Chapter 14

What are the Symptoms of Virus Infection? Some of the following symptoms may be observed on the computer if the system is infected by virus: Programme execution taking longer time, Any abnormal screen display, Any abnormal message, Drive light comes on unexpectedly, Decrease in the si e of memory checked from !"#DS# or any other memory mapping programme, $ncrease in the si e of an executable file, %xcessive increase in disk accesses, Delayed disk operations, &nknown volume label of the disk, and Destruction of data without any reason'

What are the CHARACTERISTICS OF CO !"TER VIR"SES? (e have already discussed about the difference types of perverse software such as )ime *omb, )ro+an horse, (orms and ,irus' $n this Section, let us first explore, why the first computer virus was

developed, and then we will discuss more about computer virus, its areas of infection and reasons of the virus spreading in computer systems' )he first computer virus was designed and tested by -red !ohen in ./012 on 1rd 3ovember' )his virus was conceived as an experiment to be presented at a weekly seminar on system security' 4n .5th 3ovember ./01, this virus was first demonstrated on ,A6 ..7895 system' )his virus resulted in the crash :failure of the computer system in terms of processing, do not confuse it with physical breakdown; of computer in less than 15 minutes' !ohen was so successful that the permission of continuing his experiments was withdrawn since it was perceived to be a ma+or threat to !omputer Security' -urther tests were banned on the computer virus when it was reported that a user may be granted all system rights by a !omputer ,irus' )he concept of the computer virus was first made public in ./0< at 3ational !omputer Security !onference where !ohen published his results' )hus, a ma+or security threat to the computer systems started' )he gravity of the threat can be measured from the fact that an =$nternet> virus +ammed over ?555 military computers across America for almost two days, raising a big @uestion mark about the computer security of even the Pentagon computer' What are the #arious types of Viruses? Tro$an horse: )his name has been borrowed from the pages of history because )ro+ans are considered to be programmes that conceal agents of ruin7malicious activity like the wooden horse of )roy' )ypically, a )ro+an horse is an illegitimate coding contained in a legitimate programme, and causes an illegitimate action' )he concept of )ro+an is similar to bombs but it does not necessarily get activated by a computer clock or particular circumstances' A )ro+an may change or steal the password or may modify records in protected files or may allow illicit users to use the systems and have access to data

and information stored there' )ro+an "orses hide in a host and generally do not damage the host programme' )ro+ans cannot copy themselves to other software in the same or other systems' )he )ro+ans may get activated only if the illicit programme is called explicitly' $t can be transferred to other system only if the )ro+an programme is copied by an unsuspecting user' !hristmas card is a wellAknown example of )ro+an' $t was detected on internal %Amail of $*B system' 4n typing the word C!hristmasD, it will draw the !hristmas tree as expected, but in addition, it will send copies of similar output to all other users connected to the network' *ecause of this message on other terminals, other users cannot save their half finished work' Worms: )he difference between the (orms and )ro+an is that a worm can relocate itself and does not re@uire a host programme' )hus, a (orm programme copies itself to another machine on the network' )he worms are standAalone programmes, and therefore can be detected easily in comparison to )ro+ans and computer viruses' (orms can help to sabotage systems yet they can also be used to perform some useful tasks' -or example, worms can be used in the installation of a network' A worm can be inserted in a network and we can check for its presence at each node' A node which does not indicate the presence of the worm for @uite some time, can be assumed as not connected to the network' %xamples of worms are %xistential (orm, Alarm !lock (orm, etc' )he Alarm !lock (orm places wakeAup calls on a list of users' $t passes through the network to an outgoing terminal while the sole purpose of existential worm is to remain alive' %xistential worm does not cause damage to the system, but only copies itself to several places in a computer network Viruses: )he computer virus is a chronological successor of worm programmes' )he computer virus was termed by Davis and Eantenbein :./08; as:

=A )ro+an horse programme with the capability of autoArelocation :same as in worms; and it can attack other programmes'> )hus, a computer virus can cause a malicious activity as bombs or )ro+ans but in addition can do something more' A computer virus is the most dangerous perverse software which can reproduce itself within a computer system' Due to its replicating nature it can attach itself to a regularly used programme and make you feel that the host file is benign although it intends to do much more' !omputer viruses are highly contagious in nature and may cause considerable damage through an information disorder7 destruction' !omputer virus can get the better of the operating system which you work on, thereby taking control of the system which may sometimes lead to the destruction of all the data and programmes on your hard disk' Eenerally, a computer virus acts like a parasite' $t draws on the resources of the computer to monitor its activities, but otherwise does not immediately change the functioning of the boot system' )his is done to evade early detection' $f the virus has destructive effects, the reaction must be delayed somehow, because if it immediately destroys the host software, it will never be able to reproduce and spread' )he types and numbers of viruses are on the increase'