COMPUTER VIRUS

7.1 Introduction
A computer virus is a software program attached to a legitimate program that is destructive in nature
and infects other programs in the system by replicating and attaching itself to other healthy
programs. These harm the computer in many ways such as:
 Corrupt and delete the data or files.
 Effect the functionality of software applications.
 Effect the Hard Disk by erasing everything.
 Use e-mail to infect the other computers.
 The processing of the computer is also affected.
 The virus also spread through the files downloaded on Internet.
 The virus cannot infect write protected disks or written documents, already
compressed file and computer hardware, it only infects software.

7.2 Objectives
At the end of the Unit, the student should be able to understand:
 To define computer virus and its evolution
 To differentiate between the Computer Virus and Biological Virus
 To identify the different types of virus with their names and area of infection  To explain the damage
done by the virus to computer
 The process of virus infection
 The effects of virus on the Operating System  To apply virus preventive measures

7.3 Computer Virus

A Computer virus is a small program that which can attach it or infect the other programs as well as replicate
itself without the knowledge of the user, like its biological counterpart, and runs against user’s wishes.
All Computer Virus are manmade. Most widespread virus infections spread through email message
attachments that activate when opened. Internet is the main reason of Virus Infection in Computers.
Virus stands as an acronym for “Vital Information Resources Under Seige” and this concept is not new
but dates back to 1949 when John Von Neumann introduced the concept of Self Replicating
Program.
The first commercial application of viruses appeared in 1985, when two Pakistani brothers, in
order to keep track of software piracy, used Brain Virus (also known as Pakistani virus) on their
low cost software. It was an extra program not supplied by the original manufacturer. These types of
self-replicating programs multiplied so fast and they are a threat to the smooth operation of a computer.
7.4 Computer Virus versus Biological Virus
Computer virus is an electronic virus and Biological Viruses (Human Virus) are tiny genetic
codes DNA or RNA that take over the machinery of a living cell and are capable of making
thousands of replicas of the original virus. Like biological virus, the computer virus carries in it
an instructional code that makes copies of itself. In computer, the virus takes temporary control
of the disk operating system and when it comes in contact with an uninfected computer, the virus passes
onto the uninfected computer also.
It is assumed that Biological viruses and Computer viruses are the same entity, because both cause
infection and damage to their host/target. Although some of their features & characteristics are same but
they are quite different from each other.
7.5 Computer Virus Classification
Viruses are classified on the basis of their nature of infection and behavior. Different types
of computer virus classification are given below:
7.5.1. Boot Sector Virus
It is a type of virus which infects master boot record or hard disks. The infected code runs when the
system is booted from an infected disk. They infect at a BIOS level, they use DOS commands to
spread to other floppy disks. Since the floppy disks are not used, the propagation of boot sector viruses has
got almost over. After the introduction of boot-sector safeguards with the Operating Systems, it is not
possible for boot-sector viruses to infect the Computer.

The computer is infected by this virus only if the virus is used to boot up the system. After
completing the booting of the system and running the OS, the virus cannot infect the system.
Examples of boot viruses include: Polyboot.B, Joshi, Gravity, AntiEXE and Cbrain virus.

7.5.2. Companion Virus

Unlike traditional viruses, a companion virus is computer virus which does not modify any files.
Instead, it creates a copy of the file and places a different extension on it, usually .com. This
makes a companion virus difficult to detect, as anti-virus software tends to use changes in files as
clue.
The companion virus is an older version of virus that was more prominent during the MS-DOS.
It needs human intervention to further infect a computer but after the advent of Windows XP, as
there is no use of the MS-DOS, there are fewer ways for this type of virus to propagate itself.
Some examples include: Stator, Asimov.1539, Stator and Terrax.1069

7.5.3. Email Virus

An email virus is a virus which is attached to email communications or sent with it. Many different
types of email viruses work in different ways, there are also a variety of methods used to counteract such
challenging cyber attacks.
Email viruses also vary in many ways. In some cases the sender of an email virus may be unknown
to a user, or a subject line may be filled with silly text. In some other cases, a hacker may cleverly disguise
the email as being from a known and trusted sender.

