virus- the devil of computer

VIRUS-A DEVIL OF COMPUTER

ABSTRACT
A computer virus is a computer program that can copy itself and infect a computer without permission or knowledge of the user. The original may modify the copies or the copies may modify themselves, as occurs in a metamorphic virus. A virus can only spread from one computer to another when its host is taken to the uninfected computer, for instance by a user sending it over a network or carrying it on a removable medium such as a floppy disk, CD, or USB drive. All computer viruses are manmade. In this paper we describe how a virus work and illustrate types of viruses. A computer virus trapping device is described that detects and eliminates computer viruses before they can enter a computer system and wreck havoc on its files, peripherals, etc. The trapping device creates a virtual world that simulates the host computer system intended by the virus to infect. The environment is made as friendly as possible to fool a computer virus into thinking it is present on the host, its intended target system. The invention is able to detect any disruptive behavior occurring within this simulated host computer system. It is further able to remove the virus from the data stream before it is delivered to the host and/or take any action previously instructed by a user. The protection against viruses and its beneficial uses are discussed. Viruses and other forms of malware are a viable method an attacker can use to enter users system, their network, and the networks of others. The threats from computer viruses are no longer simply a nuisance — displaying messages and deleting files — but rather a mechanism to perform other threats to user's information and systems.

CONTENTS
• HISTORY
• INTRODUCTION
• WORKING
• The ANTIVIRUS-Protection from Viruses
• WORKING OF AN ANTIVIRUS
• THE BENIFIAL USE OF VIRUSES
• VIRUSES TODAY
• CONCLUSION


• HISTORY
A program called "Elk Cloner" is credited with being the first computer virus to appear outside the single computer or lab where it was created. Written in 1982 by Rich Skrenta, it attached itself to the Apple DOS 3.3 operating system and spread by floppy disk. This virus was originally a joke, created by the high school student and put onto a game. The game was set to play, but release the virus on the 50th time of starting the game. Only this time, instead of playing the game, it would change to a blank screen that read a poem about the virus named Elk Cloner. The computer would then be infected.
The first PC virus was a boot sector virus called (c) Brain, created in 1986 by two brothers, Basit and Amjad Farooq Alvi, operating out of Lahore , Pakistan . The brothers reportedly created the virus to deter pirated copies of software they had written.
Before computer networks became widespread, most viruses spread on removable media, particularly floppy disks. Some viruses spread by infecting programs stored on these disks, while others installed themselves into the disk boot sector, ensuring that they would be run when the user booted the computer from the disk.
Traditional computer viruses emerged in the 1980s, driven by the spread of personal computers and the resultant increase in BBS and modem use, and software sharing. Bulletin board driven software sharing contributed directly to the spread of Trojan horse programs, and viruses were written to infect popularly traded software.
Since the mid-1990s, macro viruses have become common. Most of these viruses are written in the scripting languages for Microsoft programs such as Word and Excel. These viruses spread in Microsoft Office by infecting documents and spreadsheets. Since Word and Excel were also available for Mac OS, most of these viruses were able to spread on Macintosh computers as well. Most of these viruses did not have the ability to send infected e-mail. Those viruses which did spread through e-mail took advantage of the Microsoft Outlook COM interface.
Macro viruses pose unique problems for detection software. The virus behaved identically but would be misidentified as a new virus.
A computer virus may also be transmitted through instant messaging. A virus may send a web address link as an instant message to all the contacts on an infected machine. If the recipient, thinking the link is from a trusted source follows the link to the website, the virus hosted at the site may be able to infect this new computer and continue propagating.
The newest species of the virus family is the cross-site scripting virus. The virus emerged from research and was academically demonstrated in 2005. This virus utilizes cross-site scripting vulnerabilities to propagate. Since 2005 there have been multiple instances of the cross-site scripting viruses in the wild, most notable sites affected have been My Space and Yahoo.

