Computer viruses

Computer Viruses
Ali F. Al Sarraf
Eng. Ali F. Al Sarraf E-Mail: ali.alsarraf@outlook.com 1

Introduction
 A computer virus is a program or piece of code that is loaded onto your computer
without your knowledge and runs against your wishes. Viruses can also replicate
themselves. All computer viruses are man-made. A simple virus that can make
a copy of itself over and over again is relatively easy to produce. Even such a
simple virus is dangerous because it will quickly use all available memory and
bring the system to a halt. An even more dangerous type of virus is one capable of
transmitting itself across networks and by passing security systems.
 Since 1987, when a virus infected ARPANET, a large network used by the Defense
Department and many universities, many antivirus programs have become
available. These programs periodically check your computer system for the best-known
types of viruses.
 Some people distinguish between general viruses and worms. A worm is a special
type of virus that can replicate itself and use memory, but cannot attach itself to
other programs.

History of Computers Viruses
 Computer viruses have been around for a long, long time — pretty much as long as
personal computing and mainstream software development — and they've been
making international news since the Internet graduated from a researcher's toy to
a tool for consumers.
 If you've ever wondered what the first viruses were like and just how bad or
dangerous they were, this info graphic should be an interesting read for you. And
the Space Invaders graphics will be easy on your nerdy eyes, too.
 While the first virus in this brief history coincided with the birth of the 3.5-inch
floppy disk, a lot of the malware we see these days relies on social media or
mobile apps for transmission, adequate proof (as if any was needed) that with any
innovation comes an opportunity for exploitation.
 The twist these days is that more viruses are specifically targeted to steal personal
data and make money for their creators, which was not necessarily a goal for
many of the virus-writing hackers of the late 1980s and early 1990s. In fact,
according to this data, the first money-making computer virus didn't hit PCs until
2003.

Brain Virus – in 1986
Origin - Pakistan
 The first virus to infect PC Computers was discovered in 1986. named BRAIN,
it spread around the world VIA FLOPPY DISKS. But was not meant to be a
destructive virus, which is why authors included their name and contact
information in the virus code.
 The authors were identified as Brothers AMJAD FAROOD and BASIT FAROOD
from Lahore, BAKISTAN.
 Today the run a successful internet service provider called BRAIN
TELECOMMUNICATION LTD.

Brain Virus – in 1986
Origin - Pakistan

Stoned Virus – 1987
Origin – New Zealand
 Before there was the World Wide Web, the computer viruses spread via
floppy disks. One of the earliest was the 1987 boot-sector virus Stoned, which
taunted infected users with the on-screen message, "Your computer is now
stoned."
 Several variants of the virus were written by copycats, ushering in the
practice of hackers updating existing virus code to create more infections.

Stoned Virus – 1987
Origin – New Zealand

Form Virus – 1990
Origin – Switzerland
 Form was a boot sector virus isolated in Switzerland in the summer of 1990
which became very common worldwide. The origin of Form is widely listed as
Switzerland, but this may be an assumption based on its isolation locale. The
only notable characteristics of Form are that it infects the boot sector instead
of the Master Boot Record (MBR) and the clicking noises associated with some
infections. Infections under Form can result in severe data damage if
operating system characteristics are not identical to those Form assumes.
 It is notable for arguably being the most common virus in the world for a
period during the early 1990s.


Michelangelo Virus – 1991
Origin – Australia
 The Michelangelo virus is a computer virus first discovered in 4 February 1991
in Australia The virus was designed to infect DOS systems, but did not engage the operating
system or make any OS calls. Michelangelo, like all boot sector viruses, basically operated at
the BIOS level. Each year, the virus remained dormant until March 6, the birthday
of Renaissance artist Michelangelo. There is no reference to the artist in the virus, and it is
doubtful that the virus writer intended Michelangelo to be referenced to the virus.
Michelangelo is a variant of the already endemic Stoned virus.
 On March 6, if the PC is an AT or a PS/2, the virus overwrites the first one hundred sectors of
the hard disk with nulls. The virus assumes a geometry of 256 cylinders, 4 heads,
17 sectors per track. Although all the user's data would still be on the hard disk, it would be
irretrievable for the average user.
 On hard disks, the virus moves the original master boot record to cylinder 0, head 0, sector 7.
 On floppy disks, if the disk is 360 KB, the virus moves the original boot sector to cylinder 0,
head 1, sector 3.
 On other disks, the virus moves the original boot sector to cylinder 0, head 1, sector 14.

