COMPUTER VIRUS - PowerPoint PPT Presentation

1 / 29
About This Presentation



Compiled By : S. Agarwal, Lecturer & Systems Incharge St. Xavier s Computer Centre, St. Xavier s College Kolkata February, 2003 Compiled by : S. Agarwal, Lecturer ... – PowerPoint PPT presentation

Number of Views:347
Avg rating:3.0/5.0
Slides: 30
Provided by: sxccalEd
Tags: computer | virus


Transcript and Presenter's Notes


a complete study....
Compiled By S. Agarwal, Lecturer Systems
Incharge St. Xaviers Computer Centre, St.
Xaviers College Kolkata February, 2003
What is a Virus ? A virus is just a computer
program. Like any other program, it contains
instructions that tell your computer what to do.
But unlike an application, a virus usually tells
your computer to do something you don't want it
to do, and it can usually spread itself to other
files on your computer -- and other people's
In some cases, a virus will execute only a gentle
"personality quirk," such as causing your
computer to make seemingly random bleeps. But a
virus can be very destructive it could format
your hard drive, overwrite your hard drive boot
sector, or delete files and render your machine
General virus types While there are thousands
of variations of viruses, most fall into one of
the following general categories, each of which
works slightly differently.
Boot Sector Virus Replaces or implants itself
in the boot sector. This kind of virus can
prevent you from being able to boot your hard
Macro Virus Written using a simplified macro
programming language, these viruses affect
Microsoft Office applications, such as Word and
Excel. A document infected with a macro virus
generally modifies a pre-existing, commonly used
command (such as Save) to trigger its payload
upon execution of that command.
Multipartite Virus Infects both files and the
boot sector-- a double whammy that can reinfect
your system dozens of times before it's caught.

Polymorphic Virus Changes code whenever it
passes to another machine.
Stealth Virus hides its presence by making an
infected file not appear infected
E-mail viruses An e-mail virus moves around
in e-mail messages, and usually replicates itself
by automatically mailing itself to dozens of
people in the victim's e-mail address book.
Worms A worm is a computer program that has the
ability to copy itself from machine to machine.
Worms normally move around and infect other
machines through computer networks. Worms eat up
storage space and slows down the computer. But
worms don't alter or delete files.
Trojan horses A Trojan horse is simply a
computer program that claims to do one thing (it
may claim to be a game) but instead does damage
when you run it (it may erase your hard disk).
When loaded onto your machine, a Trojan horse can
capture information from your system -- such as
user names and passwords or could allow a
malicious hacker to remotely control your
computer. Trojan horses have no way to
replicate automatically.
Origins of Viruses People create viruses. A
person has to write the code, test it to make
sure it spreads properly and then release the
virus. A person also designs the virus's attack
phase, whether it's a silly message or
destruction of a hard disk. In most of the
cases people create viruses just for the thrill
or fun.
How They Spread ? Early viruses were pieces of
code attached to a common program like a popular
game or a popular word processor. A person might
download an infected game from the internet or
copy it from a floppy disk and run it. A virus
like this is a small piece of code embedded in a
larger, legitimate program. Any virus is designed
to run first when the legitimate program gets
The virus loads itself into memory and looks
around to see if it can find any other programs
on the disk. If it can find one, it modifies it
to add the virus's code to the unsuspecting
program. Then the virus launches the "real
program." The user really has no way to know that
the virus ever ran. Unfortunately, the virus has
now reproduced itself, so two programs are
infected. The next time either of those programs
gets executed, they infect other programs, and
the cycle continues.
If one of the infected programs is given to
another person on a floppy disk, or if it is
uploaded to internet, then other programs get
infected. This is how the virus spreads.
The spreading part is the infection phase of the
virus. Viruses wouldn't been so violently
disliked if all they did was replicate
themselves. Unfortunately, most viruses also have
some sort of destructive attack phase where they
do some damage. Some sort of trigger will
activate the attack phase, and the virus will
then "do something" -- anything from printing a
silly message on the screen to erasing all of
your data. The trigger might be a specific date,
or the number of times the virus has been
replicated, or something similar.
trick is the ability to load viruses into memory
so that they can keep running in the background
as long as the computer remains on. This gives
viruses a much more effective way to replicate
Another trick is the ability to infect the boot
sector on floppy disks and hard disks. The boot
sector is a small program that is the first part
of the operating system that the computer loads
and tells the computer how to load the rest of
the operating system. By putting its code in
the boot sector, a virus can guarantee that it
gets executed. It can load itself into memory
immediately, and it is able to run whenever the
computer is on. Boot sector viruses can infect
the boot sector of any floppy disk inserted in
the machine, and on campuses where lots of people
share machines they spread like wildfire.
In general, both executable and boot sector
viruses are not very threatening any more. The
first reason for the decline has been the huge
size of today's programs. The programs are so big
that the only easy way to move them around is in
CDs. People certainly can't carry applications
around on a floppy disk like they did in the
early days. Compact discs cannot be modified, and
that makes viral infection of a CD impossible.
Boot sector viruses have also declined because
operating systems now protect the boot
sector. Both boot sector viruses and executable
viruses are still possible, but they are a lot
harder now and they don't spread nearly as
quickly as they once could.
Prevention is the best cure
Run a secure operating system like UNIX or
Windows NT. Install virus protection software.
Avoid programs from unknown sources. Disable
floppy disk booting Macro Virus Protection is
enabled in all Microsoft applications. Never
double-click on an attachment that contains an
executable that arrives as an e-mail attachment.
How antivirus software works Scanning software
looks for a virus in one of two ways. If it's a
known virus (one that has already been detected
in the wild and has an antidote written for it)
the software will look for the virus's signature
-- a unique string of bytes that identifies the
virus like a fingerprint -- and will zap it from
your system. Most scanning software will catch
not only an initial virus but many of its
variants as well, since the signature code
usually remains intact.
In the case of new viruses for which no antidote
has been created, scanning software uses methods
that look for unusual virus like activity on your
system. If the program sees any funny business,
it quarantines the questionable program and
broadcasts a warning to you about what the
program may be trying to do (such as modify your
Windows Registry). If you and the software think
the program may be a virus, you can send the
quarantined file to the antivirus vendor, where
researchers examine it, determine its signature,
name and catalog it, and release its antidote.
It's now a known virus.
If the virus never appears again -- which often
happens when the virus is too poorly written to
spread -- then vendors categorize the virus as
dormant. But viruses are like earthquakes The
initial outbreak is usually followed by
aftershocks. Variants (copycat viruses that
emerge in droves after the initial outbreak) make
up the bulk of known viruses.
Practice safe computing The best way to protect
yourself from viruses is to avoid opening
unexpected e-mail attachments and downloads
from unreliable sources. Resist the urge to
double-click everything in your mailbox. If you
get a file attachment and you aren't expecting
one, e-mail the person who sent it to you before
you open the attachment. Ask them if they meant
to send you the file, what it is, and what it
should do.
For added safety, you need to install reliable
antivirus scanning software and download updates
regularly. Major antivirus software vendors,
including Symantec, Network Associates, Computer
Associates, and Trend Micro, provide regular
updates. (Computer Associates' InoculateIT is
also free.) Some of the vendors also offer a
service that will automatically retrieve updates
for you from the company's Web site.
Regular updates are essential. Researchers at
Computer Economics estimate that 30 percent of
small businesses are vulnerable to viruses either
because they don't keep their virus-scanning
software updated or because they don't install it
Wishing you
Safe Happy Computing.....
S. Agarwal
Write a Comment
User Comments (0)