Computer Virus Research Papers

computerfromthedisk.Examplesof

bootsectorvirusesincludePolyboot.B,

AntiEXE.

“Macroviruses”infectfilesthatare

createdusingcertainapplicationsor

programsthatcontainmacros.The

differentwaystocreatemacroswould

bethemacrorecorderorVisualBasic

forApplications.MacroVirususesthe

macrolanguageforitsprogram.

MicrosoftOfficehasmacrosbuiltinto

itsapplicationandthisvirusaffectsso

mostofitsapplicationprograms.Word

Documents, ExcelSpreadsheets, Power

PointPresentations,andAccess

Databasesaremostatrisk.The

documenttemplateisaffectedand

henceeveryfilethatisopenedis

affected.Somemacrovirusescontaina

triggerthatisusuallyadateonwhich

thevirusisprogrammedtostartthe

actualdamage.Someothermacro

virusessharethecharacteristicsofa

computerwormbyspreadingacross

networksbyusingthemacrofacility

availableinMicrosoftOutlook.

ExamplesofmacrovirusesareRelax,

Melissa.A,Bablas,O97M/Y2K.

“Directory viruses” change thepaths

thatindicatethelocationofafile.By

executingaprogram(filewiththe

extension.EXEor.COM)thathas

beeninfectedbyavirus,onemay

unknowinglyberunningthevirus

program, while thevirushaspreviously

movedtheoriginalfileandprogram.

Once infected, it becomes impossible to

locate the original files.

“Polymorphicviruses”encryptor

encodethemselvesinadifferentway

(usingdifferentalgorithmsand

encryptionkeys)everytimethey

infectasystem.Thismakesit

impossibleforlesssophisticated

antivirussoftwaretofindthemusing

stringorsignaturesearches(because

theyaredifferentineachencryption)

andalsoenablesthemtocreatealarge

numberofcopiesofthemselves.

ExamplesofthistypeincludeElkern,

Marburg,SatanBug,andTuareg.

“Fileinfectors”arevirusesthat

infectprogramsorexecutablefiles

(fileswithan.EXE,.DRV,.DLL,

.BINor.COMextension).Whenone

oftheseprogramsisrun,directlyor

indirectly,thevirusisactivated,

producingthedamagingeffectsitis

programmedtocarryout.Themajority

ofexistingvirusesbelongstothis

category,andcanbeclassified

dependingontheactionsthatthey

carryout.Thevirusmaycompletely

overwritethefilethatitinfects,ormay

only replaceparts of thefile, or maynot

replace anything but insteadrewritethe

filesothatthevirusisexecutedrather

thantheprogramtheuserintended.

The“encryptedvirus”isprobablythe

mostdifficultkindofbugtodetectand

themostdifficulttostop.Onemay

accidentallyhavedownloadedoneof

thesebugsandbeforeknowingit;the

entirecomputercanbeinfected.Many

topvirusprotectionprogramsmiss

encryptedvirusesbecausethesebugs

use a different form of encryption every

time.Inmostcasesvirusprotection

softwarecanthenidentifyandprevent

damage.

“Companion viruses” have thename

becauseoncetheygetintothesystem

they“accompany”theotherfilesthat

already exist.In otherwords, inorder to

carryouttheirinfectionroutines,

companionvirusescanwaitinmemory

until a programisrun (resident viruses)

or act immediately by making copies of

themselves(directactionviruses).

Someexamplesofthistypeinclude

Stator,Asimov.1539,andTerrax.1069.

“Networkviruses”rapidlyspread

throughalocalareanetwork(LAN),

andsometimesovertheinternet.

Generally,networkvirusesmultiply

throughsharedresources,i.e.shared

drivesandfolders.Whenthevirus

infectsacomputer,itsearchesthrough

thenetworktoattacknewpotential

prey.Whenthevirusfinishesinfecting

a computer,it moveson tothenext and

thecyclerepeatsitself.Themost

dangerousnetworkvirusesareNimda

andSQLSlammer.

“Nonresidentviruses”aresimilarto

residentvirusesastheyusethe

replicationofacomputermodule.

Thesevirusesselectsoneormorefiles

toinfecteachtimethemoduleis

executed.

“Stealthviruses”trytotrick

antivirussoftwarebyinterceptingits

requeststotheoperatingsystem.Ithas

the abilityto avoid detectionfrom some

antivirussoftwareprograms.

“Sparseinfectors”minimizethe

probabilityofbeingdiscoveredby

variousmeanssuchasonlyinfecting

every20thtimeafileisexecuted;only

infectingfileswhoselengthsarewithin

narrowlydefinedrangesorwhose

namesbeginwithlettersinacertain

rangeofthealphabet.

“Spacefiller(cavity)viruses”,install

themselveswithintheemptyspacesof

thecodeofthecodeofsomeprograms

whilenotdamagingtheactualprogram

itself.Anadvantageofthisisthatthe

virusthendoesnotincreasethelength

oftheprogramandcanavoidtheneed

forsomestealth techniques.TheLehigh

virusisanearlyexampleof aspacefiller

virus.

“FAT viruses”use thefile allocation

tableorFATpartofadiskusedto

connectinformationandisvitalto

normalfunctioningofthecomputer.

Thistypeofvirusattackcanbe

especiallydangerous,bypreventing

accesstocertainsectionsofthehard

drivewhereimportantfilesarestored.

Damagecausedcanresultin

informationlossesfromindividualfiles

or evenentiredirectories.