Michelangelo Virus – 1991
Origin – Australia

VCL Virus – 1992
Origin – USA
 The Virus Creation Laboratory, or VCL, as it is known, was one of the earliest
attempts to provide a virus creation tool so that individuals with little to no
programming expertise could mass-create computer viruses.
 A hacker dubbed "Nowhere Man", of the NUKE hacker group, released it in
July 1992.
 However, it was later discovered that viruses created with the Virus Creation
Laboratory were often ineffective, as many anti-virus programs of the day
caught them easily. Also, many viruses created by the program did not work
at all - and often, their source codes could not be compiled. Due to a limited
feature set and bugs, the Virus Creation Laboratory did not become popular
with virus writers, who preferred to write their own.

VCL Virus – 1992
Origin – USA

HAPPY 99 Virus – 1999
Origin – Unknown
 Happy 99 was the first email virus, it greeted you with “ happy new year “
and emailed it self to all contacts in your address book.
 Like the very first PC viruses, happy 99 did not cause any real damage, though
it did spread to millions of PCS around the world.

Love letter Virus – 2000
Origin – Philippines
 ILOVEYOU, sometimes referred to as Love Letter, was a computer worm that
attacked tens of millions of Windows personal computers on and after 5 May
2000 local time in the Philippines when it started spreading as an email
message with the subject line "ILOVEYOU" and the attachment "LOVE-LETTER-FOR-
YOU.txt.vbs". The latter file extension (in this case, 'VBS' - a type
of interpreted file) was most often hidden by default on Windows computers
of the time, leading unwitting users to think it was a normal text file.
Opening the attachment activated the Visual Basic script. The worm did
damage on the local machine, overwriting image files, and sent a copy of
itself to the first 50 addresses in the Windows Address Book used by Microsoft
Outlook.

Love letter Virus – 2000
Origin – Philippines

SASSER Virus – 2004
Origin – Germany
 Sasser was first noticed and started spreading on April 30, 2004. This worm
was named Sasser because it spreads by exploiting a buffer overflow in the
component known as LSASS (Local Security Authority Subsystem Service) on
the affected operating systems. The worm scans different ranges of IP
addresses and connects to victims' computers primarily through TCP port 445.
Microsoft's analysis of the worm indicates that it may also spread through port
139. Several variants called Sasser.B, Sasser.C, and Sasser.D appeared within
days (with the original named Sasser.A). The LSASS vulnerability was patched
by Microsoft in the April 2004 installment of its monthly security packages,
prior to the release of the worm. Some technology specialists have speculated
that the worm writers reverse-engineered the patch to discover the
vulnerability, which would open millions of computers whose operating system
had not been upgraded with the security update

SASSER Virus – 2004
Origin – Germany

Types Of Viruses
1. Boot Sector Virus
 The term “boot sector” is a generic name that seems to originally come from
MS-DOS but is now applied generally to the boot information used by any
operating system. In modern computers this is usually called the “master boot
record,” and it is the first sector on a partitioned storage device.
 Boot sector viruses became popular because of the use of floppy disks to boot
a computer. The widespread usage of the Internet and the death of the floppy
has made other means of virus transmission more effective.

Types Of Viruses
2. Browser Hijacker
 This type of virus, which can spread itself in numerous ways including
voluntary download, effectively hijacks certain browser functions, usually in
the form of re-directing the user automatically to particular sites. It’s usually
assumed that this tactic is designed to increase revenue from web
advertisements.
 There are a lot of such viruses, and they usually have “search” included
somewhere in their description. Cool Web Search may be the most well known
example, but others are nearly as common.

Types Of Viruses
3. Direct Action Virus
 This type of virus, unlike most, only comes into action when the file
containing the virus is executed. The payload is delivered and then the virus
essentially becomes dormant – it takes no other action unless an infected file
is executed again.
 Most viruses do not use the direct action method of reproduction simply
because it is not prolific, but viruses of this type have done damage in the
past. The Vienna virus, which briefly threatened computers in 1988, is one
such example of a direct action virus.

