Professional Documents
Culture Documents
Computer Virus: - Abinaya M - Aarish Ramesh - Adithya
Computer Virus: - Abinaya M - Aarish Ramesh - Adithya
Computer Virus: - Abinaya M - Aarish Ramesh - Adithya
• Abinaya M
• Aarish Ramesh
• Adithya
What is a virus??
* “A virus is a program or piece
of code that is loaded onto
your computer without your
knowledge and runs against
your wishes.”
* Virus is an abbreviation for
Vital Information Resources
Under Siege.
* Computer virus share some
of the traits of biological
virus.
INTRODUCTION
The term "virus" is commonly but erroneously used to refer
to different types of malware, including adware and
spyware programs that have the reproductive ability. A
true virus can spread from one computer to another (in
some form of executable code) when its host is taken to
the target computer; for instance because a user sent it
over a network or the Internet, or carried it on a
removable medium such as a floppy disk, CD, DVD, or USB
drive. Viruses can increase their chances of spreading to
other computers by infecting files on a network file system
or a file system that is accessed by another computer.
HISTORY
A program called "Elk Cloner" is credited with being the
first computer virus to appear "in the wild" — that is,
outside the single computer or lab where it was created.
Written in 1982 by Rich Skrenta, it attached itself to the
Apple DOS 3.3 operating system and spread by floppy disk.
This virus was originally a joke, created by the high school
student and put onto a game. The game was set to play,
but release the virus on the 50th time of starting the
game. Only this time, instead of playing the game, it would
change to a blank screen that read a poem about the virus
named Elk Cloner. The computer would then be infected.
• David gerrold used the term virus first time.
• It is was defined by the Fred Cohen in 1983.
• Then Jerusalem, dark average, ping-pong ball,
raindrop etc have come.
• In 1992 Basit and Amjad Farooq alvi
developed the first virus called Brain.
ETYMOLOGY
The word virus is derived from and used in the
same sense as the biological equivalent. The
term "virus" is often used in common parlance
to describe all kinds of malware (malicious
software), including those that are more
properly classified as computer worms or
trojan horse!!
Computer viruses are called viruses because they share some of the
traits of biological viruses. A computer virus passes from computer to
computer like a biological virus passes from person to person . There
are similarities at a deeper level, as well. A biological virus is not a
living thing. A virus is a fragment of DNA inside a protective jacket.
Unlike a cell, a virus has no way to do anything or to reproduce by itself
-- it is not alive. Instead, a biological virus must inject its DNA into a
cell. The viral DNA then uses the cell's existing machinery to reproduce
itself. In some cases, the cell fills with new viral particles until it bursts,
releasing the virus. In other cases, the new virus particles bud off the
cell one at a time, and the cell remains alive. A computer virus shares
some of these traits. A computer virus must piggyback on top of some
other program or document in order to get executed. Once it is
running, it is then able to infect other programs or documents.
Obviously, the analogy between computer and biological viruses
stretches things a bit, but there are enough similarities that the name
sticks.
Different phases of a Virus
• Most viruses have two phases to their existence, the infection
phase and the attack phase. All viruses have an infection phase,
but not all have an attack phase.
• During the infection phase, the virus spreads itself. If a virus
infects too fast, it is usually easy for anti-virus programs to
spot. Therefore many try to be subtle about it.
• Viruses can be spread by innocent people that are just doing
their daily routine. Infected files can be spread in the following
ways: by diskettes, networks, bulletin boards, or e-mail
attachments. Infected files can be stored on servers, floppy
disks, hard drives, and CDs. Infected files can even be found on
new hardware or software.
• Example: File Virus Infection Phase
• "Your friend gives you a game on a disk. The game has an
infected file that you don't know about. Each time you
play the game, the virus copies itself into another
program without you knowing. Now, whenever either of
the programs are executed, the virus is copied. This
continues as the virus infects the rest of the computer. If
any of the files are transferred to a floppy disk or e-mail
attachment, and they are put on another computer, the
process starts again"
• On viruses that do have an attack phase, the attack phase
is set off by a trigger, such as a time or date. The attack
phase is when the virus causes damage or other unwanted
system behavior. In order to make sure it has spread,
viruses often delay the attack phase, sometimes for years.
