruses because
they share some of the traits of biological
viruses. A computer virus passes from
computer to computer like a biological virus
passes from person to
person. There are similarities at a deeper level,
as well. A biological virus is not a living thing. A
virus is a fragment of DNA inside a protective
jacket. Unlike a cell, a virus has no way to do
anything or to reproduce by itself -- it is not
alive. Instead, a biological virus must inject its
DNA into a cell. The viral DNA then uses the
cell's existing machinery to reproduce itself. In
some cases, the cell fills with new viral particles
until it bursts, releasing the virus. In other
cases, the new virus particles bud off the cell
one at a time, and the cell remains alive.
A computer virus shares some of these traits. A
computer virus must piggyback on top of some
other program or document in order to get
executed. Once it is running, it is then able to
infect other programs or documents. Obviously,
the analogy between computer and biological
viruses stretches things a bit, but there are
enough similarities that the name sticks.