Sie sind auf Seite 1von 28


Prepared By :




Computer Viruses


Computer virus have become todays headline news With the increasing use of the Internet, it has become easier for virus to spread Virus show us loopholes in software Most virus are targeted at the MS Windows OS

What is a virus?
Virus is vital Information& Resource under seize. A computer virus is basically a program written for destructive purpose. It is written in such a way that it can enter the computer without the knowledge of the machine or the user. It is enters the machine through an infected floppy or a program. It has the capacity to make perfect copies of itself and cause abnormal functioning of the machine.

There are basically two types of virus, FILE virus and the BOOT SECTOR virus depending on the disk areas they infect and the way in which they spread. A file virus infects only executable file those with extension .EXE, .COM, etc. some virus destroy data files as well but viruses with an intention of spreading infect only the executable files. The Boot Sector viruses on the other hand reside in the boot sector of the disk and spread by coping onto the boot sector of all the floppies used on the machine. These virus infect

Types of virus


Background Symptoms Classifying Viruses Examples Protection/Prevention Conclusion


There are estimated 30,000 computer viruses in existence Over 300 new ones are created each month First virus was created to show loopholes in software

Virus Languages


C/C++ Pascal VBA Unix Shell Scripts JavaScript Basically any language that works on the system that is the target

Symptoms of Virus Attack

Computer runs slower then usual Computer no longer boots up Screen sometimes flicker PC speaker beeps periodically System crashes for no reason Files/directories sometimes disappear Denial of Service (DoS)

Virus through the Internet

Today almost 87% of all viruses are spread through the internet (source: ZDNet) Transmission time to a new host is relatively low, on the order of hours today Latent virus

Classifying Virus - Types

Trojan Horse Worm Macro

Trojan Horse

Back Orifice Discovery Date: 10/15/1998 Origin: Website Type: Pro-hacker

Length: 124,928 Trojan Remote SubType: Access Category:

Risk Assessment: Low Stealth

Trojan Horse

About Back Orifice

requires Windows to work distributed by Cult of the Dead Cow similar to PC Anywhere, Carbon Copy software allows remote access and control of other computers install a reference in the registry once infected, runs in the background by default uses UDP port 54320


TCP port


Spread over network connection Worms replicate First worm released on the Internet was called Morris worm, it was released on Nov 2, 1988.


Discovery Date: 11/8/1999 Origin: Argentina (?) Length: 4992 Type: Worm/Macro SubType: VbScript Risk Assessment: Low Category: Stealth/Companion



WSL (windows scripting language), Outlook or Outlook Express, and IE5 Does not work in Windows NT Effects Spanish and English version of Windows 2 variants have been identified Is a latent virus on


How Bubbleboy works


is embedded within an email message of HTML format. a VbScript while the user views a HTML page a file named Update.hta is placed in the start up directory


Specific to certain applications

Comprise a high percentage of the viruses Usually made in WordBasic and Visual Basic for Applications (VBA) Microsoft shipped Concept, the first macro virus, on a CD ROM called "Windows 95 Software Compatibility Test" in 1995


Discovery Date: 3/26/1999 Origin: Newsgroup Posting

Length: varies depending on variant

Type: Macro/Worm High Subtype: Macro Risk Assessment: Category: Companion

Protection/Preve ntion
Knowledge Proper configurations Run only necessary programs Anti-virus software


The following precaution should be taken to prevent the entry of virus in to a machine Avoid booting the machine with a floppy i.e. from A drive. If it is required to boot from floppy use a known floppy that is virus free and with a write protect . Write protect disk when using it on unknown machine. No program and hence virus can infect a floppy that is write protected the floppy disk controller and drive mechanism of a properly working disk drive does not allow to write on to a write protected floppy.

Never use software that is not original or doe not come from a authorized dealer .The chance that the pirated software may be infected are high If it is necessary to use borrowed software (As long as it is not illegal) scan it for being virus free.


The Antivirus softwares are used to scan and remove viruses. To protect the system with the dangerous viruses one should keep any antivirus software in the system. It always take care of the virus and when a virus is intended to enter in the system the antivirus activates and alert the user about the virus. It asks the user either to remove or repair the viruses.

Some of popular Antivirus software's are as follows :

Norton Antivirus o AVG o PC CILIN o McAfee o Nashot o Smartdog. o Vaccine. QuickHill


You know know more about virus and how: viruses work through your system to make a better virus Have seen how viruses show us a loophole in popular software Most viruses show that they can cause great damage due to loopholes in programming