VIRUS

Secured computing
 VIRUS

A virus is a type of malicious software (malware) that

attaches itself to legitimate programs or files and spreads
by replicating when the infected file or program is executed.
It can corrupt or delete data, disrupt system operations, and
spread to other devices, often requiring user interaction to
activate.
Vital Information Resources Under Siege
 Problems Caused by Viruses
Data Loss & Corruption
Viruses can delete or encrypt files, making them inaccessible.Some
viruses corrupt important system files, leading to system crashes.
System Performance Issues
Causes computers to slow down or freeze.Increases CPU and memory
usage, making programs unresponsive.
Unauthorized Access & Data Theft
Hackers can steal sensitive information like passwords, credit card
details, and personal data.Some viruses log keystrokes (keyloggers) to
capture login credentials.
Spread to Other Devices & Networks
Viruses can spread via USB drives, emails, or network
connections.This can lead to ransomware attacks on businesses and
organizations.
Frequent System Crashes & Errors
The system may restart randomly or show error
messages.Some viruses cause the Blue Screen of Death (BSOD) in
Windows.
Unauthorized Remote Control
Some viruses turn the infected computer into a botnet
for cybercriminals. Hackers can use infected devices to launch DDoS
attacks or send spam emails.
Financial Losses
Ransomware viruses demand payments to unlock
files.Businesses may lose revenue due to system downtime and data
 Types of Computer Viruses
• Boot Sector Virus
• File Infector Virus
• Macro Virus
• Polymorphic Virus
• Resident Virus
• Multipartite Virus
• Overwrite Virus
• Spacefiller Virus
• Web Scripting Virus
 Boot Sector Virus
A boot sector virus is a type of computer virus that infects the boot sector of a
computer’s hard drive or storage device. The boot sector is the part of the
storage where the computer’s startup instructions are stored, so when you
turn on your computer, it looks here to load the operating system.
How it Works:
1) When the computer starts up, it loads the boot sector first.
2) The boot sector virus hides itself there, so it loads every time the computer
starts.
3) Even if you delete infected files, the virus stays in the boot sector, making it
difficult to remove.
 Problem Statement
The Brain Virus, one of the first known boot sector viruses, was created
in 1986. It spread through infected floppy disks, which were commonly
used at the time. When someone inserted an infected disk into their
computer, the virus would take over the boot sector, preventing the
system from starting correctly. It would often result in corrupted data
and system failures, causing a lot of trouble for users.
Solution:
Antivirus programs: Software like McAfee began to detect and remove
the Brain virus from infected boot sectors, stopping the virus from
spreading.Write-protecting disks: People started using write-protect
tabs on floppy disks to prevent viruses from modifying them.Awareness
and education: Users learned to be cautious about where they got their
floppy disks from, scanning them for viruses before use.
 File Infector irus
A file infector virus is a type of computer virus that attaches itself to executable files
(files that run programs). These files usually have extensions like .exe or .com. Once
the virus attaches itself to a file, it spreads to other files and programs whenever that
file is opened or executed.
How It Works:
Infection: The virus attaches itself to a file, often an executable file like a program or
game.
Spreading: Every time the infected file is opened, the virus gets activated and can
infect other files on the computer.
Activation: When the infected file is run, the virus does its job, which could include
damaging files, stealing information, or spreading further.
Persistence: The virus continues to spread and can sometimes modify or replace
files, making them unusable or corrupt.
 Problem Statement

The CIH virus (Chernobyl), discovered in 1998, was a file infector that
targeted executable files and the BIOS, causing system crashes and
data loss. It spread via infected downloads and floppy disks.
Solution:
Antivirus software: Helped detect and remove the virus.
BIOS protection: New BIOS versions prevented infections.
User precautions: People were advised to avoid untrusted files and back
up data.
 Macro Virus
A macro virus is a type of computer virus that infects documents or files that contain
macros, which are small programs used to automate tasks. These viruses are mostly
found in Word documents, Excel spreadsheets, or other programs that allow macros
how it works:
Infection:The virus attaches itself to a macro in a document (like a Word or
Excel file). When you open that document, the virus is triggered.
Spreading:Once the virus is activated, it can spread to other files. If you save
the document and share it, the virus moves with it and infects other
documents.
Damage:The virus may corrupt files, steal information, or even slow down
your computer. It can do things without you knowing, like causing
documents to behave strangely.
 Problem Statement
The Melissa Virus was one of the most famous macro viruses, discovered in
1999. It infected Microsoft Word and Excel documents by attaching a malicious
macro . When an infected document was opened, the virus would activate and
send the document to the first 50 contacts in the user's email address book,
spreading quickly. It caused a massive surge in email traffic, disrupting email
systems, and led to significant productivity loss in businesses worldwide.
Solution:
• Antivirus programs: Programs like McAfee and Symantec developed tools to
detect and remove the Melissa virus from infected files and email
attachments.
• Macro security settings: Microsoft added security settings to Office
applications to block or prompt users before running macros from untrusted
sources.
• User education: People were educated about the risks of opening email
 Polymorphic virus

