Introduction

Computer viruses are called viruses because they share some of the
traits of biological viruses. A computer virus passes from computer to
computer like a biological virus passes from person to person.

There are similarities at a deeper level, as well. A biological virus is

not a living thing. A virus is a fragment of DNA inside a protective
jacket. Unlike a cell, a virus has no way to do anything or to reproduce
by itself -- it is not alive. Instead, a biological virus must inject its DNA
into a cell. The viral DNA then uses the cell's existing machinery to
reproduce itself. In some cases, the cell fills with new viral particles
until it bursts, releasing the virus. In other cases, the new virus particles
bud off the cell one at a time, and the cell remains alive.

A computer virus shares some of these traits. A computer virus must

piggyback on top of some other program or document in order to get
executed. Once it is running, it is then able to infect other programs or
documents. Obviously, the analogy between computer and biological
viruses stretches things a bit, but there are enough similarities that the
name sticks.

Computer Virus Page 1

 Abstract
COMPUTER VIRUS

Virus = [Vital Information Resources Under Seize]

In recent years the detection of computer viruses has become common
place. It appears that for the most part these viruses have been benign
or only mildly destructive. However, whether or not computer viruses
have the potential to cause major and prolonged disruptions of
computing environments is an open question. Computer viruses have the
potential to wreak havoc on both business and personal computers.
Worldwide, most businesses have been infected at some point.
A virus is a self-replicating program
that produces its own code by attaching copies of it into other executable
codes. This virus operates without the knowledge or desire of the user.
Like a real virus, a computer virus is contagious and can contaminate
other files. However, viruses can infect outside machines only with the
assistance of computer users. Some viruses affect computers as soon as
their code is executed; other viruses lie dormant until a pre-determined
logical circumstance is met. A worm is a malicious program that can
infect both local and remote machines. Worms spread automatically by
infecting system after system in a network, and even spreading further to
other networks. Therefore, worms have a greater potential for causing
damage because they do not rely on the user's actions for execution.
There are also malicious programs in the wild that contain all of the
features of these three malicious programs.

Computer Virus Page 2

 Sr. No. Topics Page no.

1 History of Computer Virus 7

2 What is Computer Virus & How it works? 8

3 How Does A Computer Get A Virus ? 9

4 Symptoms Of A Computer Virus 11

5 Different Types Of Computer Virus 12

1. Trojan Horse & Resident Visrus

2. Direct Action & Overwrite Virus
3. Boot Virus
4. Macro Virus & Worms
5. Email Virus
6. Stealth Virus
7. Companion Virus
6 Difference Between A Virus, Worm & Trojan Horse 16

7 Top 5 Deadliest Viruses 17

8 How Antivirus Software Works? 19

Computer Virus Page 3

 9 Different Antivirus Software 20

10 Reference 21

Index

History Of Computer Virus

Before 1988, the word "virus" had a strictly biological meaning. In that
year, Robert Morris wrote and released the first "Internet worm", forcing
everyone in the computer community to immediately consider this new
electronic threat. While Morris created his virus to demonstrate a
security flaw in ARPANET,(Advanced Research Projects Agency
Network) the predecessor to the Internet, today's virus writers often have
a more malicious intent. The Internet today spans the globe and serves
billions of users, providing an environment in which a single virus can
conceivably cause rapid and widespread damage to systems throughout
the world.
There are at least three reasons. The first is the same psychology that
drives vandals and arsonists. Why would someone want to bust the
window on someone else's car, or spray-paint signs on buildings or burn
down a beautiful forest? For some people that seems to be a thrill. If that
sort of person happens to know computer programming, then he or she
may funnel energy into the creation of destructive viruses.
The second reason has to do with the thrill of watching things blow up.
Many people have a fascination with things like explosions and car
wrecks. When you were growing up, there was probably a kid in your
neighborhood who learned how to make gunpowder and then built
bigger and bigger bombs until he either got bored or did some serious
damage to himself. Creating a virus that a spread quickly is a little likes
that -- it creates a bomb inside a computer, and the more computers that
get infected the more "fun" the explosion.

