INDEX

Sr. No. Topics Page no.

1 History of Computer Virus 4

2 What is Computer Virus & How it works? 8

3 How Does A Computer Get A Virus ? 9

4 Symptoms Of A Computer Virus 11

5 Different Types Of Computer Virus 12

1. Trojan Horse & Resident Visrus

2. Direct Action & Overwrite Virus
3. Boot Virus
4. Macro Virus & Worms
5. Email Virus
6. Stealth Virus
7. Companion Virus
6 Difference Between A Virus, Worm & Trojan Horse 16

7 Top 5 Deadliest Viruses 17

8 How Antivirus Software Works? 19

9 Different Antivirus Software 21

10 Mobile Virus 22

11 Conclusion and References 25

Computer Virus Page 1

 Introduction

Computer viruses are called viruses because they share some of the traits of
biological viruses. A computer virus passes from computer to computer like a
biological virus passes from person to person.
There are similarities at a deeper level, as well. A biological virus is not a
living thing. A virus is a fragment of DNA inside a protective jacket. Unlike a
cell, a virus has no way to do anything or to reproduce by itself -- it is not alive.
Instead, a biological virus must inject its DNA into a cell. The viral DNA then
uses the cell's existing machinery to reproduce itself. In some cases, the cell fills
with new viral particles until it bursts, releasing the virus. In other cases, the new
virus particles bud off the cell one at a time, and the cell remains alive.
A computer virus shares some of these traits. A computer virus must
piggyback on top of some other program or document in order to get executed.
Once it is running, it is then able to infect other programs or documents.
Obviously, the analogy between computer and biological viruses stretches things
a bit, but there are enough similarities that the name

Computer Virus Page 2

 Abstract

Virus = [Vital Information Resources Under Seize]

In recent years the detection of computer viruses has become common place. It
appears that for the most part these viruses have been ‘benign’ or only mildly
destructive. However, whether or not computer viruses have the potential to cause
major and prolonged disruptions of computing environments is an open question.
Computer viruses have the potential to wreak havoc on both business and personal
computers. Worldwide, most businesses have been infected at some point.
A virus is a self-replicating program that
produces its own code by attaching copies of it into other executable codes. This
virus operates without the knowledge or desire of the user. Like a real virus, a
computer virus is contagious and can contaminate other files. However, viruses can
infect outside machines only with the assistance of computer users. Some viruses
affect computers as soon as their code is executed; other viruses lie dormant until a
pre-determined logical circumstance is met. A worm is a malicious program that
can infect both local and remote machines. Worms spread automatically by
infecting system after system in a network, and even spreading further to other
networks. Therefore, worms have a greater potential for causing damage because
they do not rely on the user's actions for execution. There are also malicious
programs in the wild that contain all of the features of these three malicious
programs.

Computer Virus Page 3

1-History Of Computer Virus

Before 1988, the word "virus" had a strictly biological meaning. In that year, Robert Morris
wrote and released the first "Internet worm", forcing everyone in the computer community to
immediately consider this new electronic threat. While Morris created his virus to demonstrate a
security flaw in ARPANET,(Advanced Research Projects Agency Network) the predecessor to
the Internet, today's virus writers often have a more malicious intent. The Internet today spans
the globe and serves billions of users, providing an environment in which a single virus can
conceivably cause rapid and widespread damage to systems throughout the world.
There are at least three reasons. The first is the same psychology that drives vandals and
arsonists. Why would someone want to bust the window on someone else's car, or spray-paint
signs on buildings or burn down a beautiful forest? For some people that seems to be a thrill. If
that sort of person happens to know computer programming, then he or she may funnel energy
into the creation of destructive viruses.
The second reason has to do with the thrill of watching things blow up. Many people have a
fascination with things like explosions and car wrecks. When you were growing up, there was
probably a kid in your neighborhood who learned how to make gunpowder and then built bigger
and bigger bombs until he either got bored or did some serious damage to himself. Creating a
virus that a spread quickly is a little likes that -- it creates a bomb inside a computer, and the
more computers that get infected the more "fun" the explosion.
The third reason probably involves bragging rights, or the thrill of
doing it. Sort of like Mount Everest. The mountain is there, so someone is compelled to climb it.
If you are a certain type of programmer and you see a security hole that could be exploited, you
might simply be compelled to exploit the hole yourself before someone else beats you to it.
"Sure, I could TELL someone about the hole. But wouldn't it be better to SHOW them the
hole???" That sort of logic leads to many viruses. Of course, most virus creators seem to miss the
point that they cause real damage to real people with their creations. Destroying everything on a
person's 6 hard disk is real damage. Forcing the people inside a large company to waste

