LESSON 10

COMPUTER VIRUS
WHAT IS COMPUTER VIRUS?

A computer virus is a type of malicious software that replicates itself by infecting files or programs, spreads
to other systems, and can cause harm such as data corruption, theft, or system disruption.
HISTORY OF COMPUTER
VIRUS
HISTORY OF COMPUTER VIRUS

1949: John von Neumann’s theory of self-replicating programs.

1971: Creeper – the first experimental virus.
• 1982: Elk Cloner – the first personal computer virus.
• 1986: Brain – the first MS-DOS virus.
• 1999: Melissa – early email-spreading virus.
• 2000s: Advanced viruses like ILOVEYOU, Stuxnet, and ransomware.
1949 JOHN VON NEUMANN THEORY

John von Neumann's theory of self-replicating machines proposed that a

machine could autonomously create copies of itself using raw materials and
instructions. This concept laid the groundwork for understanding self-replication
in artificial systems, influencing fields like robotics, artificial life, and the
development of self-replicating programs.
1971 CREEPER

The Creeper virus (1971) was the first self-replicating program, created by Bob Thomas. It spread across
ARPANET, displaying the message: "I'M THE CREEPER: CATCH ME IF YOU CAN." Unlike modern viruses, it
wasn't malicious but demonstrated how self-replicating software could work. To counter it, the Reaper
program was created as the first antivirus, removing Creeper from infected systems.
1982 ELK CLONER

Elk Cloner (1982) was one of the first known computer viruses to spread via floppy disk. It infected
Apple II systems, displaying a poem on the 50th boot of an infected machine. While not destructive, it
marked a significant milestone in virus history by demonstrating how a virus could spread through file-
sharing and become more widespread across systems.
1986 BRAIN

The 1986 Brain virus, created by Pakistani brothers Amjad and Basit Farooq Alvi, was the first PC boot
sector virus targeting IBM PCs running MS-DOS. It spread via infected floppy disks by modifying the master
boot record (MBR). Upon infection, it displayed the message, "Welcome to the dungeon. This program
cannot be run on infected disks." The Brain virus is historically significant as the first virus to spread in the
wild, marking the beginning of widespread malware targeting personal computers through removable
media.
MBR ( MASTER BOOT RECORD )
1999 MELISSA

• The Melissa virus, created by David L. Smith in 1999, was a macro virus that targeted Microsoft Word
(Office 97 and 2000). It spread via email attachments, disguised as a Word document. Once opened, the
virus would email itself to the first 50 contacts in the victim's Outlook address book. The virus caused
significant disruption by overwhelming email servers and slowing down systems. It also displayed a
message: "Here is that document you asked for ... don't show anyone else." As the first major email
virus, Melissa raised global awareness of email-based malware threats.
2000 I LOVE YOU VIRUS

The ILOVEYOU virus, created in May 2000 by Onel de Guzman, was a computer worm that spread through
email with the subject line "I love you" and an attachment named "LOVE-LETTER-FOR-YOU.txt.vbs". Once
opened, the worm would overwrite files, steal passwords, and send itself to all contacts in the victim’s
address book. It caused massive global disruption, affecting millions of computers and leading to an
estimated $10 billion in damages. The virus's rapid spread was fueled by its use of social engineering, as
the harmless-looking subject line tricked many into opening the infected attachment. It was one of the first
major email-based threats and led to significant changes in cybersecurity practices​​.
TYPES OF COMPUTER VIRUS
TYPES OF COMPUTER VIRUS
File Infectors
Boot Sector Viruses
Macro Viruses
Polymorphic Viruses
Metamorphic Viruses
Resident Viruses
Non-Resident Viruses
Ransomware
Worms
1. Trojan Horses
FILE INFECTORS AND BOOT SECTOR
VIRUSES

1. File Infectors: These viruses attach themselves to executable files, such as .exe or .com files. When the
infected file is run, the virus is executed and can spread to other programs or files on the system. File
infectors are often designed to hide their presence, sometimes even altering the functionality of the
infected program to avoid detection.
2. Boot Sector Viruses: These viruses infect the master boot record (MBR) or boot sector of a storage
device, such as a hard drive or floppy disk. When the system starts, the virus is executed before the
operating system, potentially disrupting the boot process or allowing the virus to take control early, often
making it harder to detect and remove​​.
MACRO, POLYMORPHIC, AND METAMORPHIC VIRUSES

3. Macro Virus: A virus that infects documents, usually targeting macro scripts in applications like Microsoft
Word or Excel. It spreads when the document is opened and the macro is executed.
4. Polymorphic Virus: A virus that changes its code every time it infects a new system, making it harder to
detect by antivirus software through signature-based methods.
5. Metamorphic Virus: A more advanced form of a polymorphic virus, it rewrites its entire code with each
infection, making detection even more challenging as it changes both in structure and appearance.
RESIDENT, RANSOMWARE, AND
TROJANS

7. Resident Virus: A type of virus that embeds itself into the computer's memory and operates in the
background, allowing it to infect programs and files without needing to be reactivated each time the
system is restarted.
8. Ransomware: A type of malicious software that locks or encrypts files on a victim’s computer,
demanding payment (usually in cryptocurrency) in exchange for restoring access to the data.
9. Trojan: A type of malware that disguises itself as a legitimate program or file to trick users into installing
it, often enabling hackers to gain unauthorized access to systems and steal information or install additional
malware.
WORMS AND KEYLOGGERS

10. Worm: A type of self-replicating malware that spreads across networks and computers without needing
to attach to a host file. Worms can consume bandwidth, slow down systems, and even deliver payloads like
other malware. They spread through vulnerabilities in software or by exploiting network connections.
11. Keylogger: A type of malware designed to record keystrokes on a computer or mobile device, capturing
sensitive information like passwords, credit card numbers, and personal messages. It often operates in the
background, making it difficult for users to detect.
VIRUS DETECTION,
REMOVAL , AND PREVENTION
VIRUS DETECTION METHODS

• Signature-Based Detection: Matches files to known virus signatures.

• Heuristic Analysis: Examines behavior to detect unknown viruses.
• Behavioral Analysis: Monitors system activity.
• Sandboxing: Tests files in a safe environment.
• Machine Learning Models: Predicts and detects based on patterns.
VIRUS REMOVAL METHODS

• Antivirus Software: Automatic scanning and removal.

• Manual Removal: Delete infected files via safe mode.
• System Restore: Revert to an uninfected state.
• Boot-Time Scanning: Scan before the OS loads.
• Reinstallation: Format and reinstall OS (last resort).
PREVENTION TIPS

Regularly update antivirus software.

Avoid clicking unknown links or downloading unverified files.
Keep systems and software patched.
• Use firewalls and secure browsing practices.