3. What is a VIRUS ?
A Computer virus is a malware program that,
when executed, replicates by inserting copies
of itself (possibly modified) into other
computer programs, data files, or the boot
sector of the hard drive; when this replication
succeeds, that affected the areas are then
said to be "infected".
It is a self-replicating program that can cause
damage to data and files stored on your
computer.
4. History of virus
The term “Computer virus” was formally defined by Fred Cohen
in 1983, while he performed academic experiments on a Digital
Equipment Corporation VAX system.
Viruses are classified as being one of two types: research or “in the wild”.
The first computer viruses were developed in the early 1980s. The first
viruses found in the wild were Apple II viruses, such as Elk Cloner, which was
reported in 1981.
Viruses have now been found on the following platforms:
Apple II
IBM PC
Macintosh
Atari
Amiga
5. Function of virus
1) Viruses function have “evolved” over the
Infect the efforts to make the code more
difficult to detect, disassemble, and
eradicate.
2) 6 new viruses are found each day. 57000
known virus programs are in existence.
3) These are programs written by programmers
with great programming skills who are
motivated by the need for a challenge or to
cause destruction.
6. Virus Expandable using EXE & COM Files
The first IBM-PC virus appeared in 1986; this was the Brain virus. Brain
was a boot sector virus and remained resident. These viruses expanded
the target executables to include COM and EXE files.
Cascade was encrypted to deter disassembly and detection. Variable
encryption appeared in 1989 with the 1260 virus. Stealth viruses, which
employ various techniques to avoid detection, also first appeared in 1989,
such as Zero Bug, Dark Avenger and Frodo (4096 or 4K). In 1990, self-
modifying viruses, such as Whale were introduced.
The year 1991 brought the GP1 virus, which is “network-sensitive” and
attempts to steal Novell NetWare passwords. Since their inception,
viruses have become increasingly complex
7. Three Reason of virus spreading are,
Software bugs
Because software is often designed with security features to prevent
unauthorized use of system resources, many viruses must exploit
and manipulate security bugs (security defects) in system or
application software to spread and infect. Software development
strategies that produce large numbers of bugs will generally also
produce potential exploits.
Social engineering and poor security practices
In order to replicate itself, a virus must be permitted to execute
code and write to memory. For this reason, many viruses attach
themselves to executable files that may be part of legitimate
programs (see code injection). If a user attempts to launch an
infected program, the virus' code may be executed simultaneously.
8. Infection targets and replication techniques
Computer viruses infect a variety of different subsystems on their hosts.[27] One manner
of classifying viruses is to analyze whether they reside in binary executables (such as
.EXE or .COM files), data files (such as Microsoft Word documents or PDF files), or in the
boot sector of the host's hard drive
Resident vs. non-resident viruses:
Resident viruses overwrite interrupt handling code or other functions, and when the
operating system attempts to access the target file or disk sector, the virus code intercepts
the request and redirects the control flow to the replication module, infecting the target.
Macro viruses:
Many common applications, such as Microsoft Outlook and Microsoft Word, allow macro
programs to be embedded in documents or emails, so that the programs may be run
automatically when the document is opened. This is one of the reasons that it is dangerous
to open unexpected attachments in e-mails
Boot sector viruses:
Boot sector viruses specifically target the boot sector/Master Boot Record (MBR) of the
host's hard drive or removable storage media (flash drives, floppy disks, etc.).
9. The following is a history of
some of the most famous viruses
and malware ever:
10. 1949 – 1966 – Self-
Reproducing Automata:
Self-replicating programs were established in 1949, to produce a large
number of viruses, John von Neumann, whose known to be the “Father
of Cybernetics”, wrote an article on the “Theory of Self-Reproducing
Automata” that was published in 1966
11. 1959 – Core Wars:
A computer game was programmed in Bell Laboratory by Victor Vygotsky,
H. Douglas McIlroy and Robert P Morris. They named it Core Wars. In this
game, infectious programs named organisms competed with the
processing time of PC.
12. 1971 – The Creeper:
Bob Thomas developed an experimental self-replicating program. It accessed through
ARPANET (The Advanced Research Projects Agency Network) and copied to a remote
host systems with TENEX operating system. A message displayed that “I’m the creeper,
catch me if you can!”. Another program named Reaper was created to delete the
existing harmful program the Creeper.
13. 1974 – Wabbit (Rabbit):
This infectious program was developed to make multiple copies of itself
on a computer clogging the system reducing the performance of the
computer.
14. 1974 – 1975 – ANIMAL:
John Walker developed a program called ANIMAL for the UNIVAC 1108.
This was said to be a non-malicious Trojan that is known to spread
through shared tapes.
15. 1981- Elk Cloner:
A program called the “Elk Cloner” was developed by Richard Skrenta for
the Apple II Systems. This was created to infect Apple DOS 3.3. These
programs started to spread through files and folders that are transferred
to other computers by floppy disk
16. 1983
This was the year when the term “Virus” was coined by Frederick Cohen
for the computer programs that are infectious as it has the tendency to
replicate.
17. 1986 – Brain:
This is a virus also known as the “Brain boot sector”, that is compatible
with IBM PC was programmed and developed by two Pakistani
programmers Basit Farooq Alvi, and his brother, Amjad Farooq Alvi.
