1 VIRUS In computers, a virus is a program or programming code that replicates by being copied or initiating its copying to another program,

computer boot sector or document. Viruses can be transmitted as attachments to an e-mail note or in a downloaded file, or be present on a diskette or CD. The immediate source of the e-mail note, downloaded file, or diskette you've received is usually unaware that it contains a virus. Some viruses wreak their effect as soon as their code is executed; other viruses lie dormant until circumstances cause their code to be executed by the computer. Some viruses are benign or playful in intent and effect ("Happy Birthday, Ludwig!") and some can be quite harmful, erasing data or causing your hard disk to require reformatting. A virus that replicates itself by resending itself as an e-mail attachment or as part of a network message is known as a worm. File Viruses (Parasitic Viruses) File viruses are pieces of code that attach themselves to executable files, driver files or compressed files, and are activated when the host program is run. Some file infector viruses attach themselves to program files, usually selected .COM or .EXE files. Some can infect any program for which execution is requested, including .SYS, .OVL, .PRG, and .MNU files. When the program is loaded, the virus is loaded as well. Other file infector viruses arrive as wholly-contained programs or scripts sent as an attachment to an e-mail note. Boot Sector Viruses A boot sector virus affects the boot sector of a hard disk, which is a very crucial part. The boot sector is where all information about the drive is stored, along with a program that makes it possible for the operating system to boot up. By inserting its code into the boot sector, a virus guarantees that it loads into memory during every boot sequence. A boot virus does not affect files; instead, it affects the disks that contain them. Perhaps this is the reason for their downfall. During the days when programs were carried around on floppies, the boot sector viruses used to spread like wildfire. However, with the CD-ROM revolution, it became impossible to infect pre-written data on a CD, which eventually stopped such viruses from spreading. Multipartite Viruses Multipartite viruses are a combination of boot sector viruses and file viruses. These viruses come in through infected media and reside in memory. They then move on to the boot sector of the hard drive. From there, the virus infects executable files on the hard drive and spreads across the system. Macro Viruses Macro viruses infect files that are created using certain applications or programs that contain macros. These include Microsoft Office documents such as Word documents, Excel spreadsheets, PowerPoint presentations, Access databases, and other similar application files such as Corel Draw, AmiPro, etc. Since macro viruses are written in the language of the application, and not in that of the operating system, they are known to be platform-independentthey can spread between Windows, Mac, and any other system, so long as theyre running the required application. With the ever-increasing capabilities of macro languages in applications, and the possibility of infections spreading over networks, these viruses are major threats. The first macro virus was written for Microsoft Word and was discovered back in August 1995. Today, there are thousands of macro viruses in existencesome examples are Relax, Melissa.A and Bablas.

2 Network Viruses This kind of virus is proficient in quickly spreading across a Local Area Network (LAN) or even over the Internet. E-mail Viruses An e-mail virus travels as an attachment to e-mail messages, and usually replicates itself by automatically mailing itself to dozens of people in the victim's e-mail address book. Some e-mail viruses don't even require a double-click -- they launch when you view the infected message in the preview pane of your e-mail software. One of the most common and destructive e-mail viruses is the ILOVEYOU virus.

