COMPUTER VIRUSES

Most of us, would agree with this virus definition: Virus is

a software that can replicate itself and spread to other
computers or that are programmed to damage a
computer by deleting files, reformatting the hard disk, or
using up computer memory. said dr. Cohen, globally
recognized expert in information protection and cybersecurity. He has
won international awards, given keynote speeches at major conferences
in this field, acted on advisory boards for many companies, is a
recognized industry analyst in security strategies, dr. Cohen is best
known in the information protection community for his seminal work on
"computer virus" potential capabilities and defenses.
 A computer virus is a computer program that can copy itself and infect a computer
without permission or knowledge of the user. The original may modify the copies or the
copies may modify themselves, as occurs in a metamorphic virus. The term comes from
the term virus in biology. A computer virus reproduces by making, possibly modified,
copies of itself in the computer's memory, storage, or over a network. This is similar to
the way a biological virus works.
Some viruses are programmed to damage the computer by damaging programs, deleting
files, or reformatting the hard disk. Others are not designed to do any damage, but simply
replicate themselves and perhaps make their presence known by presenting text, video, or
audio messages. Even these benign viruses can create problems for the computer user.
They typically take up computer memory used by legitimate programs. As a result, they
often cause erratic behavior and can result in system crashes. In addition, many viruses
are bugridden, and these bugs may lead to system crashes and data loss.
ACTIVATION OF COMPUTER VIRUS
When the computer virus starts working, it is called the activation of virus. A virus normally
runs all the time in the computer. Different viruses are activated in different ways. Many
viruses are activated on a certain data.
A virus generally will be activated when it is loaded into a computers memory, and then it
may continue to spread its viral code into a number of other programs and files stored on the
host computer.

The computers programs may still continue to work normally, but also spread the virus
code to other machines on the same network, or machines that use the same storage devices.
Some viruses use polymorphic code to avoid detection by antivirus software, modifying
their decryption modules so that the virus changes each time it infects a new host.
 The system protection against abuse of information
technology should include three types of protection:

1. Protection of information systems from unauthorized user

access;
2. Antivirus protection and
3. Protection of classified information
ANTIVIRUS PROTECTION

Antivirus or anti-virus software, sometimes known as anti-malvare software,

is computer software used to prevent, detect and remove malicious
software. Antivirus software was originally developed to detect and remove
computer viruses, hence the name. However, with the proliferation od other
kinds od malware, antivirus software started to provide protection from other
computer threats. If there is a virus infection in the information system that
leads to cleansing of all existing content, including viruses. It should be kept
in mind that, all information content on them will be lost. For this reason
making copies is one of exceptional importance in antivirus protection.
CLASS OF VIRUSES

After years of evolution and developing tools for protection against

viruses and increasingly acquired knowledge about them, by the
companies that produce them, viruses are divided into basic classes:

- boot sector virus,

- file infector,
- macro virus and
- Internet virus.
 WORM AND TROJAN HORSE
Worm is a small computer program that uses computer networks
and security holes to replicate itself from computer to computer.
The most common way of spreading worms is through email or IRC
channels. As a condition of replication requires a computer network
(usually the Internet). Using it, the program searches the network
and finds computers with specific vulnerabilities. Further itself
copies to another machine, until it is discovered and removed.

There are two types of worms:

- Worm in home computer (HOST WORM) and
- NETWORK WORM).
 Trojan horse
In computing, Trojan horse, or Trojan, is any malicious computer program
which is used to hack into a computer by misleading users of its true intent.
The term is derived from the Ancient Greek story of the wooden horse that
was used to help Greek troops invade the city of Troy by stealth. During the
night, soldiers who had been hiding inside the horse emerged, opened the
city's gates to let their fellow soldiers in and then overran the city.
Unlike computer viruses and worms, Trojans generally do not attempt to
inject themselves into other files or otherwise propagate themselves.
Attackers have long used Trojan horses as a way to trick end users into
installing malware. Typically, the malicious programming is hidden within an
innocent-looking email attachment or free program, such as a game. When
the user downloads the Trojan horse, the malware that is hidden inside is
also downloaded. Once inside the computing device, the malicious code can
execute whatever task the attacker designed it to carry out.
 Back Orifice consists of two key pieces: a client application and a server
application. The way in which Back Orifice works is that the client
application runs on one machine and the server application runs on a
different machine. The client application connects to another machine
using the server application. The confusing part is the server installed on
the victim. Many people may be confused by this because it does not seem
logical, but that is how it works. The only way for the server application of
Back Orifice to be installed on a machine is for it to be installed
deliberately. Obviously, the Trojan does not come with a default installation
of Windows 2000, so you must find a way to get the victim to install it.
There are various types of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victims machine.
Multi-purpose Trojans are also included some virus writers have created
multi-functional Trojans rather than Trojan packs. Some types of Trojans as
listed below;
PSW Trojan, Trojan Droppers, Rootkits, Arcbomb, Trojan Downloaders, Trojan
Proxies, Trojan Spies, Trojan Notifiers ,Backdoors.
ANTIVIRUS PROGRAMS

The best known and most widely used antivirus programs

are:
- NORTON ANTIVIRUS,
- SOPHOS ANTI-VIRUS,
- MCAFFEE,
- PCCLLIN.
ANTIVIRUS METHODES

SCANNERS
CRC SCANNERS
BEHAVIOUR BLOCKERS
 NETWORK VIRUSES
This type of virus spreads through the global network - Internet. The way they are
spreading is varied. The most common way of spreading the virus is one of the
most commonly used Internet 19 service, e-mail. Besides e-mail, network virus
can 'earn' 'and in other ways - in the newsgroup, over IRC, ICQ or by downloading
unsolicited files. Many of these viruses take control of a computer, so that
malicious allow access to files on the disk, screen or data that the user types to
the keyboard in the infected computer. Virus, like program, via e-mail or news
groups can come as an attachment. When it downloads from a Web site or FTP
address, the program is that file that is downloaded to the virus, which are often
'packaged' as a product catalog, greeting card for holiday and the like. However,
all have one thing in common - they are all executable files, ie. programs. Under
Windows operating system, executable programs all files ending with .exe. This is
very important, because there are cases that files which carry viruses have the
name picture.jpg.exe or katalog.txt.exe. Even if it writes slika.jpg this is not a
picture, but a program. Upon execution, this program may actually show an
image, but almost certainly will infect your computer with a virus.
NETWORK PROTECTION

Network security consists of the policies and practices

adopted to prevent and monitor unauthorized access,
misuse, modification, or denial of a computer network and
network-accessible resources. Network security involves the
authorization of access to data in a network, which is
controlled by the network administrator. Users choose or are
assigned an ID and password or other authenticating
information that allows them access to information and
programs within their authority.
 SIX GOLDEN RULES IN ANTIVIRUS PROTECTION

Step 1: Make sure to install some antivirus tools

Step 2: Regularly update antivirus definitions. Set tools to automatically '' remove '' the
latest virus definitions
Step 3: Set your antivirus software to automatically scan all files. By checking all files,
not just the executive, protection is complete and it prevents the spread of the virus
Step 4: Scan all files that come from the Internet. First of all, it is necessary to scan all
incoming and outgoing e-mail messages. Email is now the most common way of
spreading viruses. Also, many websites contain software that could be infected. So by
scanining all files copied from the Internet will protect them.
Step 5: Periodically scan the entire disk. Step 6: Scan the hard drive after installing the
software. After the installation of various tools (especially those that are copied from the
Internet) scan the hard drive or the location to which the software is installed. It may
happen that compressed archive are infected by viruses.It may be that compressed
archive to be infected by viruses.
Step 6: Scan the hard drive after installing the software. After the installation of various
tools (especially those that are copied from the Internet) scan the hard drive or the
location to which the software is installed.
THANK YOU!