DS
Uploaded byDark Side
DOCX, PDF578 views

Computer virus

The document is a seminar report on computer viruses submitted for a B.Tech degree, highlighting the definition, types, and impacts of computer viruses. It discusses various virus categories, including worms, trojans, adware, rootkits, and ransomware, explaining their behaviors, spread mechanisms, and potential harm. Additionally, it includes acknowledgments, an abstract, and references, alongside figures and tables related to the topic.

Embed presentation

Download to read offline
Domain Seminar Report on Computer Viruses Submitted by: B.Tech (CSE/IT) II Semester Under the Guidance of Amity School of Engineering and Technology AMITY UNIVERSITY RAJASTHAN
Declaration I hereby declare that the report entitled Computer Viruses submitted for the partial fulfilment of B.Tech degree is my original work and the report has not formed the basis for the award of any degree, associate ship, fellowship or any other similar titles. Counter Signature of the Guide: Name of the Guide : Designation: Date:
Acknowledgements First of all, I would like to sincerely thank my supervisor, , for his persistent support, guidance, help, and encouragement during the whole process of my study. Moreover, I would like to thank our Director- ASET and Dr. Tarun Kumar Sharma, HOD, CSE who were always there whenever we needed any support. I would also like to thank my parents for their well wishes to complete this work. Finally thanks to all friends for their support. Contents
Abstract Pg.No.1 List of Figures and Tables Pg.No.2 1 Introduction Pg.No.3 1.1 What are the Computer viruses? Pg.No.3 1.2 adsa d How do Computer viruses attack? Pg.No.4 1.3 How do Computer viruses spread? Pg.No.4 1.4 What are the signs of Computer viruses? Pg.No.5 1.5 What are the different types of Computer virus? Pg.No.5 2 CategoriesofComputer viruses Pg.No.7 2.1 Worms Pg.No.7 2.2 Trojan Pg.No.8 2.3 Adware Pg.No.9 2.4 Rootkit Pg.No.10 2.5 Ransomware Pg.No.12 3 Virus Histroy Pg.No.16 3.1 Before the Virus Pg.No.16 3.2 Initial era Pg.No.16 3.3 The Document Virus Pg.No.17 4 Impact on IT system Pg.No.18 4.1 Intro Pg.No.18 4.1.1 Harmless effect Pg.No.18 4.1.2 Compatibility problem Pg.No.18 4.1.3 Compromise system integrity Pg.No.18 4.1.4 Granting un-authorised access Pg.No.19 4.1.5 Discloser of confidential data Pg.No.19 4.1.6 Computer resource usage Pg.No.19 4.1.7 Human resource usage Pg.No.19 4.1.8 PR aspects Pg.No.20 References Pg.No.21
1 Abstract A virus is a small piece of software that piggybacks on real programs in order to get executed. Once it’s running, it spreads by inserting copies of itself into other executable code or documents. A piece of code which is capable of copying itself and typically has a detrimental effect, such as corrupting the system or destroying data. Computer viruses currently cause billions of dollars' worth of economic damage each year, due to causing system failure, wasting computer resources, corrupting data, increasing maintenance costs, etc. In response, free antivirus tools have been developed, and an industry of antivirus software has cropped up, selling or freely distributing virus protection to users of various operating systems. As of 2005, even though no currently existing antivirus software was able to uncover all computer viruses (especially new ones), computer security researchers are actively searching for new ways to enable antivirus solutions to more effectively detect emerging viruses, before they have already become widely distributed.
2 List of Figures and Tables Figure 1 Virus detected by Computer Pg.No.3 Figure 2 Virus spreading Pg.No.4 Figure 3 Hex dump of the worm Pg.No.7 Figure 4 Example of Adware and pop-ups Pg.No.10 Figure 5 Working of Rootkits Pg.No.11 Figure 6 Paying Ransomware Pg.No.12 Figure 6 Reveton Pg.No.15
3 Chapter - 1 Introduction 1.1 What are Computer Viruses ? A computer virus, much like a flu virus, is designed to spread from host to host and has the ability to replicate itself. Similarly, in the same way that flu viruses cannot reproduce without a host cell, computer viruses cannot reproduce and spread without programming such as a file or document. In more technical terms, a computer virus is a type of malicious code or program written to alter the way a computer operates and is designed to spread from one computer to another. A virus operates by inserting or attaching itself to a legitimate program or document that supports macros in order to execute its code. In the process, a virus has the potential to cause unexpected or damaging effects, such as harming the system software by corrupting or destroying data. Figure 1 : Virus detected by Computer
4 1.2 How the Computer Virus attack? Once a virus has successfully attached to a program, file, or document, the virus will lie dormant until circumstances cause the computer or device to execute its code. In order for a virus to infect your computer, you have to run the infected program, which in turn causes the virus code to be executed. This means that a virus can remain dormant on your computer, without showing major signs or symptoms. However, once the virus infects your computer, the virus can infect other computers on the same network. Stealing passwords or data, logging keystrokes, corrupting files, spamming your email contacts, and even taking over your machine are just some of the devastating and irritating things a virus can do. While some viruses can be playful in intent and effect, others can have profound and damaging effects. This includes erasing data or causing permanent damage to your hard disk. Worse yet, some viruses are designed with financial gains in mind. Figure 2 : Virus spreading 1.3 How do Computer Viruses spread? In a constantly connected world, you can contract a computer virus in many ways, some more obvious than others. Viruses can be spread through email and text message attachments, Internet file downloads, and social media scam links. Your mobile devices and smartphones can become infected with mobile viruses through shady app downloads. Viruses can hide disguised as attachments of socially shareable content such as funny images, greeting cards, or audio and video files.
5 To avoid contact with a virus, it’s important to exercise caution when surfing the web, downloading files, and opening links or attachments. To help stay safe, never download text or email attachments that you’re not expecting, or files from websites you don’t trust. They are usually downloaded by the sites which provided free games and torrent sites. Most users download application which are not paid but reality they are paid on their own company sites. 1.4 What are the signs of Computer Virus? A computer virus attack can produce a variety of symptoms. Here are some of them:  Frequent pop-up windows. Pop-ups might encourage you to visit unusual sites. Or they might prod you to download antivirus or other software programs.  Changes to your homepage. Your usual homepage may change to another website, for instance. Plus, you may be unable to reset it.  Mass emails being sent from your email account. A criminal may take control of your account or send emails in your name from another infected computer.  Frequent crashes. A virus can inflict major damage on your hard drive. This may cause your device to freeze or crash. It may also prevent your device from coming back on.  Unusually slow computer performance. A sudden change of processing speed could signal that your computer has a virus.  Unknown programs that start up when you turn on your computer. You may become aware of the unfamiliar program when you start your computer. Or you might notice it by checking your computer’s list of active applications.  Unusual activities like password changes. This could prevent you from logging into your computer. 1.5 What are the difference types of Computer Virus? 1. Boot sector virus This type of virus can take control when you start — or boot — your computer. One way it can spread is by plugging an infected USB drive into your computer. 2. Web scripting virus This type of virus exploits the code of web browsers and web pages. If you access such a web page, the virus can infect your computer. 3. Browser hijacker
6 This type of virus “hijacks” certain web browser functions, and you may be automatically directed to an unintended website. 4. Resident virus This is a general term for any virus that inserts itself in a computer system’s memory. A resident virus can execute anytime when an operating system loads. 5. Direct action virus This type of virus comes into action when you execute a file containing a virus. Otherwise, it remains dormant. 6. Polymorphic virus A polymorphic virus changes its code each time an infected file is executed. It does this to evade antivirus programs. 7. File infector virus This common virus inserts malicious code into executable files — files used to perform certain functions or operations on a system. 8. Multipartite virus This kind of virus infects and spreads in multiple ways. It can infect both program files and system sectors. 9. Macro virus Macro viruses are written in the same macro language used for software applications. Such viruses spread when you open an infected document, often through email attachments.
7 Chapter -2 Categories of Virus 2.1 Worms Worm is a self-replicating program, similar to a computer virus. A virus attaches itself to, and becomes part of, another executable program; however, a worm is self-contained and does not need to be part of another program to propagate. Worm is a small piece of software that uses computer networks and security holes to replicate itself. A copy of the worm scans the network for another machine that has a specific security hole. It copies itself to the new machine using the security hole, and then starts replicating from there, as well. Figure 3 – Hex dump of the worm, showing a message left for Microsoft CEO Bill Gates by the worm programmer Blaster [2] Worms spread by exploiting vulnerabilities in operating systems. Vendors with security problems supply regular security updates (see "Patch Tuesday"), and if these are installed to a machine then the majority of worms are unable to spread to it. If a vulnerability is disclosed before the security patch released by the vendor, a zero-day attack is possible. Like the ILOVEYOU virus, which destroyed the files of more than 50 million internet users worldwide, rendered PCs unbootable, copied people’s passwords and sent them to its creators, and caused up to US$9 billion in damages in the year 2000.
8 2.2 Trojans A Trojan horse, or Trojan, is any malware which misleads users of its true intent. The term is derived from the Ancient Greek story of the deceptive wooden horse that led to the fall of the city of Troy. Trojans are generally spread by some form of social engineering, for example where a user is duped into executing an e-mail attachment disguised to appear not suspicious, (e.g., a routine form to be filled in), or by clicking on some fake advertisement on social media or anywhere else. Although their payload can be anything, many modern forms act as a backdoor, contacting a controller which can then have unauthorized access to the affected computer. Trojans may allow an attacker to access users' personal information such as banking information, passwords, or personal identity. It can also delete a user's files or infect other devices connected to the network. Ransomware attacks are often carried out using a Trojan. Unlike computer viruses and worms, Trojans generally do not attempt to inject themselves into other files or otherwise propagate themselves. This is normally done by social engineering -- the author of the Trojan horse has to convince you to download the application. Alternately, he or she might send the program to you in an e-mail message hoping you execute it. Again, this is why it is called a Trojan horse -- you have to consciously or unconsciously run the .exe file to install the program -- it doesn't propagate on its own like a virus (see How Computer Viruses Work for a description of Trojans and viruses). Once you execute the program, the Trojan server is installed and will start running automatically every time you power up your computer. The most common way Trojan horses spread is through e-mail attachments. The developers of these applications typically use spamming techniques to send out hundreds or even thousands of e-mails to unsuspecting people; those who open the messages and download the attachment end up having their systems infected. Crackers -- hackers who use their computer skills to create mischief or cause damage intentionally -- can send out Trojans that turn innocent Web surfer's computers into zombie computers, so-called because the person with the infected computer rarely knows his system is under control. Crackers then use these zombie computers to send out more viruses, eventually creating networks of zombie computers known as botnets. Trojan in this way may require interaction with a malicious controller (not necessarily distributing the Trojan) to fulfill their purpose. It is possible for those involved with Trojans to scan computers on a network to locate any with a Trojan installed, which the hacker can then control. Some Trojans take advantage of a security flaw in older versions of Internet Explorer and Google Chrome to use the host computer as an anonymizer proxy to effectively hide Internet usage, enabling the controller to use the Internet for illegal purposes while all potentially incriminating evidence indicates the infected computer or its IP address. The host's computer
