Vous êtes sur la page 1sur 29

Compiled by : S. Agarwal, Lecturer & Systems Incharge, St. Xavier's Computer Centre, Kolkata : sxccvsnl.

net
Compiled By :
S. Agarwal, S. Agarwal, Lecturer & Systems Incharge
St. Xavier`s Computer Centre, St. Xavier`s Computer Centre,
St. Xavier`s College St. Xavier`s College
Kolkata Kolkata
February, 2003
Compiled by : S. Agarwal, Lecturer & Systems Incharge, St. Xavier's Computer Centre, Kolkata : sxccvsnl.net
What is a Virus What is a Virus ? ?
A virus is just a computer program. Like A virus is just a computer program. Like
any other program, it contains any other program, it contains
instructions that tell your computer what instructions that tell your computer what
to do. to do.
But unlike an application, a virus usually But unlike an application, a virus usually
tells your computer to do something you tells your computer to do something you
don't want it to do, and it can usually don't want it to do, and it can usually
spread itself to other files on your spread itself to other files on your
computer computer -- -- and other people's and other people's
computers. computers.
Compiled by : S. Agarwal, Lecturer & Systems Incharge, St. Xavier's Computer Centre, Kolkata : sxccvsnl.net
n n some some cases, cases, aa virus virus will will execute execute
only only aa gentle gentle "personality "personality quirk," quirk,"
such such as as causing causing your your computer computer to to
make make seemingly seemingly random random bleeps bleeps..
But But aa virus virus can can be be very very destructive destructive; ; it it
could could format format your your hard hard drive, drive,
overwrite overwrite your your hard hard drive drive boot boot sector, sector,
or or delete delete files files and and render render your your
machine machine inoperable inoperable..
Compiled by : S. Agarwal, Lecturer & Systems Incharge, St. Xavier's Computer Centre, Kolkata : sxccvsnl.net
eneral virus types eneral virus types
While While there there are are thousands thousands of of
variations variations of of viruses, viruses, most most fall fall
into into one one of of the the following following general general
categories, categories, each each of of which which works works
slightly slightly differently differently..
Compiled by : S. Agarwal, Lecturer & Systems Incharge, St. Xavier's Computer Centre, Kolkata : sxccvsnl.net
Boot Boot Sector Sector Jirus Jirus: :
Replaces Replaces or or implants implants itself itself in in
the the boot boot sector sector.. This This kind kind of of
virus virus can can prevent prevent you you from from
being being able able to to boot boot your your hard hard
disk disk..
Compiled by : S. Agarwal, Lecturer & Systems Incharge, St. Xavier's Computer Centre, Kolkata : sxccvsnl.net
Macro Macro Jirus Jirus: :
Written Written using using aa simplified simplified macro macro
programming programming language, language, these these viruses viruses
affect affect Microsoft Microsoft Office Office applications, applications,
such such as as Word Word and and Excel Excel.. A A document document
infected infected with with aa macro macro virus virus generally generally
modifies modifies aa pre pre- -existing, existing, commonly commonly used used
command command (such (such as as Save) Save) to to trigger trigger its its
payload payload upon upon execution execution of of that that
command command..
Compiled by : S. Agarwal, Lecturer & Systems Incharge, St. Xavier's Computer Centre, Kolkata : sxccvsnl.net
Multipartite Multipartite Jirus Jirus
nfects nfects both both files files and and the the boot boot
sector sector-- -- aa double double whammy whammy that that
can can reinfect reinfect your your system system dozens dozens of of
times times before before it's it's caught caught..
Compiled by : S. Agarwal, Lecturer & Systems Incharge, St. Xavier's Computer Centre, Kolkata : sxccvsnl.net
Polymorphic Jirus Polymorphic Jirus: :
Changes Changes code code whenever whenever it it
passes passes to to another another machine machine..
Compiled by : S. Agarwal, Lecturer & Systems Incharge, St. Xavier's Computer Centre, Kolkata : sxccvsnl.net
Stealth Stealth Jirus Jirus: :
hides hides its its presence presence by by
making making an an infected infected file file
not not appear appear infected infected
Compiled by : S. Agarwal, Lecturer & Systems Incharge, St. Xavier's Computer Centre, Kolkata : sxccvsnl.net
EE- -mail mail viruses viruses: :
An An ee- -mail mail virus virus moves moves around around
in in ee- -mail mail messages, messages, and and
usually usually replicates replicates itself itself by by
automatically automatically mailing mailing itself itself to to
dozens dozens of of people people in in the the victim's victim's
ee- -mail mail address address book book..