Other Malicious Software

Trojan Horses: The biggest difference between a Trojan horseor Trojanand a virus is that Trojans dont spread themselves. Trojan horses disguise themselves as useful software available for download on the Internet, and nave users download and run them only to realise their mistake later. Remote Access Trojans: These are the most commonly available Trojans. These give an attacker complete control over the victims computers. The attacker can go through the files and access any personal information about the user that may be stored in the files, such as credit card numbers, passwords, and important financial documents. Password-sending Trojans: The purpose of such Trojans is to copy all cached passwords and look for other passwords as you enter them, and send them to specific mail address, without the users knowledge. Passwords for restricted Web sites, messaging services, FTP services and e-mail services come under direct threat with this kind of Trojan. Keyloggers: These log victims keystrokes and then send the logs to the attacker. The attacker then searches for passwords or other sensitive data in the log files. Most of them come with two functions, such as online and offline recording. Of course, they can be configured to send the log file to a specific e-mail address on a daily basis Destructive: The only function of these Trojans is to destroy and delete files. They can automatically delete all the core system files on your machine. The Trojan could be controlled by the attacker or could be programmed to strike like logic bomb-starting on a specific day or at specific hour. Denial of Service (DoS) Attack Trojans: The main idea behind this kind of Trojan is to generate a lot of Net traffic on the victims machine, to the extent that the Internet connection is too overloaded to let the user visit a Web site or download anything. Another variation of a DoS Trojan is the mail-bomb Trojan, whose main aim is to infect as many machines as possible and simultaneously attack specific e-mail addresses with random subjects and contents that cannot be filtered. Proxy/Wingate Trojans: These types of Trojan turn the victims computer into a proxy/wingate server. That way, the infected computer is available to the whole world to be used for anonymous access to various risky Internet services. The attacker can register domains or access pornographic Web sites with stolen credit cards or do similar illegal activities without being traced.

Worm: A worm is a small piece of software that uses computer networks and security holes to replicate itself. A
copy of the worm scans the network for another machine that has a specific security hole. It copies itself to the new machine using the security hole, and then starts replicating from there, as well.

3 The main difference between viruses and worms is the method in which they reproduce and spread. A virus is dependent upon a host file or boot sector, and the transfer of files between machines to spread, while a worm can run completely independently and spread of its own accord through network connections.

COMMON SYMPTOMS Your computer always stops responding when you try to use certain software. This could also take place due to corruption of an essential file required by that software. You received an e-mail message that has a strange attachment. When you open the attachment, dialog boxes appear, or a sudden degradation in system performance occurs. There is a double extension on an attachment that you recently opened, such as .jpg .vbs or .gif. exe. An anti-virus program is disabled for no reason and it cannot be restarted. The computer may not allow reinstallation of the anti-virus. Strange dialog boxes or message boxes appear on the screen. Someone tells you that they have recently received e-mail messages from you containing infected attached files, and you are sure you never sent any such mails. New icons that you did not place on the Desktop appear, and are not associated with any recently installed programs. Strange sounds or music plays from your speakers unexpectedly. A program disappears from the computer, and you didnt uninstall it. Windows will not start because certain critical system files are missing, and you receive error messages listing those files. The computer starts as expected some of the time, but at other times, stops responding before the desktop icons and taskbar appear. The computer runs very slowly and it takes a long time to start. Out-of-memory error messages appear, even though your computer has plenty of RAM. New programs do not install properly. Windows restarts unexpectedly. Programs that used to run now stop responding frequently. If you try to remove and reinstall the software, the issue continues to occur. A partition completely disappears.

