Programme Name: Computer Engineering Academic Year: 2023-2024

Program Code: CO6I

Course Name and Code: NIS (22620) Semester: VI

A STUDY ON

Study On Virus and worms

MICRO PROJECT REPORT

Submitted in April 2024 by the group of 4 students

Sr. Roll Enrolment No Exam Seat No

No No
Full name of Student
1 14 Desale Bhagyashri Zhiparu 2100590066 392334

2 17 Desale Pranjal Tushar 2100590069 392337

3 31 Lasi Mahek Govind 2100590099 392359
4 63 Rajaput Diksha Pravinsing 2100590153 392398

Under the Guidance of

Ms. R. S. Patil
in
Three Years Diploma Programme in Engineering & Technology of
Maharashtra State Board of Technical Education, Mumbai
(Autonomous) ISO 9001: 2008 (ISO/IEC-27001:2013)
at

0059 - Shri Shivaji Vidya Prasarak Sanstha’s

Bapusaheb Shivajirao Deore Polytechnic, Vidyanagari, Deopur, Dhule-424005.
 MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION, MUMBAI

Certificate

This is to certify that,

Sr. Roll Full name of Student Enrollment Exam
No No No Seat No

1 14 Desale Bhagyashri Zhiparu 2100590066 392334

2 17 Desale Pranjal Tushar 2100590069 392337
3 31 Lasi Mahek Govind 2100590099 392359
4 63 Rajaput Diksha Pravinsing 2100590153 392398

students of SIX Semester, Diploma Programme in Engineering & Technology at 0059 -

Shri Shivaji Vidya Prasarak Sanstha’s Bapusaheb Shivajirao Deore Polytechnic- Dhule,
has completed the Micro Project satisfactorily in Subject Network Information Security
(22620) in the academic year 2023-2024 as prescribed in the MSBTE curriculum of I Scheme.

Place: Dhule

Date: / 04 / 2024

Project Guide Head of the Department Principal

Institute
 PART A- MICRO PROJECT PROPOSAL

Title: Study On Virus and worms

1.0 Brief Introduction

In this project we are going to introduce Virus and worms, virus is a computer program
that can copy itself and infect a computer without permission or knowledge of the user. A
virus might corrupt or delete data on a computer, use e-mail programs to spread itself to other
computers, or even erase everything on a hard disk.
A worm is a type of malware or malicious software that can replicate rapidly and spread
across devices within a network. As it spreads, a worm consumes bandwidth, overloading
infected systems and making them unreliable or unavailable. Worms can also change and
delete files or introduce other malware.
Computer viruses and network worms have evolved through a continuous series of
innovations, leading to the recent wave of fast-spreading and dangerous worms. A review of
their historical development and recent outbreaks leads to a number of observations. First,
while viruses were more common than worms initially, worms have become the predominant
threat in recent years, coinciding with the growth of computer networking. Second, despite
widespread use of firewalls and other network security equipment, worm outbreaks still occur
and will likely continue to be a threat for the near future. Third, recent worms are appearing
as a series of quick successive variants. Unlike the independent efforts of early viruses, these
variants suggest an increasing level of coordination among worm creators. Fourth, recent
worms have shown capabilities to spread faster and exploit more infection vectors. This trend
implies a more urgent need for automated, coordinated protection measures. Finally, more
dangerous payloads are becoming commonplace. This suggests that worm creators are using
worms for other objectives than simply infection, such as data theft and setting up denial of
service networks.
2.0 Aim of the Micro-Project

The aim of micro project is understanding the concept about the virus and worms and this
project is help to clear the concept of the virus and worm what is it, why is it harmful to our
computer , laptop etc
3.0 Course Outcomes

• To learn about virus and worms.

4.0 Proposed Methodology

A study on viruses and worms typically involves a literature review to understand their
characteristics and historical incidents. Clear objectives are defined, focusing on analyzing
propagation patterns and evaluating mitigation strategies. Experiments are conducted using
malware samples and network simulations to observe behavior and assess defense
mechanisms. Data collected is analyzed to identify patterns and trends, leading to insights for
improving cybersecurity practices. Results are documented in a research paper for publication,
contributing to the advancement of malware detection and mitigation techniques.

