CONTENTS

• HISTORY

• INTRODUCTION

• WORKING

• The ANTIVIRUS-Protection from

Viruses

• WORKING OF AN ANTIVIRUS

• THE BENIFIAL USE OF

VIRUSES

• VIRUSES TODAY

• CONCLUSION

ABSTRACT

A computer virus is a computer program that

can copy itself and infect a computer without
permission or knowledge of the user. The
original may modify the copies or the copies attached itself to the Apple DOS 3.3 operating
may modify themselves, as occurs in a system and spread by floppy disk. This virus was
metamorphic virus. A virus can only spread originally a joke, created by the high school
from one computer to another when its host is student and put onto a game. The game was set
taken to the uninfected computer, for instance to play, but release the virus on the 50th time
by a user sending it over a network or carrying it of starting the game. Only this time, instead of
on a removable medium such as a floppy disk, playing the game, it would change to a blank
CD, or USB drive. All computer viruses are screen that read a poem about the virus named
manmade. In this paper we describe how a Elk Cloner. The computer would then be
virus work and illustrate types of viruses. A infected.
computer virus trapping device is described that The first PC virus was a boot sector virus called
detects and eliminates computer viruses before (c) Brain, created in 1986 by two brothers, Basit
they can enter a computer system and wreck and Amjad Farooq Alvi, operating out of
havoc on its files, peripherals, etc. The trapping Lahore , Pakistan . The brothers reportedly
device creates a virtual world that simulates the created the virus to deter pirated copies of
host computer system intended by the virus to software they had written.
infect. The environment is made as friendly as Before computer networks became widespread,
possible to fool a computer virus into thinking it most viruses spread on removable media,
is present on the host, its intended target particularly floppy disks. Some viruses spread by
system. The invention is able to detect any infecting programs stored on these disks, while
disruptive behavior occurring within this others installed themselves into the disk boot
simulated host computer system. It is further sector, ensuring that they would be run when
able to remove the virus from the data stream the user booted the computer from the disk.
before it is delivered to the host and/or take Traditional computer viruses emerged in the
any action previously instructed by a user. The 1980s, driven by the spread of personal
protection against viruses and its beneficial uses computers and the resultant increase in BBS
are discussed. Viruses and other forms of and modem use, and software sharing. Bulletin
malware are a viable method an attacker can board driven software sharing contributed
use to enter users system, their network, and directly to the spread of Trojan horse programs,
the networks of others. The threats from and viruses were written to infect popularly
computer viruses are no longer simply a traded software.
nuisance — displaying messages and deleting Since the mid-1990s, macro viruses have
files — but rather a mechanism to perform become common. Most of these viruses are
other threats to user's information and systems. written in the scripting languages for Microsoft
programs such as Word and Excel. These viruses
• HISTORY
spread in Microsoft Office by infecting
documents and spreadsheets. Since Word and
A program called "Elk Cloner" is credited with Excel were also available for Mac OS, most of
being the first computer virus to appear outside these viruses were able to spread on Macintosh
the single computer or lab where it was computers as well. Most of these viruses did
created. Written in 1982 by Rich Skrenta, it not have the ability to send infected e-mail.
Those viruses which did spread through e-mail
took advantage of the Microsoft Outlook COM Since virus code must be executed (run) to have
interface. any effect, files that the computer treats as
Macro viruses pose unique problems for pure data are safe. This includes graphics and
detection software. The virus behaved sound files such as .gif, .jpg, .mp3, .wav, etc., as
identically but would be misidentified as a new well as plain text in .txt files. For example, just
virus. viewing picture files won't infect your computer
A computer virus may also be transmitted with a virus. The virus code has to be in a form,
through instant messaging. A virus may send a such as an .exe program file or a Word .doc file
web address link as an instant message to all that the computer will actually try to execute.
the contacts on an infected machine. If the
recipient, thinking the link is from a trusted Computer viruses are called viruses because
source follows the link to the website, the virus they share some of the traits of biological
hosted at the site may be able to infect this new viruses. A computer virus passes from computer
computer and continue propagating. to computer like a biological virus passes from
The newest species of the virus family is the person to person. A computer virus must