Computer Virus Page 4

 The third reason probably involves bragging
rights, or the thrill of doing it. Sort of like Mount Everest. The mountain
is there, so someone is compelled to climb it. If you are a certain type of
programmer and you see a security hole that could be exploited, you
might simply be compelled to exploit the hole yourself before someone
else beats you to it. "Sure, I could TELL someone about the hole. But
wouldn't it be better to SHOW them the hole???" That sort of logic leads
to many viruses. Of course, most virus creators seem to miss the point
that they cause real damage to real people with their creations.
Destroying everything on a person's 6 hard disk is real damage. Forcing
the people inside a large company to waste thousands of hours cleaning
up after a virus is real damage. Even a silly message is real damage
because a person then has to waste time getting rid of it. For this reason,
the legal system is getting much harsher in punishing the people who
create viruses.

Computer Virus Page 5

 What Is Computer Virus & How
Its Works?
Computer Virus is a kind of malicious software written intentionally to
enter a computer without the users permission or knowledge, with an
ability to replicate itself, thus continuing to spread. Some viruses do
little but replicate others can cause severe harm or adversely effect
program and performance of the system.

A file virus attaches itself to a file usually an executable application (e.g.

a word processing program or a DOS program). In general, file viruses
don't infect data files. However, data files can contain embedded
executable code such as macros, which may be used by virus or Trojan
writers. Recent versions of Microsoft Word are particularly vulnerable to
this kind of threat. Text files such as batch files, postscript files, and
source code which contain commands that can be compiled or
interpreted by another program are potential targets for malware
(malicious software), though such malwares not at present common.

Computer Virus Page 6

 How Does A Computer Get A
Virus
There are literally dozens of different ways a computer can become
infected with spyware, viruses, and other malware. Below is a list of the
most common ways a computer can contract these infections listed in the
order we believe are most commonly done.

1. Accepting without reading

By far one of the most common ways a computer becomes infected is

the user accepts what he or she sees on the screen without reading the
prompt or understand what it's asking.

Some common examples:

1. While browsing the Internet, an Internet advertisement or window

appears that says your computer is infected or that a unique plug-in
is required. Without fully understanding what it is you're getting,
you accept the prompt.

2. When installing or updating a program, you're prompted (often

checkboxes already checked) if it's ok to install additional
programs that you may not want or are designed to monitor your
usage of the program.

Computer Virus Page 7

2. Opening e-mail attachments

Another very common way people become infected with viruses and
other spyware is by opening e-mail attachments, even when from a co-
worker, friend, or family member. E-mail addresses can be easily faked
and even when not faked your acquaintance may unsuspectingly be
forwarding you an infected file.

When receiving an e-mail with an attachment, if the e-mail was not

expected or from someone you don't know delete it. If the e-mail is from
someone you know, be cautious when opening the attachment.

3. Not running the latest updates

Many of the updates, especially those associated with Microsoft

Windows and other operating systems and programs, are security
updates. Running a program or operating system that is not up-to-date
with the latest updates can be a big security risk and can be a way your
computer becomes infected.

4. Pirating software, music, or movies

If you or someone on your computer is participating in underground

places on the Internet where you're downloading copyrighted music,
movies, software, etc. for free, often many of the files can contain
viruses, spyware or malicious software.

5. No anti-virus spyware scanner

If you're running a computer with Microsoft Windows it's highly

recommended you have some form of anti-virus and spyware protection

Computer Virus Page 8

on that computer to help clean it from any infections currently on the
computer and to help prevent any future infections.

6. Downloading infected software

Finally, downloading any other software from the Internet can also
contain viruses and other malware. When downloading any software
(programs, utilities, games, updates, demos, etc.), make sure you're
downloading the software from a reliable source and while installing it
you're reading all prompts about what the program is putting on your
computer.