9 may or may not show the internet history of the sites viewed using the computer as a proxy. The first generation of anonymizer Trojan horses tended to leave their tracks in the page view histories of the host computer. Later generations of the Trojan tend to "cover" their tracks more efficiently. Several versions of Sub7 have been widely circulated in the US and Europe and became the most widely distributed examples of this type of Trojan. 2.3 Adware Adware, or advertising-supported software, is software that generates revenue for its developer by automatically generating online advertisements in the user interface of the software or on a screen presented to the user during the installation process. The software may generate two types of revenue: one is for the display of the advertisement and another on a "pay-per-click" basis, if the user clicks on the advertisement. The software may implement advertisements in a variety of ways, including a static box display, a banner display, full screen, a video, pop-up ad or in some other form. Adware is categorized as follows:  Legitimate: Free or trial product sponsored advertisements  Spyware: Tracks user website preferences and compromises privacy Adware may appear innocuous and provide users with legitimate business software but then unleash spyware that collects browser search data for targeted user-specific advertisements. Uninstalling adware generally requires anti-adware software. A variety of free and paid versions are available, but licensed adware is the most reliable, aggressive and recommended. Anti-adware software is also included in virus scanning packages. Application software Some software is offered in both an advertising-supported mode and a paid, advertisement- free mode. The latter is usually available by an online purchase of a license or registration code for the software that unlocks the mode, or the purchase and download of a separate version of the software. Some software authors offer advertising-supported versions of their software as an alternative option to business organizations seeking to avoid paying large sums for software licenses, funding the development of the software with higher fees for advertisers. Software as a service Support by advertising is a popular business model of software as a service (SaaS) on the Web. Notable examples include the email service Gmail and other Google Apps (now G Suite) products, and the social network Facebook. Microsoft has also adopted the advertising- supported model for many of its social software SaaS offerings. The Microsoft Office Live service was also available in an advertising-supported mode.
10 Figure 4 – Example of Adware and pop-ups 2.4 Rootkits A rootkit is software used by a hacker to gain constant administrator-level access to a computer or network. A rootkit is typically installed through a stolen password or by exploiting a system vulnerabilities without the victim's consent or knowledge. Rootkits primarily aim at user-mode applications, but they also focus on a computer’s hypervisor, the kernel, or even firmware. Rootkits can completely deactivate or destroy the anti-malware software installed in an infected computer, thus making a rootkit attack difficult to track and eliminate. When done well, the intrusion can be carefully concealed so that even system administrators are unaware of it.
11 Figure 5 – Working of Rootkits Rootkits may be also presented as a Trojan or even as a hidden file along with a seemingly harmless file. This can be a graphic or even a silly application distributed via email. When the victim clicks the program or graphic, the rootkits are installed on their system without their knowledge. Some of the impacts of rootkits are often to:  Provide the attacker with complete backdoor access, permitting them to falsify or steal documents.  Hide other malware, especially keyloggers. The keyloggers may then be used to access and steal the victim's sensitive data.  Enable the attacker to use the infected machine as a zombie computer to trigger attacks on others.
12 2.5 Ransomware Ransomware is a subset of malware in which the data on a victim's computer is locked, typically by encryption, and payment is demanded before the ransomed data is decrypted and access is returned to the victim. The motive for ransomware attacks is nearly always monetary, and unlike other types of attacks, the victim is usually notified that an exploit has occurred and is given instructions for how to recover from the attack. Payment is often demanded in a virtual currency, such as Bitcoin, so that the cybercriminal's identity is not known. Ransomware malware can be spread through malicious email attachments, infected software apps, infected external storage devices and compromised websites. Attacks have also used remote desktop protocol and other approaches that do not rely on any form of user interaction. Figure 6 – WannaCry Ransomware attacks are typically carried out using a Trojan that is disguised as a legitimate file that the user is tricked into downloading or opening when it arrives as an email attachment. However, one high-profile example, the "WannaCry worm", traveled automatically between computers without user interaction. Ransomware kits on the deep web have allowed cybercriminals to purchase and use a software tool to create ransomware with specific capabilities. They can then generate this malware for their own distribution and with ransoms paid to their bitcoin accounts. As with
13 much of the rest of the IT world, it is now possible for those with little or no technical background to order up inexpensive ransomware as a service (RaaS) and launch attacks with minimal effort. In one RaaS scenario, the provider collects the ransom payments and takes a percentage before distributing the proceeds to the service user. Figure 6 – Paying Ransomware Types of ransomware Attackers may use one of several different approaches to extort digital currency from their victims. For example:  Ransomware known as scareware will try and pose as security software or tech support. Victims may receive pop-up notifications saying malware has been discovered on their system (which, an un-owned security software would not have access to this information). Not responding to this will not do anything except lead to more pop-ups.  Screen lockers, or lockers, are a type of ransomware designed to completely lock a user out of their computer. Upon starting up the computer a victim may then see what looks to be an official government seal, leading the victim into believing they are the subject of an official inquiry. After being informed that unlicensed software or illegal web content has been found on their computer, the victim is given instructions for how to pay an electronic fine. However, official government organizations would not do this; they instead would go through proper legal channels and procedures.
14  In encrypting ransomware, or data kidnapping attacks, the attacker will gain access to and encrypt the victim’s data and ask for a payment to unlock the files. Once this happens, there is no guarantee that the victim will get access to their data back- even if they negotiate for it.  Similar to encrypting ransomware, the attacker may also encrypt files on infected devices and will make money by selling a product that promises to help the victim unlock files and prevent future malware attacks.  In doxware, an attacker may also threaten to publish your data online if the victim does not pay a ransom.  Mobile ransomware is ransomware which affects mobile devices. An attacker can use mobile ransomware to steal data from a phone or lock it and require a ransom to return the data or unlock the device.  The victim may also receive a pop-up message or email ransom note warning that if the demanded sum is not paid by a specific date, the private key required to unlock the device or decrypt files will be destroyed. WannaCry In May 2017, the WannaCry ransomware attack spread through the Internet, using an exploit vector named EternalBlue, which was leaked from the U.S. National Security Agency. The ransomware attack, unprecedented in scale, infected more than 230,000 computers in over 150 countries, using 20 different languages to demand money from users using Bitcoin cryptocurrency. WannaCry demanded US$300 per computer. The attack affected Telefonica and several other large companies in Spain, as well as parts of the British National Health Service (NHS), where at least 16 hospitals had to turn away patients or cancel scheduled operations, FedEx, Deutsche Bahn, Honda, Renault, as well as the Russian Interior Ministry and Russian telecom MegaFon. The attackers gave their victims a 7-day deadline from the day their computers got infected, after which the encrypted files would be deleted. CryptoLocker Encrypting ransomware reappeared in September 2013 with a Trojan known as CryptoLocker, which generated a 2048-bit RSA key pair and uploaded in turn to a command-and-control server, and used to encrypt files using a whitelist of specific file extensions. The malware threatened to delete the private key if a payment of Bitcoin or a pre- paid cash voucher was not made within 3 days of the infection. Due to the extremely large key size it uses, analysts and those affected by the Trojan considered CryptoLocker extremely difficult to repair. Even after the deadline passed, the private key could still be obtained using an online tool, but the price would increase to 10 BTC—which cost approximately US$2300 as of November 2013. CryptoLocker was isolated by the seizure of the Gameover ZeuS botnet as part of Operation Tovar, as officially announced by the U.S. Department of Justice on 2 June 2014. The
15 Department of Justice also publicly issued an indictment against the Russian hacker Evgeniy Bogachev for his alleged involvement in the botnet. It was estimated that at least US$3 million was extorted with the malware before the shutdown. Reveton In 2012, a major ransomware Trojan known as Reveton began to spread. Based on the Citadel Trojan (which itself, is based on the ZeusTrojan), its payload displays a warning purportedly from a law enforcement agency claiming that the computer has been used for illegal activities, such as downloading unlicensed software or child pornography. Due to this behaviour, it is commonly referred to as the "Police Trojan". The warning informs the user that to unlock their system, they would have to pay a fine using a voucher from an anonymous prepaid cash service such as Ukash or paysafecard. To increase the illusion that the computer is being tracked by law enforcement, the screen also displays the computer's IP address, while some versions display footage from a victim's webcam to give the illusion that the user is being recorded. Figure 6 – Reveton Reveton initially began spreading in various European countries in early 2012.[5] Variants were localized with templates branded with the logos of different law enforcement organizations based on the user's country; for example, variants used in the United Kingdom contained the branding of organizations such as the Metropolitan Police Service and the Police National E-Crime Unit. Another version contained the logo of the royalty collection society PRS for Music, which specifically accused the user of illegally downloading music. In a statement warning the public about the malware, the Metropolitan Police clarified that they would never lock a computer in such a way as part of an investigation.
16 In May 2012, Trend Micro threat researchers discovered templates for variations for the United States and Canada, suggesting that its authors may have been planning to target users in North America. By August 2012, a new variant of Reveton began to spread in the United States, claiming to require the payment of a $200 fine to the FBI using a MoneyPak card. In February 2013, a Russian citizen was arrested in Dubai by Spanish authorities for his connection to a crime ring that had been using Reveton; ten other individuals were arrested on money laundering charges. In August 2014, Avast Software reported that it had found new variants of Reveton that also distribute password- stealing malware as part of its payload.