cross-site scripting virus. The virus emerged piggyback on top of some other program or
from research and was academically document in order to get executed. Once it is
demonstrated in 2005. This virus utilizes cross- running, it is then able to infect other programs
site scripting vulnerabilities to propagate. Since or documents.
2005 there have been multiple instances of the
• WORKING
cross-site scripting viruses in the wild, most
Initial Working: Early viruses were pieces of
notable sites affected have been My Space and
code attached to a common program like a
Yahoo.
popular game or a popular word processor. A
• INTRODUCTION person might download an infected game from
A computer virus is a program designed to a bulletin board and run it. A virus like this is a
spread itself by first infecting program files or small piece of code embedded in a larger,
the system areas of hard and floppy disks and legitimate program. Any virus is designed to run
then making copies of itself. Viruses usually first when the legitimate program gets
operate without the knowledge of the executed. The virus loads itself into memory
computer user. Viruses can infect any type of and looks around to see if it can find any other
executable code, not just the files that are programs on the disk. If it can find one, it
commonly called 'program files'. Viruses can be modifies it to add the virus's code to the
spread by: unsuspecting program. Then the virus launches
• Executable code in the boot sector of infected its real program. The user really has no way to
floppy disks know that the virus ever ran. Unfortunately, the
• Executable code in the system area of virus has now reproduced itself, so two
infected hard drives programs are infected. The next time either of
• Word processing and spreadsheet documents those programs gets executed, they infect other
that use infected macros programs, and the cycle continues.
• Infected HTML documents that contain When a program is started that is infected by a
JavaScript or other types of executable code virus, the virus code will execute (run) and try
and infect other programs. This can infect the makes it possible to boot (start) the computer
same computer or other computers connected from the disk.
to it on a network. The newly infected programs This kind of virus does not affect files, but
will try to infect more programs and computers. rather the disks that contain them . First they
When a copy of an infected file is shared with attack the boot sector of the disk then, once the
other computer users, opening the file may also computer is started, the boot virus will infect
infect their computers; and files from those the hard drive of the computer. The best way of
computers may spread the infection to yet avoiding boot viruses is to ensure that floppy
more computers. disks are write-protected and never start a
Viruses can be classified using multiple criteria: computer with an unknown floppy disk in the
origin, techniques, types of files they infect, disk drive.
where they hide, the kind of damage they • Macro Virus
cause, the type of operating system or platform Macro viruses infect files that are created using
they attack etc. certain applications or programs that contain
The following are the most common types of macros . These include Word documents, Excel
viruses. spreadsheets, PowerPoint presentations, Access
• Resident Viruses databases, Corel Draw etc.
This type of virus hides permanently in the RAM A macro is a small program that a user can
memory . From here it can control and associate to a file created using certain
intercept all of the operations carried out by the applications.
system: corrupting files and programs that are When a document containing macros is
opened, closed, copied, renamed etc. Resident opened, they will automatically be loaded and
viruses can be treated as file infector viruses. may be executed immediately or when the user
When a virus goes memory resident, it will decides to do so. The virus will then take effect
remain there until the computer is switched off by carrying out the actions it has been
or restarted. programmed to do, often regardless of the
• Overwrite Viruses program's built-in macro virus protection.
This type of virus is characterized by the fact • Encrypted
that it deletes the information contained in the Encryption is a technique used by viruses so
files that it infects , rendering them partially or that they cannot be detected by antivirus
totally useless once they have been infected. programs. The virus encodes or encrypts itself
Infected files do not change size, unless the so as to be hidden from scans, before
virus occupies more space than the original file, performing its task it will decrypt itself. Once it
because instead of hiding within a file, the virus has unleashed its payload the virus will then go
replaces the files content. The only way to clean back into hiding.
a file infected by an overwrite virus is to delete
the file completely, thus losing the original • File Infectors
content. This type of virus infects programs or
