FULL PAPER

ON

“COMPUTER VIRUSES AND

SECURITY”

SUBMITTED TO: - SUBMITTED BY: -

MR. SOUMEN SAHA (GROUP – 13)

AYAN CHKRABORTY

BIJAY KUMAR

PAWANDEEP

PRATEEK JAIN

SUDIP GOGOI

SUMIT SAHA
 Computer viruses and security

Introduction & brief history: In the era of 21st century Internet and e-mail has
become an ever-increasing part of our lives, but there are a large number of dangers
and risks associated with that and with increasing rate. So one should make sure that
how to deal with these threats.

The first computer virus to openly make it to the public was a program called "Elk
Cloner". It was created by Rich Skrenta, a computer programmer who was in high
school when this virus was created in 1982. Elk Cloner attached itself to the Apple
DOS 3.3 operating system and was later spread out by a floppy disk. When the virus
was created, it was intentionally made as a joke by the high school student, who
inputted the virus into a game in which the virus was set off after the 50th time of
using the game. When the virus was set off, a blank screen appeared and displayed a
poem about the virus. The computer then became infected.

The first PC virus was a boot sector virus named (c)Brain. Two brothers, Basit and
Amjad Farooq Alvi, whose only intentions were to protect their work from piracy and
to target copyright infringers, programmed it. However, according to analysts, the
Ashar virus, which was a variant of Brain, possibly was created before the (c)Brain.

Before network computer expansion, most viruses were spread out through removable
media, such as floppy disks. These viruses infected programs stored in the disks,
while others were inputted into the disk boot sectors, and activated when the user
booted the computer from the disk.

In the mid 1990s, macro viruses came into the scene and became common quickly.
Ironically, some versions of Microsoft Word allowed the macro virus to multiply and
gain additional blank lines. In 1999, the ‗Melissa‘ virus was one of the first sets of
viruses that reached epic proportions of computer damage. In 2004, the MyDoom
email worm damaged millions of computers by persuading people to open the e-mail
attachment through a social engineering initiative.

The History of Computer viruses has had a parallel history with the boom of the
Internet. E-mal attachments, visiting suspicious websites and downloading free
software all pose various risks depending on the security level of the computer. E-mal
attachments, visiting suspicious websites and downloading free software all pose
various risks depending on the security level of the computer.

At present viruses and worms (a kind of malicious program) are the major threats for
PCs. The main purpose of these programs is to spread and damage the files and PCs.
Such malicious software, or ―malware‖, could be described as ‗cyber vandalism‘. In
the majority of cases, the viruses and worms spread as much as possible, with a high
infection rate leading to fame for that program.
Today, the biggest threat faced by computers is crimeware. This malicious software is
written by cybercriminals with the purpose of making money illegally. Crimeware
may take the form of viruses, worms, Trojans or other malicious programs.

Computer security is a branch of technology known as information security as applied

to computers and networks. The objective of computer security includes protection of
information and property from theft, corruption, or natural disaster, while allowing the
information and property to remain accessible and productive to its intended users.

Virus is the biggest reason which causes the security damages. To help avoid viruses,
it‘s essential that we keep our computer updated with the latest updates and antivirus
tools, stay informed about recent threats, and that we follow a few basic rules when
we surf the Internet, download files, and open attachments.

Computer virus: A computer virus is a self-replicating program containing code that

explicitly copies itself and that can "infect" other programs by modifying them or
their environment such that a call to an infected program implies a call to a possibly
evolved copy of the virus.

A Computer Virus can spread throughout a computer system or network using the
authorizations of every user using it to infect their programs. Every program that gets
infected may also act as a virus and thus the infection grows.

Virus is a kind of malicious software written intentionally to enter a computer without

the user‘s permission or knowledge, with an ability to replicate itself, thus continuing
to spread. Some viruses do little but replicate others can cause severe harm or
adversely effect program and performance of the system.

Most viruses are pretty harmless. The user might not even notice the virus for years.
Sometimes viruses might cause random damage to data files and over a long period
they might destroy files and disks. Even benign viruses cause damage by occupying
disk space and main memory, by using up CPU processing time. There is also the
time and expense wasted in detecting and removing viruses.

How viruses spread out: Viruses‘ mission is to hop from program to other and this
should happen as quickly as possible. Usually viruses join to the host program in
some way. They even write over part of the host program.