Symptoms Of A Computer
Virus
The following are some primary indicators that a computer may be
infected:

The computer runs slower than usual.

The computer stops responding, or it locks up frequently.

The computer crashes, and then it restarts every few minutes.

The computer restarts on its own. Additionally, the computer does

not run as usual.

Applications on the computer do not work correctly.

Disks or disk drives are inaccessible.

You cannot print items correctly.

Computer Virus Page 9

 You see unusual error messages.

You see distorted menus and dialog boxes.

There is a double extension on an attachment that you recently

opened, such as a .jpg, .vbs, .gif, or .exe. extension.

An antivirus program is disabled for no reason. Additionally, the

antivirus program cannot be restarted.

An antivirus program cannot be installed on the computer, or the

antivirus program will not run.

New icons appear on the desktop that you did not put there, or the
icons are not associated with any recently installed programs.

Strange sounds or music plays from the speakers unexpectedly.

A program disappears from the computer even though you did not
intentionally remove the program.

Different Types Of Computer

Virus
1. Trojan Horse

Computer Virus Page 10

As mentioned earlier on, the term "Trojan horse" was taken from a
clever Greek plan described by Homer in the Iliad. After seemingly
abandoning the siege of Troy, the Greeks placed armed men inside a
huge wooden horse. The horse was Welcomed into the city by the
Trojans, who believed it was a symbol of peace; they slept while the
Greeks exited the Horse and opened the gates allowing the Greek army
into Troy, conquering the city.

Operations that could be performed by a hacker on a target computer

system include:

* Use of the machine as part of a botnet

* Data theft (e.g. retrieving passwords or credit card information)
* Installation of software, including third-party malware
* Downloading or uploading of files on the user's computer
* Modification or deletion of files
* Keystroke logging
* Watching the user's screen
* Crashing the computer

Trojan horses in this way require interaction with a hacker to fulfill their
purpose, though the hacker need not be the individual responsible for
distributing the Trojan horse. It is possible for individual hackers to scan
computers on a network using a port scanner in the hope of finding one
with a malicious Trojan horse installed, which the hacker can then use to
control the target computer.

2. Resident Virus

A resident virus is a computer virus which embeds itself into the

memory on a computer, activating whenever the operating system
performs a specific function so that it can infect files on the computer.
This method of viral infection is in contrast with a non-resident virus,
which actively seeks out files to infect. Resident viruses can be quite
pernicious, as they may spread through a system so thoroughly that they
Computer Virus Page 11
even attach to antivirus programs, infecting the very things they scan for
signs of viral infection. Removing a resident virus which has embedded
itself in a computer's memory can be a challenge. The virus may be
designed to resist the actions of conventional antivirus software, or as
discussed above, to exploit the software. A specialized virus removal
tool may be needed to extract the virus from memory. In some cases,
the services of an information technology professional may be needed to
completely clear a computer of infection. When a resident virus is
identified by an antivirus company or a designer of operating systems, a
patch is often released. This may be an update to an antivirus program
which allows the program to remove the virus, or it may take the form of
a virus removal tool which the computer user can run to get the resident
virus out of memory.

3. Direct Action Virus

The main purpose of this virus is to replicate and take action when it is
executed. When a specific condition is met, the virus will go into action
and infect files in the directory or folder that it is in and in directories
that are specified in the AUTOEXEC.BAT file PATH. This batch file is
always located in the root directory of the hard disk and carries out
certain operations when the computer is booted.

4. Overwrite Virus

Virus of this kind is characterized by the fact that it deletes the

information contained in the files that it infects, rendering them partially
or totally useless once they have been infected. The only way to clean a
file infected by an overwrite virus is to delete the file completely, thus
losing the original content.
Examples of this virus include: Way, Trj.Reboot, Trivial.88.D.