• The attack phase has a wide range of severity. Although all
viruses take up space and use system resources, some do
little more damage. Some viruses display messages but
then others can crash your hard drive completely. They
can even corrupt your backup files if you're not careful.
Sources
Virus may enter a pc through many ways like:
• Through corrupted cds,floppies or infected
hardware.
• Through network connection: e-mail
attachment
• Through computer game. Etc
SPREADING OF e-mail VIRUS
Virus side effects(Payload)
Virus side-effects are often called the payload. Viruses can disable our computer
hardware, Can change the figures of an accounts spreadsheets at random, Adversely
affects our email contacts and business domain, Can attack on web servers…
• Messages -WM97/Jerk displays the message ‘I think (user’s name) is a big stupid
jerk!’
• Denying access -WM97/NightShade password-protects the current document on
Friday 13th.
• Data theft- Troj/LoveLet-A emails information about the user and machine to an
address in the Philippines.
• Corrupting data -XM/Compatable makes changes to the data in Excel spreadsheets.
• Deleting data -Michelangelo overwrites parts of the hard disk on March 6th.
• Disabling Hardware -CIH or Chernobyl (W95/CIH-10xx) attempts to overwrite the
BIOS on April 26th, making the machine unusable.
• Crashing servers-Melissa or Explore Zip, which spread via email, can generate so
much mail that servers crash.
There is a threat to confidentiality too. Melissa
can forward documents, which may contain
sensitive information, to anyone in your
address book. Viruses can seriously damage
your credibility. If you send infected
documents to customers, they may refuse to
do business with you or demand
compensation. Sometimes you risk
embarrassment as well as a damaged
business reputation. WM/Polypost, for
example, places copies of your documents in
your name on alt.sex usenet newsgroups.
Symptoms of virus infection
• The computer runs slower than
usual.
• The computer crashes, and then it
restarts every few minutes.
• Applications on the computer do
not work correctly.
• Disks or disk drives are inaccessible.
• You see unusual error messages.
• An antivirus program cannot be
installed on the computer, or the
antivirus program will not run.
• New icons appear on the desktop
that you did not put.
Classification
• A Virus has a target cell i.e an area or a
program it has been designed to attack.
• Such targets are boot sector of o.s., o.s.
utilities or executable file of application s/w.
• The viruses that attack these component of
the computer system are divided into
following classes
BOOT SECTOR VIRUS
• Boot sector viruses infect/alters the boot sector
on floppy and hard disks
• Boot sector is a small program which is the first
part of OS that the computer loads
• Thus, by putting the virus code on the boot
sector, it can guarantee that the code gets
executed, leading to infection
• By this way, these viruses infect the boot sector
of any floppy disks inserted into the machine
BOOT SECTOR VIRUS
• Uninfected disk
• 0 1 2 . . . (sector No)
• +-----+-----+-----+--- --+-----+-----+-----+-----+-----+---
• |.....| | | | | | | | |
• +-----+-----+-----+--- --+-----+-----+-----+-----+-----+---
• |
• +-- Boot sector or Master Boot Record
• Infected disk (replaced boot/MBR)
• 0 1 2 ...
• +-----+-----+-----+--- --+-----+-----+-----+-----+-----+---
• |XXXXX| | | | |.....|XXXXX|XXXXX|XXXXX|
• +-----+-----+-----+--- --+-----+-----+-----+-----+-----+---
• | | | | ... |
• +-- Virus top | +---+-----+-----+
• | +-- The rest of virus
• |
• +-- Original Boot or Master Boot Record
• Infected disk (modified address of active boot sector)
• 0 1 2 ...
• +-----+-----+-----+--- --+-----+-----+-----+-----+---
• |....X| | | | |XXXXX|XXXXX|XXXXX|
• +-----+-----+-----+--- --+-----+-----+-----+-----+---
FILE VIRUS(PARASITIC VIRUS)