A computer is infected with a boot sector virus if it is booted from an infected floppy
disk. Boot sector infections cannot normally spread across a network. These viruses
spread normally via floppy disks which may come from virtually any source:

 unsolicited demonstration disks

 brand-new software
 disks used on your PC by salesmen or engineers
 repaired hardware

A file virus infects other files, when the program to which it is attached is run, and so
a file virus can spread across a network and often very quickly. They may be spread
from the same sources as boot sector viruses, but also from sources such as Internet
FTP sites and newsgroups. Trojan horses spread just like file viruses.

A multipartite virus infects boot sectors and files. Often, an infected file is used to
infect the boot sector: thus, this is one case where a boot sector infection could spread
across a network.

Symptoms of virus: The following are some primary indicators that a computer may
be infected:

 The computer runs slower than usual.

 The computer stops responding, or it locks up frequently.
 The computer no longer boots up
 The computer crashes, and then it restarts every few minutes.
 The computer restarts on its own. Additionally, the computer does not run as
usual.
 Screen sometimes flicker
 PC speaker beeps periodically
 Files/directories sometimes disappear
 Applications on the computer do not work correctly.
 Disks or disk drives are inaccessible.
 We cannot print items correctly.
 We see unusual error messages.
 We see distorted menus and dialog boxes.
 There is a double extension on an attachment that you recently opened, such as
a .jpg, .vbs, .gif, or .exe extension.

Types of computer viruses:

ARMORED Viruses
An ARMORED virus is one that uses special tricks to make tracing, disassembling
and understanding of its code more difficult. A good example is the Whale virus.

CAVITY Virus
A CAVITY Virus is one which overwrites a part of the host file that is filled with a
constant (usually nulls), without increasing the length of the file, but preserving its
functionality. Example include: Lehigh virus

STEALTH virus
The STEALTH virus is one that, while ―active‖ can hide the changes it has made to
files or boot records. This is achieved by monitoring the system functions used to read
files or sectors from storage media and forging the results of calls to such functions.

Resident Viruses
This type of virus is a permanent which dwells in the RAM memory. From there it
can overcome and interrupt all of the operations executed by the system: corrupting
files and programs that are opened, closed, copied, renamed etc. Examples include:
Randex, CMJ, Meve, and MrKlunky.

Direct Action Viruses

The main purpose of this virus is to replicate and take action when it is executed.
When a specific condition is met, the virus will go into action and infect files in the
directory or folder that it is in and in directories that are specified in the
AUTOEXEC.BAT file PATH. This batch file is always located in the root directory
of the hard disk and carries out certain operations when the computer is booted.

Overwrite Viruses
Virus of this kind is characterized by the fact that it deletes the information contained
in the files that it infects, rendering them partially or totally useless once they have
been infected. The only way to clean a file infected by an overwrite virus is to delete
the file completely, thus losing the original content. Examples of this virus include:
Way, Trj.Reboot, Trivial.88.D.

Boot Virus
This type of virus affects the boot sector of a floppy or hard disk. This is a crucial part
of a disk, in which information on the disk itself is stored together with a program that
makes it possible to boot (start) the computer from the disk. The best way of avoiding
boot viruses is to ensure that floppy disks are write-protected and never start your
computer with an unknown floppy disk in the disk drive. Examples of boot viruses
include: Polyboot.B, AntiEXE.

Macro Virus
Macro viruses infect files that are created using certain applications or programs that
contain macros. These mini-programs make it possible to automate series of
operations so that they are performed as a single action, thereby saving the user from
having to carry them out one by one. Examples of macro viruses: Relax, Melissa.A,
Bablas, O97M/Y2K.

Directory Virus
Directory viruses change the paths that indicate the location of a file. By executing a
program (file with the extension .EXE or .COM) which has been infected by a virus,
you are unknowingly running the virus program, while the original file and program
have been previously moved by the virus. Once infected it becomes impossible to
locate the original files.

Polymorphic Virus
A POLYMORPHIC virus is one that produces varied but operational copies of itself.
This is so that virus scanners will not be able to detect all instances of the virus.
Polymorphic viruses encrypt or encode themselves in a different way (using different
algorithms and encryption keys) every time they infect a system. This makes it
impossible for anti-viruses to find them using string or signature searches (because
they are different in each encryption) and also enables them to create a large number
of copies of themselves. Examples include: Elkern, Marburg, Satan Bug, and Tuareg.

File Infectors
This type of virus infects programs or executable files (files with an .EXE or .COM
extension). When one of these programs is run, directly or indirectly, the virus is
activated, producing the damaging effects it is programmed to carry out.