17 Chapter - 3 Virus History 3.1. Before the viruses UNIX worms and academic papers 1970 – 1988. Viruses are not a new invention. The idea of self-replicating computer programs has been around for decades. This idea has emerged in science fiction literature, scientific papers and even experiments at least since the early 1970s. Some attempts to perform maintenance tasks in large networks using worms were made, but this technology did not become widespread or well known. One of the milestones in virus history was the research performed by Dir. Fred Cohen in the early 1980s. Cohen formed the original definition of a virus; a program that can infect other programs by modifying them to include a copy of itself. Cohen’s work was truly ground breaking as it was published before the first viruses were ever made. In the 1980s the Internet was a network that connected university computers to each other. This network was pretty vulnerable to pure worms, which was to be demonstrated by a young student named Robert Morris. The first major malware incident was probably the Morris worm in November 1988. This UNIX-based worm knocked out almost all computers on the Internet, causing a lot of media interest and many headlines. 3.2. The initial era Standalone computers and LANs 1987 – 1990. The first PCs were made in the early 1980s. The personal computer concept was new and revolutionary, and its popularity grew faster than anyone expected. PCs were already a usable and affordable technology for companies in the late 1980s. The rapid growth also brought computer technology closer to a larger number of individuals. Several early viruses were made around 1987 – 1988, at least partly inspired by Cohen’s work. Lehigh2 , Jerusalem3 and Brain4 are examples of the earliest viruses. Boot sector viruses were the first type of virus to become common. Floppy diskettes were the only way to transfer data from one PC to another so it is natural that the first viruses used this media to replicate. The other basic type of virus, traditional file viruses, also started to become more common at this time. 1990 – 1995 Local area networks began to appear in business environments. This development gave the traditional file viruses a small advantage compared to boot sector viruses. However, both groups were still common. The virus problem was not very well known at this time. Many computer users were able to work for several years without encountering a virus. Finding a virus was a rare event and some users collected the samples
18 they found. Some viruses did, however, cause damage and business users started to become aware of the problem. The boot sector virus Form5 became the most widespread virus during this period. Another well-known virus of this era was Dark Avenger, also known as Eddie6 , and which was a very destructive virus. 3.3. The document viruses Towards a major problem 1995 – 1998. From 1995, local area networks are already standard equipment in most companies using personal computers. Internet connections also started to become popular, especially in larger companies. The concept of email had been known in the UNIX world for decades, but now this technology entered PC based corporate networks as well. The presence of a local area network and Internet connectivity opened totally new ways to communicate. The LAN was not just a way to share disks and printers anymore. Email had become a significant communication channel, especially in large multinational companies. The new technology introduced by email and the Internet revolutionized the way to work with personal computers. But the existing viruses were not able to benefit from the new technology. The number of boot sector virus infections started to decline when LANs, email and CD-ROMs made floppies obsolete. File viruses did not benefit either as email was rarely used for sending program files. The first macro virus, WM/Concept7 , was discovered in August 1995. This virus was clearly a proof-of-concept virus, as the name also indicates. The virus contained a routine called “Payload” but the only line in this routine was “This should be enough to prove my point”. It soon became clear that this new category of viruses, one that infected document files, was spreading quickly. An infected document could be transmitted to a large number of users in minutes. More and more of a company’s IT support resources were used for cleaning up virus infections. Viruses were not a funny joke anymore; they had become a real problem especially for large companies. Some of the common viruses at this time were WM/Cap8 and XM/Laroux9 .
19 Chapter 4 Impact on IT systems 4.1 Intro The damage caused by viruses and worms can be divided into two categories: intentional damage and unintentional damage. Intentional damage, or harmless effects, is caused explicitly by the payload routine. Unintentional damage may be caused as a side effect when the virus replicates. It is a common misconception that all viruses are malicious by nature. As a matter of fact, many common viruses lack a payload altogether. It is natural that a virus that does not harm its hosts spreads much more efficiently than a destructive virus. The virus is dependent on the host and harming it also reduces the virus’ chances to replicate. The term harmless virus is sometimes used to describe a virus that lacks a payload routine, or has a payload routine that only contains non-malicious effects. However, this term is misleading as most viruses are likely to cause some kind of unintentional damage. Several of the groups listed here apply to all viruses, especially the unintentional PR damages and IT support workload. Many viruses also contain a single or multiple intentional effects. 4.1.1 Harmless effects These effects are always produced by the payload routine, but they are not malicious. The effect may be a picture, animations or video, music or sounds, interactive functions, political messages etc. These effects usually give you an idea about the virus author’s way of thinking, age or nationality. These effects may be funny or annoying and may distract or disturb the user, but they do not cause any permanent damage. 4.1.2 Compatibility problems Individuals make viruses and worms and they do not have resources to test their creations on a wide range of computer systems. Nor do they develop the viruses according to quality control systems and guidelines. This makes it likely that they cause compatibility problems when run on systems that differ from the one on which they were developed. These problems can occur as error messages, crashes, inability to access certain functions etc. These problems are grouped as unintentional damage. 4.1.3 Compromising system Integrity Intentional damage is often caused by erasure or modification of data. Erasing files is perhaps the most obvious way to cause damage. Erasing files, however, is a clumsy way and modern, well maintained, systems can usually recover from backups. Modifying data is a much more sophisticated strategy. Small changes are made to the system now and then. The backup routine stores partially corrupted data until the virus is detected. Restoring the data is hard or impossible as several generations of backups are compromised. The last correct backups may be too old and it may even be hard to tell which backups are or are not valid. High-level viruses, such as macro viruses, do not have to operate on binary data as previous viruses did. The macro languages provide powerful functions for modifying data in documents. This enables viruses to perform sinister modifications that are critical but hard to detect. For
20 example, it is possible for a macro virus to alter the text of a document before printing, but show the correct form on screen. Usage of corrupted data may lead to severe damage. An Excel sheet may, for example, be used to calculate the amount of concrete needed for a bridge, or calculate how much fuel a jumbo jet needs to cross the Pacific. 4.1.4 Granting unauthorized access Viruses may plant backdoors in the system, or steal passwords. These functions can later be used by hackers to access the system. Damage caused by such hacking activities is hard to predict. Unauthorized usage of the system may, for example, continue unnoticed for a long time. 4.1.5 Disclosure of confidential data Viruses and worms have access to the same communication methods as the user, and even use them to replicate. A payload routine may easily locate documents that match certain criteria and send them to anyone on the Internet. Some email worms also cause disclosure of data as a part of replication. The worms that replicate when attached to a document, such as Melissa, send this document to recipients to whom the user had no intention of sending the document. The following example illustrates this. A company asks for offers from several vendors. One of the vendors is infected with Melissa. The offer is mailed to the buyer as a document infected with Melissa. The buyer opens the document and becomes infected immediately. The Melissa worm examines the address book and send itself to the first 50 addresses on the list. The document that is sent is the offer from the infected vendor, and the list of recipients probably contains the competitors. 4.1.6 Computer resource usage Viruses and worms can disturb computer systems by spending resources, either intentionally or unintentionally. Some viruses contain payloads that deliberately eat system resources, but resource consumption is probably unintentional in most cases. Unintentional resource consumption may be caused by errors in the virus or the replication. Code Red is an example of this. Searching for new hosts to spread to requires both network traffic and CPU resources. This load was obvious in the slower response time from the infected web servers or even in the total inability to serve users. Another type of intentional resource usage is known as denial-of-service or DOS. This is typically performed using distributed technology where a large number of computers run so-called ‘zombies’. All these zombies are programmed to connect to the same computer simultaneously. This does not significantly harm the systems that run the zombies, but the target system is usually blocked due to an overloaded Internet connection. 4.1.7 Human resource usage Cleaning virus infections means extra work for the IT support staff. This damage, and the downtime for the user, may result in great expense unless the viruses are stopped properly using anti-virus software. Even if viruses are successfully stopped using anti-virus software, the cost of maintaining this system may be seen as a cost caused by viruses.
21 4.1.8 PR aspects The attitude towards viruses is negative. The problem is well known and all business users know the severity. Sending a virus to a customer or business partner is not good for the company’s image. This may be especially dangerous if the incident makes it to the headlines. This is not at all impossible, especially if the virus was included in a mass-produced software product.
22 Conclusion Adapting to new architectures. The computer systems used by business and home users have developed tremendously over the past ten years. Both system architecture and the way we use computers is totally different from the late 1980s and early 1990s. But the virus problem is still there, worse than ever. As a matter of fact, viruses and worms have been able to adopt and benefit from the new features that modern computer environments offer. Virus strains do not evolve as they spread. Some argue that viruses are primitive computer-based life forms, but they certainly lack one of the fundamental capabilities of living creatures: to produce descendants that are slightly more adapted to a new environment than their parents. This means that as viruses cannot adapt to new system architectures, they become extinct when the number of suitable host systems decreases. New strains are always created by a human, never through natural evolution. However, the whole virus problem does adapt to new architectures and benefit from them. New viruses are written as old ones become extinct. This means that there are always new viruses that take advantage of the latest computer architectures. There are always some viruses or worms that are able to efficiently use the latest and most powerful ways to communicate, sometimes even more efficiently than the human users. Increased replication speed The replication speed of viruses depends on the replication strategy and the available communication methods. Today's more powerful computer environments enable viruses and worms to spread much faster than a decade ago. This table describes typical replication speeds for the most common virus types. The conclusion is that replication speed has increased dramatically over the past decade. This emphasizes even further the fact that anti-virus software must be kept up to date to protect the system efficiently. A typical update rate for anti-virus software has accordingly decreased from monthly or bi-monthly to daily or real time.
23 References 1. https://us.norton.com/internetsecurity-malware-what-is-a-computer- virus 2. https://en.wikipedia.org/wiki/File:Virus_Blaster.jpg 3. https://en.wikipedia.org/wiki/Trojan_horse_(computing) 4. https://computer.howstuffworks.com/trojan-horse1.htm 5. https://en.wikipedia.org/wiki/Ransomware#WannaCry 6. https://searchsecurity.techtarget.com/definition/ransomware 7. https://en.wikipedia.org/wiki/Ransomware#/media/File:Metropolitan_ Police_ransomware_scam.jpg