Computer Virus Page 4

thousands of hours cleaning up after a virus is real damage. Even a silly message is real damage
because a person then has to waste time getting rid of it. For this reason, the legal system is
getting much harsher in punishing the people who create viruses.
2000 - DDoS, Love Letter, Timofonica, Liberty (Palm), Streams, & Pirus
The first major distributed denial of service attacks shut down major sites such as Yahoo!,
Amazon.com, and others. In May the Love Letter worm became the fastestspreading worm (to
that time); shutting down E-mail systems around the world. June 2000 saw the first attack against
a telephone system. The Visual Basic Script worm Timofonica tries to send messages to Internet-
enabled phones in the Spanish telephone network (later in 2000 another Trojan attacked the
Japanese emergency phone system). August 2000 saw the first Trojan developed for the Palm
PDA. Called Liberty and developed by Aaron Ardiri the co-developer of the Palm Game Boy
emulator Liberty, the Trojan was developed as an uninstall program and was distributed to a few
people to help foil those who would steal the actual software. When it was accidentally released
to the wider public Ardiri helped contain its spread. Streams became the first proof of concept
NTFS Alternate Data Stream (ADS) virus in early September. As a proof of concept, Streams
has not circulated in the wild (as of this writing) but as in all such cases a circulating virus based
on the model is expected. Pirus is another proof of concept for malware written in the PHP
scripting language. It attempts to add itself to HTML or PHP files. Pirus was discovered 9 Nov
2000.
2001 - Gnuman, Winux Windows/Linux Virus, LogoLogic
A Worm, AplS/Simpsons Worm, PeachyPDF-A, Nimda Gnuman (Mandragore) showed up
the end of February. This worm cloaked itself from the Gnutella file-sharing system (the first to
specifically attack a peer-to-peer communications system) and pretended to be an MP3 file to
download. In March a proof of concept virus designed to infect both Windows and Linux (and
cross between them) was released. Winux (or Lindose depending on who you talk to) is buggy
and reported to have come from the Czech Republic. On 9 April a proof of concept Logo Worm
was released which attacked the Logotron SuperLogo language. The LogoLogicA worm spreads
via MIRC chat and E-mail. May saw the first AppleScript worm. It uses Outlook Express or
Entourage on the Macintosh to spread via E-mail to address book entries. Early August, the
PeachyPDF-A worm became the first to spread using Adobe's PDF software. Only the full
version, not the free PDF reader, was capable of spreading the worm so it did not go far.

Computer Virus Page 5

September, the Nimda worm demonstrated significant flexibility in its ability to spread and used
several firsts. While not new in concept, a couple of worms created a fair amount of havoc
during the year: Sircam (July), CodeRed (July & August), and BadTrans (November &
December).
2002 - LFM-926, Donut, Sharp
A, SQLSpider, Benjamin, Perrun, Scalper Early in January LFM-926 showed up as the first
virus to infect Shockwave Flash (.SWF) files. It was named for the message it displays while it's
infecting: "Loading.Flash.Movie...". It drops a Debug script that produces a .COM file which
infects other .SWF files. Also in early January Donut showed up as the first worm directed at
.NET services. In March, the first native .NET worm written in C#, Sharp-A was announced.
Sharp-A was also unique in that it was one of the few malware programs reportedly written by a
woman. Late May the Javascript worm SQLSpider was released. It was unique in that it attacked
installations running Microsoft SQL Server (and programs that use SQL Server technology).
Also in late May the Benjamin appeared. Benjamin is unique in that it uses the KaZaa peer-to-
peer network to spread. Mid-June the press went wild over the proof-of-concept Perrun virus
because a portion of the virus attached itself to JPEG image files. Despite the hype, JPEG files
are still safe as you must have a stripper program running on your system in order to strip the
virus file off the image file. On 28 June the Scalper worm was discovered attacking
FreeBSD/Apache Web servers. The worm is designed to set up a flood net (stable of zombies
which could be used to overwhelm one or more systems).
2003 - Slammer, Sobig, Lovgate,
Fizzer, Blaster/Welchia/Mimail Sobig, a worm that carried its own SMTP mail program and
used Windows network shares to spread started the year. Sobig variants continued to multiply
throughout the year. Slammer, exploiting vulnerabilities in Microsoft's SQL 2000 servers, hit
Super Bowl weekend. Its spreading technique worked so well that for some period of time all of
South Korea was effectively eliminated from the Internet (obscured). It received significant
media coverage. The unique entry that February saw was Lovgate. This was unique as it was a
combination of a Trojan and a worm; two pieces of malware that generally don't get combined.
Starting in early May Fizzer spread via usual E-mail methods but also used the KaZaa peer-to-
peer network to spread. While generally not unique types, August is (in)famous for a
combination of Sobig.F, Blaster (also known as Lovsan and MSBlast), Welchia (or Nachi), and