• Boot Virus executable files (files with an .EXE or .COM
This type of virus affects the boot sector of a extension). When one of these programs is run,
floppy or hard disk, in which information on the directly or indirectly, the virus is activated,
disk itself is stored together with a program that producing the damaging effects it is
programmed to carry out. The majorities of segments of other programs.
existing viruses belong to this category, and can Their objective is to destroy data on the
be classified depending on the actions that they computer once certain conditions have been
carry out. met. Logic bombs go undetected until launched,
• Worms and the results can be destructive.
A worm is a program very similar to a virus; it If a computer is infected with a boot sector
has the ability to self-replicate, and can lead to virus, the virus tries to write copies of it to the
negative effects on the system and most system areas of floppy disks and hard disks.
importantly they are detected and eliminated Then the infected floppy disks may infect other
by antiviruses. However, worms are not strictly computers that boot from them, and then the
viruses, as they do not need to infect other files virus on the computer will try to infect more
in order to reproduce. floppies inserted into it. , the actual effect of a
Worms can exist without damaging files, and virus depends on how it was programmed by
can reproduce at rapid speeds, saturating the person who wrote the virus.
networks and causing them to collapse. The other types of viruses are:
Worms almost always spread through e-mail, • Adware
networks and chat (such as IRC or ICQ). Adware is software that displays advertising
• Trojans or Trojan Horses banners on Web browsers such as Internet
Another unsavory breed of malicious code are Explorer and Mozilla. While not categorized as
Trojans or Trojan horses, which unlike viruses malware, many users consider adware invasive.
do not reproduce by infecting other files, nor do Adware programs often create unwanted
they self-replicate like worms. effects on a system, such as annoying popup
Trojans work in a similar way to their ads and, in some instances, the degradation in
mythological namesake, the famous wooden either network connection or system
horse that hid Greek soldiers so that they could performance.
enter the city of Troy undetected. • Cookies
They appear to be harmless programs that Cookies are text files that are created on
enter a computer through any channel. When computers when visiting Web sites. They
that program is executed, they install other contain information on user browsing habits.
programs on the computer that can be harmful. When a user returns to a Web site, a cookie
A Trojan may not activate its effects at first, but provides information on the user's preferences
when they do, they can wreak havoc on your and allows the site to display in customized
system. They have the capacity to delete files, formats and to show targeted content such as
destroy information on the hard drive and open advertising.
up a backdoor to a system . This gives them • Malware
complete access to your system allowing an Malware is a program that performs
outside user to copy and resend confidential unexpected or unauthorized, but always
information . malicious, actions. It is a general term used to
• Logic Bombs refer to both viruses and Trojans, which
They are not considered viruses because they respectively include replicating and non-
do not replicate. They are not even programs in replicating malicious code.
their own right but rather camouflaged • Spyware
Spyware is a program that monitors and gathers proper functionality is known.
user information for different purposes.
Spyware programs usually run in the
background, with their activities transparent to • Antivirus software is a class of program that
most users. Many users inadvertently agree to searches the hard drive and floppy disks for any
install spyware by accepting the End User known or potential viruses. The market for this
License Agreement (EULA) on certain free kind of program has expanded because of
software. Internet growth and the increasing use of the
Internet by businesses concerned about
protecting their computer assets.
Some viruses are designed to overwrite boot • A utility that searches a hard disk for viruses
sectors and interfere with a computer's and removes any that are found. Most antivirus
operation (boot viruses), others damage the program includes an auto-update feature that
computers memory operation then try and enables the program to download profiles of
spread themselves around by picking up e-mail new viruses so that it can check for the new
or network addresses off the computer (worm viruses as soon as they are discovered.
viruses). Still others will wipe files from the hard
drive and destroy system files (Trojan viruses) • WORKING OF AN ANTIVIRUS
and finally there are ones that infect document When the antivirus software looks at a file, it
files, electronic spreadsheets and databases of refers to a dictionary of known viruses that the
