Introduction

to Computer
Viruses
Introduction to Computer Viruses Lecture
08/22/20 Notes 2009/2010 by Mr. Mbise, K.S. 1
Computer Virus Definition
 A computer virus is a “deviant” program that
attaches itself to computer systems and destroys
or corrupts data. OR
 A computer virus is a man-made program or
code that can attach itself (usually without the
user's consent) to either another program or a
file. As this file travels to other computers, it
spreads the infection. Interestingly, the only way
a virus can become active is if it is triggered by a
human action, such as executing a program or
opening an infected file
Introduction to Computer Viruses Lecture
08/22/20 Notes 2009/2010 by Mr. Mbise, K.S. 2
How does a virus spread
• Network file system (file
sharing)

• Internet download

• Removable media

• Attachments from emails

Introduction to Computer Viruses Lecture

08/22/20 Notes 2009/2010 by Mr. Mbise, K.S. 3
Types of Computer Viruses
1. Boot-sector virus
2. File/Program virus
3. Multipartite virus
4. Macro virus
5. Logic bomb
Introduction to Computer Viruses Lecture
08/22/20 Notes 2009/2010 by Mr. Mbise, K.S. 4
 1. Boot-sector virus
The boot sector is that part of the system software
(or OS) containing most of the instructions for
booting, or powering up the system.
The boot-sector virus replaces these boot
instructions with some of its own. Once the
system is turned on, the virus is loaded into the
main memory before the operating system.
From there it is in a position to infect other files.
Any diskette/flash that is used in the drive of the
computer then becomes infected.

Introduction to Computer Viruses Lecture

08/22/20 Notes 2009/2010 by Mr. Mbise, K.S. 5
 2. File/Program virus
 File viruses attach themselves to executable files-
those that actually begin a program. (in DOS these
files have the extensions .com and .exe). When
the program is run, the virus starts working, trying
to get into main memory and infecting other files.
 Infect computer programs and become active

when the infected program is run

Introduction to Computer Viruses Lecture

08/22/20 Notes 2009/2010 by Mr. Mbise, K.S. 6
3. Multipartite virus
A hybrid of the file and boot-sector types. The
multipartite virus infects both files and boot
sectors, which makes it better at spreading
and more difficult to detect.
A type of multipartite virus is polymorphic virus,
which can mutate and change form just as
human virus can. Such viruses are especially
troublesome because they can change their
profile, making existing antiviral technology
ineffective.
Introduction to Computer Viruses Lecture
08/22/20 Notes 2009/2010 by Mr. Mbise, K.S. 7
4. Macro virus
 Infect documents (files) through the macro
programming capabilities of some programs.
They are embedded inside common data
files, such as those created by e-mail or
spreadsheets, which are sent over computer
networks.
 Macro viruses become active when an
infected document is opened, and the
program opening the document has its macro
capabilities turned on (enabled).
Introduction to Computer Viruses Lecture
08/22/20 Notes 2009/2010 by Mr. Mbise, K.S. 8
5. Logic bomb
Logic bombs, or simply bombs, differ
from other viruses in that they are set
to go off at a certain date and time.
Many programmers set the malicious
virus off during days such as April Fools
Day.

Introduction to Computer Viruses Lecture

08/22/20 Notes 2009/2010 by Mr. Mbise, K.S. 9
 Trojan horses
 Are programs that claim to do one thing but
really do something else (usually malicious, it
may claim to be a game).
 A very important distinction between Trojan
horse programs and true viruses is that they do
not replicate themselves. For a Trojan horse to
spread, you must invite these programs onto
your computers; for example, by opening an
email attachment or downloading and running a
file from the Internet. It may send your log on
credentials to hackers, delete your data etc.
Introduction to Computer Viruses Lecture
08/22/20 Notes 2009/2010 by Mr. Mbise, K.S. 10
 Worms
 are malicious programs that replicate themselves
from system to system without the use of a host
file. A worm, technically, differs from a computer
virus in how it spreads: that is, a virus attaches
itself to another program or file and spreads as its
"host" comes in contact with other computers,
whereas a worm scans a network for computers
with same security hole that it can exploit to infect
that machine, scan other machines for that
security loophole, and continue replicating itself
independently.
Introduction to Computer Viruses Lecture
08/22/20 Notes 2009/2010 by Mr. Mbise, K.S. 11
Damages caused by Viruses
1. Deletion of data or programs
2. Reformatting of hard disk
3. Modify data
4. Introduce typing errors
5. Replicating and filling up the disk
space

Introduction to Computer Viruses Lecture

08/22/20 Notes 2009/2010 by Mr. Mbise, K.S. 12
WHY DO PEOPLE CREATE
VIRUSES?
1. Intellectual challenge
2. To relieve boredom
3. Revenge
4. Economic reasons

Introduction to Computer Viruses Lecture

08/22/20 Notes 2009/2010 by Mr. Mbise, K.S. 13
 How to get rid of virus
 Use of high quality anti-virus programs e.g. BitDefender,
Kaspersky, Webroot Antivirus with SpyWare, ESET
Nod32, F-Secure , AVG, McAfee, G DATA, Semantic
Norton Antivirus, Trend Micro etc.
 Scan disks and files after using them
 Scan all files you download from the internet
 Scan word or excel file email attachments before you
read them
 Use windows firewall programs
 Update Virus Definition regularly. New viruses appear
almost everyday. Besides installing the latest anti-virus
program, users are highly recommended to update the
Virus Definition on a regular basis, say at least on a
weekly basis.
Introduction to Computer Viruses Lecture
08/22/20 Notes 2009/2010 by Mr. Mbise, K.S. 14
Best practice for virus prevention
 Use more secure operating systems like UNIX because the
security features keep viruses (and unwanted human visitors
away) from your hard disk.
 Keep your virus protection up-to-date.

 Keep your computer's operating system patched with all

"Critical Updates.“

 Never Open Suspicious Attachments -Assume that ANY

attachment you receive may potentially be infected. Since
most viruses come from an infected PC and its address book,
viruses will most likely come from family, friends, or business
associates. Delete any suspicious messages immediately from
the inbox.

 Regularly back up your files. Should your system become

infected, you won't lose your valuable data.

Introduction to Computer Viruses Lecture

08/22/20 Notes 2009/2010 by Mr. Mbise, K.S. 15
Best practice cont...
 The following file types are the most dangerous
because they contain programs (as opposed to
documents). NEVER open attachment with these
extensions:
 .exe
 .com
 .scr
 .vbs
 .cmd
 .bat
 .reg
 Don't open attachments with no extension at all.
Often, attachments sent from a Mac have no
extension, so you cannot tell the type of file.
Introduction to Computer Viruses Lecture
08/22/20 Notes 2009/2010 by Mr. Mbise, K.S. 16
Symptoms of the infected
systems
 unusual items appearing on the display,
including graphics, odd messages, or system
error messages.
 Corrupted or inaccessible program files, hard
disks, or diskettes.
 programs taking longer to start up, running
more slowly than usual, or not running at all.
 unexplained decreases in the amount of
available system memory

Introduction to Computer Viruses Lecture

08/22/20 Notes 2009/2010 by Mr. Mbise, K.S. 17