Companion Viruses
The COMPANION virus is one that, instead of modifying an existing file, creates a
new program which is executed instead of the intended program. Companion viruses
can be considered file infector viruses like resident or direct action types. They are
known as companion viruses because once they get into the system they "accompany"
the other files that already exist. Some examples include: Stator, Asimov.1539, and
Terrax.1069

Trojan Horse
A ―TROJAN HORSE‖ is a program that does something undocumented that the
programmer intended, but that some users would not approve of if they knew about it.
Means Trojan Horse is a program that does something else that the user thought it
would do. The Trojan Horses are usually masked so that they look interesting, for
example a saxophone.wav file that interests a person collecting sound samples of
instruments. A Trojan Horse differs from a destructive virus in that it doesn't
reproduce. Trojan steals passwords and sends an E-mail to the hackers‘ fake name and
then the hacker has your account in his hands.

A TUNNELLING VIRUS is one that finds the original interrupt handlers in DOS and
the BIOS and calls them directly.

A computer WORM is a self-contained program (or set of programs), that is able to

spread functional copies of itself or its segments to other computer systems (usually
via network connections).

Network worms consist of multiple parts, called ―segments‖. They each run on
different machines (and possibly perform different actions) using the network for
several communication purposes

The Commercial Aspect:

The most important question that comes in our mind is “why do people (or
companies) write and spread viruses?”

It is difficult to know why people write them. Everyone has their own reasons. Some
general reasons are to experiment how to write viruses or to test their programming
talent. Some people just like to see how the virus spreads and gets famous around the
World. The following is a list from news group postings alt.comp.virus and tries to
explain why people write and spread viruses.

 they don't understand or prefer not to think about the consequences for other
people
 they simply don't care
 they don't consider it to be their problem if someone else is inconvenienced
 they draw a false distinction between creating/publishing viruses and
distributing them
  they consider it to be the responsibility of someone else to protect systems
from their creations
 they get a buzz, acknowledged or otherwise, from vandalism
 they consider they're fighting authority
 they like 'matching wits' with anti virus vendors
 it's a way of getting attention, getting recognition from their peers and their
names (or at least that of their virus) in the papers and the Wild List
 they're keeping the anti virus vendors in a job
 And the most important cause of it is to make more and more money (either
by individuals or by companies).

Generally those companies which are making Anti-virus software‘s are making
most of the viruses as to sale there products like anti-virus software‘s, virus
removal tools, window defender, window firewall etc. Means to say is that these
company‘s first make a virus and spread it out, which infects the number of
computers and laptops. And as the users are in need to save their systems from the
dangerous virus then companies launch their product as a best anti-virus which
can detect and remove any virus and as to protect their systems people purchase
there products. So it can be said that companies are using these methods to
increase their sales and to make more and more money.

How To Remove A Computer Virus To Improve Security:-

Removing a computer virus can be done with the help of computer virus removal
tools like any anti-viruses or we can prevent them to enter in the computer with the
help of Firewall and Window defender. Fortunately, by updating the computer and by
using antivirus tools, you can help permanently remove unwanted software.

Antivirus (or anti-virus) software is used to prevent, detect, and remove malware,
including computer viruses, worms, and Trojan horses. Such programs may also
prevent and remove adware, spyware, and other forms of malware. By removing
viruses at the email server, all internal mail clients are protected and all customers are
protected from receiving viruses too. Some of the example of anti-viruses are
―Symantec Norton anti-virus‖, ―AVG‖, ―Bit defender‖, ―Kespersky anti-virus‖,
―McAfee scan‖ etc.

Identification methods: There are several methods which antivirus software can use
to identify malware.

1. Signature based detection is the most common method. To identify viruses

and other malware, antivirus software compares the contents of a file to
a dictionary of virus signatures. Because viruses can embed themselves in
existing files, the entire file is searched, not just as a whole, but also in pieces.

2. Malicious activity detection is another approach used to identify malware. In

this approach, antivirus software monitors the system for suspicious program
behaviour. If suspicious behaviour is detected, the suspect program may be
further investigated, using signature based detection or another method listed
 in this section. This type of detection can be used to identify unknown viruses
or variants on existing viruses.

3. Heuristic-based detection, like malicious activity detection, can be used to

identify unknown viruses. This can be accomplished in one of two ways: file
analysis and file emulation.

4. File analysis is the process of searching a suspect file for virus-like

instructions. For example, if a program has instructions to reformat the C
drive, the antivirus software might further investigate the file. One downside
of this feature is the large amount of computer resources needed to analyse
every file, resulting in slow operation.

5. File emulation is another heuristic approach. File emulation involves

executing a program in a virtual environment and logging what actions the
program performs. Depending on the actions logged, the antivirus software
can determine if the program is malicious or not and then carry out the
appropriate disinfection actions.