Computer Virus Page 6

Mimail; all spreading rapidly through a security vulnerability in a Windows Distributed
Component Object Model (DCOM) Remote Procedure Call (RPC) interface. 2003 also saw what
appeared to be a use of worm-like techniques used in the spreading of spam. Sobig dropped a
component that could later be used by spammers to send mail through infected machines. The
social engineering techniques used by virus/worm writers improved dramatically as well. Some
of the malware this year was accompanied by very realistic graphics and links in an attempt to
make you think the mail actually came from the likes of Microsoft or Paypal.
2004 - Trojan.Xombe Randex, Bizex, Witty, MP3Concept, Sasser, Mac OS X,
W64.Rugrat.3344, Symb/Cabir-A, JS/Scob-A, WCE/Duts-A, W32/Amus-
A, JPEG Weakness Year 2004 started where 2003 left off with social engineering taking the
lead in propagation techniques. Trojan.Xombe was sent out to a wide audience. It posed as a
message from Microsoft Windows Update asking you to run the attached revision to XP Service
Pack 1. (This, and like messages that "phish" for personal information, are expected to take a
lead role in 2004 -- and, yes, phish is the correct term for a message designed to "fish" for
personal information; the technique is called phishing.) In February it was demonstrated that
virus writers were starting to ply their craft for money. A German magazine managed to buy a
list of infected IP addresses from a distributor of the virus Randex. These IP addresses were for
sale to spammers who could use the infected machines as mail zombies. The end of February
saw Bizex go after ICQ users through an HTML link that downloaded an infected SCM (Sound
Compressed Sound Scheme) file. The weekend of 20/21 March introduced Witty, the first worm
to attack security software directly (some Internet Security Systems' RealSecure, Proventia and
BlackICE versions). The worm was malicious in that it erased portions of the hard drive while
sending itself out. A Mac OS X scare in the form of MP3Concept was announced 8 April. Said
to be a benign Trojan, MP3Concept turned out to be nothing more than a bad proof-of-concept
that never made it into the wild. The end of April saw the Sasser worm which is the first to
effectively use the LSASS Windows vulnerability; a vulnerability that allowed the worm to
spread via an open FTP port instead of through E-mail (even though Microsoft had already
issued a patch for the vulnerability -- yet another example of people not paying attention to
operating system security updates). Toward the end of May Apple issued critical patches to OS
X when a vulnerability that could spread via E-mail and mal-formed Web pages was found. The
vulnerability would allow AppleScript scripts to run unchecked; even to the point of deleting the

Computer Virus Page 7

home directory. The proof-of-concept Worm W64.Rugrat.3344 showed up the end of May. This
is claimed to be the first malware that specifically attacks 64-bit Windows files only (it ignores
32-bit and 16-bit files). It was created using IA64 (Intel Architecture) assembly code.

2-What Is Computer Virus & How Its Works?

Computer Virus is a kind of malicious software written intentionally to enter a computer without
the user’s permission or knowledge, with an ability to replicate itself, thus continuing to spread.
Some viruses do little but replicate others can cause severe harm or adversely effect program and
performance of the system.

A file virus attaches itself to a file usually an executable application (e.g. a word processing
program or a DOS program). In general, file viruses don't infect data files. However, data files
can contain embedded executable code such as macros, which may be used by virus or Trojan
writers. Recent versions of Microsoft Word are particularly vulnerable to this kind of threat. Text
files such as batch files, postscript files, and source code which contain commands that can be
compiled or interpreted by another program are potential targets for malware (malicious
software), though such malwares not at present common.