• INTRODUCTION
A computer virus is a program designed to spread itself by first infecting program files or the system areas of hard and floppy disks and then making copies of itself. Viruses usually operate without the knowledge of the computer user. Viruses can infect any type of executable code, not just the files that are commonly called 'program files'. Viruses can be spread by:
• Executable code in the boot sector of infected floppy disks
• Executable code in the system area of infected hard drives
• Word processing and spreadsheet documents that use infected macros
• Infected HTML documents that contain JavaScript or other types of executable code
Since virus code must be executed (run) to have any effect, files that the computer treats as pure data are safe. This includes graphics and sound files such as .gif, .jpg, .mp3, .wav, etc., as well as plain text in .txt files. For example, just viewing picture files won't infect your computer with a virus. The virus code has to be in a form, such as an .exe program file or a Word .doc file that the computer will actually try to execute.

Computer viruses are called viruses because they share some of the traits of biological viruses. A computer virus passes from computer to computer like a biological virus passes from person to person. A computer virus must piggyback on top of some other program or document in order to get executed. Once it is running, it is then able to infect other programs or documents.

• WORKING
Initial Working: Early viruses were pieces of code attached to a common program like a popular game or a popular word processor. A person might download an infected game from a bulletin board and run it. A virus like this is a small piece of code embedded in a larger, legitimate program. Any virus is designed to run first when the legitimate program gets executed. The virus loads itself into memory and looks around to see if it can find any other programs on the disk. If it can find one, it modifies it to add the virus's code to the unsuspecting program. Then the virus launches its real program. The user really has no way to know that the virus ever ran. Unfortunately, the virus has now reproduced itself, so two programs are infected. The next time either of those programs gets executed, they infect other programs, and the cycle continues.
When a program is started that is infected by a virus, the virus code will execute (run) and try and infect other programs. This can infect the same computer or other computers connected to it on a network. The newly infected programs will try to infect more programs and computers.
When a copy of an infected file is shared with other computer users, opening the file may also infect their computers; and files from those computers may spread the infection to yet more computers.
Viruses can be classified using multiple criteria: origin, techniques, types of files they infect, where they hide, the kind of damage they cause, the type of operating system or platform they attack etc.
The following are the most common types of viruses.
• Resident Viruses
This type of virus hides permanently in the RAM memory . From here it can control and intercept all of the operations carried out by the system: corrupting files and programs that are opened, closed, copied, renamed etc. Resident viruses can be treated as file infector viruses. When a virus goes memory resident, it will remain there until the computer is switched off or restarted.
• Overwrite Viruses
This type of virus is characterized by the fact that it deletes the information contained in the files that it infects , rendering them partially or totally useless once they have been infected. Infected files do not change size, unless the virus occupies more space than the original file, because instead of hiding within a file, the virus replaces the files content. The only way to clean a file infected by an overwrite virus is to delete the file completely, thus losing the original content.
• Boot Virus
This type of virus affects the boot sector of a floppy or hard disk, in which information on the disk itself is stored together with a program that makes it possible to boot (start) the computer from the disk.
This kind of virus does not affect files, but rather the disks that contain them . First they attack the boot sector of the disk then, once the computer is started, the boot virus will infect the hard drive of the computer. The best way of avoiding boot viruses is to ensure that floppy disks are write-protected and never start a computer with an unknown floppy disk in the disk drive.
• Macro Virus
Macro viruses infect files that are created using certain applications or programs that contain macros . These include Word documents, Excel spreadsheets, PowerPoint presentations, Access databases, Corel Draw etc.
A macro is a small program that a user can associate to a file created using certain applications.
When a document containing macros is opened, they will automatically be loaded and may be executed immediately or when the user decides to do so. The virus will then take effect by carrying out the actions it has been programmed to do, often regardless of the program's built-in macro virus protection.
• Encrypted
Encryption is a technique used by viruses so that they cannot be detected by antivirus programs. The virus encodes or encrypts itself so as to be hidden from scans, before performing its task it will decrypt itself. Once it has unleashed its payload the virus will then go back into hiding.