More Related Content

PPTX
Computer virus and antivirus
byMaryam Malik
 
PDF
Computer viruses
byAlfred George
 
PPTX
Computer Virus
byRajah Anuragavan
 
PPTX
presentation on computer virus
byYogesh Singh Rawat
 
PPTX
Computer virus
byAarya Khanal
 
PPTX
Presentation on Computer Viruses
byMohak Jain
 
PPTX
Computer virus
byKawsar Ahmed
 
PPT
Presentation on computer viruses
byNitish Xavier Tirkey
 
Computer virus and antivirus
byMaryam Malik
 
Computer viruses
byAlfred George
 
Computer Virus
byRajah Anuragavan
 
presentation on computer virus
byYogesh Singh Rawat
 
Computer virus
byAarya Khanal
 
Presentation on Computer Viruses
byMohak Jain
 
Computer virus
byKawsar Ahmed
 
Presentation on computer viruses
byNitish Xavier Tirkey
 

What's hot

PPTX
Computer virus
byUtchi
 
PPTX
Computer Virus
byRabab Munawar
 
PPTX
Computer virus
byMark Anthony Maranga
 
PPTX
Computer Virus powerpoint presentation
byshohrabkhan
 
PPTX
Computer worms viruses and Prevention
byPratimesh Pathak
 
ODP
Computer virus
byMaxie Santos
 
PPT
Computer viruses
byPRANJAL SAIKIA
 
PPTX
Computer Viruses
byAnnies Minu
 
PPTX
Antivirus
byMeti Liona
 
PPTX
ANTIVIRUS AND VIRUS Powerpoint presentation
byabhijit chintamani
 
PPTX
Virus and worms
byVikas Sharma
 
PPTX
Computer Virus
byMiddle East International School
 
PPT
Computer virus
byWalden University
 
PPTX
Computer viruses
byAnnies Minu
 
PPTX
Computer Security
byvishal purkuti
 
PPTX
Cyber Security
byBryCunal
 
PPTX
Computer Security and Ethics
byMohsin Riaz
 
PPTX
Cyber Security Update: How to Train Your Employees to Prevent Data Breaches
byParsons Behle & Latimer
 
PPT
Firewall protection
byVC Infotech
 
PPT
Professional ethics in_computing
byUc Man
 
Computer virus
byUtchi
 
Computer Virus
byRabab Munawar
 
Computer virus
byMark Anthony Maranga
 
Computer Virus powerpoint presentation
byshohrabkhan
 
Computer worms viruses and Prevention
byPratimesh Pathak
 
Computer virus
byMaxie Santos
 
Computer viruses
byPRANJAL SAIKIA
 
Computer Viruses
byAnnies Minu
 
Antivirus
byMeti Liona
 
ANTIVIRUS AND VIRUS Powerpoint presentation
byabhijit chintamani
 
Virus and worms
byVikas Sharma
 
Computer Virus
byMiddle East International School
 
Computer virus
byWalden University
 
Computer viruses
byAnnies Minu
 
Computer Security
byvishal purkuti
 
Cyber Security
byBryCunal
 
Computer Security and Ethics
byMohsin Riaz
 
Cyber Security Update: How to Train Your Employees to Prevent Data Breaches
byParsons Behle & Latimer
 
Firewall protection
byVC Infotech
 
Professional ethics in_computing
byUc Man
 

Similar to Computer virus

PDF
What are Computer Viruses.pdf
byBlogger
 
DOCX
COMPUTERS ( types of viruses)
bySowjanya Sampathkumar
 
PPTX
PPT on information technology laws description
byranaanish11062001
 
PPTX
Computer viruses
bySimiAttri
 
PDF
computer virus Report
byrawaabdullah
 
PPT
computervirus.ppt
byPritamSahoo16
 
PPT
Computer viruses, types and preventions
byPrem Kumar Bonam
 
PPTX
Computer Viruses
byTanu Basoiya
 
PPTX
Computer viruses
byDark Side
 
PPTX
Preventing Viruses and other Malicious Code.pptx
bydexdexjoyjoy
 
PPT
Computer Virus
byizzul
 
PPTX
Introduction to Computer Virus
byImtiaz Ahmed
 
PPTX
Computer virus
byKaushik Vemani Venkata
 
PPTX
ANATOMY OF A COMPUTER VIRUS.pptx
byankeetamondal06
 
PPTX
Computer security.pptx
byGovandJamal
 
PPTX
TLE ICT 10 Q3 - VIRUS and its Types.pptx
byglainAE
 
PPTX
pptxComputer virus data how to protect computer
byKamalWalia6
 
DOCX
Computer viruses by joy chakraborty
byJoy Chakraborty
 
PDF
Antivirus security
bymPower Technology
 
PPT
Viruses notes1
byDara Corporates
 
What are Computer Viruses.pdf
byBlogger
 
COMPUTERS ( types of viruses)
bySowjanya Sampathkumar
 
PPT on information technology laws description
byranaanish11062001
 
Computer viruses
bySimiAttri
 
computer virus Report
byrawaabdullah
 
computervirus.ppt
byPritamSahoo16
 
Computer viruses, types and preventions
byPrem Kumar Bonam
 
Computer Viruses
byTanu Basoiya
 
Computer viruses
byDark Side
 
Preventing Viruses and other Malicious Code.pptx
bydexdexjoyjoy
 
Computer Virus
byizzul
 
Introduction to Computer Virus
byImtiaz Ahmed
 
Computer virus
byKaushik Vemani Venkata
 
ANATOMY OF A COMPUTER VIRUS.pptx
byankeetamondal06
 
Computer security.pptx
byGovandJamal
 
TLE ICT 10 Q3 - VIRUS and its Types.pptx
byglainAE
 
pptxComputer virus data how to protect computer
byKamalWalia6
 
Computer viruses by joy chakraborty
byJoy Chakraborty
 
Antivirus security
bymPower Technology
 
Viruses notes1
byDara Corporates
 

Recently uploaded

PDF
Albert Pintoy - Specializing In Low-Latency
byAlbert Pintoy
 
PDF
Presentation-on-Energy-Transition-in-Bangladesh-Employment-and-Skills.pdf
bysyedSajib8
 
