What Is a Virus? A computer virus attaches itself to a program or file enabling it to spread from one computer to another, leaving infections as it travels. A computer virus can range in severity: some may cause only mildly annoying effects while others can damage your hardware, software or files. What Is a Worm? A worm is similar to a virus by design and is considered to be a sub-class of a virus. Worms spread from computer to computer, but unlike a virus, it has the capability to travel without any human action. A worm takes advantage of file or information transport features on your system, which is what allows it to travel unaided. What Is a Trojan Horse? The Trojan Horse, at first glance will appear to be useful software but will actually do damage once installed or run on your computer. Those on the receiving end of a Trojan Horse are usually tricked into opening them because they appear to be receiving legitimate software or files from a legitimate source. What Are Blended Threats? Added into the mix, we also have what is called a blended threat A blended threat is a more sophisticated attack that bundles some of the worst aspects of viruses, worms, Trojan horses and malicious code into one single threat. Blended threats can use server and Internet vulnerabilities to initiate, then transmit and also spread an attack. The Common Types of Computer Virus Boot viruses These types of computer virus are left to infect only the master boot records of the hard disk. The boot record program loads the operating system in the memory at startup. These viruses replace the boot record and move it to a different part of the hard disk, or simply overwrite it. Once the virus is in the memory, it is free to do whatever it was programmed to do. Program viruses These types of computer virus will infect only executable files (with extensions like .BIN, .COM, .EXE, .OVL, .DRV, and .SYS). Once executed, these programs load into memory, along with the virus contained within them. Once in the memory, the scenario repeats – the virus is free to act and infect other files or simply deliver its payload. Multipartite viruses These computer viruses are hybrids. They infect executable files. When it is executed, it infects the master boot records. Once you boot your operating system, the virus is loaded into the memory, from where it is free to infect other programs and replicate itself, ultimately delivering the payload. Stealth viruses They specialized in avoiding detection. Most of them simply redirect the hard disk head, forcing it to read another memory sector instead of their own. Some of them also alter the reading of the file size shown when listing the directory Polymorphic viruses The polymorphic viruses will always change their source code from one infection to another. Each infection is different, and this makes detection very hard. Macro viruses This virus is relatively new and it infects macros within a template or document. When you open a word processing document, it activates the virus. The virus infects the Normal.dot template, which is a general file used by all the documents. So, whenever you open an uninfected document, by referring to the Normal.dot file, it gets infected as well. Active X viruses Most people do not know how to configure ActiveX and Java controls, unconsciously leaving a security hole. Applets are then allowed to run freely on the machine, delivering all ActiveX viruses. By simply turning off some ActiveX and Java controls in the browser, a user can efficiently protect their PC from this type of computer virus. THE HISTORY OF COMPUTER VIRUSES • Computer worms developed as benevolent creations. Modern-day worms come from a benevolent creation of engineers at Xerox Palo Alto Research Center. In 1979, engineers created a worm program to look for idle processors on a network and utilize them for more efficient computer use. • The Creeper infected ARPANET in the early 70s. ARPANET was the predecessor to the Internet. In 1971, Bob Thomas wrote The Creeper as an experimental self-replicating program. • The first Apple virus appeared in 1982. The first Apple virus was written by a highschool student as a joke in 1982. This virus was called "Elk Cloner." The virus attacked the Apple DOS operating system, and it spread via floppy disk. • The first PC virus arrived in 1986. "The Brain" is arguably the first real computer virus to hit IBM PC users in the mid1980s. In 1986, Pakistani programmers unleashed "The Brain," which was a virus that attacked the boot sector. The first worm spread in 1988. In 1988, a young programmer named Robert Morris created a worm designed to infect ARPANET computers. • Macro viruses began to evolve. When the Windows operating system came out, a new computer virus category wasn't far behind. These weren't the old boot sector viruses, though, or even worms; with the introduction of Windows, macro viruses were born. • Viruses infected government systems. With all the viruses attacking private systems, it wasn't long before something came along specifically aimed at government sectors. Solar Sunrise was the first virus to infect the Sun Solaris operating system, and it successfully infiltrated more than 500 government and military computers. 