5. Boot Virus

This type of virus affects the boot sector of a floppy or hard disk. This is
a crucial part of a disk, in which information on the disk itself is stored
Computer Virus Page 12
together with a program that makes it possible to boot the computer
from the disk. The best way of avoiding boot viruses is to ensure that
floppy disks are write-protected and never start your computer with an
unknown floppy disk in the disk drive.

6. Macro Virus

Macro viruses infect files that are created using certain applications or
programs that contain macros. These mini-programs make it possible to
automate series of operations so that they are performed as a single
action, thereby saving the user from having to carry them out one by
one.

7. Worms

Computer worms are programs that reproduce, execute independently

and travel across the network connections. The key difference between a
virus and worm is the manner in which it reproduces and spreads. A
virus is dependent upon the host file or boot sector, and the transfer of
files between computers to spread, whereas a computer worm can
execute completely independently and spread on its own accord through
network connections.

The security threat from worms is equivalent to that of viruses.

Computer worms are skilled of doing an entire series of damage such as
destroying crucial files in your system, slowing it down to a large
degree, or even causing some critical programs to stop.

Two types:

1) NETWORK- Computer Worms

Network worms consist of multiple parts, called "segments. They
each run on different machines (and possibly perform different
actions) using the network for several communication purposes.

Computer Virus Page 13

 Moving a segment from one machine to another is only one of
their purposes. Network worms that have only one main segment
will coordinate the work of the other segments; which are
sometimes called "octopuses."
2) HOST- Computer Worms
Host computer worms are entirely contained in the computer
they run on and use network connections only to copy themselves
to other computers.
Host computer worms are the original terminates after it launches a
copy on to another host (so there is only one copy of the worm
running somewhere on the network at any given moment). They
are sometimes called "rabbits."

8. E-Mail Virus

The virus was originally created as a Word document and was then
uploaded via email to an internet newsgroup. Any recipient who opened
the email, downloaded the document and opened it on their computer,
unknowingly triggered Melissa's payload. From there, the virus sent
itself as a document to the first 50 contacts in the victim's address book.
The email was attached with a friendly note which included the
recipient's name. This was done to make the virus appear harmless and
trick them into opening it. It then created 50 new infected documents
from that victim's machine. At this continuous rate, Melissa quickly
became the fastest spreading virus seen by anyone at the time. The virus
was so severe that it resulted in a number of large commercial
companies disabling their email systems.
Melissa was so powerful because it capitalized on a vulnerability found
in the Microsoft Word programming language known as VBA (Visual
Basic for Applications). VBA is a complete language that can be
programmed to perform actions such as modifying files and distributing
emails. It also includes a rather useful yet dangerous function known as
"auto-execute". The Melissa virus was programmed by inserting
malicious code into a document, enabling it to be executed whenever
someone opened it.
Computer Virus Page 14
The ILOVEYOU virus, which was first detected in May of 2000, was
much more simple than Melissa. The malicious code it contained came
in the form of an attachment. Any recipient who clicked on the
attachment unknowingly executed the code. This email virus then
distributed copies of itself to contacts in the user's address book,
enabling the infection to spread at a rapid rate. Because ILOVEYOU
was also known to unload different types of infections, some experts
have labeled it a Trojan rather than a virus.

9. Stealth Virus

In computer security, a stealth virus is a computer virus that uses various

mechanisms to avoid detection by antivirus software.

Typically, when an antivirus program runs, a stealth virus hides itself in

memory, and uses various tricks to also hide changes it has made to any
files or boot records. The virus may maintain a copy of the original,
uninfected data and monitor system activity. When the program attempts
to access data that's been altered, the virus redirects it to a storage area
maintaining the original, uninfected data. A good antivirus program
should be able to find a stealth virus by looking for evidence in memory
as well as in areas that viruses usually attack.