Types Of Viruses
4. File Infector Virus
 Perhaps the most common type of virus, the file infector takes root in a host
file and then begins its operation when the file is executed. The virus may
completely overwrite the file that it infects, or may only replace parts of the
file, or may not replace anything but instead re-write the file so that the
virus is executed rather than the program the user intended.
 Although called a “file virus” the definition doesn’t apply to all viruses in all
files generally – for example, the macro virus below is not referred to by the
file virus. Instead, the definition is usually meant to refer only to viruses
which use an executable file format, such as .exe, as their host.

Types Of Viruses
5. Macro Virus
 A wide variety of programs, including productivity applications like Microsoft
Excel, provide support for Macros – special actions programmed into the
document using a specific macro programming language. Unfortunately, this
makes it possible for a virus to be hidden inside a seemingly benign
document.
 Macro viruses very widely in terms of payload. The most well known macro
virus is probably Melissa, a Word document supposedly containing the
passwords to pornographic websites. The virus also exploited Word’s link to
Microsoft Outlook in order to automatically email copies of itself.

Types Of Viruses
6. Multipartite Virus
 While some viruses are happy to spread via one method or deliver a single
payload, Multipartite viruses want it all. A virus of this type may spread in
multiple ways, and it may take different actions on an infected computer
depending on variables, such as the operating system installed or the
existence of certain files.

Types Of Viruses
7. Polymorphic Virus
 Another jack-of-all-trades, the Polymorphic virus actually mutates over time
or after every execution, changing the code used to deliver its payload.
Alternatively, or in addition, a Polymorphic virus may guard itself with an
encryption algorithm that automatically alters itself when certain conditions
are met.
 The goal of this trickery is evasion. Antivirus programs often find viruses by
the specific code used. Obscuring or changing the code of a virus can help it
avoid detection.

Types Of Viruses
8. Resident Virus
 This broad virus definition applies to any virus that inserts itself into a
system’s memory. It then may take any number of actions and run
independently of the file that was originally infected.
 A resident virus can be compared to a direct payload virus, which does not
insert itself into the system’s memory and therefore only takes action when
an infected file is executed.

Types Of Viruses
9. Web Scripting Virus
 Many websites execute complex code in order to provide interesting content.
Displaying online video in your browser, for example, requires the execution
of a specific code language that provides both the video itself and the player
interface.
 Of course, this code can sometimes be exploited, making it possible for a
virus to infect a computer or take actions on a computer through a website.
Although malicious sites are sometimes created with purposely infected code,
many such cases of virus exist because of code inserted into a site without the
webmaster’s knowledge.

10 Simple Tips to Protect PC from Viruses

1. The first thing I would recommend – is to read about current viruses. It is
difficult to protect your computer from viruses if you do not even know what
they are. You can get it from here: http://www.securelist.com/en/
2. If you really care about the security of your computer, arm it with the best
anti-virus software. If you do not have antivirus software on your computer, then
you probably get some virus in the first hour of work on the Internet. It’s easy! In
addition to paying Kaspersky, Norton and free Avast, Microsoft Security Essentials
is Best and Free.
3. Also update your antivirus software as often as possible. Typically, antivirus
software is updated every day. Do not forget to do it manually, if not configured
to automatically update.

4. Be sensible: do not visit untrusted websites containing illegal software, links,
etc.
5. Update need not only anti-virus, but the whole system too Windows update.
These updates include improved security systems that will help in the fight
against viruses and other problems. Remember: If you do not perform regular
updates to Windows, you leave your computer in a vulnerable state.
6. The main channel of the spread of viruses is e-mail. Be careful with e-mails,
when you have something to bother them, it is better not to open. These days a
lot of mails are phishing mails that redirects you to fake webpages. So, avoid
opening such mails.

7. If you are serious about protecting your computer, you can change your e-mail
and receive only text messages. You can also disable the ability to open email
attachments. This is what Hotmail, Gmail and Yahoo mails are doing by default.
8. Do not use peer (p2p) network. Such programs include for example, Torrents.
These programs allow you to download files from other users. You have no way of
knowing that you’re actually downloading, until the file is completely
downloaded to your computer.
9. Download files only from reliable web sites and sources. Of course, it is
impossible do not download anything, but you must remember that the file that
you download may not match the name and content.
10. Make sure that your computer has a firewall. Windows comes with built-in
firewall, but you can use any other (eg, Zone Alarm). If you don’t have other
firewall, then enable default Windows Firewall

The End

Computer viruses

More Related Content

What's hot

Viewers also liked

Similar to Computer viruses

Computer viruses