1999 heralded the modern age of virus awareness. In 1999, the "Melissa" computer virus attacked thousands of computers and caused nearly $80 million in damage. Consumers brace for the new computer virus onslaught. Starting in 2000, worries about computer viruses have been an annual occurrence, and they pose a daily issue for millions of computer users. Viruses like the "I Love You" virus, DDOS, the Code Red worm and an endless succession of ongoing viruses continue to attack computer users in all sectors. Why Do People Create Computer Viruses? -To take control of a computer and use it for specific tasks -To generate money -To steal sensitive information (credit card numbers, passwords, personal details, data etc.) -To prove a point, to prove it can be done, to prove ones skill or for revenge purposes -To cripple a computer or network • To take control of a computer and use it for specific tasks This is the most common type of virus, which is better classified as a trojan. These types of viruses are usually downloaded unknowingly by the computer user thinking that the file is something else, such as a file sent from a instant messenger friend or email attachment. • To generate money These types of infections often masquerade as free spyware or virus removal tools (known as rogueware). Once ran, these fake applications will “scan” your computer and say it found has someviruses (even if there arent any) and in order to remove them, you must pay for the full version of the application. • To steal sensitive information These types of viruses can sniff the traffic going in or out of a computer for interesting information such as passwords or credit card numbers and send it back to the virus creator. These types of viruses often use keylogging as a method of stealing information where it maintains a record of everything that is typed into the computer such as emails, passwords, home banking data, instant messenger chats etc.. To Prove a Point, To Prove it Can Be Done, To Prove Ones Skill or For Revenge Purposes A perfect example of this type of virus was the famous MS.Blaster virus (aka Lovesan) which infected hundreds of thousands of computers back in August 2003. One was “I just want to say LOVE YOU SAN!!” which is why the virus is sometimes called Lovesan, and the other message was “billy gates why do you make this possible ? Stop making money and fix your software!!” It is believed that purpose of this virus was to prove how easily exploitable a Windows system is. • To Cripple a Computer or Network The worst type of computer crippling viruses were back in the days of the 486 computers where the virus would overwrite the Master Boot Record (MBR) of the computer which would often prevent the computer from starting up at all. The Spread of Computer Viruses Computer viruses usually spread in one of three ways: from removable media; from downloads off the Internet; and from e-mail attachments. Although the Internet gets a bad rap as a source of viruses, you're no more likely to contract a virus from the Web than you are from packaged software. Still, scan everything you download, and update your antivirus software regularly. E-mail is not the virus breeding ground it's made out to be, either. In fact, it's nearly impossible for a virus to be transmitted by plaintext e-mail. Most viruses can only spread via attachments - either rich-text e-mail or attached applications-. Using antivirus software, scan attachments from people you know, and never open attachments from people you don't. Computer viruses have been around for a long time. In the past they used to spread whenever people shared floppy disks. Before the internet, the sharing of programs and data on floppy disks was very common. Nowadays most viruses are spread through the internet. The net has made viruses spread much quicker and what once took days now takes hours. Computer viruses can replicate themselves and infect other files on your computer. This means that if your PC is infected with a virus then whatever files you share with other people could contain the virus. How Do I Know I’ve Got Virus in My Computer? You may not notice that your computer is under attack until you realize something is missing or wrong when you open an attachment or a program with virus. Here is couple of signs which may show you that your computer is under attack. • Your computer work slower than it was. • Your computer freezes frequently or doesn’t open properly • Your computer restarts in every couple minutes. • Your system doesn’t work properly and restarts itself • Applications in your computer doesn’t work properly. • You cannot reach to discs and drivers • You cannot print • You are seeing unusual errors • You see messed up-shaped menus Stealth Strategies In order to avoid detection by users, some viruses employ different kinds of deception. Some old viruses, especially on the MS-DOS platform, make sure that the "last modified" date of a host file stays the same when the file is infected by the virus. This approach does not fool antivirus software, however, especially those which maintain and date cyclic redundancy checks on file changes. Some viruses can infect files without increasing their sizes or damaging the files. They accomplish this by overwriting unused areas of executable files. These are called cavity viruses. For example, the CIH virus, or Chernobyl Virus, infects Portable Executable files. Because those files have many empty gaps, the virus, which was 1 KB in length, did not add to the size of the file. Some viruses try to avoid detection by killing the tasks associated with antivirus software before it can detect them. As computers and operating systems grow larger and more complex, old hiding techniques need to be updated or replaced. Defending a computer against viruses