10. Companion Virus

The COMPANION virus is one that, instead of modifying an existing

file, creates a new program which is executed instead of the intended
program.
On exit, the new program executes the original program so that things
appear normal. On PCs this has usually been accomplished by creating
an infected .COM file with the same name as an existing .EXE file.
Integrity checking anti-virus software that only looks for modifications
in existing files will fail to detect such viruses.

Computer Virus Page 15

 Difference Between a Virus,
Worm and Trojan Horse
Virus cannot replicate themselves but worm and Trojan can do that.
A virus cannot be spread without a human action such as running an
infected file or program but worm and Trojan have the capabilities to
spread themselves automatically from computer to computer through
network connation.
A virus does not consume system memory but worm consumes too much
system memory and network bandwidth because of their copying nature.

Computer Virus Page 16

Trojans are used by malicious users to access your computer information
but viruses and worms cant do so, they simply infect your computer.

Top 5 Deadliest Virus

1. I Love You Virus

If you receive email with a subject line with the phrase I LOVE YOU
(all one word, no spaces) in it DON'T OPEN the attachment named
Love-Letter-For-You.txt.vbs.

Computer Virus Page 17

Over a five-hour period, during May 4, 2000, this virus spread across
Asia, Europe and the United States via e-mail messages titled
"ILOVEYOU." The menace clogged Web servers, overwrote personal
files and caused corporate IT managers to shut down e-mail systems.

A scan of the Visual Basic code included in the attachment reveals that
the virus may be corrupting MP3 and JPEG files on users' hard drives, as
well as mIRC, a version of Internet Relay Chat. It also appears to reset
the default start page for Internet Explorer.

This virus arrives as e-mail with the subject line "I Love You" and an
attachment named "Love-Letter-For-You.txt.vbs." Opening the
attachment infects your computer. The infection first scans your PC's
memory for passwords, which are sent back to the virus's creator (a Web
site in the Philippines which has since been shut down). The infection
then replicates itself to everyone in your Outlook address book. Finally,
the infection corrupts files ending with .vbs, .vbe, .js, .css, .wsh, .sct,
.hta, .jpg, .jpeg, .mp2, .mp3 by overwriting them with a copy of itself.

2. Slammer

SQL Slammer is a computer worm that caused a denial of service on

some Internet hosts and dramatically slowed down general Internet
traffic, starting at 05:30 UTC on January 25, 2003. It spread rapidly,
infecting most of its 75,000 victims within ten minutes. So named by
Christopher J. Rouland, the CTO of ISS, Slammer was first brought to
the attention of the public by Michael Bacarella (see notes below).
Although titled "SQL slammer worm", the program did not use the SQL
language; it exploited a buffer overflow bug in Microsoft's flagship SQL
Server and Desktop Engine database products, for which a patch had
been released six months earlier in MS02-039. Other names include
W32.SQLExp.Worm, DDOS.SQLP1434.A, the Sapphire Worm,
SQL_HEL, W32/SQLSlammer and Helker

3. Storm

Computer Virus Page 18

The latest virus on our list is the dreaded Storm Worm. It was late 2006
when computer security experts first identified the worm. The public
began to call the virus the Storm Worm because one of the e-mail
messages carrying the virus had as its subject "230 dead as storm batters
Europe." Antivirus companies call the worm other names. For example,
Symantec calls it Peacomm while McAfee refers to it as Nuwar. This
might sound confusing, but there's already a 2001 virus called the
W32.Storm.Worm.
4. Bagel (Net Sky)

The w32 bagle malware is part of a family of different viruses and

Trojans. It continues to spread itself via email attachments and infects
other computers.This malware installs itself when you download an
email attachment. It executes and creates a file in your system directory
called bbeagle.exe. It is particularly dangerous because the files look
legitimate when downloading, and someone who isnt familiar with the
internet may download them without knowing. It infects your computer
by the attacker sending fake emails, and infecting other computers. It
spreads like a chain to continuously damage even more computers.
When you download one of the virus files, it executes, installs, and
wrecks havoc on your system.