5.0 Resources Required

Sr. No. Name of Specifications Quantity Remarks

Resources

Hardware Desktop- PRH 1

1 computer 45k9(i5),
system RAM 8.00GB
And
(usable7.74GB)
Operating 64-bit Operating 1
2 system system,
Widows11
Home single
language
6.0 Action Plan

Sr. Planned Planned Name of responsible

No. Detail of Activity Start Finish team members
date Date
1. Gather the information Bhagyashri, Diksha

2. Gathering the requirement Pranjal, Mahek

3. Designing the Micro Bhagyashri, Pranjal

Project
4. Documentation Mahek, Diksha

5. Demonstration All member

 PART B – Micro-Project Report

Title: Study On Virus and worms

1.0Rationale

Studying viruses and worms is crucial due to their significant impact on computer systems and
networks. These malicious programs pose serious threats, causing data breaches, system
malfunctions, and financial losses for individuals and organizations. Understanding their
behavior, propagation methods, and evasion techniques is essential for developing effective
detection and mitigation strategies. By conducting research in this area, we can enhance
cybersecurity practices, improve threat intelligence, and ultimately strengthen the resilience of
computer systems and networks against malicious attacks. This study aims to contribute to the
ongoing efforts to combat malware threats and safeguard digital assets and infrastructure.

2.0 Course Outcomes Addressed

• We learn about virus and worms.

3.0 Literature Review

1) https://www.geeksforgeeks.org/difference-between-worms-andvirus
2) https://study.com/academy/lesson/types-of-computer-viruses-functions-
examples.html#:~:text=Computer%20viruses%20are%20classified%20into,cavity%2
0viruses%2C%20and%20polymorphic%20viruses.
3) https://logixconsulting.com/2021/12/23/breaking-four-the-4-phases-of-a-computer-
virus/
4) https://www.geeksforgeeks.org/types-of-virus/

4.0 Actual Methodology Used

Virus and worms: -

A computer virus is a program, wherein a code copies itself and replicates itself to other
programs/files on a device and may result in corrupting or damaging the device. A computer
worm is an independent malicious program, which when enters a system can start causing
harm/damage to the device.
Virus

Phases of Viruses: -
When most people think of malware, they envision viruses. Viruses are one of the most
common types of malwares. They consist of malicious software that can self-replicate while
spreading to other computers and devices. Different viruses work in different ways. Most of
them, however, use an infection cycle that’s comprised of the four following phases.

1) Dormant :-Viruses typically don’t self-replicate or otherwise cause harm upon infection.
Rather, they remain dormant. The first phase in a virus’s infection cycle is the dormant phase.
The virus won’t self-replicate, nor will it delete, capture or modify data on the infected
computer. The dormant phase lives up to its namesake by keeping the virus dormant and
inactive.

2) Propagation:-Following the dormant phase is the propagation phase. The propagation

phase is when the virus self-replicates. All viruses self-replicate. Self-replication, in fact, is
what distinguishes viruses from other types of malware During the propagation phase, viruses
will create copies of their malicious code, which they’ll store on other parts of the infected
computer’s disk drive.
The propagation phase may include a process known as morphing. Some viruses morph as
they self-replicate. Morphing means that the virus doesn’t create an exact copy of itself when
self-replicating. Rather, the virus changes its code. Morphing is designed to make viruses
harder to detect. If a virus morphs, it will typically do so during the propagation phase.

3) Trigger:-The third phase in a virus’s infection cycle is the trigger phase. The trigger phase
involves activation. Viruses aren’t considered active until they enter the trigger phase. Upon
entering the trigger phase, viruses will initiate their malicious activities.
Viruses can be programmed to activate in response to different triggers. A trigger
might be a minimum of self-replications, such as 100. Once the virus has self-replicated 100
times, it will enter the trigger phase. Alternatively, the trigger may consist of the passage of
time, such as 48 hours. After 48 hours have passed, the virus will enter the trigger phase.
Regardless, viruses have a trigger that causes them to activate and, thus, initiate their
malicious activities.
4) Execution:-The fourth and final phase of a virus’s infection is the execution phase. The
execution phase involves the release of a payload. Viruses have a payload. The payload is the
malicious code that’s designed to harm or otherwise negatively affect the targeted computer.
Some payloads can delete data. Others can cause unwanted pop-ups or advertisements

Types of Computer Virus

Discussed below are the different types of computer viruses:

1. Boot Sector Virus – It is a type of virus that infects the boot sector of floppy disks or
the Master Boot Record (MBR) of hard disks. The Boot sector comprises all the files
which are required to start the Operating system of the computer. The virus either
overwrites the existing program or copies itself to another part of the disk.
 Fig Boot Sector Virus

Direct Action Virus – When a virus attaches itself directly to a .exe or .com file and enters
the device while its execution is called a Direct Action Virus. If it gets installed in the memory,
it keeps itself hidden. It is also known as Non-Resident Virus.