Most Infamous Viruses

1. The Melissa Virus This came in 1999, when David L Smith created a virus based on a Microsoft Word macro, spread through email. CNN said it was named after an exotic dancer from Florida. It replicated itself once opened onto people in the recipients address book . The FBI reported it as wreaking havoc on government and private sector networks. Smith got 20 months in jail and was fined $5000. 2. ILOVE YOU In 2000 a new digital threat was born in the Philippines. It was a worm, disguised as a love letter email, with a fatal attachment, in vbs (visual basic scripting). Onel de Guzman was investigated but not prosecuted through lack of evidence, and never admitted his complicity. It is thought it did damage to the tune of $10 billion. McAfee described the attack targets: It copied itself several times and hid the copies in several folders on the victims hard drive. It added new files to the victims registry keys. It replaced several different kinds of files with copies of itself. It sent itself through Internet Relay Chat clients as well as e-mail. It downloaded a file called WIN-BUGSFIX.EXE from the Internet and executed it. Rather than fix bugs, this program was a password-stealing application that e-mailed secret information to the hackers e-mail address. 3. The Klez virus This one appeared first in 2001 and like its predecessors infected through emails and then replicated. Some versions carried other programs that destroyed computers, acting as a virus, a worm or a trojan horse. Symantic said it could even disable virus-scanning software and pose as a virus-removal tool. Once it gathered momentum, some hackers adapted it so it was more deadly. It ransacked address books, and created spoofing, emails that came from sources different from those in the from box. Klez could be programmed to spam recipients with multiple emails. 4. The Code Red and Code Red II Worms These menaces took advantage of vulnerability in operating systems running Windows 2000 and Windows NT, that memory could be overwritten when machine buffers were overloaded. The White House was the highest profile victim, when all machines were overloaded. The worm makes a backdoor into the computers system (a system-level compromise) to allow the person who put in the bug to operate it. Infected machines obey instructions from that source. Crimes can be committed this way. The worm was named the .ida Code Red worm because Code Red Mountain Dew was what they were drinking at the time. 5. Nimda Virus From 2001, Nimda (admin spelt backwards) was the fastest, most ruthless replicating attack up to that time, taking, according to some estimates, about 20 minutes from being released on the internet to the top attack reported. Whatever access a computers user had on any network, the worm operator had the same. It slowed the entire web to a crawl; many systems crashed entirely. 6. SQL Slammer/Sapphire In 2003 the Slammer virus also known as Sapphire hit the net, doubling its infections every few seconds. Within a quarter of an hour, half of the internet servers were hit. Bank of America, the City of Seattle and Continental Airlines were among the high profile US victims. Total damage was in the region of a billion dollars. Anti-attack devisers realised that hackers will always exploit any weakness in any system, so there is no foolproof defence. 7. MyDoom As ominous as its name (also Novarg), this one had two triggers. One caused a denial of service (DoS) attack in 2004 and the second ordered it to stop distributing itself eleven days later. By then enough backdoors had been opened for the virus to remain potent. Months later a second outbreak was aimed mainly at clogging search engines. It shared with Klez an ability to spoof emails.

5
8. Sasser and Netsky Unusually, authorities were able to track this pair of worms. 17 year old German, Sven Jaschan, repeated some codes in both. Sasser attacked through a Microsoft Windows weakness, scanning for random IP addresses. Netsky went through emails with spoofs, causing DoS attacks through huge volumes of traffic. Svenson escaped prison, getting twenty months on probation as he was a minor when arrested. 9. Leap-A/Oompa-A Virus In general most Mac users feel relatively relaxed about the safety of their machines. Because Apple produce both hardware and software, the systems are closed or obscure. There are also fewer Macs than PCs so hackers dont have such a big target to hit. However, in 2006 hackers got in through iChat instant messaging program with a corrupted file that looked like an innocent JPEG image. As Macs become more common, there will be more attacks on their integrity. 10. Storm Worm This virus was named after the fact that an email message carrying it was headed 230 dead as storm batters Europe. Fake headings about current news are what trick most users into opening the dangerous email. As there was already a 2001 W32.Storm.Worm virus, companies like McAfee called it Nuwar and Symantec called it Peacomm. Whatever its called, its a trojan horse in several different forms. Persons behind it can control infected computers which behave like zombies or bots. It can create a botnet to send mass spam. 11. Click Jacking Operation Ghost Click was the FBIs code for a two year investigation (2009-2011) that has just caught six Estonians (and a Russian has not yet been caught). They ran a network of more than 4 million infected computers in 100 countries that rerouted users from big name websites like Amazon and Apple iTunes, to sites that were pure advertising. The gang received a referral fee every time it happened. Federal law officers labelled them international cyber-bandits who netted about 9 million over four years gave new meaning to the term false advertising. The crime has also confirmed a new word in web speak language, click jacking. 12. Happy99 Also known as Ska, the virus spread through email attachments. Once infected, animated fireworks and a Happy New Year message were shown. 13. Creeper The Creeper virus would look for a machine on the network, transfer to it, and display the message Im the creeper, catch me if you can!

How does anti-virus software work?