PPTX
MECCA Empire – Hotel Shuttle System for the 2026 FIFA World Cup
byay2432
 
PPTX
Assessment 4 SRS Presentation - Final (2).pptx
byayush445302
 
PPTX
How to Use Mobile CMMS to Improve Maintenance Operations & Field Productivity
byMaintWiz Technologies Private Limited
 
PPTX
Emerging Trends and Research Frontiers in Chemical Engineering for Green and ...
byChemical Engineering Dept. NIT Rourkela-769008, Odisha, India
 
PDF
Hybrid Anomaly Detection Mechanism for IOT Networks
byIJCNCJournal
 
PPTX
How to Select the Right CMMS Software for Your Organization — A Complete Buye...
byMaintWiz Technologies Private Limited
 
PPTX
TPM Metrics & Measurement: Drive Performance Excellence with TPM | MaintWiz
byMaintWiz Technologies Private Limited
 
PPTX
Plant Performance Strategies: Enhanced Reliability & Operational Efficiency w...
byMaintWiz Technologies Private Limited
 
PPTX
Salesforce Bulk Connector V1 and V2 Deep Dive!
byRajeevRanjan368982
 
PPTX
The Importance of Maintenance Budgets — Maximize Reliability & Control Costs ...
byMaintWiz Technologies Private Limited
 
PPTX
How to Create an Effective Monthly Maintenance Plan for Reliable Plant Operat...
byMaintWiz Technologies Private Limited
 
PPTX
Shutdown Maintenance Explained — Full Plant Turnaround & Best Practices with ...
byMaintWiz Technologies Private Limited
 
PPTX
ISO 14224 Compliance & CMMS Software — A Comprehensive Guide for Reliable Mai...
byMaintWiz Technologies Private Limited
 
PPTX
Role of In Vitro and In Vivo Testing biomedical engineering
bymarisudha1
 
PDF
Engineering Properties of Agricultural Food Materials-.pdf and ppt
byASHWANI VERMA
 
PPTX
Vertical turbine pump explains installed in power plants
bysadanandyadav25
 
PPTX
Takt Time vs Cycle Time vs Lead Time.pptx
byE Concepts
 
PDF
Handheld_Laser_Welding_Presentation 2.pdf
bysinezioveluz
 
Albert Pintoy - Specializing In Low-Latency
byAlbert Pintoy
 
Presentation-on-Energy-Transition-in-Bangladesh-Employment-and-Skills.pdf
bysyedSajib8
 
MECCA Empire – Hotel Shuttle System for the 2026 FIFA World Cup
byay2432
 
Assessment 4 SRS Presentation - Final (2).pptx
byayush445302
 
How to Use Mobile CMMS to Improve Maintenance Operations & Field Productivity
byMaintWiz Technologies Private Limited
 
Emerging Trends and Research Frontiers in Chemical Engineering for Green and ...
byChemical Engineering Dept. NIT Rourkela-769008, Odisha, India
 
Hybrid Anomaly Detection Mechanism for IOT Networks
byIJCNCJournal
 
How to Select the Right CMMS Software for Your Organization — A Complete Buye...
byMaintWiz Technologies Private Limited
 
TPM Metrics & Measurement: Drive Performance Excellence with TPM | MaintWiz
byMaintWiz Technologies Private Limited
 
Plant Performance Strategies: Enhanced Reliability & Operational Efficiency w...
byMaintWiz Technologies Private Limited
 
Salesforce Bulk Connector V1 and V2 Deep Dive!
byRajeevRanjan368982
 
The Importance of Maintenance Budgets — Maximize Reliability & Control Costs ...
byMaintWiz Technologies Private Limited
 
How to Create an Effective Monthly Maintenance Plan for Reliable Plant Operat...
byMaintWiz Technologies Private Limited
 
Shutdown Maintenance Explained — Full Plant Turnaround & Best Practices with ...
byMaintWiz Technologies Private Limited
 
ISO 14224 Compliance & CMMS Software — A Comprehensive Guide for Reliable Mai...
byMaintWiz Technologies Private Limited
 
Role of In Vitro and In Vivo Testing biomedical engineering
bymarisudha1
 
Engineering Properties of Agricultural Food Materials-.pdf and ppt
byASHWANI VERMA
 