To be certain that your computer is indeed infected with a virus, you need to install
anti-virus software. Be sure to remember that anti-virus software is only as good as
the last update. This is because new viruses and other malware are created every day.
Internet security companies are constantly playing a cat and mouse game to detect the
newest viruses and other malicious software. You can also do a free online virus scan
to help you detect any viruses installed on your computer.

Most anti-virus software will automatically remove any viruses or other malware that
it finds. However, if you are infected with a virus that cannot be removed by anti-
virus software there are free virus removal tools available online to remove viruses.

What is a Firewall?

A firewall is a piece of software or hardware that helps screen out hackers, viruses,
and worms that try to reach your computer over the Internet. If you are a home user or
small-business user, using a firewall is the most effective and important first step you
can take to help protect your computer. It is important to turn on your firewall and
antivirus software before you connect to the Internet.

If your computer is not protected when you connect to the Internet, hackers can gain
access to personal information on your computer. They can install code on your
computer that destroys files or causes malfunctions. They can also use your computer
to cause problems on other home and business computers connected to the Internet. A
firewall helps to screen out many kinds of malicious Internet traffic before it reaches
your computer.

Some firewalls can also help to prevent other people from using your computer to
attack other computers without your knowledge. Using a firewall is important no
matter how you connect to the Internet—with a dial-up modem, cable modem, or
digital subscriber line (DSL or ADSL).

If you have Windows Vista or Windows XP Service Pack 2 (SP2) running on your
computer, you can check to see if your firewall is turned on through the Windows
Security Centre:

1. Click Start, and then click Control Panel.

2. Click Security Centre, and then click Windows Firewall.

If you have Windows XP, but you don't have Service Pack 2 running on your
computer, you can download it by visiting Microsoft Update. You can also take the
following steps to make sure the firewall is turned on:

1. Click Start, and then click Control Panel.

2. Click Network and Internet Connections, and then click Network
Connections.
Tip: If the Network and Internet Connections category is not visible,
click Switch to Category View in the upper left corner of the window.
3. Under the Dial-Up or LAN or High Speed Internet category, click the icon
to select the connection that you want to help protect.
4. In the task pane on the left, under Network Tasks, click Change settings of
this connection (or right-click the connection you want to help protect, and
then click Properties).
5. On the Advanced tab, under Internet Connection Firewall, make sure the
box is checked next to Protect my computer and network by limiting or
preventing access to this computer from the Internet. If a check mark is in
the box, the firewall is on. If the box is clear, the firewall is off and your
computer is potentially vulnerable on the Internet.

If you have a different version of Windows, such as Windows 2000, Windows

Millennium Edition, or Windows 98, you should obtain a hardware or software
firewall from another company and install it.

If you don't know if a software firewall is on your computer, you can check in the All
Programs folder. Click Start, and then click All Programs. Look for a firewall
program. Some common brand names for software firewalls for home users include
McAfee, Symantec, and Tiny Personal Firewall.

Windows Firewall monitors all network traffic on the connections for which it is
enabled. The firewall keeps track of all communications that have originated from
your computer, and it prevents unsolicited traffic from reaching your computer.

If necessary, the firewall dynamically opens ports and allows your computer to
receive traffic that you have specifically requested, such as a Web page for which you
have clicked the address.

A "port" is a networking term that identifies the point at which a type of network
traffic reaches your computer. The exact ports that you open depend on the type of
traffic you want to send and receive.
If you have not requested the incoming traffic, Windows Firewall helps block it
before it can reach your computer. For special uses, such as networking, hosting
online games, or hosting your own Web server, you can select ports that you want to
leave open. This allows others to make connections to your computer, but it can also
reduce security.

Windows Firewall is part of Windows Vista, Windows XP SP2 Home Edition, and
Windows XP SP2 Professional.

What is a Windows Defender?

Windows Defender is software that helps protect your computer against pop-ups, slow
performance, and security threats caused by spyware and other unwanted software by
detecting and removing known spyware from your computer. Windows Defender
features Real-Time Protection, a monitoring system that recommends actions against
spyware when it's detected, minimizes interruptions, and helps you stay productive.

The benefits of installing Windows Defender include:

Spyware detection and removal

 Windows Defender quickly and easily finds spyware and other unwanted
programs that can slow down your computer, display annoying pop-up ads,
change Internet settings, or use your private information without your consent.
 Windows Defender eliminates detected spyware easily at your direction, and if
you inadvertently remove programs that you actually want, it's easy to get
them back.
 Windows Defender allows you to schedule your scanning and removal times
when it's convenient for you, whether it's on-demand or on a schedule that you
set.