Compiled by : S. Agarwal, Lecturer & Systems Incharge, St. Xavier's Computer Centre, Kolkata : sxccvsnl.net
Worms Worms: :
A A worm worm is is aa computer computer program program that that
has has the the ability ability to to copy copy itself itself from from
machine machine to to machine machine.. Worms Worms
normally normally move move around around and and infect infect
other other machines machines through through computer computer
networks networks.. Worms Worms eat eat up up storage storage
space space and and slows slows down down the the computer computer..
But But worms worms don't don't alter alter or or delete delete files files..
Compiled by : S. Agarwal, Lecturer & Systems Incharge, St. Xavier's Computer Centre, Kolkata : sxccvsnl.net
1rojan horses 1rojan horses : :
A A Trojan Trojan horse horse is is simply simply aa
computer computer program program that that claims claims
to to do do one one thing thing (it (it may may claim claim to to
be be aa game) game) but but instead instead does does
damage damage when when you you run run it it (it (it
may may erase erase your your hard hard disk) disk)..
Compiled by : S. Agarwal, Lecturer & Systems Incharge, St. Xavier's Computer Centre, Kolkata : sxccvsnl.net
When When loaded loaded onto onto your your machine, machine, aa
Trojan Trojan horse horse can can capture capture
information information from from your your system system -- --
such such as as user user names names and and passwords passwords
or or could could allow allow aa malicious malicious hacker hacker
to to remotely remotely control control your your
computer computer..
Trojan Trojan horses horses have have no no way way to to
replicate replicate automatically automatically..
Compiled by : S. Agarwal, Lecturer & Systems Incharge, St. Xavier's Computer Centre, Kolkata : sxccvsnl.net
Origins of Viruses : Origins of Viruses :
PPeople eople create create viruses viruses. . A A person person has has to to
write write the the code, code, test test it it to to make make sure sure it it
spreads spreads properly properly and and then then release release the the
virus virus.. A A person person also also designs designs the the virus's virus's
attack attack phase, phase, whether whether it's it's a a silly silly
message message or or destruction destruction of of aa hard hard disk disk..
In In most most of of the the cases cases people people create create viruses viruses
just just for for the the thrill thrill or or fun fun. .
Compiled by : S. Agarwal, Lecturer & Systems Incharge, St. Xavier's Computer Centre, Kolkata : sxccvsnl.net
ow ow They They Spread Spread ??
Early Early viruses viruses were were pieces pieces of of code code attached attached
to to aa common common program program like like aa popular popular game game
or or aa popular popular word word processor processor.. A A person person
might might download download an an infected infected game game from from the the
internet internet or or copy copy it it from from aa floppy floppy disk disk and and
run run it it.. A A virus virus like like this this is is aa small small piece piece of of
code code embedded embedded in in aa larger, larger, legitimate legitimate
program program.. Any Any virus virus is is designed designed to to run run first first
when when the the legitimate legitimate program program gets gets
executed executed..
Compiled by : S. Agarwal, Lecturer & Systems Incharge, St. Xavier's Computer Centre, Kolkata : sxccvsnl.net
The The virus virus loads loads itself itself into into memory memory and and looks looks
around around to to see see if if it it can can find find any any other other programs programs
on on the the disk disk.. f f it it can can find find one, one, it it modifies modifies it it to to
add add the the virus's virus's code code to to the the unsuspecting unsuspecting
program program.. Then Then the the virus virus launches launches the the "real "real
program program.." " The The user user really really has has no no way way to to know know
that that the the virus virus ever ever ran ran.. Unfortunately, Unfortunately, the the
virus virus has has now now reproduced reproduced itself, itself, so so two two
programs programs are are infected infected.. The The next next time time either either of of
those those programs programs gets gets executed, executed, they they infect infect other other
programs, programs, and and the the cycle cycle continues continues..
Compiled by : S. Agarwal, Lecturer & Systems Incharge, St. Xavier's Computer Centre, Kolkata : sxccvsnl.net
f f one one of of the the infected infected programs programs is is given given
to to another another person person on on aa floppy floppy disk, disk, or or if if
it it is is uploaded uploaded to to internet, internet, then then other other
programs programs get get infected infected..
This This is is how how the the virus virus spreads spreads..
Compiled by : S. Agarwal, Lecturer & Systems Incharge, St. Xavier's Computer Centre, Kolkata : sxccvsnl.net
The The spreading spreading part part is is the the infection infection phase phase of of the the
virus virus. .