Vertical turbine pump explains installed in power plants
bysadanandyadav25
 
Takt Time vs Cycle Time vs Lead Time.pptx
byE Concepts
 
Handheld_Laser_Welding_Presentation 2.pdf
bysinezioveluz
 

Computer virus

  • 1.
    Domain Seminar Reporton Computer Viruses Submitted by: B.Tech (CSE/IT) II Semester Under the Guidance of Amity School of Engineering and Technology AMITY UNIVERSITY RAJASTHAN
  • 2.
    Declaration I hereby declarethat the report entitled Computer Viruses submitted for the partial fulfilment of B.Tech degree is my original work and the report has not formed the basis for the award of any degree, associate ship, fellowship or any other similar titles. Counter Signature of the Guide: Name of the Guide : Designation: Date:
  • 3.
    Acknowledgements First of all,I would like to sincerely thank my supervisor, , for his persistent support, guidance, help, and encouragement during the whole process of my study. Moreover, I would like to thank our Director- ASET and Dr. Tarun Kumar Sharma, HOD, CSE who were always there whenever we needed any support. I would also like to thank my parents for their well wishes to complete this work. Finally thanks to all friends for their support. Contents
  • 4.
    Abstract Pg.No.1 List ofFigures and Tables Pg.No.2 1 Introduction Pg.No.3 1.1 What are the Computer viruses? Pg.No.3 1.2 adsa d How do Computer viruses attack? Pg.No.4 1.3 How do Computer viruses spread? Pg.No.4 1.4 What are the signs of Computer viruses? Pg.No.5 1.5 What are the different types of Computer virus? Pg.No.5 2 CategoriesofComputer viruses Pg.No.7 2.1 Worms Pg.No.7 2.2 Trojan Pg.No.8 2.3 Adware Pg.No.9 2.4 Rootkit Pg.No.10 2.5 Ransomware Pg.No.12 3 Virus Histroy Pg.No.16 3.1 Before the Virus Pg.No.16 3.2 Initial era Pg.No.16 3.3 The Document Virus Pg.No.17 4 Impact on IT system Pg.No.18 4.1 Intro Pg.No.18 4.1.1 Harmless effect Pg.No.18 4.1.2 Compatibility problem Pg.No.18 4.1.3 Compromise system integrity Pg.No.18 4.1.4 Granting un-authorised access Pg.No.19 4.1.5 Discloser of confidential data Pg.No.19 4.1.6 Computer resource usage Pg.No.19 4.1.7 Human resource usage Pg.No.19 4.1.8 PR aspects Pg.No.20 References Pg.No.21
  • 5.
    1 Abstract A virus isa small piece of software that piggybacks on real programs in order to get executed. Once it’s running, it spreads by inserting copies of itself into other executable code or documents. A piece of code which is capable of copying itself and typically has a detrimental effect, such as corrupting the system or destroying data. Computer viruses currently cause billions of dollars' worth of economic damage each year, due to causing system failure, wasting computer resources, corrupting data, increasing maintenance costs, etc. In response, free antivirus tools have been developed, and an industry of antivirus software has cropped up, selling or freely distributing virus protection to users of various operating systems. As of 2005, even though no currently existing antivirus software was able to uncover all computer viruses (especially new ones), computer security researchers are actively searching for new ways to enable antivirus solutions to more effectively detect emerging viruses, before they have already become widely distributed.
  • 6.
    2 List of Figuresand Tables Figure 1 Virus detected by Computer Pg.No.3 Figure 2 Virus spreading Pg.No.4 Figure 3 Hex dump of the worm Pg.No.7 Figure 4 Example of Adware and pop-ups Pg.No.10 Figure 5 Working of Rootkits Pg.No.11 Figure 6 Paying Ransomware Pg.No.12 Figure 6 Reveton Pg.No.15
  • 7.
    3 Chapter - 1 Introduction 1.1What are Computer Viruses ? A computer virus, much like a flu virus, is designed to spread from host to host and has the ability to replicate itself. Similarly, in the same way that flu viruses cannot reproduce without a host cell, computer viruses cannot reproduce and spread without programming such as a file or document. In more technical terms, a computer virus is a type of malicious code or program written to alter the way a computer operates and is designed to spread from one computer to another. A virus operates by inserting or attaching itself to a legitimate program or document that supports macros in order to execute its code. In the process, a virus has the potential to cause unexpected or damaging effects, such as harming the system software by corrupting or destroying data. Figure 1 : Virus detected by Computer
  • 8.
    4 1.2 How theComputer Virus attack? Once a virus has successfully attached to a program, file, or document, the virus will lie dormant until circumstances cause the computer or device to execute its code. In order for a virus to infect your computer, you have to run the infected program, which in turn causes the virus code to be executed. This means that a virus can remain dormant on your computer, without showing major signs or symptoms. However, once the virus infects your computer, the virus can infect other computers on the same network. Stealing passwords or data, logging keystrokes, corrupting files, spamming your email contacts, and even taking over your machine are just some of the devastating and irritating things a virus can do. While some viruses can be playful in intent and effect, others can have profound and damaging effects. This includes erasing data or causing permanent damage to your hard disk. Worse yet, some viruses are designed with financial gains in mind. Figure 2 : Virus spreading 1.3 How do Computer Viruses spread? In a constantly connected world, you can contract a computer virus in many ways, some more obvious than others. Viruses can be spread through email and text message attachments, Internet file downloads, and social media scam links. Your mobile devices and smartphones can become infected with mobile viruses through shady app downloads. Viruses can hide disguised as attachments of socially shareable content such as funny images, greeting cards, or audio and video files.
  • 9.
    5 To avoid contactwith a virus, it’s important to exercise caution when surfing the web, downloading files, and opening links or attachments. To help stay safe, never download text or email attachments that you’re not expecting, or files from websites you don’t trust. They are usually downloaded by the sites which provided free games and torrent sites. Most users download application which are not paid but reality they are paid on their own company sites. 1.4 What are the signs of Computer Virus? A computer virus attack can produce a variety of symptoms. Here are some of them:  Frequent pop-up windows. Pop-ups might encourage you to visit unusual sites. Or they might prod you to download antivirus or other software programs.  Changes to your homepage. Your usual homepage may change to another website, for instance. Plus, you may be unable to reset it.  Mass emails being sent from your email account. A criminal may take control of your account or send emails in your name from another infected computer.  Frequent crashes. A virus can inflict major damage on your hard drive. This may cause your device to freeze or crash. It may also prevent your device from coming back on.  Unusually slow computer performance. A sudden change of processing speed could signal that your computer has a virus.  Unknown programs that start up when you turn on your computer. You may become aware of the unfamiliar program when you start your computer. Or you might notice it by checking your computer’s list of active applications.  Unusual activities like password changes. This could prevent you from logging into your computer. 1.5 What are the difference types of Computer Virus? 1. Boot sector virus This type of virus can take control when you start — or boot — your computer. One way it can spread is by plugging an infected USB drive into your computer. 2. Web scripting virus This type of virus exploits the code of web browsers and web pages. If you access such a web page, the virus can infect your computer. 3. Browser hijacker
  • 10.
    6 This type ofvirus “hijacks” certain web browser functions, and you may be automatically directed to an unintended website. 4. Resident virus This is a general term for any virus that inserts itself in a computer system’s memory. A resident virus can execute anytime when an operating system loads. 5. Direct action virus This type of virus comes into action when you execute a file containing a virus. Otherwise, it remains dormant. 6. Polymorphic virus A polymorphic virus changes its code each time an infected file is executed. It does this to evade antivirus programs. 7. File infector virus This common virus inserts malicious code into executable files — files used to perform certain functions or operations on a system. 8. Multipartite virus This kind of virus infects and spreads in multiple ways. It can infect both program files and system sectors. 9. Macro virus Macro viruses are written in the same macro language used for software applications. Such viruses spread when you open an infected document, often through email attachments.
  • 11.
    7 Chapter -2 Categories ofVirus 2.1 Worms Worm is a self-replicating program, similar to a computer virus. A virus attaches itself to, and becomes part of, another executable program; however, a worm is self-contained and does not need to be part of another program to propagate. Worm is a small piece of software that uses computer networks and security holes to replicate itself. A copy of the worm scans the network for another machine that has a specific security hole. It copies itself to the new machine using the security hole, and then starts replicating from there, as well. Figure 3 – Hex dump of the worm, showing a message left for Microsoft CEO Bill Gates by the worm programmer Blaster [2] Worms spread by exploiting vulnerabilities in operating systems. Vendors with security problems supply regular security updates (see "Patch Tuesday"), and if these are installed to a machine then the majority of worms are unable to spread to it. If a vulnerability is disclosed before the security patch released by the vendor, a zero-day attack is possible. Like the ILOVEYOU virus, which destroyed the files of more than 50 million internet users worldwide, rendered PCs unbootable, copied people’s passwords and sent them to its creators, and caused up to US$9 billion in damages in the year 2000.
  • 12.
    8 2.2 Trojans A Trojanhorse, or Trojan, is any malware which misleads users of its true intent. The term is derived from the Ancient Greek story of the deceptive wooden horse that led to the fall of the city of Troy. Trojans are generally spread by some form of social engineering, for example where a user is duped into executing an e-mail attachment disguised to appear not suspicious, (e.g., a routine form to be filled in), or by clicking on some fake advertisement on social media or anywhere else. Although their payload can be anything, many modern forms act as a backdoor, contacting a controller which can then have unauthorized access to the affected computer. Trojans may allow an attacker to access users' personal information such as banking information, passwords, or personal identity. It can also delete a user's files or infect other devices connected to the network. Ransomware attacks are often carried out using a Trojan. Unlike computer viruses and worms, Trojans generally do not attempt to inject themselves into other files or otherwise propagate themselves. This is normally done by social engineering -- the author of the Trojan horse has to convince you to download the application. Alternately, he or she might send the program to you in an e-mail message hoping you execute it. Again, this is why it is called a Trojan horse -- you have to consciously or unconsciously run the .exe file to install the program -- it doesn't propagate on its own like a virus (see How Computer Viruses Work for a description of Trojans and viruses). Once you execute the program, the Trojan server is installed and will start running automatically every time you power up your computer. The most common way Trojan horses spread is through e-mail attachments. The developers of these applications typically use spamming techniques to send out hundreds or even thousands of e-mails to unsuspecting people; those who open the messages and download the attachment end up having their systems infected. Crackers -- hackers who use their computer skills to create mischief or cause damage intentionally -- can send out Trojans that turn innocent Web surfer's computers into zombie computers, so-called because the person with the infected computer rarely knows his system is under control. Crackers then use these zombie computers to send out more viruses, eventually creating networks of zombie computers known as botnets. Trojan in this way may require interaction with a malicious controller (not necessarily distributing the Trojan) to fulfill their purpose. It is possible for those involved with Trojans to scan computers on a network to locate any with a Trojan installed, which the hacker can then control. Some Trojans take advantage of a security flaw in older versions of Internet Explorer and Google Chrome to use the host computer as an anonymizer proxy to effectively hide Internet usage, enabling the controller to use the Internet for illegal purposes while all potentially incriminating evidence indicates the infected computer or its IP address. The host's computer