Resident Virus – A virus which saves itself in the memory of the computer and then infects
other files and programs when its originating program is no longer working. This virus can
easily infect other files because it is hidden in the memory and is hard to be removed from
the system.

Multipartite Virus – A virus which can attack both, the boot sector and the executable files
of an already infected computer is called a multipartite virus. If a multipartite virus attacks
your system, you are at risk of cyber threat.
Overwrite Virus – One of the most harmful viruses, the overwrite virus can completely
remove the existing program and replace it with the malicious code by overwriting it.
Gradually it can completely replace the host’s programming code with the harmful code.

Polymorphic Virus – Spread through spam and infected websites, the polymorphic virus are
file infectors which are complex and are tough to detect. They create a modified or morphed
version of the existing program and infect the system and retain the original code.

File Infector Virus – As the name suggests, it first infects a single file and then later spreads
itself to other executable files and programs. The main source of this virus are games and
word processors.

Spacefiller Virus – It is a rare type of virus which fills in the empty spaces of a file with
viruses. It is known as cavity virus. It will neither affect the size of the file nor can be detected
easily.

Macro Virus – A virus written in the same macro language as used in the software program
and infects the computer if a word processor file is opened. Mainly the source of such viruses
is via emails.

Worms

A worm is a type of malware or malicious software that can replicate rapidly and spread
across devices within a network. As it spreads, a worm consumes bandwidth, overloading
infected systems and making them unreliable or unavailable. Worms can also change and
delete files or introduce other malware.

What is a computer worm?

A computer worm is a type of malware whose primary function is to self-replicate and infect
other computers while remaining active on infected systems.

A computer worm duplicates itself to spread to uninfected computers. It often does this by
exploiting parts of an operating system that are automatic and invisible to the user.
Typically, a user only notices a worm when its uncontrolled replication consumes system
resources and slows or halts other tasks. A computer worm is not to be confused with WORM,
or write once, read many
.
How do computer worms work?
Computer worms often rely on vulnerabilities in networking protocols, such as File Transfer
Protocol, to propagate.
After a computer worm loads and begins running on a newly infected system, it will typically
follow its prime directive: to remain active on an infected system for as long as possible and
spread to as many other vulnerable systems as possible.

For example, the WannaCry ransomware worm exploited a vulnerability in the first version
of the Windows Server Message Block (SMBv1) resource sharing protocol.

Once active on a newly infected computer, the WannaCry malware initiates a network search
for new potential victims: systems that respond to SMBv1 requests made by the worm. The
worm then continues to propagate within a network through these clients.

Malicious attackers can disguise a worm as a nonthreatening resource -- such as a work file
or link, which a user clicks on or downloads -- that's only later revealed as a worm. Worms
can contain malicious attachments, or payloads, that can delete files or let bad actors remotely
control users' computers.

As defined in the "Security of the Internet" report released in 1996 by the CERT Division of
the Software Engineering Institute at Carnegie Mellon University, computer worms are "self-
replicating programs that spread with no human intervention after they are started." In
contrast, the report noted that computer viruses are also "self-replicating programs, but
usually require some action on the part of the user to spread inadvertently to other programs
or systems."
What types of computer worms exist?

There are several types of malicious computer worms:

Email worms

Email worms work by creating and sending outbound messages to all the addresses in a user's
contact list. The messages include a malicious executable file that infects the new system
when the recipient opens it.

Successful email worms usually employ social engineering and phishing techniques to
encourage users to open the attached file.

File-sharing worms

File-sharing worms copy themselves into shared folders and spread through peer-to-peer file-
sharing networks. Worm authors often disguise these malicious programs as media files.

Stuxnet, one of the most notorious computer worms to date, consists of two components: a
worm to propagate malware through USB devices infected with the host file, and malware
that targets supervisory control and data acquisition systems.

