Everything you wanted to know about Computer Viruses

1
Everything you wanted to know aboutComputer
Viruses
2
What it all about

• About virus.
• History of virus.
• Types of virus.
• How virus spread.
• How it work.
• Protection from virus.

Free to ask any question at any point
3
What is a virus?

• A virus is a computer program that enter a
  computer without permission or knowledge of the
  user and alter the way a computer operates.

A virus is a software that piggybacks on other
programs and change or delete the data, whenever
those programs are run.
4
Why virus are called virus

• Computer viruses are called viruses because
  they share some of the traits of biological
  viruses.
• A computer virus passes from computer to computer
  like a biological virus passes from person to
  person.
• Computer virus can self replicate themselves like
  biological virus.
• As biological virus, computer virus also effect
  the program or machinery in they exist.

5
History of virus

• Len Adelman coins the term virus in 1983.
• First virus Elk Cloner created by Rich Skrenta,
  in 1982 it attack Apple DOS 3.3 operating system
  and spread by floppy disk.
• In 1983, Fred Cohen writes a paper Computer
  viruses Theory and Experiments

6
History of virus (continue)

• In 1986, two brothers Basit and Amjad Farooq Alvi
  created a boot sector virus called cBrain.
• Internet worms, in 1988 causes first Internet
  crises and shuts down many computers.
• Again in 1988, Jerusalem virus that activates on
  every 13th Friday affects both .exe and .com
  files and delete any program that run on that
  day.
• In 2000, Denial of Service attack shuts down
  yahoo, Amazon and other web sites.

7
History of virus (continue)

• Love letter worm shuts down e-mail system in
  2000.
• MY DOOM the largest virus attack till date
  which effected one million computer world wide,
  was detected first on 26 January 2004.
• It affect one in every 10 e-mail message.
• Slow down internet performance by 10 and
  download time by 50.

8
Types of virus

• File infector viruses
• Boot sector viruses
• Multi-partite viruses
• Macro viruses
• Script viruses
• Companion viruses

9
File Infector Viruses

• Attaches itself to other program files.
• When these programs are run from floppy, hard
  drive, or network they effect to other file.
• Many are memory resident.
• When any file that is executed in that memory
  also becomes infected.
• Examples Jerusalem and cascade

10
Boot Sector Viruses

• Effect the system boot sector of a disk.
• (boot record on floppy/hard disks)
• Activate when user starts up from infected disk.
• Always memory resident in nature.
• Once in memory, all non-write protected floppy
  disks will become infected when accessed.
• Examples Form, Disk Killer and Stoned

11
Multi-Partite Viruses

• Effect both boot records and program files.
• Difficult to repair.
• Boot area and files must both be cleaned from
  virus otherwise re-infection will occur.
• Examples One_Half, Emperor, Anthrax .

12
Macro Viruses

• Most common type of virus.
• They are hard to detect.
• Effect program that contain macro programming
  language.
• Infect data files word, excel, power point and
  access files.
• As these files are share more frequently they
  cause more damage.

13

• Embedded with document.
• Therefore when edit from one file do not
  reflected in other files.

14
Script Viruses

• Effect various script languages such as DOS, Java
  Script, and Visual Basic Script.

15
Companion Viruses

• Execute through operating system rather than
  directly infecting programs or boot sectors.
• When you execute the command ABC, ABC.COM
  executes before ABC.EXE. Thus, a companion virus
  could place its code in a .COM file with its
  first name matching that of an existing EXE file.
  When the user next executed the ABC command,
  the virus ABC.COM program would be run.

16
Other Threats to Computers

• Worm
• Torjan horse
• Trap doors
• Bacteria

17
Worms

• Worms replicate themselves.
• Instead of spreading from file to file they
  spread from computer to computer, infecting an
  entire system.
• They steal user name and password and try to log
  in to other machine.

18
Torjan horse

• They look as a useful program but cause damage or
  do something malicious to a system.
• Dont makes copies of themselves.

19
Trap Doors

• It is secret point in a program that by passes
  standard authentication.
• Attackers leave behind trap doors to reenter the
  system easily.

20
Bacteria

• They do not cause any destruction.
• They replicate themselves and thus consume system
  space.

21
How viruses spread

• By downloading infected files or programs from a
  network, there is a chance that you can encounter
  a computer virus.
• Once you RUN an infected program, the virus can
  spread rapidly, especially on networks. That is
  why the Internet, the largest network, is a
  fertile breeding ground for viruses.
• By inserting infected disks into your computer.

22
How viruses spread (continue)
23
How viruses spread (continued)

• Computers do get viruses from e-mail via
  internet.
• The virus will come in the form of some kind of
  attachment. Opening the attachment can give your
  computer a virus.
• Use of floppy disk, pen drives ,etc.

24
Effect of virus

• Display a message

25
Effect of virus (continue)

• Erase vital data.
• Scramble data on a hard disk
• Cause erratic screen behavior
• Halt the PC
• Many viruses do nothing obvious at all except
  spread!
• Damage hardware

26
Effect of virus (continue)

• A denial-of-service attack is an attack that
  causes a loss of service to users such as loss of
  network connectivity.
• By consuming the bandwidth of the victim network.

27
How viruses works?

• Different virses uses different methods to
  operate.
• Like denial-of-service flood the incoming
  messages to the target system and thus consumes
  all bandwidth so forces it to shut down.

28
Working of File virus

• There are three basic techniques for infecting an
  executable file
• Overwrite - An overwriting virus places itself at
  the beginning of the program, directly over the
  original program code.
• When you try to run this program, nothing happens
  except for the virus infecting another files.

29
Working of File virus (continue)

• Prepend this virus put its code onto the file
  and when it is executed, virus code is first run
  then file gets executed.

30
Working of file virus (continue)

• Append -An appending virus places a jump
  instruction at the beginning of the program
  file, which moves the original beginning of the
  file to the end of the file, and places itself at
  that point, When you try to run this program, the
  jump calls the virus, and the virus runs.

31
Boot sector virus

• If CMOS is set up to boot from drive A or from
  CD-ROM then the system boot sector (SBS) of the
  disk will be read.
• If the SBS contains a boot virus, the boot virus
  will become active, go inside memory
• It effect the system areas of the hard drive, and
  other disks that will access later on.

32
Protection from virus

• Install an anti-virus program.
• Regularly update your anti-virus.
• Examples -

Norton Antivirus McAfee virus scan
33
Protection from virus (continue)

• Dont open unknown files.
• Dont use or share floppies, CD or pen drive
  without scanning with anti-virus.
• If you dont know who the message is from, dont
  open it.
• If you receive a suspicious message, delete it.
• Never double-click to open an attachment that
  contains an executable that arrives as an e-mail
  attachment.

34
Protection from virus (continue)

• Do not install pirated software, especially
  computer games.
• Regularly scan entire hard disk.

35
HAVE A NICE TIME