19. Cascade:
This virus is a self-encrypted file virus which was the outcome of IBM’s
own antivirus product.
20. Jerusalem Virus:
This type of virus was first detected in the city of Jerusalem. This was
developed to destroy all files in an infected computers on the thirteenth
day that falls on a Friday.
21. 1988 – The Morris Worm:
This type of worm was created by Robert Tappan Morris to infect DEC VAX
and Sun machines running BSD UNIX through the Internet. This is best
known for exploiting the computers that are prone to buffer overflow
vulnerabilities.
22. 1990
Symantec launched one of the first antivirus programs called the Norton
Antivirus, to fight against the infectious viruses. The first family of
polymorphic virus called the Chameleon was developed by Ralf Burger.
23. 1995 – Concept:
This virus name Concept was created to spread and attack Microsoft
Word documents
24. 1996
A macro virus known as Laroux was developed to infect Microsoft Excel
Documents, A virus named Baza was developed to infect Windows 95 and
Virus named Staog was created to infect Linux
25. 1998 CIH Virus:
The release of the first version of CIH viruses developed by Chen Ing Hau
from Taiwan.
IT CORRUPTS THE DATA
26. 1999 Happy99:
This type of worm was developed to attach itself to emails with a
message Happy New Year. Outlook Express and Internet Explorer on
Windows 95 and 98 were affected
27. 2000 – ILOVEYOU:
The virus is capable of deleting files in JPEGs, MP2, or MP3 formats
28. 2001 – Anna Kournikova:
This virus was spread by emails to the contacts in the compromised
address book of Microsoft Outlook. The emails purported to contain
pictures of the very attractive female tennis player, but in fact hid a
malicious virus.
30. Beast or RAT:
This is backdoor Trojan horse and is capable of infecting all versions of
Windows OS.
31. 2004 – My Doom:
This infectious worm also called the Novang. This was developed to share
files and permits hackers to access to infected computers. It is known as
the fastest mailer worm.
service attack of “Mail Transaction Failed”
32. 2005 – Samy XXA:
This type of virus was developed to spread faster and it is known to
infect the Windows family.
34. Nyxem:
This type of worm was created to spread by mass-mailing, destroying
Microsoft Office files.
35. 2007 – Storm Worm:
This was a fast spreading email spamming threat against Microsoft
systems that compromised millions of systems.
Storm worm as the number of this dangerous malware
infected PCs was close to 10 million.
36. Zeus:
This is a type of Trojan that infects used capture login credentials from
banking web sites and commit financial fraud.
37. 2008 – Koobface:
This virus was developed and created to target Facebook and My Space
users.
38. 2010 – Kenzero:
The is a virus that spreads online between sites through browsing history.
39. 2013 – Cryptolocker:
This is trojan horse encrypts the files infected machine and demands a
ransom to unlock the files.
40. 2014 – Backoff:
Malware designed to compromise Point-of-Sale (POS) systems to steal
credit card data.
41. Sad to say, the history will continue.
That makes keeping up with the latest
antivirus and firewall technology ever so
important.
42. Today the computer hacker introduced
the virus in three different ways
The Virus, Trojan, Spyware are used
crack a particular or specific file hack
and use the Application (i.e. Cost
Antivirus, Programs, Social sites) in
“legal” actions within the context of
the operating system and to share the
file with each other and etc. . While
more stringent controls are in place on
multi-tasking, multi-user operating
systems, configuration errors, and
security holes (security bugs) make
viruses on these systems more than
theoretically possible.
44. Causes
If one of the infected programs is given to another
person on a pen drive, or if it is uploaded so other
people can download it, then other programs get
infected. This is how the virus spreads -- similar to the
infection phase of a biological virus. But viruses
wouldn't be so violently despised if all they did was
replicate themselves. Most viruses also have a
destructive attack phase where they do real damage.
Some sort of trigger will activate the attack phase,
and the virus will then do something -- anything from
displaying a silly message on the screen to erasing all
of your data. The trigger might be a specific date, a
number of times the virus has been replicated or
something similar.
45. Damaged
Computer viruses currently cause billions of dollars'
worth of economic damage each year, due to causing
systems failure, wasting computer resources, corrupting
data, increasing maintenance costs, etc. In response,
free, open-source antivirus tools have been developed,
and an industry of antivirus software has cropped up,
selling or freely distributing virus protection to users of
various operating systems. Even though no currently
existing antivirus software is able to uncover all
computer viruses (especially new ones), computer
security researchers are actively searching for new ways
to enable antivirus solutions to more effectively detect
emerging viruses, before they have already become
widely distributed.
46. Recovery strategies and methods
Back up
If a backup session on optical media like CD and DVD is closed, it
becomes read-only and can no longer be affected by a virus
Virus removal
Many websites run by antivirus software companies provide free
virus scanning by limited cleaning facilities (the purpose of the sites
is to sell antivirus products).
Operating system reinstallation:
Microsoft's System File Checker (improved in Windows 7 and later)
can be used to check for, and repair, corrupted system files
47. Conclusion:
1)Viruses exploit weaknesses in operating system
controls and human patterns of system
use/misuse.
2)Destructive viruses are more likely to be
eradicated.
3)An innovative virus may have a larger initial
window to propagate before it is discovered and
the “average” anti-viral product is modified to
detect or eradicate it.