Computer Virus Page 8

3-How Does A Computer Get A Virus

There are literally dozens of different ways a computer can become infected with spyware,
viruses, and other malware. Below is a list of the most common ways a computer can contract
these infections listed in the order we believe are most commonly done.

1. Accepting without reading

By far one of the most common ways a computer becomes infected is the user accepts what he or
she sees on the screen without reading the prompt or understand what it's asking.

Some common examples:

1. While browsing the Internet, an Internet advertisement or window appears that says your
computer is infected or that a unique plug-in is required. Without fully understanding
what it is you're getting, you accept the prompt.
2. When installing or updating a program, you're prompted (often checkboxes already
checked) if it's ok to install additional programs that you may not want or are designed to
monitor your usage of the program.

2. Opening e-mail attachments

Another very common way people become infected with viruses and other spyware is by
opening e-mail attachments, even when from a co-worker, friend, or family member. E-mail
addresses can be easily faked and even when not faked your acquaintance may unsuspectingly be
forwarding you an infected file.

When receiving an e-mail with an attachment, if the e-mail was not expected or from someone
you don't know delete it. If the e-mail is from someone you know, be cautious when opening the
attachment.

Computer Virus Page 9

3. Not running the latest updates

Many of the updates, especially those associated with Microsoft Windows and other operating
systems and programs, are security updates. Running a program or operating system that is not
up-to-date with the latest updates can be a big security risk and can be a way your computer
becomes infected.

4. Pirating software, music, or movies

If you or someone on your computer is participating in underground places on the Internet where
you're downloading copyrighted music, movies, software, etc. for free, often many of the files
can contain viruses, spyware or malicious software.

5. No anti-virus spyware scanner

If you're running a computer with Microsoft Windows it's highly recommended you have some
form of anti-virus and spyware protection on that computer to help clean it from any infections
currently on the computer and to help prevent any future infections.

6. Downloading infected software

Finally, downloading any other software from the Internet can also contain viruses and other
malware. When downloading any software (programs, utilities, games, updates, demos, etc.),
make sure you're downloading the software from a reliable source and while installing it you're
reading all prompts about what the program is putting on your computer.

Computer Virus Page 10

4-Symptoms Of A Computer Virus

The following are some primary indicators that a computer may be infected:

 The computer runs slower than usual.

 The computer stops responding, or it locks up frequently.
 The computer crashes, and then it restarts every few minutes.
 The computer restarts on its own. Additionally, the computer does not run as usual.
 Applications on the computer do not work correctly.
 Disks or disk drives are inaccessible.
 You cannot print items correctly.
 You see unusual error messages.
 You see distorted menus and dialog boxes.
 There is a double extension on an attachment that you recently opened, such as a .jpg,
.vbs, .gif, or .exe. extension.
 An antivirus program is disabled for no reason. Additionally, the antivirus program
cannot be restarted.
 An antivirus program cannot be installed on the computer, or the antivirus program will
not run.
 New icons appear on the desktop that you did not put there, or the icons are not
associated with any recently installed programs.
 Strange sounds or music plays from the speakers unexpectedly.
 A program disappears from the computer even though you did not intentionally remove
the program.

Computer Virus Page 11

5-Different Types Of Computer Virus

1. Trojan Horse
As mentioned earlier on, the term "Trojan horse" was taken from a clever Greek plan described
by Homer in the Iliad. After seemingly abandoning the siege of Troy, the Greeks placed armed
men inside a huge wooden horse. The horse was Welcomed into the city by the Trojans, who
believed it was a symbol of peace; they slept while the Greeks exited the Horse and opened the
gates allowing the Greek army into Troy, conquering the city.

Operations that could be performed by a hacker on a target computer system include:

* Use of the machine as part of a botnet

* Data theft (e.g. retrieving passwords or credit card information)
* Installation of software, including third-party malware
* Downloading or uploading of files on the user's computer
* Modification or deletion of files
* Keystroke logging
* Watching the user's screen
* Crashing the computer

Trojan horses in this way require interaction with a hacker to fulfill their purpose, though the
hacker need not be the individual responsible for distributing the Trojan horse. It is possible for
individual hackers to scan computers on a network using a port scanner in the hope of finding
one with a malicious Trojan horse installed, which the hacker can then use to control the target
computer.