File-sharing worms often target industrial environments, including power utilities, water
supply services and sewage plants.
Cryptoworms

Cryptoworms work by encrypting data on the victim's system. Perpetrators can use this type
of worm in ransomware attacks, where they follow up with the victim and demand payment
in exchange for a key to decrypt the files.

Internet worms

Some computer worms specifically target popular websites with poor security. If they can
infect the site, they can infect a computer accessing the site.

From there, internet worms spread to other devices that the infected computer connects to
through the internet and private network connections.

Instant messaging worms

Like email worms, instant messaging worms are masked by attachments or links, which the
worm continues to spread to the infected user's contact list. The only difference is that instead
of arriving in an email, it comes as an instant message on a chat service.

If the worm hasn't had time to replicate itself onto the computer, the user can change their
password on the chat service account to prevent its spread.

How do computer worms spread?

While some computer worms require user action to initially propagate, such as clicking on a
link, others can easily spread without user interaction. All that's necessary is for the computer
worm to become active on an infected system. Once active, the worm can spread over a
network through its internet or local area network.

Before the widespread use of networks, computer worms spread through infected storage
media, such as floppy disks, which, when mounted on a system, would infect other storage
devices connected to the victim system.

Today, USB drives are a common vector for computer worms, as are internet activities such
as email, chat and web surfing.
Computer worm examples
Worms have existed since the beginning of the internet. Several notable cases spread so far
that they caused major network and business disruptions.

The Morris worm

The Morris worm was released in 1988 and is widely considered the first computer worm.
However, it is better characterized as the first worm to propagate widely on the then-nascent
internet.

The Morris worm was the work of Robert Tappan Morris Jr., a Cornell graduate student who
was reportedly attempting to enumerate all the systems connected to the internet precursor
network, ARPANET.

Targeting vulnerabilities in several different Unix programs, the Morris worm was capable
of infecting a system more than once, making it difficult to eradicate before it produced a
denial-of-service condition on the infected host. The worm affected as many as 10% of the
60,000 systems believed to be connected to ARPANET.

Stuxnet

Stuxnet, first identified in 2010, spreads through file-sharing services. Security researchers
determined that U.S. and Israeli intelligence agencies created the worm to interfere with
Iranian nuclear weapons production.

Stuxnet was introduced via USB drives and took advantage of flaws in the Windows
operating system to spread, ultimately causing nuclear centrifuges to malfunction.

WannaCry

WannaCry ransomware uses a worm to infect Windows computers and encrypt files on PC
hard drives. It began spreading in May 2017 and affected hundreds of thousands of computers
in up to 150 countries worldwide. Targets included large corporations such as FedEx, banks
and hospitals. Once the worm locked a PC's files, hackers contacted the owner demanding
payment for a key to decrypt the files. However, even after payment, only a few victims were
given the key.

Security researchers connected the hack to the Lazarus Group, a nation-state group affiliated
with North Korea. While WannaCry caused a significant financial loss for targeted victims,
security researcher Marcus Hutchins halted its spread after discovering a kill switch that
prevented it from propagating further.

How to prevent computer worm infections

Good cybersecurity hygiene is essential to protect systems from computer worms. The
following measures can help prevent the threat of computer worm infections:

1. Install operating system updates and software patches.

2. Use firewalls to protect systems from malicious software.

3. Use antivirus software to prevent malicious software from running.

4. Never click on attachments or links in emails or other messaging applications that

might expose systems to malicious software.
 5. Use encryption to protect sensitive data stored on computers, servers and mobile
devices.

Although some worms do nothing more than propagate to new victim systems, most worms
are associated with computer viruses, rootkits or other malicious software that can cause
additional damage and risk.

How to detect a computer worm

Business leaders might struggle to detect the presence of a security incident such as a worm.
Signs that indicate a worm might be present include the following symptoms:

 computer performance issues over time, or limited computing bandwidth with no

apparent explanation;

 the system freezing or crashing unexpectedly;

 unusual system behavior, including programs that execute or terminate without

user interaction;

 unusual sounds, images or messages;

 the sudden appearance of unfamiliar files or icons, or the unexpected

disappearance of files or icons;

 warning messages from the operating system or antivirus software; and

 email messages sent to contacts that the user didn't send.

