DEFINITIONA computer virus is a small software program that spreads from one

computer to another computer and interferes with computer operation and

causes damage to data and files on systems.

MAIN CHARACTERISTICS ARE:•It is able to replicate.

•It requires a host program as a carrier.

•It is activated by external action.

SOME WELL-KNOWN COMPUTER VIRUSESCreeper virus Elk Cloner The Morris worm Nimda

ACTIVITY

Find the name of any two viruses

with their description

INTERESTING FACTSINTERESTING FACTS

Experts estimate that the mydoom worm infected approximately a

quarter-million computers in a single day in January 2004.

In January 2007, a worm called Storm appeared -- by October, experts

believed up to 50 million computers were infected.

A program named “Rother J” was the first computer virus to come into

sight. Created in 1981 by Richard Skrenta, it attached itself to the Apple

DOS 3.3 operating system and spread via floppy disk.

SYMPTOMS OF A COMPUTER VIRUS•The computer runs slower than usual.

•The computer stops responding, or it locks up frequently.

•The computer restarts on its own. Additionally, the computer

does not run as usual.

•Applications on the computer do not work correctly.

•Disks or disk drives are inaccessible.

•You see distorted menus and dialog boxes.

•An antivirus program is disabled for no reason. Additionally, the

antivirus program cannot be restarted.

•A program disappears from the computer even though you did

not intentionally remove the program.

TYPES OF VIRUSES

•ARMORED VIRUS: An ARMORED virus is one that uses special tricks to make tracing, disassembling and understanding of its code more difficult. Like a Whale virus.

•CAVITY VIRUS: A Cavity virus is one which over writes a part of the host file that is filled with a constant (usually nulls), without increasing the length of the file, but preserving its functionality. The Lehigh virus was an early example of a cavity virus.

•COMPANION VIRUS: On exit, the new program executes the original program so that things appear normal. On PCs this has usually been accomplished by creating an infected .COM file with the same name as an existing .EXE file. COMPANION VIRUS 2:48 AM 20 A companion virus is that virus which is not modifying the original file but execute new program.

TYPES OF VIRUSES

•RESIDENT VIRUS: Resident Viruses This type of virus is settle in the RAM memory. From there it can overcome and interrupt all of the operations executed by the system: corrupting files and programs that are opened, closed, copied, renamed etc. Examples are: Randex, CMJ, Meve, and Mrklunky.

•POLYMORPHIC VIRUS: A polymorphic virus is one that produces varied but operational copies of itself. This is so that virus scanners will not be able to detect all instances of the virus. •FAT VIRUS: This type of virus attack on the individual files or on the directories resulting information losses because this virus wipeout the information from the infected files.

HOW TO PREVENT A VIRUS? •Load only software from original disks or CD's. Pirated or copied

software is always a risk for a virus.

•Execute only programs of which you are familiar as to their origin.

•Computer uploads and "system configuration" changes should

always be performed by the person who is responsible for the

computer.

•Password protection should be employed.

•Check all shareware and free programs downloaded from on-line

services with a virus checking program.

•Purchase or download a anti-virus program that runs as you boot

or work your computer. Up-date it frequently.

Other forms of computer attacks• SPAMMING- Sending of bulk email by an

unidentified source.• WORM- A self replicating program that eats

up the entire disk space or memory by creating its copies until all the memory is filled.

• SPYWARE- A software that is installed on the computer to spy on the activities and report this to people willing to pay for it.

•ADWARE- The program that deliver unwanted ads to the computer(generally in pop-up forms) and consume the network bandwidth.•TROJAN HORSE- A program that appears harmless but actually performs malicious functions such as deleting or damaging files.•SWEEPER- A malicious program used by hackers to sweep or deletes all the data from the system.•PHISHING- A process of attempting to acquire sensitive information such as user name, passwords, credit card information, account data etc.

HOW VIRUS SPREAD?

A virus runs first when a legitimate program is executed. •The virus loads itself into memory and looks to see if it can find any other programs on the disk. •If it can find one, it modifies it to add the virus's code to the new program. •Then the virus launches the "real program.“

The user has no way to know that the virus ever ran. •Unfortunately, the virus has now reproduced itself, so two programs are infected. •The next time either of those programs gets executed, they infect other programs, and the cycle cont

When the infected program is distributed by •floppy disk•uploaded to a bulletin board•zipped and delivered as an executablethen other programs get infected

This is how viruses spread

HOW VIRUS SPREAD?

How to prevent virus?•Run a secure operating system like UNIX or Windows NT

security features keep viruses away

•Buy virus protection software

•Avoid programs from unknown sources (like the Internet)

•Stick with commercial software purchased on CDs

•With E-mail viruses

Never double-click on an attachment that contains an

executable program

Attachments that come in as Word files (.DOC),

spreadsheets (.XLS), images (.GIF and .JPG), etc., are data

files and they can do no damage

How viruses get into computers ?The four most common virus infections come from:

• File – A virus type that infects existing files on the computer

(~40%)

• Macro – A virus that runs as a macro in a host application such as

the MS Office applications (~20%)

• VBScript – A virus that uses Windows Visual Basic Script

functionality (~10%)

• Internet Worm – A virus that is primarily characterized by it’s

replication across the Internet (~20%)

• The life cycle of a virus A virus enters the system passively, through an activity of the operator (inserting an infected disk, opening an infected mail attachment).

• A virus has to be compatible with the system to gain a foothold.

• A virus replicates at the cost of computer speed. Damage causes loss or inaccessibility of files, and sometimes loss of the complete hard disk.

• Transfer to the next computer can occur automatically when computers are interconnected, or requires human activity such as sharing of diskettes. Entry Foothold Replication & Damage Transfer to next host

The life cycle of a virus :

ANTIVIRUSAntivirus software is a computer program that

detects, prevents, and takes action to disarm or remove malicious software programs, such as

viruses and worms.

TOP 5 ANTI VIRUS SOFTWARESMCAFEE VIRUS SCAN AVG ANTIVIRUS ACTIVE VIRUS SHIELD ESET NOD 32 AVIRA ANTI VIRUS

ACTIVITY

Find the name of any two

antivirus softwares with their

description.

HOW ANTIVIRUS WORKS?

There are several methods which antivirus software can use to identify malware:

•Signature based detection is the most common method. To identify viruses

and other malware, antivirus software compares the contents of a file to a

did of virus signatures. Because viruses can embed themselves in existing

files, the entire file is searched, not just as a whole, but also in pieces.

•Heuristic-based detection, like malicious activity detection, can be used to

identify unknown viruses.

•File emulation is another heuristic approach. File emulation involves

executing a program in a virtual environment and logging what actions the

program performs. Depending on the actions logged, the antivirus software

can determine if the program is malicious or not and then carry out the

appropriate disinfection actions