Computer Virus Page 12

2. Resident Virus
A resident virus is a computer virus which embeds itself into the memory on a computer,
activating whenever the operating system performs a specific function so that it can infect files
on the computer. This method of viral infection is in contrast with a non-resident virus, which
actively seeks out files to infect. Resident viruses can be quite pernicious, as they may spread
through a system so thoroughly that they even attach to antivirus programs, infecting the very
things they scan for signs of viral infection. Removing a resident virus which has embedded
itself in a computer's memory can be a challenge. The virus may be designed to resist the actions
of conventional antivirus software, or as discussed above, to exploit the software. A specialized
virus removal tool may be needed to extract the virus from memory. In some cases, the services
of an information technology professional may be needed to completely clear a computer of
infection. When a resident virus is identified by an antivirus company or a designer of operating
systems, a patch is often released. This may be an update to an antivirus program which allows
the program to remove the virus, or it may take the form of a virus removal tool which the
computer user can run to get the resident virus out of memory.

3. Direct Action Virus

The main purpose of this virus is to replicate and take action when it is executed. When a
specific condition is met, the virus will go into action and infect files in the directory or folder
that it is in and in directories that are specified in the AUTOEXEC.BAT file PATH. This batch
file is always located in the root directory of the hard disk and carries out certain operations
when the computer is booted.

4.Overwrite-Virus
Virus of this kind is characterized by the fact that it deletes the information contained in the files
that it infects, rendering them partially or totally useless once they have been infected. The only
way to clean a file infected by an overwrite virus is to delete the file completely, thus losing the
original content.
Examples of this virus include: Way, Trj.Reboot, Trivial.88.D.

Computer Virus Page 13

5. Boot Virus
This type of virus affects the boot sector of a floppy or hard disk. This is a crucial part of a disk,
in which information on the disk itself is stored together with a program that makes it possible to
boot the computer from the disk. The best way of avoiding boot viruses is to ensure that floppy
disks are write-protected and never start your computer with an unknown floppy disk in the disk
drive.

6. Macro Virus
Macro viruses infect files that are created using certain applications or programs that contain
macros. These mini-programs make it possible to automate series of operations so that they are
performed as a single action, thereby saving the user from having to carry them out one by one.

7. Worms
Computer worms are programs that reproduce, execute independently and travel across the
network connections. The key difference between a virus and worm is the manner in which it
reproduces and spreads. A virus is dependent upon the host file or boot sector, and the transfer of
files between computers to spread, whereas a computer worm can execute completely
independently and spread on its own accord through network connections.
The security threat from worms is equivalent to that of viruses. Computer worms are skilled of
doing an entire series of damage such as destroying crucial files in your system, slowing it down
to a large degree, or even causing some critical programs to stop.

Computer Virus Page 14

Two types:

1) NETWORK- Computer Worms

Network worms consist of multiple parts, called "segments.“ They each run on different
machines (and possibly perform different actions) using the network for several
communication purposes.
Moving a segment from one machine to another is only one of their purposes. Network
worms that have only one main segment will coordinate the work of the other segments;
which are sometimes called "octopuses."

2) HOST- Computer Worms

Host computer worms are entirely contained in the computer they run on and use
network connections only to copy themselves to other computers.
Host computer worms are the original terminates after it launches a copy on to another
host (so there is only one copy of the worm running somewhere on the network at any
given moment). They are sometimes called "rabbits."

8. E-Mail Virus

The virus was originally created as a Word document and was then uploaded via email to an
internet newsgroup. Any recipient who opened the email, downloaded the document and opened
it on their computer, unknowingly triggered Melissa's payload. From there, the virus sent itself
as a document to the first 50 contacts in the victim's address book. The email was attached with
a friendly note which included the recipient's name. This was done to make the virus appear
harmless and trick them into opening it. It then created 50 new infected documents from that
victim's machine. At this continuous rate, Melissa quickly became the fastest spreading virus
seen by anyone at the time. The virus was so severe that it resulted in a number of large
commercial companies disabling their email systems.
Melissa was so powerful because it capitalized on a vulnerability found in the Microsoft Word
programming language known as VBA (Visual Basic for Applications). VBA is a complete
language that can be programmed to perform actions such as modifying files and distributing

Computer Virus Page 15

emails. It also includes a rather useful yet dangerous function known as "auto-execute". The
Melissa virus was programmed by inserting malicious code into a document, enabling it to be
executed whenever someone opened it.
The ILOVEYOU virus, which was first detected in May of 2000, was much more simple than
Melissa. The malicious code it contained came in the form of an attachment. Any recipient who
clicked on the attachment unknowingly executed the code. This email virus then distributed
copies of itself to contacts in the user's address book, enabling the infection to spread at a rapid
rate. Because ILOVEYOU was also known to unload different types of infections, some experts
have labeled it a Trojan rather than a virus.