several popular software packages (Macro authors of the antivirus software have
viruses). Viruses can't do any damage to identified. If a piece of code in the file matches
hardware. any virus identified in the dictionary, then the
• The ANTIVIRUS-Protection from Viruses antivirus software can take one of the following
Protection against viruses with a few simple actions:
steps: 1. attempt to repair the file by removing the
• Running a more secure operating system like virus itself from the file
UNIX, its user never hears about viruses 2. quarantine the file (such that the file remains
because the security features keep viruses (and inaccessible to other programs and its virus can
unwanted human visitors) away from the hard no longer spread)
disk. 3. delete the infected file
• If an unsecured operating system is used, then
buying virus protection software is a nice To achieve consistent success in the medium
safeguard. and long term, the virus dictionary approach
• Avoid programs from unknown sources (like requires periodic (generally online) downloads
the Internet), and instead sticking with of updated virus dictionary entries. As civically
commercial software purchased on CDs, a user minded and technically inclined users identify
can eliminate almost all of the risk from new viruses "in the wild", they can send their
traditional viruses. infected files to the authors of antivirus
• Making sure that enabling of Macro Virus software, who then include information about
Protection in all Microsoft applications, and the new viruses in their dictionaries.
never run macros in a document unless its à The Approaches
• The suspicious behavior approach , doesn't Emergency Response Team (CERT-In) has
attempt to identify known viruses, but instead warned of a computer virus, which is activated
monitors the behavior of all programs. If one every third day of a month. The virus is
program tries to write data to an executable expected to attack computers on Friday and
program, the antivirus software can flag this uses obscene subject lines, message content
suspicious behavior, alert a user and ask what and attachments. When a user clicks on the
to do. attachment, the virus gets executed and
• A sandbox approach emulates the operating performs the following actions: opens a .ZIP
system and runs the executable in this archive with the same name in the Windows
simulation. After the program has terminated, system folder to hide its functionality, copies
software analyzes the sandbox for any changes itself to the system folder with the filenames:
which might indicate a virus. scanregw.exe, Winzip.exe, Update.exe,
• Whitelisting approach is an emerging movies.exe, Zipped Files.exe, also copies itself
technique to deal with malware Rather than to the Windows folder with filenames:
looking for only known bad software, this Rundll16.exe, WinZipTmp.exe, creates the
technique prevents execution of all computer registry entry to enable its automatic execution
code except that which has been previously at every system start-up and hides files with
identified as trustworthy by the system both system and read-only attributes. It also
administrator. By following this default deny deletes files related to anti-virus applications
approach, the limitations inherent in keeping and attempts to spread to networks with weak
virus signatures up to date are avoided. passwords.
The various Antivirus Softwares are , McAfee
Virus Scan, Norton Antivirus, avast!, Windows
Live OneCare, AVG Anti-Virus, AOL Active Virus
Shield, Bitdefender, Cisco Security Agent, F-
Prot, F-Secure, Kaspersky Anti-Virus,
LinuxShield, AntiVir, NOD32, Norman, Panda
Antivirus, PC Tools AntiVirus, PC-cillin, Quick
Heal Antivirus, Rising AntiVirus, Sophos Anti-
• CONCLUSION
Virus, V3Pro 2004, V-COM AntiVirus, Virex, The computer virus era is about ten years old.
ZoneAlarm AntiVirus. The original viruses were boot-sector viruses
and file-infecting viruses. These were replaced
• THE BENEFICIAL USE OF VIRUS
in the middle of the last decade with Word and
• A program capable of commandeering idle
Excel macro viruses, which increased the
computers in their owner's absence led to
number and availability of viruses and the ease
solutions for many networks based problems.
with which viruses could be written. These led
• "Spiders," "bots" and all sorts of other
on to script-kiddie viruses, where people with
programs designed to rove the Internet,
relatively low skill created viruses using toolkits
resulted in crossing extremes of artificial
that can be found on the Internet.
intelligence and various technologies.
The development of viruses that exploit
• VIRUSES TODAY
wireless telecommunications between digital
The Government-owned Indian Computer
devices, come to fruition until powerful
applications arrive on Bluetooth and iMode
phones that can trade executable code. Ten
years ago the viruses were a hundred bytes in
size, but today they are 1.5Mb. Viruses are
present that are bigger than most of the
operating systems used in the history of
computer science.

REFERENCE:
1.http://azhar-paperpresentation.blogspot.com