may demand that a file system migrate towards detailed and explicit permission for every kind of file access. Countermeasures • Antivirus software Many users install antivirus software that can detect and eliminate known viruses when the computer attempts todownload or run the executable (which may be distributed as an email attachment, or on USB flash drives, for example). Some antivirus software blocks known malicious web sites that attempt to install malware. Antivirus software does not change the underlying capability of hosts to transmit viruses. Users must update their software regularly to patch security vulnerabilities ("holes"). Antivirus software also needs to be regularly updated in order to recognize the latest threats. Other commonly used preventative measures include timely operating system updates, software updates, careful Internet browsing, and installation of only trusted software. Certain browsers flag sites that have been reported to Google and that have been confirmed as hosting malware by Google. There are two common methods that an antivirus software application uses to detect viruses, as described in the antivirus software article. The first, and by far the most common method of virus detection is using a list of virus signature definitions. This works by examining the content of the computer's memory (its RAM, and boot sectors) and the files stored on fixed or removable drives (hard drives, floppy drives, or USB flash drives), and comparing those files against a databaseof known virus "signatures". Virus signatures are just strings of code that are used to identify individual viruses; for each virus, the antivirus designer tries to choose a unique signature string that will not be found in a legitimate program. Different antivirus programs use different "signatures" to identify viruses. The disadvantage of this detection method is that users are only protected from viruses that are detected by signatures in their most recent virus definition update, and not protected from new viruses (see "zero-day attack"). A second method to find ,viruses is to use a heuristic algorithm based on common virus behaviors. This method has the ability to detect new viruses for which antivirus security firms have yet to define a "signature", but it also gives rise to more false positives than using signatures. False positives can be disruptive, especially in a commercial environment. Recovery Strategies and Methods One can also reduce the damage done by viruses by making regular backups of data (and the operating systems) on different media, that are either kept unconnected to the system (most of the time), readonly or not accessible for other reasons, such as using different file systems. This way, if data is lost through a virus, one can start again using the backup (which will hopefully be recent). If a backup session on optical media like CD and DVD is closed, it becomes readonly and can no longer be affected by a virus (so long as a virus or infected file was not copied onto the CD/DVD). Likewise, an operating system on a bootable CD can be used to start the computer if the installed operating systems become unusable. Backups on removable media must be carefully inspected before restoration. The Gammima virus, for example, propagates via removable flash drives. • Virus removal Many websites run by antivirus software companies provide free online virus scanning, with limited cleaning facilities (the purpose of the sites is to sell antivirus products). Some websites—like Google subsidiary VirusTotal.com—allow users to upload one or more suspicious files to be scanned and checked by one or more antivirus programs in one operation. Additionally, several capable antivirus software programs are available for free download from the Internet (usually restricted to non-commercial use). Microsoft offers an optional free antivirus utility called Microsoft Security Essentials, a Windows Malicious Software Removal Tool that is updated as part of the regular Windows update regime, and an older optional anti-malware (malware removal) tool Windows Defender that has been upgraded to an antivirus product in Windows 8. Operating system reinstallation Microsoft's System File Checker (improved in Windows 7 and later) can be used to check for, and repair, corrupted system files. Restoring an earlier "clean" (virus-free) copy of the entire partition from a cloned disk, a disk image, or a backup copy is one solution— restoring an earlier backup disk image is relatively simple to do, usually removes any ma,lware, and may be faster than disinfecting the computer— or reinstalling and reconfiguring the operating system and programs from scratch, as described below, then restoring user preferences. Reinstalling the operating system is another approach to virus removal. It may be possible to recover copies of essential user data by booting from a live CD, or connecting the hard drive to another computer and booting from the second computer's operating system, taking great care not to infect that computer by executing any infected programs on the original drive. The original hard drive can then be reformatted and the OS and all programs installed from original media. Once the system has been restored, precautions must be taken to avoid reinfection from any restored executable files. Resources • • • • • • • • www.windows.microsoft.com www.spamlaws.com www.allaboutcookies.org www.wikipedia.com www.microsoft.com www.allbusiness.com www.home.mcafee.com www.discountgeeks.com