• File Infectors
This type of virus infects programs or executable files (files with an .EXE or .COM extension). When one of these programs is run, directly or indirectly, the virus is activated, producing the damaging effects it is programmed to carry out. The majorities of existing viruses belong to this category, and can be classified depending on the actions that they carry out.
• Worms
A worm is a program very similar to a virus; it has the ability to self-replicate, and can lead to negative effects on the system and most importantly they are detected and eliminated by antiviruses. However, worms are not strictly viruses, as they do not need to infect other files in order to reproduce.
Worms can exist without damaging files, and can reproduce at rapid speeds, saturating networks and causing them to collapse.
Worms almost always spread through e-mail, networks and chat (such as IRC or ICQ).
• Trojans or Trojan Horses
Another unsavory breed of malicious code are Trojans or Trojan horses, which unlike viruses do not reproduce by infecting other files, nor do they self-replicate like worms.
Trojans work in a similar way to their mythological namesake, the famous wooden horse that hid Greek soldiers so that they could enter the city of Troy undetected.
They appear to be harmless programs that enter a computer through any channel. When that program is executed, they install other programs on the computer that can be harmful.
A Trojan may not activate its effects at first, but when they do, they can wreak havoc on your system. They have the capacity to delete files, destroy information on the hard drive and open up a backdoor to a system . This gives them complete access to your system allowing an outside user to copy and resend confidential information .
• Logic Bombs
They are not considered viruses because they do not replicate. They are not even programs in their own right but rather camouflaged segments of other programs.
Their objective is to destroy data on the computer once certain conditions have been met. Logic bombs go undetected until launched, and the results can be destructive.
If a computer is infected with a boot sector virus, the virus tries to write copies of it to the system areas of floppy disks and hard disks. Then the infected floppy disks may infect other computers that boot from them, and then the virus on the computer will try to infect more floppies inserted into it. , the actual effect of a virus depends on how it was programmed by the person who wrote the virus.
The other types of viruses are:
• Adware
Adware is software that displays advertising banners on Web browsers such as Internet Explorer and Mozilla. While not categorized as malware, many users consider adware invasive. Adware programs often create unwanted effects on a system, such as annoying popup ads and, in some instances, the degradation in either network connection or system performance.
• Cookies
Cookies are text files that are created on computers when visiting Web sites. They contain information on user browsing habits. When a user returns to a Web site, a cookie provides information on the user's preferences and allows the site to display in customized formats and to show targeted content such as advertising.
• Malware
Malware is a program that performs unexpected or unauthorized, but always malicious, actions. It is a general term used to refer to both viruses and Trojans, which respectively include replicating and non-replicating malicious code.
• Spyware
Spyware is a program that monitors and gathers user information for different purposes. Spyware programs usually run in the background, with their activities transparent to most users. Many users inadvertently agree to install spyware by accepting the End User License Agreement (EULA) on certain free software.


Some viruses are designed to overwrite boot sectors and interfere with a computer's operation (boot viruses), others damage the computers memory operation then try and spread themselves around by picking up e-mail or network addresses off the computer (worm viruses). Still others will wipe files from the hard drive and destroy system files (Trojan viruses) and finally there are ones that infect document files, electronic spreadsheets and databases of several popular software packages (Macro viruses). Viruses can't do any damage to hardware.


• The ANTIVIRUS-Protection from Viruses
Protection against viruses with a few simple steps:
• Running a more secure operating system like UNIX, its user never hears about viruses because the security features keep viruses (and unwanted human visitors) away from the hard disk.
• If an unsecured operating system is used, then buying virus protection software is a nice safeguard.
• Avoid programs from unknown sources (like the Internet), and instead sticking with commercial software purchased on CDs, a user can eliminate almost all of the risk from traditional viruses.
• Making sure that enabling of Macro Virus Protection in all Microsoft applications, and never run macros in a document unless its proper functionality is known.