5. Nimda

The Nimda worm retrieves the list of addresses found in the address
books of Microsoft Outlook and Eudora, as well as email addresses
contained in HTML files found on the infected machine's hard drive.

Next, the Nimda virus sends all of these recipients an email with an
empty body and a subject chosen at random (and often very long). It
adds to the message an attachment named Readme.exe or Readme.eml
(file containing an executable). The viruses use an .eml extension to
exploit a security flaw in Microsoft Internet Explorer 5.

Computer Virus Page 19

What's more, in Microsoft Windows the Nimda virus can spread over
shared network folders, infecting executable files found there.

Viewing Web pages on servers infected by the Nimda virus may lead to
infection when a user views pages with the vulnerable Microsoft Internet
Explorer 5 browser.

The Nimda virus is also capable of taking control of a Microsoft IIS

(Internet Information Server) Web server, by exploiting certain security
holes.

Finally, the virus infects executable files found on the contaminated

machine, meaning that it can also spread by file transfers.

How Anti-Virus Software

Works
Antivirus software typically uses a variety of strategies in detecting and
removing viruses, worms and other malware programs.

The following are the two most widely employed identification methods:

1. Signature-Based Detection

Computer Virus Page 20

This is the most commonly employed method which involves searching
for known patterns of virus within a given file. Every antivirus software
will have a dictionary of sample malware codes called signatures in its
database. Whenever a file is examined, the antivirus refers to the
dictionary of sample codes present within its database and compares the
same with the current file.
If the piece of code within the file matches with the one in its dictionary
then it is flagged and proper action is taken immediately so as to stop the
virus from further replicating. The antivirus may choose to repair the
file, quarantine or delete it permanently based on its potential risk.
As new viruses and malwares are created and released every day, this
method of detection cannot defend against new malwares unless their
samples are collected and signatures are released by the antivirus
software company. Some companies may also encourage the users to
upload new viruses or variants, so that the virus can be analyzed and the
signature can be added to the dictionary.

2. Heuristic-based detection

Heuristic-based detection involves identifying suspicious behavior from

any given program which might indicate a potential risk. This approach
is used by some of the sophisticated antivirus softwares to identify new
malware and variants of known malware. Unlike the signature based
approach, here the antivirus doesnt attempt to identify known viruses,
but instead monitors the behavior of all programs.
For example, malicious behaviors like a program trying to write data to
an executable program is flagged and the user is alerted about this
action. This method of detection gives an additional level of security
from unidentified threats.
File emulation: This is another type of heuristic-based approach where a
given program is executed in a virtual environment and the actions
performed by it are logged. Based on the actions logged, the antivirus
software can determine if the program is malicious or not and carry out
necessary actions in order to clean the infection.

Computer Virus Page 21

Different Anti-Virus Software
1) AVG Anti-Virus
2) Avira Antivirus
3) Bit Defender
4) ESET NOD32
5) Kaspersky Anti-Virus
6) McAfee Antivirus

Computer Virus Page 22

 7) Norton Antivirus
8) Panda Antivirus
9) Quick Heal Antivirus
10)Trend Micro Antivirus etc.

Computer Virus Page 23

 CONCLUSION

People mostly think that there are only viruses are threat
but there are
other threats as well.
Such as spam's, spyware, trojans , worms, etc.
From spam's we know there are different sorts, such as
phishing.
Spywares are used in order to breach the the security.
Trojans do not replicate but are destructive.
Antivirus should be installed and should be upgraded to its
latest
version in order to provide security against the latest
viruses.

Computer Virus Page 24

 References
http://www.mines.edu/academic/computer/viri-sysadmin.htm
http://www.google.com
http:// www.shashachu.com
http://www.wikipedia.org
http://www.youtube.com

Computer Virus Page 25