7.5.4. Logic Bomb

Logic bombs and time bombs are small malicious programs to cause harm at a certain point of
time but they do not replicate. They are not even programs in their own right but rather
camouflaged segments of other programs. A logic bomb may be implemented by someone trying to sabotage
a database when they are fairly certain they won’t be present to experience the effects, such as full
database deletion. In these instances, logic bombs are programmed to exact revenge or sabotage work.
For example, a programmer could delete the critical sections of code by establishing a logic bomb if
he/she is terminated from the company. Logic bombs are most commonly installed by the insiders who
have the access to the system.

7.5.5. Macro Virus

A MAC or Macro Virus is a virus which spreads to other computers through software programs that utilize
macros. These viruses infect the files created using some applications or programs that contain macros
such as doc, pps, xls and mdb.

For example, Microsoft Word and Microsoft Excel are two popular and widely used programs
which have the capability of executing macros. The macro virus is initially embedded in one
document or a few documents, but it can spread to other documents within the same computer, as
well reaching out to other computers through shared documents and infect the other files,
templates and documents also. They automatically infect the files, templates and documents with
macros that are contained in the file. They hide in documents shared through e-mail and
networks.

Examples of macro viruses: Relax, Melissa.A, Bablas, O97M/Y2K.

They usually fix themselves inside the computer memory and get activated during the start of OS and end up
infecting other opened files. They are hidden in RAM.
7.5.6. Cross-Site Scripting Virus
It is called Cross-site scripting (XSS). It is an injection attack which is carried out on Web
applications that accept input, but do not properly separate data and executable code before the
input is delivered back to a user’s browser. It mostly uses the vulnerable website as a vehicle to
deliver a malicious script to the victim’s browser. During the page loading, the malicious script
execute making the user unable to avoid the attack. The best example of XSS is Java-Script.

7.5.7. Worm

The Worm is very similar to a virus and has the ability to self-replicate itself and infect the
computer also. They travel longer distances by storing themselves in critical areas of the disk
from where they get loaded and have with them sufficient code to transfer themselves outward
from the infected system. Worms have been known to damage and infect the entire LANs.

It does not modify a program like a virus; however, it replicates so much that it consumes the resources of
the computer and makes it slow. Worms are independent programs while viruses attach themselves to
another program.

Examples of Worm: Lovgate.F, Sobig.D, Trile.C, PSWBugbear.B, Mapson, Code Red, Nimda.

7.5.8. Trojan Horse

It is similar to virus. Trojan horse is a hidden malicious code that could alter or delete the
information of client computer or perform any other unauthorized function. Trojan horses
contain programs that corrupt the data or damage the files. It can also corrupt the software
applications. Trojans can illegally trace important login details of users online - for example E-
Banking.

The activities of Trojans are:

 Deleting data
 Blocking data
 Modifying data
 Copying data
 Disrupting the performance of computers or computer networks

Trojan horse does not replicate themselves like viruses and do not infect other software. The
difference between bombs and Trojans is that, the bombs are insider jobs, Trojans are brought in from
outside by unsuspecting users through other programs.

7.6 The Effects of Computer Virus

The following may be the probable effects of Computer Virus after a virus attack:

 Computer Virus can slow down your computer performance and become inefficient or
run slowly.
 It tends to fill up the computer with useless data.  Virus can corrupt the system files.
 Viruses can also wipe out the Boot Sector creating problems when you boot into the
windows, which contain system information.
 It can make the changes in the data of the programs or files and cause erratic results.
 It might steal important information from your computer and send the same to some other
person.
 It might reset or reboot a computer by sending the required codes.
 It might format a disk by sending the formatting command to the system thereby causing
to lose everything on the disk.
 The computer gets restarted frequently by itself.
 If the virus deletes the entire keyboard definition; the computer would not be able to
respond to any keyboard inputs.
 The virus might scramble the File Allocation Table (FAT) which contains the
information for the operating system. Any mishappening to the FAT will cause data to be irrecoverably
lost.
7.7 The Vulnerability of Operating Systems to Virus
There are many Operating systems in the market such as Mac, Windows, Linux, UNIX, DOS etc. which
are being used by billions of professional and personal users. Before selecting any operating system,
there is always a question: “Which Operating System is efficient enough to prevent virus”? Viruses are
not restricted to DOS or Windows. A virus has the capability of infecting any type of computer,
irrespective of the Operating System it runs.Virus writers are like other software developers in their desire
to develop for the biggest market. It depends on the users how long he or she can keep it off of viruses.

DOS vs. Linux

As an operating system, Linux works much better than DOS. In terms of performance Linux is
more reliable than any other operating system, even windows. It easily lowers the number of
viruses.

Windows vs. UNIX

A common belief is that UNIX as an operating is a safer option than using Windows. However,
it is true that UNIX has something different to offer to its users and many of Windows users have
experienced this while operating Windows, but after the recent innovations they may change
their opinions.
Linux and Mac
Linux and Mac operating systems are less vulnerable to virus attack as these two systems need
advantaged access to install and run any kind of viruses. LINUX can be installed in Super computers
to embedded processors and the Windows is the most recommended OS for desktop. People across the
world are being able to use it without any major support to minimize the attack of any Malware, especially
when it is compared with windows.

7.8 Protection from Virus

We all are interested in securing our belongings such as Office, home, locality and even country
also. So we use different mechanisms to ensure the security- such as we keep our valuables
safely locked in a cupboard, we keep the doors of our houses even locked; we keep the guards to
keep secure the localities and police security within the city and armed forces for the country
also. It is always advisable to the follow the dictum “Prevention is better than cure”.
Moreover, since the viruses are made faster than the vaccines, it is a good practice to follow
some simple precautionary measures, which can reduce the possibility of virus attack. These are
as under:
 Use updated anti-virus program.
 Do not copy pirated software on your computer.
 Use the legal software from the reliable sources only.  Do not download suspicious shareware
programs.  Use a secure operating system.
 Avoid letting the system to be used by unauthorized users.
 Allow you to schedule scans to automatically run for you.
 Scan the computer using Virus Scanner while booting up the system.  Avoid loading of games that are
passed as freeware.
 Proper backup of all data and program files should be kept.
 Remove suspicious and unnecessary files.
 Make system files “Read only”.
 Use vaccines and immunization programs to immunize computer against virus
infection.
 Always protect your password.
 Keep windows updated.
 Use the scanned USB drives.
7.9 Use of Popular Antivirus Software
Anti-virus software is a program which is designed to search, detect, prevent and remove software
viruses, and other malicious software like Trojans, worms etc.
If the computer system gets infected, despite all possible efforts, then in such cases the virus vaccines
assist you to come out of such difficulties.
The viruses are not omnipotent. Anti-virus programs help to cure the viruses. They perform one or more
the following functions:
 Prevention
 Detection
 Vaccination
 Inoculation
 Damage control
There are so many anti-viruses available in the market. One can choose any one of them on the basis of
their characteristics:
 Norton Anti-Virus  McAfee
 Kaspersky
 Webroot
 Symantec (Norton)  AVG
 Microsoft Security Essentials  Quick Heal
 EScan

Practice Questions

1. Define Computer Virus.

2. What is a virus? How does it differ from an ordinary program?

3. How can you protect your computer from viruses?

4. What is the difference between the computer virus and biological virus?
5. What are the various types of viruses? Outline the net effect of each.

6. What precautionary measures should be taken in order to keep your computer safe from
the virus?
7. What is the difference between Trojan Horses and Virus?

8. What is the difference between Trojan Horses and Bombs?

9. Differentiate between Computer Virus and Computer Worm.

10. What are the effects of a virus on the computer?

11. What is meant by Anti-Virus software? Name few popular anti-virus software.