Computer Viruses

1
 What is computer virus?

Computer virus refers to a

program which damages computer
systems and/or destroys or erases
data files
 Computer Viruses

– A computer virus is an application

program designed and written to
destroy other programs.

– It has the ability to:

 Link itself to other programs
 Copy itself (it looks as if it repeats itself)

4
 Examples of Viruses

 Monkes
 ABC
 Crabs
 CIH

5
 Viruses and Virus Protection

• A virus program
– Infects programs, documents,
databases and more …
– It is man-made
– It can hide and reproduce
– It can lay dormant (inactive)
and then activate

Anti-virus programs can help 6

Sources of Computer Viruses

• Three primary sources

– The Internet
• Via downloads and exchanges
– Diskettes
• Exchanging disks
– Computer networks
• Can spread from one network
to another

7
 How do you know if your
computer have a virus?

• Lack of storage capability

• Decrease in the speed of executing programs
• Unexpected error messages
• Halting the system

8
 Virus Protection

• The software package distributed with new

PCs always includes an antiviral program.
The best way to cope with viruses is to
recognize their existence and use an
antiviral, or antivirus program.

9
 Viruses
A virus is a small piece of software that run when the legitimate
program gets executed

2 main characteristics of viruses

 It must execute itself.
 It must replicate itself.

Virus might attach itself to a program such as spreadsheet. Each

time the spreadsheet program runs, the virus runs too and
replicate itself.
 Computer Virus Timeline
• 1949
Theories for self-replicating programs are first developed.
• 1981
Apple Viruses 1, 2, and 3 are some of the first viruses “in the wild,” or in the public
domain. Found on the Apple II operating system, the viruses spread through Texas A&M
via pirated computer games.
• 1983
Fred Cohen, while working on his dissertation, formally defines a computer virus as “a
computer program that can affect other computer programs by modifying them in such
a way as to include a (possibly evolved) copy of itself.”
• 1986
Two programmers named Basit and Amjad replace the executable code in the boot
sector of a floppy disk with their own code designed to infect each 360kb floppy
accessed on any drive. Infected floppies had “© Brain” for a volume label.
• 1987
The Lehigh virus, one of the first file viruses, infects command.com files.
• 1988
One of the most common viruses, Jerusalem, is unleashed. Activated every Friday the
13th, the virus affects both .exe and .com files and deletes any programs run on that
day.
MacMag and the Scores virus cause the first major Macintosh outbreaks.
……………..
• Brain is the industry standard name for a
computer virus that was released in its first
form in January 1986, and is considered to be
the first computer virus for MS-DOS. It infects
the boot sector of storage media formatted
with the DOS File Allocation Table (FAT) file
system. Brain was written by two brothers,
Basit Farooq Alvi and Amjad Farooq
Alvi, from Lahore, Pakistan.
• The following quote from the World famous John
McAfee of McAfee Antivirus is a recognition in itself
about the groundbreaking nature of their invention.
•
"When I first read about the Pakistani Brain
virus, I'd never heard of a virus before, neither
had anyone in technology," remembers
McAfee. "It fascinated me."

• This quote appeared in a BBC's article profiling John

McAfee.
Typical things that some current Personal
Computer (PC) viruses do
 Display a message
• Erase files
• Scramble data on a hard disk
• Cause erratic screen behavior
• Halt the PC
• Many viruses do nothing obvious at all
except spread!
 Symptoms of Infection
• Programs take longer to load than normal.
• Computer’s hard drive constantly runs out of
free space.
• The floppy disk drive or hard drive runs when
you are not using it.
• New files keep appearing on the system and
you don’t know where it comes from.
 Symptoms of Infection Cont..
• Strange sounds or beeping noises come from
the computer.
• Strange graphics are displayed on your
computer monitor.
• Unable to access the hard drive when booting
from the floppy drive.
• Program sizes keep changing.
 Types of Viruses
– File infector virus
• Infect program files
– Boot sector virus
• Infect the system area of a disk
– Multi-partite virus
• infect both boot records and program files
– Macro virus
• infect data files. Examples: Microsoft Office Word, Excel,
PowerPoint and Access files
 Melissa Virus (March 1999)
Melissa virus spread in Microsoft Word documents sent
via e-mail.
How it works ?
• Created the virus as word document
• Uploaded to an internet newsgroup
• Anyone who download the document and opened it
would trigger the virus.
• Send friendly email messages to first 50 people in
person’s address book.
 Denial of Service
• A denial-of-service attack is an attack that
causes a loss of service to users, typically the
loss of network connectivity and services by
consuming the bandwidth of the victim
network or overloading the computational
resources of the victim system.
 MyDoom
• 26 January 2004: The Mydoom virus is first
identified around 8am. Computer security
companies report that Mydoom is responsible
for approximately one in ten e-mail messages
at this time. Slows overall internet
performance by approximately ten percent
and average web page load times by
approximately fifty percent
 Boot Sector Viruses
• Traditional Virus
• infect the boot sector on floppy disks and hard
disks
• During system boot, boot sector virus is loaded
into main memory and destroys data stored in
hard disk
• load itself into memory immediately, and it is
able to run whenever the computer is on.
 E-mail Viruses
• Moves around in e-mail messages
• Replicates itself by automatically mailing itself
to dozens of people in the victim’s e-mail
address book
• Example: Melissa virus, ILOVEYOU virus
 Time Bomb

A time bomb is a virus program

that performs an activity on a
particular date
 Logical Bomb

A logical bomb is a destructive

program that performs an activity
when a certain action has occurred.
 Macro Virus
A macro virus is associated with
application software like word and
excel. When opening the infected
document, macro virus is loaded
into main memory and destroys the
data stored in hard disk
 Trojan Horse
Trojan Horse is a destructive
program. It usually pretends as
computer games or application
software. If executed, computer
system will be damaged.
 Worm
A worm is also a destructive
program that fills a computer
system with self-replicating
information, so that the system
operations are slowed down or
stopped.
Actions to prevent virus infection
Always update your anti-virus
software at least weekly.
Back up your important files and
ensure that they can be restored.
Change the computer's boot
sequence to always start the PC
from its hard drive
Actions to prevent virus infection
Don't share Drive C: without a
password and without read-only
restrictions.
Empty floppy drives of diskettes
before turning on
computers/laptops.
Forget opening unexpected e-mail
attachments, even if they're from