• Antivirus software is a class of program that searches the hard drive and floppy disks for any known or potential viruses. The market for this kind of program has expanded because of Internet growth and the increasing use of the Internet by businesses concerned about protecting their computer assets.
• A utility that searches a hard disk for viruses and removes any that are found. Most antivirus program includes an auto-update feature that enables the program to download profiles of new viruses so that it can check for the new viruses as soon as they are discovered.

• WORKING OF AN ANTIVRUS
When the antivirus software looks at a file, it refers to a dictionary of known viruses that the authors of the antivirus software have identified. If a piece of code in the file matches any virus identified in the dictionary, then the antivirus software can take one of the following actions:
1. attempt to repair the file by removing the virus itself from the file
2. quarantine the file (such that the file remains inaccessible to other programs and its virus can no longer spread)
3. delete the infected file

To achieve consistent success in the medium and long term, the virus dictionary approach requires periodic (generally online) downloads of updated virus dictionary entries. As civically minded and technically inclined users identify new viruses "in the wild", they can send their infected files to the authors of antivirus software, who then include information about the new viruses in their dictionaries.
à The Approaches
• The suspicious behavior approach , doesn't attempt to identify known viruses, but instead monitors the behavior of all programs. If one program tries to write data to an executable program, the antivirus software can flag this suspicious behavior, alert a user and ask what to do.
• A sandbox approach emulates the operating system and runs the executable in this simulation. After the program has terminated, software analyzes the sandbox for any changes which might indicate a virus.
• Whitelisting approach is an emerging technique to deal with malware Rather than looking for only known bad software, this technique prevents execution of all computer code except that which has been previously identified as trustworthy by the system administrator. By following this default deny approach, the limitations inherent in keeping virus signatures up to date are avoided.
The various Antivirus Softwares are , McAfee Virus Scan, Norton Antivirus, avast!, Windows Live OneCare, AVG Anti-Virus, AOL Active Virus Shield, Bitdefender, Cisco Security Agent, F-Prot, F-Secure, Kaspersky Anti-Virus, LinuxShield, AntiVir, NOD32, Norman, Panda Antivirus, PC Tools AntiVirus, PC-cillin, Quick Heal Antivirus, Rising AntiVirus, Sophos Anti-Virus, V3Pro 2004, V-COM AntiVirus, Virex, ZoneAlarm AntiVirus.

• THE BENEFICIAL USE OF VIRUS
• A program capable of commandeering idle computers in their owner's absence led to solutions for many networks based problems.
• "Spiders," "bots" and all sorts of other programs designed to rove the Internet, resulted in crossing extremes of artificial intelligence and various technologies.


• VIRUSES TODAY
The Government-owned Indian Computer Emergency Response Team (CERT-In) has warned of a computer virus, which is activated every third day of a month. The virus is expected to attack computers on Friday and uses obscene subject lines, message content and attachments. When a user clicks on the attachment, the virus gets executed and performs the following actions: opens a .ZIP archive with the same name in the Windows system folder to hide its functionality, copies itself to the system folder with the filenames: scanregw.exe, Winzip.exe, Update.exe, movies.exe, Zipped Files.exe, also copies itself to the Windows folder with filenames: Rundll16.exe, WinZipTmp.exe, creates the registry entry to enable its automatic execution at every system start-up and hides files with both system and read-only attributes. It also deletes files related to anti-virus applications and attempts to spread to networks with weak passwords.

• CONCLUSION
The computer virus era is about ten years old. The original viruses were boot-sector viruses and file-infecting viruses. These were replaced in the middle of the last decade with Word and Excel macro viruses, which increased the number and availability of viruses and the ease with which viruses could be written. These led on to script-kiddie viruses, where people with relatively low skill created viruses using toolkits that can be found on the Internet.
The development of viruses that exploit wireless telecommunications between digital devices, come to fruition until powerful applications arrive on Bluetooth and iMode phones that can trade executable code. Ten years ago the viruses were a hundred bytes in size, but today they are 1.5Mb. Viruses are present that are bigger than most of the operating systems used in the history of computer science.