  • 13.
    9 may or maynot show the internet history of the sites viewed using the computer as a proxy. The first generation of anonymizer Trojan horses tended to leave their tracks in the page view histories of the host computer. Later generations of the Trojan tend to "cover" their tracks more efficiently. Several versions of Sub7 have been widely circulated in the US and Europe and became the most widely distributed examples of this type of Trojan. 2.3 Adware Adware, or advertising-supported software, is software that generates revenue for its developer by automatically generating online advertisements in the user interface of the software or on a screen presented to the user during the installation process. The software may generate two types of revenue: one is for the display of the advertisement and another on a "pay-per-click" basis, if the user clicks on the advertisement. The software may implement advertisements in a variety of ways, including a static box display, a banner display, full screen, a video, pop-up ad or in some other form. Adware is categorized as follows:  Legitimate: Free or trial product sponsored advertisements  Spyware: Tracks user website preferences and compromises privacy Adware may appear innocuous and provide users with legitimate business software but then unleash spyware that collects browser search data for targeted user-specific advertisements. Uninstalling adware generally requires anti-adware software. A variety of free and paid versions are available, but licensed adware is the most reliable, aggressive and recommended. Anti-adware software is also included in virus scanning packages. Application software Some software is offered in both an advertising-supported mode and a paid, advertisement- free mode. The latter is usually available by an online purchase of a license or registration code for the software that unlocks the mode, or the purchase and download of a separate version of the software. Some software authors offer advertising-supported versions of their software as an alternative option to business organizations seeking to avoid paying large sums for software licenses, funding the development of the software with higher fees for advertisers. Software as a service Support by advertising is a popular business model of software as a service (SaaS) on the Web. Notable examples include the email service Gmail and other Google Apps (now G Suite) products, and the social network Facebook. Microsoft has also adopted the advertising- supported model for many of its social software SaaS offerings. The Microsoft Office Live service was also available in an advertising-supported mode.
  • 14.
    10 Figure 4 –Example of Adware and pop-ups 2.4 Rootkits A rootkit is software used by a hacker to gain constant administrator-level access to a computer or network. A rootkit is typically installed through a stolen password or by exploiting a system vulnerabilities without the victim's consent or knowledge. Rootkits primarily aim at user-mode applications, but they also focus on a computer’s hypervisor, the kernel, or even firmware. Rootkits can completely deactivate or destroy the anti-malware software installed in an infected computer, thus making a rootkit attack difficult to track and eliminate. When done well, the intrusion can be carefully concealed so that even system administrators are unaware of it.
  • 15.
    11 Figure 5 –Working of Rootkits Rootkits may be also presented as a Trojan or even as a hidden file along with a seemingly harmless file. This can be a graphic or even a silly application distributed via email. When the victim clicks the program or graphic, the rootkits are installed on their system without their knowledge. Some of the impacts of rootkits are often to:  Provide the attacker with complete backdoor access, permitting them to falsify or steal documents.  Hide other malware, especially keyloggers. The keyloggers may then be used to access and steal the victim's sensitive data.  Enable the attacker to use the infected machine as a zombie computer to trigger attacks on others.
  • 16.
    12 2.5 Ransomware Ransomware isa subset of malware in which the data on a victim's computer is locked, typically by encryption, and payment is demanded before the ransomed data is decrypted and access is returned to the victim. The motive for ransomware attacks is nearly always monetary, and unlike other types of attacks, the victim is usually notified that an exploit has occurred and is given instructions for how to recover from the attack. Payment is often demanded in a virtual currency, such as Bitcoin, so that the cybercriminal's identity is not known. Ransomware malware can be spread through malicious email attachments, infected software apps, infected external storage devices and compromised websites. Attacks have also used remote desktop protocol and other approaches that do not rely on any form of user interaction. Figure 6 – WannaCry Ransomware attacks are typically carried out using a Trojan that is disguised as a legitimate file that the user is tricked into downloading or opening when it arrives as an email attachment. However, one high-profile example, the "WannaCry worm", traveled automatically between computers without user interaction. Ransomware kits on the deep web have allowed cybercriminals to purchase and use a software tool to create ransomware with specific capabilities. They can then generate this malware for their own distribution and with ransoms paid to their bitcoin accounts. As with
  • 17.
    13 much of therest of the IT world, it is now possible for those with little or no technical background to order up inexpensive ransomware as a service (RaaS) and launch attacks with minimal effort. In one RaaS scenario, the provider collects the ransom payments and takes a percentage before distributing the proceeds to the service user. Figure 6 – Paying Ransomware Types of ransomware Attackers may use one of several different approaches to extort digital currency from their victims. For example:  Ransomware known as scareware will try and pose as security software or tech support. Victims may receive pop-up notifications saying malware has been discovered on their system (which, an un-owned security software would not have access to this information). Not responding to this will not do anything except lead to more pop-ups.  Screen lockers, or lockers, are a type of ransomware designed to completely lock a user out of their computer. Upon starting up the computer a victim may then see what looks to be an official government seal, leading the victim into believing they are the subject of an official inquiry. After being informed that unlicensed software or illegal web content has been found on their computer, the victim is given instructions for how to pay an electronic fine. However, official government organizations would not do this; they instead would go through proper legal channels and procedures.
  • 18.
    14  In encryptingransomware, or data kidnapping attacks, the attacker will gain access to and encrypt the victim’s data and ask for a payment to unlock the files. Once this happens, there is no guarantee that the victim will get access to their data back- even if they negotiate for it.  Similar to encrypting ransomware, the attacker may also encrypt files on infected devices and will make money by selling a product that promises to help the victim unlock files and prevent future malware attacks.  In doxware, an attacker may also threaten to publish your data online if the victim does not pay a ransom.  Mobile ransomware is ransomware which affects mobile devices. An attacker can use mobile ransomware to steal data from a phone or lock it and require a ransom to return the data or unlock the device.  The victim may also receive a pop-up message or email ransom note warning that if the demanded sum is not paid by a specific date, the private key required to unlock the device or decrypt files will be destroyed. WannaCry In May 2017, the WannaCry ransomware attack spread through the Internet, using an exploit vector named EternalBlue, which was leaked from the U.S. National Security Agency. The ransomware attack, unprecedented in scale, infected more than 230,000 computers in over 150 countries, using 20 different languages to demand money from users using Bitcoin cryptocurrency. WannaCry demanded US$300 per computer. The attack affected Telefonica and several other large companies in Spain, as well as parts of the British National Health Service (NHS), where at least 16 hospitals had to turn away patients or cancel scheduled operations, FedEx, Deutsche Bahn, Honda, Renault, as well as the Russian Interior Ministry and Russian telecom MegaFon. The attackers gave their victims a 7-day deadline from the day their computers got infected, after which the encrypted files would be deleted. CryptoLocker Encrypting ransomware reappeared in September 2013 with a Trojan known as CryptoLocker, which generated a 2048-bit RSA key pair and uploaded in turn to a command-and-control server, and used to encrypt files using a whitelist of specific file extensions. The malware threatened to delete the private key if a payment of Bitcoin or a pre- paid cash voucher was not made within 3 days of the infection. Due to the extremely large key size it uses, analysts and those affected by the Trojan considered CryptoLocker extremely difficult to repair. Even after the deadline passed, the private key could still be obtained using an online tool, but the price would increase to 10 BTC—which cost approximately US$2300 as of November 2013. CryptoLocker was isolated by the seizure of the Gameover ZeuS botnet as part of Operation Tovar, as officially announced by the U.S. Department of Justice on 2 June 2014. The
  • 19.
    15 Department of Justicealso publicly issued an indictment against the Russian hacker Evgeniy Bogachev for his alleged involvement in the botnet. It was estimated that at least US$3 million was extorted with the malware before the shutdown. Reveton In 2012, a major ransomware Trojan known as Reveton began to spread. Based on the Citadel Trojan (which itself, is based on the ZeusTrojan), its payload displays a warning purportedly from a law enforcement agency claiming that the computer has been used for illegal activities, such as downloading unlicensed software or child pornography. Due to this behaviour, it is commonly referred to as the "Police Trojan". The warning informs the user that to unlock their system, they would have to pay a fine using a voucher from an anonymous prepaid cash service such as Ukash or paysafecard. To increase the illusion that the computer is being tracked by law enforcement, the screen also displays the computer's IP address, while some versions display footage from a victim's webcam to give the illusion that the user is being recorded. Figure 6 – Reveton Reveton initially began spreading in various European countries in early 2012.[5] Variants were localized with templates branded with the logos of different law enforcement organizations based on the user's country; for example, variants used in the United Kingdom contained the branding of organizations such as the Metropolitan Police Service and the Police National E-Crime Unit. Another version contained the logo of the royalty collection society PRS for Music, which specifically accused the user of illegally downloading music. In a statement warning the public about the malware, the Metropolitan Police clarified that they would never lock a computer in such a way as part of an investigation.
  • 20.
    16 In May 2012,Trend Micro threat researchers discovered templates for variations for the United States and Canada, suggesting that its authors may have been planning to target users in North America. By August 2012, a new variant of Reveton began to spread in the United States, claiming to require the payment of a $200 fine to the FBI using a MoneyPak card. In February 2013, a Russian citizen was arrested in Dubai by Spanish authorities for his connection to a crime ring that had been using Reveton; ten other individuals were arrested on money laundering charges. In August 2014, Avast Software reported that it had found new variants of Reveton that also distribute password- stealing malware as part of its payload.
  • 21.