9. Stealth Virus
In computer security, a stealth virus is a computer virus that uses various mechanisms to avoid
detection by antivirus software.

Typically, when an antivirus program runs, a stealth virus hides itself in memory, and uses
various tricks to also hide changes it has made to any files or boot records. The virus may
maintain a copy of the original, uninfected data and monitor system activity. When the program
attempts to access data that's been altered, the virus redirects it to a storage area maintaining the
original, uninfected data. A good antivirus program should be able to find a stealth virus by
looking for evidence in memory as well as in areas that viruses usually attack.

10. Companion Virus

The COMPANION virus is one that, instead of modifying an existing file, creates a new
program which is executed instead of the intended program.
On exit, the new program executes the original program so that things appear normal. On PCs
this has usually been accomplished by creating an infected .COM file with the same name as an
existing .EXE file.
Integrity checking anti-virus software that only looks for modifications in existing files will fail
to detect such viruses.

Computer Virus Page 16

6-Difference Between a Virus, Worm and Trojan Horse

Virus cannot replicate themselves but worm and Trojan can do that.
A virus cannot be spread without a human action such as running an infected file or program but
worm and Trojan have the capabilities to spread themselves automatically from computer to
computer through network connation.
A virus does not consume system memory but worm consumes too much system memory and
network bandwidth because of their copying nature.
Trojans are used by malicious users to access your computer information but viruses and worms
can’t do so, they simply infect your computer.

7-Top 5 Deadliest Virus

1. I Love You Virus

If you receive email with a subject line with the phrase I LOVE YOU (all one word, no spaces)
in it… DON'T OPEN the attachment named Love-Letter-For-You.txt.vbs.

Over a five-hour period, during May 4, 2000, this virus spread across Asia, Europe and the
United States via e-mail messages titled "ILOVEYOU." The menace clogged Web servers,
overwrote personal files and caused corporate IT managers to shut down e-mail systems.

A scan of the Visual Basic code included in the attachment reveals that the virus may be
corrupting MP3 and JPEG files on users' hard drives, as well as mIRC, a version of Internet
Relay Chat. It also appears to reset the default start page for Internet Explorer.

This virus arrives as e-mail with the subject line "I Love You" and an attachment named "Love-
Letter-For-You.txt.vbs." Opening the attachment infects your computer. The infection first scans
your PC's memory for passwords, which are sent back to the virus's creator (a Web site in the
Philippines which has since been shut down). The infection then replicates itself to everyone in

Computer Virus Page 17

your Outlook address book. Finally, the infection corrupts files ending with .vbs, .vbe, .js, .css,
.wsh, .sct, .hta, .jpg, .jpeg, .mp2, .mp3 by overwriting them with a copy of itself.

2. Slammer
SQL Slammer is a computer worm that caused a denial of service on some Internet hosts and
dramatically slowed down general Internet traffic, starting at 05:30 UTC on January 25, 2003. It
spread rapidly, infecting most of its 75,000 victims within ten minutes. So named by Christopher
J. Rouland, the CTO of ISS, Slammer was first brought to the attention of the public by Michael
Bacarella (see notes below). Although titled "SQL slammer worm", the program did not use the
SQL language; it exploited a buffer overflow bug in Microsoft's flagship SQL Server and
Desktop Engine database products, for which a patch had been released six months earlier in
MS02-039. Other names include W32.SQLExp.Worm, DDOS.SQLP1434.A, the Sapphire
Worm, SQL_HEL, W32/SQLSlammer and Helker

3. Storm
The latest virus on our list is the dreaded Storm Worm. It was late 2006 when computer security
experts first identified the worm. The public began to call the virus the Storm Worm because one
of the e-mail messages carrying the virus had as its subject "230 dead as storm batters Europe."
Antivirus companies call the worm other names. For example, Symantec calls it Peacomm while
McAfee refers to it as Nuwar. This might sound confusing, but there's already a 2001 virus
called the W32.Storm.Worm.