“Worms”are technicallynot viruses,

buttheyhavetheabilitytoself-

replicate,andcanleadtonegative

effectsonthecomputersystembut

usuallythey aredetectedand eliminated

byantiviruses.Clickingonaninfected

e-mailusuallytransmitsworms.

Examplesofwormsinclude

PSWBugbear.B,Lovgate.F,Trile.C,

Sobig.D,Mapson.

“TrojansorTrojanhorses”are

maliciouscodes(notviruses)asthey

donotreproducebyinfectingotherfiles,

nordotheyself-replicatelikeworms.

ATrojanhorseprogramhasthe

appearanceofhavingausefuland

desiredfunction.Whileitmay

advertiseitsactivityafterlaunching,

thisinformationisnotapparenttothe

userbeforehand.Secretly,theprogram

performsotherundesiredfunctions.

Trojanhorsesmaycausedata

destructionorcompromiseasystemby

providingameansforanothercomputer

togainaccess,thusbypassingnormal

accesscontrols.Trojan horseattacksare

oneofthemostseriousthreatsto

computersecurityastheycanbe

spreadintheguiseofliterally

anything,whichmakesitalmost

essentiallyimpossibletonoticethem,

evenwhenoneislookingspecifically

for them.

“Logicbombs”arealsonotviruses

butrathercamouflagedsegmentsof

otherprograms.Theirobjectiveisto

destroydataonthecomputeronce

certainconditionshave been met.Logic

LibraryHiTechNews

Number720129

A computer virus is a program that attaches itself to, overwrites and/or otherwise replaces another program in order to reproduce itself without the knowledge of the computer user. Generally, the first thing a virus does is attach itself to other executable files in such a way that the virus code is in effect when the infected files are run. Viruses may be written to multiply, to damage other programs, or to alter certain data.

A computer virus is nothing more than a computer program that is coded to remain hidden in your computer. The virus takes advantage of the operating system to copy itself onto other files or disks. When a new disk is inserted into an infected computer, the virus then copies itself onto files on that disk. When an infected disk is inserted into another computer, the virus then copies itself onto files on that computer¡¦s hard drive. The cycle continues as long as files are shared between computers.

Booting your computer with an infected floppy disk is one of the most common was of catching a virus. Downloading a file from the Internet or an online service is another common way of catching a computer virus. Most reputable Internet sites and online services now scan all their files for viruses but that still does not guarantee that all their files will be virus free. You can also catch computer viruses from E-mail attachments. While you can not catch a virus from simply reading an E-mail message, viruses can be spread through programs or office application files that may be sent as attachments to E-mails. Always save and scan any E-mail attachment for viruses before opening the attachment.

The most important thing you should do to protect your system and your data is to install a reputable anti-virus program on your computer. There are many companies that currently provide this type of software and many of them offer free downloadable trial versions from their web sites. All anti-virus software have different options or settings that you can select to optimize its scanning properties. Many anti-virus programs now also offer the ability to automatically scan any file you download from the Internet or any file that you may receive as an attachment to an E-mail.

In order for your anti-virus software to remain effective, you must update it regularly for the simple fact that there are new viruses being introduced at an alarming rate. All anti-virus software companies offer regular updates to combat these new viruses. Some offer these updates free from the internet once you purchase their software, and some charge a fee for their updates. This is something to consider as you shop around for your anti-virus software. No anti-virus software is 100% effective. Therefore, any anti-virus protection strategy should also include regular back-ups of your data. This won¡¦t prevent any viruses but it will reduce your computer¡¦s down time if you ever catch one.

Here are some indications that you may have a computer virus.

ď Programs take longer and longer to load.

ď Hard drive runs even when you are not accessing it.

ƒè Files appear on your computer with strange names that you don¡¦t recognize.

ď Strange graphics appear on your computer monitor.

ď Your conventional memory is less than it used to be.

ď Programs act strange or erratically.

This is not to say that your computer has a virus if it displays one of these symptoms. There may be some other problem causing the behaviour. The above examples are just some common indicators of a virus.

Computer viruses are not always responsible for the damage of computers. Damage to hardware, such as Keyboards and monitors are not caused by viruses. Though you may experience strange behaviors such as screen distortion or characters not appearing when typed, a virus has, in fact, merely affected the

programs that control the display or keyboard. Not even your disks themselves are physically damaged, just what's stored on them. Viruses can only infect files and corrupt data.

Although schools are not seriously targeted for viruses, every precaution should be considered to ensure that the risk of getting a virus is minimal. I have proposed a virus policy which ensures that the risk of getting a computer virus will be minimal.

„« Getting authorisation from teachers to load files from home for educational purposes.

„« Scanning disks while being accompanied by a teacher.

„« No downloading and uploading programs onto the computers from the Internet or disks.

„« Use computers and the Internet solely for educational purposes.

While very few people have actually seen a computer virus, they are real and they are here to stay. As the software companies develop new and improved methods to combat viruses, new viruses appear to defeat them. In conclusion, one fact remains. If you are on of the millions of computer users surfing the Internet or uploading files from disks, you need to be aware of the threat of computer viruses and protect yourself accordingly.

Bibliography

„Ï Symantec Corporation, (2000), Norton AntiVirus (v 5.01.01)

„Ï CNET Corporation,(2000), (WWW), ¡§All you need to know about computer viruses¡¨,

www.cnet.com, (accessed 14 September 2000)

„Ï Camilleri, W.L., (2000), (WWW), ¡§Computer Viruses¡¨, CHASS,

http://www.chass.utoronto.ca/chass/virues.html, (accessed 11 September 2000)

Word Count: 834

One thought on “Computer Virus Research Papers

Leave a Reply

Your email address will not be published. Required fields are marked *