    17 Chapter - 3 VirusHistory 3.1. Before the viruses UNIX worms and academic papers 1970 – 1988. Viruses are not a new invention. The idea of self-replicating computer programs has been around for decades. This idea has emerged in science fiction literature, scientific papers and even experiments at least since the early 1970s. Some attempts to perform maintenance tasks in large networks using worms were made, but this technology did not become widespread or well known. One of the milestones in virus history was the research performed by Dir. Fred Cohen in the early 1980s. Cohen formed the original definition of a virus; a program that can infect other programs by modifying them to include a copy of itself. Cohen’s work was truly ground breaking as it was published before the first viruses were ever made. In the 1980s the Internet was a network that connected university computers to each other. This network was pretty vulnerable to pure worms, which was to be demonstrated by a young student named Robert Morris. The first major malware incident was probably the Morris worm in November 1988. This UNIX-based worm knocked out almost all computers on the Internet, causing a lot of media interest and many headlines. 3.2. The initial era Standalone computers and LANs 1987 – 1990. The first PCs were made in the early 1980s. The personal computer concept was new and revolutionary, and its popularity grew faster than anyone expected. PCs were already a usable and affordable technology for companies in the late 1980s. The rapid growth also brought computer technology closer to a larger number of individuals. Several early viruses were made around 1987 – 1988, at least partly inspired by Cohen’s work. Lehigh2 , Jerusalem3 and Brain4 are examples of the earliest viruses. Boot sector viruses were the first type of virus to become common. Floppy diskettes were the only way to transfer data from one PC to another so it is natural that the first viruses used this media to replicate. The other basic type of virus, traditional file viruses, also started to become more common at this time. 1990 – 1995 Local area networks began to appear in business environments. This development gave the traditional file viruses a small advantage compared to boot sector viruses. However, both groups were still common. The virus problem was not very well known at this time. Many computer users were able to work for several years without encountering a virus. Finding a virus was a rare event and some users collected the samples
  • 22.
    18 they found. Someviruses did, however, cause damage and business users started to become aware of the problem. The boot sector virus Form5 became the most widespread virus during this period. Another well-known virus of this era was Dark Avenger, also known as Eddie6 , and which was a very destructive virus. 3.3. The document viruses Towards a major problem 1995 – 1998. From 1995, local area networks are already standard equipment in most companies using personal computers. Internet connections also started to become popular, especially in larger companies. The concept of email had been known in the UNIX world for decades, but now this technology entered PC based corporate networks as well. The presence of a local area network and Internet connectivity opened totally new ways to communicate. The LAN was not just a way to share disks and printers anymore. Email had become a significant communication channel, especially in large multinational companies. The new technology introduced by email and the Internet revolutionized the way to work with personal computers. But the existing viruses were not able to benefit from the new technology. The number of boot sector virus infections started to decline when LANs, email and CD-ROMs made floppies obsolete. File viruses did not benefit either as email was rarely used for sending program files. The first macro virus, WM/Concept7 , was discovered in August 1995. This virus was clearly a proof-of-concept virus, as the name also indicates. The virus contained a routine called “Payload” but the only line in this routine was “This should be enough to prove my point”. It soon became clear that this new category of viruses, one that infected document files, was spreading quickly. An infected document could be transmitted to a large number of users in minutes. More and more of a company’s IT support resources were used for cleaning up virus infections. Viruses were not a funny joke anymore; they had become a real problem especially for large companies. Some of the common viruses at this time were WM/Cap8 and XM/Laroux9 .
  • 23.
    19 Chapter 4 Impact onIT systems 4.1 Intro The damage caused by viruses and worms can be divided into two categories: intentional damage and unintentional damage. Intentional damage, or harmless effects, is caused explicitly by the payload routine. Unintentional damage may be caused as a side effect when the virus replicates. It is a common misconception that all viruses are malicious by nature. As a matter of fact, many common viruses lack a payload altogether. It is natural that a virus that does not harm its hosts spreads much more efficiently than a destructive virus. The virus is dependent on the host and harming it also reduces the virus’ chances to replicate. The term harmless virus is sometimes used to describe a virus that lacks a payload routine, or has a payload routine that only contains non-malicious effects. However, this term is misleading as most viruses are likely to cause some kind of unintentional damage. Several of the groups listed here apply to all viruses, especially the unintentional PR damages and IT support workload. Many viruses also contain a single or multiple intentional effects. 4.1.1 Harmless effects These effects are always produced by the payload routine, but they are not malicious. The effect may be a picture, animations or video, music or sounds, interactive functions, political messages etc. These effects usually give you an idea about the virus author’s way of thinking, age or nationality. These effects may be funny or annoying and may distract or disturb the user, but they do not cause any permanent damage. 4.1.2 Compatibility problems Individuals make viruses and worms and they do not have resources to test their creations on a wide range of computer systems. Nor do they develop the viruses according to quality control systems and guidelines. This makes it likely that they cause compatibility problems when run on systems that differ from the one on which they were developed. These problems can occur as error messages, crashes, inability to access certain functions etc. These problems are grouped as unintentional damage. 4.1.3 Compromising system Integrity Intentional damage is often caused by erasure or modification of data. Erasing files is perhaps the most obvious way to cause damage. Erasing files, however, is a clumsy way and modern, well maintained, systems can usually recover from backups. Modifying data is a much more sophisticated strategy. Small changes are made to the system now and then. The backup routine stores partially corrupted data until the virus is detected. Restoring the data is hard or impossible as several generations of backups are compromised. The last correct backups may be too old and it may even be hard to tell which backups are or are not valid. High-level viruses, such as macro viruses, do not have to operate on binary data as previous viruses did. The macro languages provide powerful functions for modifying data in documents. This enables viruses to perform sinister modifications that are critical but hard to detect. For
  • 24.
    20 example, it ispossible for a macro virus to alter the text of a document before printing, but show the correct form on screen. Usage of corrupted data may lead to severe damage. An Excel sheet may, for example, be used to calculate the amount of concrete needed for a bridge, or calculate how much fuel a jumbo jet needs to cross the Pacific. 4.1.4 Granting unauthorized access Viruses may plant backdoors in the system, or steal passwords. These functions can later be used by hackers to access the system. Damage caused by such hacking activities is hard to predict. Unauthorized usage of the system may, for example, continue unnoticed for a long time. 4.1.5 Disclosure of confidential data Viruses and worms have access to the same communication methods as the user, and even use them to replicate. A payload routine may easily locate documents that match certain criteria and send them to anyone on the Internet. Some email worms also cause disclosure of data as a part of replication. The worms that replicate when attached to a document, such as Melissa, send this document to recipients to whom the user had no intention of sending the document. The following example illustrates this. A company asks for offers from several vendors. One of the vendors is infected with Melissa. The offer is mailed to the buyer as a document infected with Melissa. The buyer opens the document and becomes infected immediately. The Melissa worm examines the address book and send itself to the first 50 addresses on the list. The document that is sent is the offer from the infected vendor, and the list of recipients probably contains the competitors. 4.1.6 Computer resource usage Viruses and worms can disturb computer systems by spending resources, either intentionally or unintentionally. Some viruses contain payloads that deliberately eat system resources, but resource consumption is probably unintentional in most cases. Unintentional resource consumption may be caused by errors in the virus or the replication. Code Red is an example of this. Searching for new hosts to spread to requires both network traffic and CPU resources. This load was obvious in the slower response time from the infected web servers or even in the total inability to serve users. Another type of intentional resource usage is known as denial-of-service or DOS. This is typically performed using distributed technology where a large number of computers run so-called ‘zombies’. All these zombies are programmed to connect to the same computer simultaneously. This does not significantly harm the systems that run the zombies, but the target system is usually blocked due to an overloaded Internet connection. 4.1.7 Human resource usage Cleaning virus infections means extra work for the IT support staff. This damage, and the downtime for the user, may result in great expense unless the viruses are stopped properly using anti-virus software. Even if viruses are successfully stopped using anti-virus software, the cost of maintaining this system may be seen as a cost caused by viruses.
  • 25.
    21 4.1.8 PR aspects Theattitude towards viruses is negative. The problem is well known and all business users know the severity. Sending a virus to a customer or business partner is not good for the company’s image. This may be especially dangerous if the incident makes it to the headlines. This is not at all impossible, especially if the virus was included in a mass-produced software product.
  • 26.
    22 Conclusion Adapting to newarchitectures. The computer systems used by business and home users have developed tremendously over the past ten years. Both system architecture and the way we use computers is totally different from the late 1980s and early 1990s. But the virus problem is still there, worse than ever. As a matter of fact, viruses and worms have been able to adopt and benefit from the new features that modern computer environments offer. Virus strains do not evolve as they spread. Some argue that viruses are primitive computer-based life forms, but they certainly lack one of the fundamental capabilities of living creatures: to produce descendants that are slightly more adapted to a new environment than their parents. This means that as viruses cannot adapt to new system architectures, they become extinct when the number of suitable host systems decreases. New strains are always created by a human, never through natural evolution. However, the whole virus problem does adapt to new architectures and benefit from them. New viruses are written as old ones become extinct. This means that there are always new viruses that take advantage of the latest computer architectures. There are always some viruses or worms that are able to efficiently use the latest and most powerful ways to communicate, sometimes even more efficiently than the human users. Increased replication speed The replication speed of viruses depends on the replication strategy and the available communication methods. Today's more powerful computer environments enable viruses and worms to spread much faster than a decade ago. This table describes typical replication speeds for the most common virus types. The conclusion is that replication speed has increased dramatically over the past decade. This emphasizes even further the fact that anti-virus software must be kept up to date to protect the system efficiently. A typical update rate for anti-virus software has accordingly decreased from monthly or bi-monthly to daily or real time.
  • 27.
    23 References 1. https://us.norton.com/internetsecurity-malware-what-is-a-computer- virus 2. https://en.wikipedia.org/wiki/File:Virus_Blaster.jpg 3.https://en.wikipedia.org/wiki/Trojan_horse_(computing) 4. https://computer.howstuffworks.com/trojan-horse1.htm 5. https://en.wikipedia.org/wiki/Ransomware#WannaCry 6. https://searchsecurity.techtarget.com/definition/ransomware 7. https://en.wikipedia.org/wiki/Ransomware#/media/File:Metropolitan_ Police_ransomware_scam.jpg