4. Bagel (Net Sky)

The w32 bagle malware is part of a family of different viruses and Trojans. It continues to spread
itself via email attachments and infects other computers.This malware installs itself when you
download an email attachment. It executes and creates a file in your system directory called
bbeagle.exe. It is particularly dangerous because the files look legitimate when downloading, and
someone who isn’t familiar with the internet may download them without knowing. It infects
your computer by the attacker sending fake emails, and infecting other computers. It spreads like
a chain to continuously damage even more computers. When you download one of the virus
files, it executes, installs, and wrecks havoc on your system.

Computer Virus Page 18

5. Nimda
The Nimda worm retrieves the list of addresses found in the address books of Microsoft Outlook
and Eudora, as well as email addresses contained in HTML files found on the infected machine's
hard drive.

Next, the Nimda virus sends all of these recipients an email with an empty body and a subject
chosen at random (and often very long). It adds to the message an attachment named
Readme.exe or Readme.eml (file containing an executable). The viruses use an .eml extension to
exploit a security flaw in Microsoft Internet Explorer 5.

What's more, in Microsoft Windows the Nimda virus can spread over shared network folders,
infecting executable files found there.

Viewing Web pages on servers infected by the Nimda virus may lead to infection when a user
views pages with the vulnerable Microsoft Internet Explorer 5 browser.

The Nimda virus is also capable of taking control of a Microsoft IIS (Internet Information
Server) Web server, by exploiting certain security holes.

Finally, the virus infects executable files found on the contaminated machine, meaning that it can
also spread by file transfers.

Computer Virus Page 19

8-How Anti-Virus Software Works

Antivirus software typically uses a variety of strategies in detecting and removing viruses,
worms and other malware programs.

The following are the two most widely employed identification methods:

1. Signature-Based Detection
This is the most commonly employed method which involves searching for known patterns of
virus within a given file. Every antivirus software will have a dictionary of sample malware
codes called signatures in its database. Whenever a file is examined, the antivirus refers to the
dictionary of sample codes present within its database and compares the same with the current
file.
If the piece of code within the file matches with the one in it’s dictionary then it is flagged and
proper action is taken immediately so as to stop the virus from further replicating. The antivirus
may choose to repair the file, quarantine or delete it permanently based on it’s potential risk.
As new viruses and malwares are created and released every day, this method of detection cannot
defend against new malwares unless their samples are collected and signatures are released by
the antivirus software company. Some companies may also encourage the users to upload new
viruses or variants, so that the virus can be analyzed and the signature can be added to the
dictionary.

2. Heuristic-based detection
Heuristic-based detection involves identifying suspicious behavior from any given program
which might indicate a potential risk. This approach is used by some of the sophisticated
antivirus softwares to identify new malware and variants of known malware. Unlike the
signature based approach, here the antivirus doesn’t attempt to identify known viruses, but
instead monitors the behavior of all programs.
For example, malicious behaviors like a program trying to write data to an executable program is
flagged and the user is alerted about this action. This method of detection gives an additional
level of security from unidentified threats.

Computer Virus Page 20

File emulation: This is another type of heuristic-based approach where a given program is
executed in a virtual environment and the actions performed by it are logged. Based on the
actions logged, the antivirus software can determine if the program is malicious or not and carry
out necessary actions in order to clean the infection.

9-Different Anti-Virus Software

1) AVG Anti-Virus
2) Avira Antivirus
3) Bit Defender
4) ESET NOD32
5) Kaspersky Anti-Virus
6) McAfee Antivirus
7) Norton Antivirus
8) Panda Antivirus
9) Quick Heal Antivirus
10) Trend Micro Antivirus etc….