A polymorphic virus is a type of computer virus that changes its

code each time it infects a new system, making it difficult for antivirus
programs to detect. It retains its original functionality but alters its
appearance using encryption, obfuscation, or code modification.
How Polymorphic Viruses Work:
1) Infects a file or system
2) Encrypts itself or modifies its code to create a new variant.
3) Spreads to other files or systems while remaining undetected.
 Problem Statement
The Storm Worm is a polymorphic Trojan horse that first appeared in 2007. It
was named after its original email subject line, "230 Dead as Storm Batters
Europe." This malware tricked users into opening infected attachments or
clicking malicious links, allowing hackers to take control of their computers.
Solution:
• Antivirus programs: Antivirus software had to be updated frequently to detect
the constantly changing virus code. Security companies released regular
updates to identify and remove the Storm Worm’s new variants.
• Email filters: Many email services started using spam filters and attachment
scanning to block malicious emails before they reached users.
• User awareness: Users were educated about the dangers of clicking on
suspicious links or opening attachments from unknown sources.
 Resident virus

A resident virus is a type of computer virus that hides in a computer's

memory (RAM) and stays active even after the infected program is
closed. It can infect other files and programs without needing the
original infected file to run again.
How It Works:
1) Gets loaded into RAM when the system starts.
2) Attaches itself to running programs and spreads to new files.
3) Stays active in the background, even if the original virus file is
removed.
 Problem Statement
The CMJ virus, discovered in the 1980s, was a resident virus that
infected DOS systems by installing itself into the computer's memory
(RAM). It caused system slowdowns, data corruption, and made
computers vulnerable to further infections.
Solution:
• Antivirus software: Developed techniques to detect and remove
resident viruses by scanning memory and files.
• Memory scanning: Improved antivirus tools to scan RAM.
• Operating system security: OS updates added security measures to
prevent automatic infections.
 Multipartite Virus

A multipartite virus is a type of computer virus that can infect a system

in multiple ways, such as both files and the boot sector. This makes it
more dangerous and harder to remove because it spreads quickly and
can reinfect the system even after removing some infected files.
How It Works:
1) Infects the boot sector – Activates when the computer starts.
2) Infects files and programs – Spreads when infected files are opened
3) Reinfects the system – Even if you remove infected files, the virus can
return from the boot sector.
 Problem Statement

The Invader Virus was a multipartite virus that spread through both
files and the boot sector, making it difficult to remove. It caused system
slowdowns and data corruption.
Solution:
• Antivirus software: Detected and removed the virus from both files
and boot sectors.
• Boot sector protection: Added scanning to prevent reinfection.
• System backups: Users were advised to back up important data.
 Overwrite Virus
An overwrite virus is a type of computer virus that infects files on your
system and then replaces the original content of those files with its own
code. This means that once the virus infects a file, the original data is lost,
and it is replaced with the virus's malicious code.
how it works:
Infection:The virus attaches itself to a file (like a document or program) on
your computer.
Overwriting Data:Once the file is opened, the virus replaces the original
content of the file with its own code, erasing the original data.
Spreading:As you continue to open and share infected files, the virus spreads
and overwrites more files.
Damage:The original files are lost because the virus replaces the data.It can
cause the computer to slow down or crash because of the damage
 Problem Statement

The Sasser Virus (2004) was an overwrite virus that infected Windows
computers, overwriting system files and causing crashes. It spread via
internet security flaws.
Solution:
• Patch updates: Microsoft released security fixes.
• Antivirus software: Helped detect and remove the virus.
• User awareness: Users were encouraged to update systems and use
firewalls.
 Spacefiller Virus
A spacefiller virus is a type of computer virus that attacks executable files
on your computer, but instead of overwriting or replacing the data, it adds
extra, unused space to the file. This extra space makes the file appear larger
than it actually is, and this is how the virus spreads and causes problems.
how it works:
Infection:The virus attaches to an executable file (like a .EXE or .COM
file).Adding Empty
Space:Instead of replacing or changing the file’s content, the virus adds
empty space at the end of the file.
Spreading:When you run or share the infected file, the virus spreads to
other files, adding more empty space to them.
Consequences:Takes up disk space, making your computer slower.Can be
hard to detect because it doesn’t change the file’s actual
 Problem Statement

The Simile Virus is a spacefiller virus that infects files by adding

malicious code to unused space without changing the file size. It
spreads through executable files and can cause system crashes or data
corruption.
Solution:
• Antivirus software: Detects and removes the virus.
• File integrity checks: Detect file changes even if the size remains the
same.
• System updates: Applied security patches to prevent vulnerabilities.
 Web Scripting Virus
web scripting virus is a type of virus that takes advantage of web
technologies like JavaScript, HTML, or other scripting languages used on
websites. These viruses are designed to infect web pages or web browsers
and can cause harm to a user's computer when they visit an
infected website.
how it works:
Infection: The virus is embedded in a website's code (e.g., JavaScript or
HTML).
Execution: When you visit an infected website, the script runs in the
background on your web browser.
Actions: It can steal your data (like passwords), redirect you to fake
websites, or download other malware onto your computer.
Spreading: The virus may spread by infecting other websites or systems.
 Problem Statement

The IFrame Virus is a web scripting virus that spreads through

malicious scripts on websites. When users visit an infected site, the
virus can steal information or download malware.
Solution:
• Antivirus software: Detected and removed malicious scripts.
• Browser security: Improved to block harmful scripts.
• Website monitoring: Admins scanned websites for malicious code.