Viruses Viruses wouldn't wouldn't been been so so violently violently disliked disliked if if all all
they they did did was was replicate replicate themselves themselves.. Unfortunately, Unfortunately,
most most viruses viruses also also have have some some sort sort of of destructive destructive
attack attack phase phase where where they they do do some some damage damage.. Some Some
sort sort of of trigger trigger will will activate activate the the attack attack phase, phase, and and
the the virus virus will will then then "do "do something" something" -- -- anything anything from from
printing printing aa silly silly message message on on the the screen screen to to erasing erasing all all
of of your your data data.. The The trigger trigger might might be be aa specific specific date, date,
or or the the number number of of times times the the virus virus has has been been
replicated, replicated, or or something something similar similar..
Compiled by : S. Agarwal, Lecturer & Systems Incharge, St. Xavier's Computer Centre, Kolkata : sxccvsnl.net
SOME TRCKS TE VRUSES PLAY : SOME TRCKS TE VRUSES PLAY :
One One important important trick trick is is the the ability ability to to load load
viruses viruses into into memory memory so so that that they they can can
keep keep running running in in the the background background as as long long
as as the the computer computer remains remains on on.. This This gives gives
viruses viruses aa much much more more effective effective way way to to
replicate replicate themselves themselves..
Compiled by : S. Agarwal, Lecturer & Systems Incharge, St. Xavier's Computer Centre, Kolkata : sxccvsnl.net
Another Another trick trick is is the the ability ability to to infect infect the the boot boot sector sector
on on floppy floppy disks disks and and hard hard disks disks.. The The boot boot sector sector is is aa
small small program program that that is is the the first first part part of of the the operating operating
system system that that the the computer computer loads loads and and tells tells the the
computer computer how how to to load load the the rest rest of of the the operating operating
system system. .
By By putting putting its its code code in in the the boot boot sector, sector, aa virus virus can can
guarantee guarantee that that it it gets gets executed executed.. t t can can load load itself itself
into into memory memory immediately, immediately, and and it it is is able able to to run run
whenever whenever the the computer computer is is on on.. Boot Boot sector sector viruses viruses
can can infect infect the the boot boot sector sector of of any any floppy floppy disk disk
inserted inserted in in the the machine, machine, and and on on campuses campuses where where
lots lots of of people people share share machines machines they they spread spread like like
wildfire wildfire. .
Compiled by : S. Agarwal, Lecturer & Systems Incharge, St. Xavier's Computer Centre, Kolkata : sxccvsnl.net
n n general, general, both both executable executable and and boot boot sector sector viruses viruses are are
not not very very threatening threatening any any more more..
The The first first reason reason for for the the decline decline has has been been the the huge huge size size
of of today's today's programs programs.. The The programs programs are are so so big big that that the the
only only easy easy way way to to move move them them around around is is in in CDs CDs.. People People
certainly certainly can't can't carry carry applications applications around around on on aa floppy floppy
disk disk like like they they did did in in the the early early days days.. Compact Compact discs discs
cannot cannot be be modified, modified, and and that that makes makes viral viral infection infection of of aa
CD CD impossible impossible..
Boot Boot sector sector viruses viruses have have also also declined declined because because
operating operating systems systems now now protect protect the the boot boot sector sector..
Both Both boot boot sector sector viruses viruses and and executable executable viruses viruses are are
still still possible, possible, but but they they are are aa lot lot harder harder now now and and they they
don't don't spread spread nearly nearly as as quickly quickly as as they they once once could could..
Compiled by : S. Agarwal, Lecturer & Systems Incharge, St. Xavier's Computer Centre, Kolkata : sxccvsnl.net
Run a secure operating system Iike UNIX or Run a secure operating system Iike UNIX or
Windows NT. Windows NT.
InstaII InstaII virus virus protection protection software software..
Avoid programs from unknown sources. Avoid programs from unknown sources.
DisabIe fIoppy disk booting DisabIe fIoppy disk booting
Macro Virus Protection is enabIed in aII Macro Virus Protection is enabIed in aII
Microsoft appIications. Microsoft appIications.
Never doubIe Never doubIe- -cIick on an attachment that cIick on an attachment that
contains an executabIe that arrives as an e contains an executabIe that arrives as an e- -
maiI attachment. maiI attachment.