How to remove a computer worm

Removing a computer worm can be difficult. In extreme cases, the system might need to be
reformatted, requiring a user to reinstall all software.

When beginning an incident response, security teams should use a known safe computer to
download any required updates or programs to an external storage device and install them on
the affected machine.

If it is possible to identify the computer worm infecting the system, specific instructions or
tools might be available to remove it without having to wipe the system entirely.
Disconnect the system from the internet or any wired or wireless network before attempting
to remove the computer worm. Also, remove nonpermanent storage devices, such as a USB
or external hard drive, and scan them separately for infection.

Once the system is disconnected, do the following:

1. Update all antivirus signatures.

2. Scan the computer with the up-to-date antivirus software.

3. Use the antivirus software to remove any malware, malicious code and worms it
finds, and clean infected files.

4. Confirm that the operating system and all applications are up to date and patched.

Organizations must protect their computer systems from worms because these programs can
damage systems and compromise sensitive information. Security teams can regularly update
antivirus software, use firewalls and encrypt sensitive information to reduce their
organizations' worm infection risk. In addition, business leaders can train employees on
security best practices to create a human firewall.

Difference between Worms and Virus:

Sr.No. Basis of Comparison WORMS VIRUS

1. Definition A Worm is a form of A Virus is a malicious
malware that replicates executable code attached
itself and can spread to to another executable
different computers via file which can be
Network. harmless or can modify
or delete data.
2. Objective The main objective of The main objective of
worms is to eat the viruses is to modify the
system resources. It information.
consumes system
resources such as
 memory and bandwidth
and made the system
slow in speed to such an
extent that it stops
responding.
3. Host It doesn’t need a host to It requires a host is
replicate from one needed for spreading.
computer to another.
4. Harmful It is less harmful as It is more harmful.
compared.
5. Detection and Worms can be detected Antivirus software is
Protection and removed by the used for protection
Antivirus and firewall. against viruses.
6. Controlled by Worms can be controlled Viruses can’t be
by remote. controlled by remote.
7. Execution Worms are executed via Viruses are executed via
weaknesses in the executable files.
system.
8. Comes from Worms generally comes Viruses generally comes
from the downloaded from the shared or
files or through a downloaded files.
network connection.
9. Symptoms Hampering computer Pop-up windows linking
performance by slowing to malicious websites
down it Hampering computer
Automatic opening and performance by slowing
running of programs down it
Sending of emails After booting, starting
without your knowledge of unknown programs.
Affected the Passwords get changed
performance of web without your knowledge
browser
 Error messages
concerning to system
and operating system
10. Prevention Keep your operating Installation of Antivirus
system and system in software
updated state Never open email
Avoid clicking on links attachments
from untrusted or Avoid usage of pirated
unknown websites software
Avoid opening emails Keep your operating
from unknown sources system updated
Use antivirus software Keep your browser
and a firewall updated as old versions
are vulnerable to linking
to malicious websites
11. Types Internet worms, Instant Boot sector virus, Direct
messaging worms, Action virus,
Email worms, File Polymorphic virus,
sharing worms, Internet Macro virus, Overwrite
relay chat (IRC) worms virus, File Infector virus
are different types of are different types of
worms. viruses
12. Examples Examples of worms Examples of viruses
include Morris worm, include Creeper, Blaster,
storm worm, etc. Slammer, etc.
13. Interface It does not need human It needs human action to
action to replicate. replicate.
14. Speed Its spreading speed is Its spreading speed is
faster. slower as compared to
worms.

.
5.0 Actual Resources Used

Sr. Name of
No. Specifications Qty Remarks
Resource/Material
1. Hardware computer system Desktop-PRH 45k9(i5), 1
RAM
8.00GB And (usable
7.74GB)
2. Operating System 64-bit Operating system,
Windows11, 1

Windows Office

6.0 Skills Developed/learning out of this Micro – Project

 Learn the concepts of Virus and Worms.

7.0 Applications of this Micro-Project

Studying viruses and worms is crucial for enhancing cybersecurity. It informs the development
of better defense mechanisms, aids threat intelligence efforts, guides network security
practices, and shapes incident response protocols and policies. This research also supports
cybersecurity education, ultimately reducing the impact of malicious software on digital
systems and networks.