Computer Virus Page 21

10- MOBILE VIRUS

WAP THREATS
The use of WAP-enabled mobile phones is booming. Cellular phones with support for WAP
(Wireless Application Protocol) allow users to access a wide variety of services. WAP enables
users to do on-line banking, monitor stock markets, use email, access the Internet – all from their
mobile phones. Future WAP services with positioning support will enable even more advanced
services – for example, you could ask your phone to find the closest restaurant in a strange city
and your phone would answer back with map and directions. When it comes to WAP security,
why worry?
From the outset, vendors of mobile phones and WAP servers have ensured that much
consideration was given to on fidentiality and privacy issues for WAP data, as well as to user
authentication. Add this to the fact that data integrity checking has been taken into account, and
you could be forgiven for thinking that the WAP infrastructure is already secure enough.
However, we believe that there are still a number of security issues to be resolved. Firstly, there
is no content security for the WAP infrastructure, and yet this is where one of the biggest threats
typically lies.
As we have already seen in the desktop-PC world, content-related security is the single biggest
security issue for home and corporate users alike. Even now, we receive an average of seven new
PC virus samples every day, with actions that range from benign to potentially catastrophic. In
the telecommunications world, content has traditionally been speech – with no security risks
involved. Now the content is code, and the whole picture changes. The WAP infrastructure has
not taken executable mobile content – such as downloadable programs into account from a
content-security point of view. The WAP content requested by the mobile device and returned by
the origin server can, for example, contain WML cards, which may display text or pictures,
working similarly to HTML pages on the Web. The pages can also contain script written with
WML Script language – which is a close relative to the JavaScript scripting language. As a side
note, several PC viruses written with JavaScript were discovered during 1999 and 2000. The
WLAN weak link A security weakness in the encryption standard used within IEEE-based
WLANs has been uncovered. Three cryptographers have described a practical way of attacking

Computer Virus Page 22

the key scheduling algorithm of the RC4 cipher, in a paper entitled Weaknesses in the key
scheduling algorithm of RC4.
The RC4 cipher forms the basis of the WEP encryption that is used in IEEE 802.11b wireless
networks. The paper's authors discovered several ways to uncover patterns in packets of
information passing over WLANs. These patterns can be used to figure out the WEP encryption
"key" and the number used to scramble the data being transmitted. Once the key is recovered, it
can be used to decrypt the messages. According to the authors, using a longer key-128 bits
instead of the current WEP standard of 40 bits-does not make it harder for attackers to uncover
the process. The paper provides a more practical approach to breaking RC4 than previous
publications and lends fresh urgency to the work of two IEEE groups grappling with the 802.11
vulnerabilities.
However, the Wireless Ethernet Compatibility Alliance said enterprise users should continue
to use WEP because only skilled crypto analysts would be able to exploit the weakness.
Enterprises could also use several existing tools for additional security, such as VPNs, IPSec,
and RADIUS authentication servers. In addition, many WLAN vendors have introduced
proprietary encryption schemes because of the known weaknesses in WEP.
However, these schemes are not interoperable with each other. There have been other
problems uncovered in the WEP structure but the latest discovery is more significant because an
attack could be carried out faster and with fewer resources. One emerging solution is from the
802.1x group that is focused on overall network security and authentication. Another is the
802.11i group that is making use of some of the 802.1x work to overhaul the identified WEP
vulnerabilities. These initiatives are scheduled to be finalized by year end and vendors are likely
to have products out soon

Computer Virus Page 23

POTENTIAL PDA’S PROBLEM

What about palmtop computers and PDAs-can they be infected by computer viruses? PDAs run
specially written scaled-down operating systems, such as EPOC, PalmOS or PocketPC. They are
often connected to home or office PCs to synchronize the data between the two machines. This
presents an opportunity for viruses to spread onto them. Yet, no viruses currently exist for the
PocketPC and EPOC operating systems, although there is no technical reason why they could not
be written. There is a virus called Palm/Phage, which is able to infect Palm OS, but it is not in
the wild and poses little threat. Nonetheless, it is sensible to keep backups of any Palm
applications and data. There is also a Trojan horse known as Palm/Liberty-A, which is able to
infect the Palm OS

Computer Virus Page 24

11-CONCLUSION

 People mostly think that there are only viruses are threat but there are
other threats as well.
 Such as spam's, spyware, trojans , worms, etc.
 From spam's we know there are different sorts, such as phishing.
 Spywares are used in order to breach the the security.
 Trojans do not replicate but are destructive.
 Antivirus should be installed and should be upgraded to its latest
version in order to provide security against the latest viruses.

12-REFERENCES

 http://www.mines.edu/academic/computer/viri-sysadmin.htm
 http://www.google.com
 http:// www.shashachu.com
 http://www.wikipedia.org
 http://www.youtube.com

Computer Virus Page 25