Prevention is the best cure : Prevention is the best cure :
Compiled by : S. Agarwal, Lecturer & Systems Incharge, St. Xavier's Computer Centre, Kolkata : sxccvsnl.net
ow antivirus software works : ow antivirus software works :
Scanning Scanning software software looks looks for for aa virus virus in in one one of of
two two ways ways.. f f it's it's aa known known virus virus (one (one that that has has
already already been been detected detected in in the the wild wild and and has has an an
antidote antidote written written for for it) it) the the software software will will look look
for for the the virus's virus's signature signature -- -- aa unique unique string string of of
bytes bytes that that identifies identifies the the virus virus like like aa fingerprint fingerprint
-- -- and and will will zap zap it it from from your your system system.. Most Most
scanning scanning software software will will catch catch not not only only an an initial initial
virus virus but but many many of of its its variants variants as as well, well, since since the the
signature signature code code usually usually remains remains intact intact..
Compiled by : S. Agarwal, Lecturer & Systems Incharge, St. Xavier's Computer Centre, Kolkata : sxccvsnl.net
n n the the case case of of new new viruses viruses for for which which no no antidote antidote has has
been been created, created, scanning scanning software software uses uses methods methods that that
look look for for unusual unusual virus virus like like activity activity on on your your system system..
f f the the program program sees sees any any funny funny business, business, it it
quarantines quarantines the the questionable questionable program program and and
broadcasts broadcasts aa warning warning to to you you about about what what the the
program program may may be be trying trying to to do do (such (such as as modify modify your your
Windows Windows Registry) Registry).. f f you you and and the the software software think think
the the program program may may be be aa virus, virus, you you can can send send the the
quarantined quarantined file file to to the the antivirus antivirus vendor, vendor, where where
researchers researchers examine examine it, it, determine determine its its signature, signature,
name name and and catalog catalog it, it, and and release release its its antidote antidote.. t's t's
now now aa known known virus virus..
Compiled by : S. Agarwal, Lecturer & Systems Incharge, St. Xavier's Computer Centre, Kolkata : sxccvsnl.net
f f the the virus virus never never appears appears again again -- --
which which often often happens happens when when the the virus virus is is
too too poorly poorly written written to to spread spread -- -- then then
vendors vendors categorize categorize the the virus virus as as
dormant dormant.. But But viruses viruses are are like like
earthquakes earthquakes: : The The initial initial outbreak outbreak is is
usually usually followed followed by by aftershocks aftershocks..
Variants Variants (copycat (copycat viruses viruses that that emerge emerge
in in droves droves after after the the initial initial outbreak) outbreak)
make make up up the the bulk bulk of of known known viruses viruses..
Compiled by : S. Agarwal, Lecturer & Systems Incharge, St. Xavier's Computer Centre, Kolkata : sxccvsnl.net
Practice safe computing Practice safe computing
The The best best way way to to protect protect yourself yourself from from viruses viruses
is is to to avoid avoid opening opening unexpected unexpected ee- -mail mail
attachments attachments and and downloads downloads from from unreliable unreliable
sources sources.. Resist Resist the the urge urge to to double double- -click click
everything everything in in your your mailbox mailbox.. f f you you get get aa file file
attachment attachment and and you you aren't aren't expecting expecting one, one, ee- -
mail mail the the person person who who sent sent it it to to you you before before you you
open open the the attachment attachment.. Ask Ask them them if if they they meant meant
to to send send you you the the file, file, what what it it is, is, and and what what it it
should should do do..
Compiled by : S. Agarwal, Lecturer & Systems Incharge, St. Xavier's Computer Centre, Kolkata : sxccvsnl.net
or or added added safety, safety, you you need need to to install install
reliable reliable antivirus antivirus scanning scanning software software and and
download download updates updates regularly regularly.. Major Major
antivirus antivirus software software vendors, vendors, including including
Symantec, Symantec, Network Network Associates, Associates, Computer Computer
Associates, Associates, and and Trend Trend Micro, Micro, provide provide
regular regular updates updates.. (Computer (Computer Associates' Associates'
noculateT noculateT is is also also free free..) ) Some Some of of the the
vendors vendors also also offer offer aa service service that that will will
automatically automatically retrieve retrieve updates updates for for you you
from from the the company's company's Web Web site site..
Compiled by : S. Agarwal, Lecturer & Systems Incharge, St. Xavier's Computer Centre, Kolkata : sxccvsnl.net
Regular Regular updates updates are are essential essential..
Researchers Researchers at at Computer Computer Economics Economics
estimate estimate that that 30 30 percent percent of of small small
businesses businesses are are vulnerable vulnerable to to viruses viruses
either either because because they they don't don't keep keep their their
virus virus- -scanning scanning software software updated updated or or
because because they they don't don't install install it it correctly correctly..
Compiled by : S. Agarwal, Lecturer & Systems Incharge, St. Xavier's Computer Centre, Kolkata : sxccvsnl.net