An anti-virus software program is a computer program that can be used to scan files to identify and eliminate computer viruses and other malicious software (malware). Anti-virus software typically uses two different techniques to accomplish this: Examining files to look for known viruses by means of a virus dictionary Identifying suspicious behavior from any computer program which might indicate infection

Most commercial anti-virus software uses both of these approaches, with an emphasis on the virus dictionary approach. Virus dictionary approach In the virus dictionary approach, when the anti-virus software examines a file, it refers to a dictionary of known viruses that have been identified by the author of the anti-virus software. If a piece of code in the file matches any virus identified in the dictionary, then the anti-virus software can then either delete the file, quarantine it so that the file is inaccessible to other programs and its virus is unable to spread, or attempt to repair the file by removing the virus itself from the file. To be successful in the medium and long term, the virus dictionary approach requires periodic online downloads of updated virus dictionary entries. As new viruses are identified "in the wild", civically minded and technically inclined users can send

6
their infected files to the authors of anti-virus software, who then include information about the new viruses in their dictionaries. Dictionary-based anti-virus software typically examines files when the computer's operating system creates, opens, and closes them; and when the files are e-mailed. In this way, a known virus can be detected immediately upon receipt. The software can also typically be scheduled to examine all files on the user's hard disk on a regular basis. Although the dictionary approach is considered effective, virus authors have tried to stay a step ahead of such software by writing "polymorphic viruses", which encrypt parts of themselves or otherwise modify themselves as a method of disguise, so as to not match the virus's signature in the dictionary. Suspicious behavior approach The suspicious behavior approach, by contrast, doesn't attempt to identify known viruses, but instead monitors the behavior of all programs. If one program tries to write data to an executable program, for example, this is flagged as suspicious behavior and the user is alerted to this, and asked what to do. Unlike the dictionary approach, the suspicious behavior approach therefore provides protection against brand-new viruses that do not yet exist in any virus dictionaries. However, it also sounds a large number of false positives, and users probably become desensitized to all the warnings. If the user clicks "Accept" on every such warning, then the anti-virus software is obviously useless to that user. This problem has especially been made worse over the past 7 years, since many more nonmalicious program designs chose to modify other .exes without regards to this false positive issue. Thus, most modern anti virus software uses this technique less and less. Other ways to detect viruses Some antivirus-software will try to emulate the beginning of the code of each new executable that is being executed before transferring control to the executable. If the program seems to be using self-modifying code or otherwise appears as a virus (it immeadeatly tries to find other executables), one could assume that the executable has been infected with a virus. However, this method results in a lot of false positives. Yet another detection method is using a sandbox. A sandbox emulates the operating system and runs the executable in this simulation. After the program has terminated, the sandbox is analysed for changes which might indicate a virus. Because of performance issues this type of detection is normally only performed during on-demand scans. Issues of concern Macro viruses, arguably the most destructive and widespread computer viruses, could be prevented far more inexpensively and effectively, and without the need of all users to buy anti-virus software, if Microsoft would fix security flaws in Microsoft Outlook and Microsoft Office related to the execution of downloaded code and to the ability of document macros to spread and wreak havoc. User education is as important as anti-virus software; simply training users in safe computing practices, such as not downloading and executing unknown programs from the Internet, would slow the spread of viruses, without the need of antivirus software. Computer users should not always run with administrator access to their own machine. If they would simply run in user mode then some types of viruses would not be able to spread. The dictionary approach to detecting viruses is often insufficient due to the continual creation of new viruses, yet the suspicious behavior approach is ineffective due to the false positive problem; hence, the current understanding of anti-virus software will never conquer computer viruses. There are various methods of encrypting and packing malicious software which will make even well-known viruses undetectable to anti-virus software. Detecting these "camouflaged" viruses requires a powerful unpacking engine, which can decrypt the files before examining them. Unfortunately, many popular anti-virus programs do not have this and thus are often unable to detect encrypted viruses. Companies that sell anti-virus software seem to have a financial incentive for viruses to be written and to spread, and for the public to panic over the threat.