A seminar on

By,
A.Ramya
06B01A0587
 Contents
• History of virus.
• Introduction.
• Virus Languages.
• Classification.
• Infamous viruses.
• Recovery methods.
• Conclusion.
• References.
 History of Virus .
• The idea of VIRUSES started with the possibility of writing self-
replication software. John Von Neuman put this idea forward in
1950.

• This was introduced in AT&T Labs as a recreational game. Each

would write the codes destroy other programmers’ code and the
winner would be person left with the more living code.

• This was the beginning and with in a short time viruses emerge that
destroy data.
 Introduction
• A virus is a program that reproduces its own code by
attaching itself to other executable files.

• A virus reproduces, usually without your permission or

knowledge.

• They have an infection phase where they reproduce widely.

• Attack phase where they do whatever damage they are

programmed to do.

• Most virus are targeted at the MS Windows OS

 Virus Languages
• ANSI COBOL

• C/C++

• Pascal

• VBA

• Unix Shell Scripts

• JavaScript
Classification of viruses

Macro viruses
Network viruses
Logic bomb
Trojan Horses
Archaic Forms
Companion virus
Boot sector viruses
 Macro Virus
• Written in Scripting Languages. Such as MS-WORD, MS-
EXCEL, etc…

• Its targets are Word, Excel & Spreadsheet documents.

• Platform independent.

• Covers 2/3rd of computer viruses.

• First Macro virus written in MS-WORD discovered in

1995. Examples are Relax, MelissaA, Bablaspc
 Network Virus
• Uses Local Area Network (LAN) & even spreads over
Internet.

• Its propagation is through shared resources in the network.

• From an infected system in the network it searches for non-

infected system & there by affecting all computers on that
network.

• Examples are Nimda and SQL Slammer

 Logic Bomb

• A logic bomb will lie inert until triggered by some

conditions are met.

• These reside within a program or they may be a part

of Worms or virus.

• First Logic bomb was coded by Tim Lloyd of Omega

Engg. USA, named ‘FRIDAY THE 13TH’
 Trojan Horses

• Needs Host program for its execution.

• Mainly used to access files of other users on an multi-

user operating system.

• Another motivation is data destruction, which deletes

files on an computer.

• Examples: Back-orifice.
 Companion Virus
Was found in MS-DOS systems, which makes use
of command console.

• A companion virus installs a .COM file (the virus) for

every .EXE file found on the disk.

• DOS runs .COM files before .EXE files and so the

virus will run first, going into memory and then will
execute the related .EXE file.

• Companion viruses are relatively easy to find and

eliminate.
 Boot sector viruses
• A boot sector virus hides in the boot sector, usually the
1st sector, of a bootable disk or hard drive.

• Virus loads into memory during every boot sequence.

• A boot virus does not affect files; instead, it affects the

disks that contain them, by erasing boot records .MBR
files
Infamous Viruses
1. Back Orifice
2. CIH Spacefiller
3. Kakworm
4. Laroux
5. Nimda
6. Love Letter
 Back Orifice
• Back Orifice is a Trojan that provides a backdoor into your
Computer when active and you are connected to the
Internet.

• The original program came out in August 1998 with an

bogus OS update called BO-2000 later. (update was called
network management program)

• It is produced by the group Cult of the Dead Cow (cDc).

• It installs silently, and potentially allows a remote user to

take complete control of your computer without your
permission
 CIH Spacefiller
• It was first reported in June 1998.

• It infects files written in the Portable Executable. It

infects files written in the Portable Executable (Windows
95 executable) format.

• This format allows blocks of blank space in the

executable.

• This virus exploits that by attempting to install itself into

a single block (or multiple blocks if necessary).
 Kakworm
• Kakworm (KAK) is a worm. It affects Microsoft's Internet
Explorer browser and Outlook Express mail program.

• KAK is written in JavaScript. KAK is transmitted by

embedding in the HTML signature to a message. Users don't
see it there because there is no displayable text.

7. Once activated, KAK saves the file KAK.HTA into the Windows
Startup folder.
8. The next time the computer is started, KAK.HTA runs and
creates KAK.HTM in the Windows directory.
9. The registry is changed so that KAK.HTM is included as a
signature on all outgoing mails.
 Laroux
• Laroux is a fairly simple macro virus. Affects Excel documents.

• It contains two macros: AUTO_OPEN and CHECK_FILES.

• The first tells Excel to run the second as soon as a worksheet is

opened. CHECK_FILES will look in the Excel startup path
(usually the XLSTART directory) for a file called PERSONAL.XLS

• Since PERSONAL.XLS is automatically opened whenever Excel is

run and the virus will be loaded every time Excel is started and
all accessed worksheets infected.

• Laroux is written in Visual Basic for Applications (VBA).

 Nimda
• Nimda is one of the more complex virus/worm constructs
released. It infects files, spreads itself via E-mail, spreads
via Web sites, and spreads via local area network exploits.

• It infects all versions of Windows from Win95 through

Win2000.

• Its infects .EXE files by embedding them into itself as a

resource. It also infects most secured files in Windows
directory which are responsible for operation of a system

• It also infects Web pages so unsecured browsers will infect

upon viewing the Web page.
 Love Letter
• A Visual Basic script. A virus that was attached to e-mail.

• Mail subject was “ILOVEYOU”

• Message text was “Please check the attached LOVELETTER
coming from me”
• Attachment called “LOVE-LETTER-FOR-YOU.TXT.vbs”

• When clicked on attachment, virus program runs thus

damaging Windows Scripting Host, integrity of the system
breaks and shuts down.
 Recovery methods

 Virus removal

 Operating system reinstallation

 Conclusion
• Computer runs slower then usual or no longer boots up.

• System crashes for no reason.

• Files/directories sometimes disappear.

• Check all your portable storage devices with a anti-virus

software.
• Update your anti-virus regularly.
• Be sure not to download a infected file from the internet.
• Be sure to check all new software for viruses.
 References
• Kaspersky Lab. Companion virus, Glossary.

• "Why people write computer viruses", BBC News, August 23,

2003.

• Malware Evolution: MacOS X Vulnerabilities 2005 - 2006.

Kaspersky Lab

• John Leyden. McAfee warns over Apple virus risk. News Article.

• McAfee. McAfee discovers first Linux virus. news article.

• Axel Boldt. Bliss, a Linux "virus". News article.

• Mark Russinovich, Advanced Malware

• http://www.en.wikipedia.org/wiki/virus
Thank You