Professional Documents
Culture Documents
Computer viruses are called viruses because they share some of the
traits of biological viruses. A computer virus passes from computer to
computer like a biological virus passes from person to person.
10 Reference 21
Index
Another very common way people become infected with viruses and
other spyware is by opening e-mail attachments, even when from a co-
worker, friend, or family member. E-mail addresses can be easily faked
and even when not faked your acquaintance may unsuspectingly be
forwarding you an infected file.
Finally, downloading any other software from the Internet can also
contain viruses and other malware. When downloading any software
(programs, utilities, games, updates, demos, etc.), make sure you're
downloading the software from a reliable source and while installing it
you're reading all prompts about what the program is putting on your
computer.
Symptoms Of A Computer
Virus
The following are some primary indicators that a computer may be
infected:
New icons appear on the desktop that you did not put there, or the
icons are not associated with any recently installed programs.
A program disappears from the computer even though you did not
intentionally remove the program.
Trojan horses in this way require interaction with a hacker to fulfill their
purpose, though the hacker need not be the individual responsible for
distributing the Trojan horse. It is possible for individual hackers to scan
computers on a network using a port scanner in the hope of finding one
with a malicious Trojan horse installed, which the hacker can then use to
control the target computer.
2. Resident Virus
The main purpose of this virus is to replicate and take action when it is
executed. When a specific condition is met, the virus will go into action
and infect files in the directory or folder that it is in and in directories
that are specified in the AUTOEXEC.BAT file PATH. This batch file is
always located in the root directory of the hard disk and carries out
certain operations when the computer is booted.
4. Overwrite Virus
5. Boot Virus
This type of virus affects the boot sector of a floppy or hard disk. This is
a crucial part of a disk, in which information on the disk itself is stored
Computer Virus Page 12
together with a program that makes it possible to boot the computer
from the disk. The best way of avoiding boot viruses is to ensure that
floppy disks are write-protected and never start your computer with an
unknown floppy disk in the disk drive.
6. Macro Virus
Macro viruses infect files that are created using certain applications or
programs that contain macros. These mini-programs make it possible to
automate series of operations so that they are performed as a single
action, thereby saving the user from having to carry them out one by
one.
7. Worms
Two types:
8. E-Mail Virus
The virus was originally created as a Word document and was then
uploaded via email to an internet newsgroup. Any recipient who opened
the email, downloaded the document and opened it on their computer,
unknowingly triggered Melissa's payload. From there, the virus sent
itself as a document to the first 50 contacts in the victim's address book.
The email was attached with a friendly note which included the
recipient's name. This was done to make the virus appear harmless and
trick them into opening it. It then created 50 new infected documents
from that victim's machine. At this continuous rate, Melissa quickly
became the fastest spreading virus seen by anyone at the time. The virus
was so severe that it resulted in a number of large commercial
companies disabling their email systems.
Melissa was so powerful because it capitalized on a vulnerability found
in the Microsoft Word programming language known as VBA (Visual
Basic for Applications). VBA is a complete language that can be
programmed to perform actions such as modifying files and distributing
emails. It also includes a rather useful yet dangerous function known as
"auto-execute". The Melissa virus was programmed by inserting
malicious code into a document, enabling it to be executed whenever
someone opened it.
Computer Virus Page 14
The ILOVEYOU virus, which was first detected in May of 2000, was
much more simple than Melissa. The malicious code it contained came
in the form of an attachment. Any recipient who clicked on the
attachment unknowingly executed the code. This email virus then
distributed copies of itself to contacts in the user's address book,
enabling the infection to spread at a rapid rate. Because ILOVEYOU
was also known to unload different types of infections, some experts
have labeled it a Trojan rather than a virus.
9. Stealth Virus
If you receive email with a subject line with the phrase I LOVE YOU
(all one word, no spaces) in it DON'T OPEN the attachment named
Love-Letter-For-You.txt.vbs.
A scan of the Visual Basic code included in the attachment reveals that
the virus may be corrupting MP3 and JPEG files on users' hard drives, as
well as mIRC, a version of Internet Relay Chat. It also appears to reset
the default start page for Internet Explorer.
This virus arrives as e-mail with the subject line "I Love You" and an
attachment named "Love-Letter-For-You.txt.vbs." Opening the
attachment infects your computer. The infection first scans your PC's
memory for passwords, which are sent back to the virus's creator (a Web
site in the Philippines which has since been shut down). The infection
then replicates itself to everyone in your Outlook address book. Finally,
the infection corrupts files ending with .vbs, .vbe, .js, .css, .wsh, .sct,
.hta, .jpg, .jpeg, .mp2, .mp3 by overwriting them with a copy of itself.
2. Slammer
3. Storm
5. Nimda
The Nimda worm retrieves the list of addresses found in the address
books of Microsoft Outlook and Eudora, as well as email addresses
contained in HTML files found on the infected machine's hard drive.
Next, the Nimda virus sends all of these recipients an email with an
empty body and a subject chosen at random (and often very long). It
adds to the message an attachment named Readme.exe or Readme.eml
(file containing an executable). The viruses use an .eml extension to
exploit a security flaw in Microsoft Internet Explorer 5.
Viewing Web pages on servers infected by the Nimda virus may lead to
infection when a user views pages with the vulnerable Microsoft Internet
Explorer 5 browser.
The following are the two most widely employed identification methods:
1. Signature-Based Detection
2. Heuristic-based detection
People mostly think that there are only viruses are threat
but there are
other threats as well.
Such as spam's, spyware, trojans , worms, etc.
From spam's we know there are different sorts, such as
phishing.
Spywares are used in order to breach the the security.
Trojans do not replicate but are destructive.
Antivirus should be installed and should be upgraded to its
latest
version in order to provide security against the latest
viruses.