Improved Internet browsing safety

 Windows Defender helps stop spyware before it infiltrates your computer.

Windows Defender also offers a continuous safeguard designed to target all
the ways that spyware can infiltrate your computer.
 Windows Defender works without distracting you. It runs in the background
and automatically handles spyware based on preferences that you set. You can
use your computer with minimal interruption.

Protection against the latest threats

 A dedicated team of Microsoft researchers continuously searches the Internet

to discover new spyware and develop methods to counteract it.
 A voluntary, worldwide network of Windows Defender users helps Microsoft
determine which suspicious programs to classify as spyware. Participants help
discover new threats quickly and notify Microsoft analysts, so that everyone is
better protected. Anyone who uses Windows Defender can join this network
and help report potential spyware to Microsoft.
  To help protect your computer from the latest threats, you can choose to have
updates that counteract new spyware automatically downloaded to your
computer.

How To Prevent Becoming Infected With A Virus:-

Like human viruses an ounce of prevention is indeed worth a pound of cure when it
comes to preventing having your computer being infected with a virus or other
malicious software. There are some simple steps you can take to prevent having your
PC infected with a virus, spyware, or even a Trojan Horse.

1. Avoid using file sharing programs such. It allows you to access to millions of other
computer users files, such as games, music, and other files. Unfortunately, that free
game or MP3 music files just downloaded could very well contain a virus or other
malicious software.

2. Next, avoid opening an email attachment from someone you don't know. In fact,
don't even open an email attachment from someone you know, unless you know
specifically what the attachment is. Your friend sending you that "cute little joke"
might not be as internet security savvy as you are. That email attachment might
contain more than you bargained for, being bundled with a computer virus or other
malware.

3. Be sure to keep your operating system up to date. Enable Windows Updates to

download and install the newest updates automatically. To configure Windows Vista
to install updates automatically, click the Start button, followed by All Programs,
Windows Update, and Change settings. Now, select Install Updates Automatically.
Use the drop down menu below to select the time and date to install new updates.
Finally, click on the OK icon.

4. Use an alternative web browser to Internet Explorer such as Firefox or Opera.

Hackers are more likely to go after the "big fish" and attack Internet Explorer. This is
because the majority of Internet users still use Internet Explorer to surf the Net. In
fact, an independent study shows that, in 2006, IE users were vulnerable to online
threat a massive 78% of the time. Firefox users are only 2%.

5. Install firewall software, some of which can be downloaded for free online.
Windows Vista and XP are actually bundled with a firewall. Just be sure to ensure
that the Windows firewall is on.

6. Finally, it is crucial to have anti-virus software installed on your computer. There is

free anti-virus software available to download online. Just be sure to keep it up to
date.

There are few simple steps which could be followed to remove the viruses from the
computer, which are as follows:

1. Firstly, install the latest updates from Microsoft Update on the computer.
 2. Always update the antivirus software on the computer. Then, scan the
computer by using the antivirus software (It could detect and/or remove the
viruses from computer).
3. Download, install, and then run the Microsoft Malicious Software Removal
Tool to remove existing viruses on the computer.

Conclusions:

There are lots of viruses in the world and new viruses are coming up every day. There
are new anti-virus programs and techniques developed too. It is good to be aware of
viruses and other malware and it is cheaper to protect your systems from them rather
then being sorry.

There might be a virus in your computer if it starts acting differently. There is no

reason to panic if the computer virus is found.

It is good to be a little suspicious of malware when you surf in the Internet and
download files. Some files that look interesting might hide a malware.

A computer virus is a program that reproduces itself and its mission is to spread out.
Most viruses are harmless and some viruses might cause random damage to data files.

A Trojan horse is not a virus because it doesn't reproduce. The Trojan horses are
usually masked so that they look interesting. There are Trojan horses that steal
passwords and formats hard disks.

Marco viruses spread from applications which use macros. Macro viruses‘ spreads
fast because people share so much data, email documents and use the Internet to get
documents. Macros are also very easy to write.

Some people want to experiment how to write viruses and test their programming
talent. At the same time they do not understand about the consequences for other
people or they simply do not care.

These viruses are being made or written either to infect or harm the systems or by the
hackers to hack the another user‘s system or his E-Mail ID to misuse it.

Viruses‘ mission is to hop from program to other and this can happen via floppy
disks, Internet FTP sites, newsgroups and via email attachments. Viruses are mostly
written for PC-computers and DOS environments.

Viruses are not any more something that just programmers and computer specialist
have to deal with. Today everyday every user has to deal with viruses.