Zeeshan Iqbal Rana L1F17LLBH0055
Khawaja Ali Farooq L1F17LLBH00
Faculty Of Law Sec. B
University of Central Punjab
Computer viruses pose a considerable problem for
users of personal computers. The recent emergence of macro viruses as a problem
of some importance may heighten virus awareness in general. Yet most anti
viruses measures, the variety of viruses that exist today and strategies which
they use to accomplish infection and to defeat anti-viruses. It is well known
that the virus problem is most severe for user of IBM Pcs and compatibles;
however users of other programs Macintosh should not become complacent – viruses
exist for many platforms in varying numbers. The ease with which macro viruses
may be written in discussed and a new virus attack for the Macintosh is
presented which closely resembles and attack under DOS for the PC.
Any computer connected to
the internet faces a daunting range of electronic threats. Perhaps the biggest
single threat to any computer is the humble software bug. Seemingly innocuous programming errors can be
exploited to force entry into a computer and also provide the weak spots that allow computer worms and viruses to
Many software bugs will simply cause a computer to crash. But an expert programmer can sometimes
figure out how to make a computer malfunction in a creative way, so that it
provides access to secure parts of a system, or shares protected data.
When a software vulnerability is revealed, it is often a race against the clock to apply the correct software
patch before an attacker can convert the bug into an “exploit” that can be used to cause major damage.
What is a Computer Virus?
There is some difficulty in producing a definition
for the term computer virus. Dr. Cohen has presented a mathematical definition
of a computer viruses which may be roughly expressed as:
virus is a program that can infect other programs by modifying them to include
a possibly evolved versions of itself”.
However this definition classifies as viruses many
things which would not be considered viruses by those working in the anti-virus
field. At the same time this definition would not considered as virus program
that infect another without modifying the target program itself (an example of
such a virus are the companion viruses).
A definition which is felt to be more practically
useful when dealing with real computer viruses than Dr. Cohen’s mathematical
define a computer virus as a self replicating program that can infect other
programs by modifying them or their environment such that a call to an infected
program implies to a call to possibly evolved and in most cases functionally
similar copies of virus.
The term infect is used with respect to computer
viruses in the sense of definition above throughout the remainder of this
It is important to note that a virus is not
necessarily malicious although it may have side effects as a result of virus
clashing with the operating system user programs and extensions to the standard
Operating System installed by the user which deemed to be undesirable.
Some researchers have been considering the
question of viruses that perform useful actions, so called benevolent viruses.
Little used files are compressed by the virus and
uncompressed when required.
Any virus which would perform maintenance task in a
computer system such as updating installed program.
Distributed Database with viruses:
Viruses would reproduce on network computers,
performing searches for the virus originator. Many arguments against the idea
benevolent viruses are presented by Bontchev.
Trojan Horses and Droppers:
A Worm is and independent program that is able to
spread copies of itself or parts of itself to other computers commonly across
network connections and these copies are themselves full functional independent
program which are capable either of spreading further or of communicating with
the parent worm. There is often confusion over the distinction between a worm
and a virus. For Example: The program that given negatively effected the
internet November, 1988 is referred to as virus and by some as a worm by
The Internet Worm effected SUN 3 and VAX system
running variants of BSD UNIX. Other worms have been created with other networks
in mind such as DECKnet.
Horse is a program which possesses various intentional undocumented
features whose effects few users of the software would appreciate were there
undocumented features to manifest themselves. Unlike a computer virus, which
attach itself to some other programs using any number of methods. A Trojan
Horse is a self contained program. A Trojan Horse may have the functions of use
to the user.
A Dropper is
a program which acts as a carrier for a computer virus. A Dropper is not a
result of a normal infection of some program by a virus – It exist only to
spread the virus. The virus is usually kept by the dropper in the form which
will not be detected by anti-virus software. Some Macro Viruses attempt to act as a
dropper for more conventional verities of viruses, in addition to
whatever other actions they perform.
There are number of different ways that viruses use
to infect a computer system. The 2 main types of Viruses are:
Boot Sector Infector
are viruses that attach themselves to form a executable code. There is a
variety of ways in which a virus might attempt to infect a file. On a DOS base
system, file infectors commonly attach themselves to .com or .exe files,
although there are many other kinds of infect able objects.
Only discussed in the
context of a PC compatible systems. These kinds of viruses infect executable
code which is loaded from disc and called
when a computer is starting up. There are a number of different Pc’s of
code which may be modified by a virus to infect a system, such as:
DOS boot sector (Floppy Disks and Hard Disks)
Master Boot Record (MBR) (hard disk only).
Partition Table (Hard Disk only).
Macro viruses are viruses that use another application’s macro programming
language to distribute themselves. They infect documents such as MS Word or MS
Excel and are typically spread to other similar documents.
Memory Resident Viruses:
Memory Resident Viruses reside in a computers volatile memory (RAM). They are
initiated from a virus which runs on the computer and they stay in memory after
it’s initiating program closes.
A root kit virus is an
undetectable virus which attempts to allow someone to gain control of a
computer system. The term root kit comes from the Linux administrator root
user. These viruses are usually installed by Trojans and are normally disguised
as operating system files.
A virus that is capable of sspreading by infecting
files and by infecting via any code executed at boot time is known as a multipartite virus.
There are some other types pf viruses which should
File System or Cluster Viruses.
§ Regular Companion.
§ PATH Companion.
There have been many viruses
created for many different computer platforms. The PC has by far the largest
share of all the viruses inexistence. Many of these PC viruses are closely related. Some information has been
gathered by Virus Bulletin about PC viruses that have been reported as
found over the course of a month for some months. Only a few of the total
numbers of known viruses are responsible for the majority of the virus
incidents. Some on –access anti-virus product use this fact to help restrict
the number of viruses that a file must be checked for when accessed by a user.
harmful things could computer viruses do:
Viruses that spread by email, such as Sobig, can generate
so much email traffic that servers slow down or crash. Even if this doesn’t
happen, companies may react to the risk by shutting down servers anyway.
? Steal confidential data:
The Bugbear-D worm records
the user’s keystrokes, including passwords, and gives the virus writer access
? Use your computer to attack
MyDoom used infected computers to flood the SCO
software company’s website with data, making the site unusable (a denial of
? Let other users hijack your
Some viruses place “backdoor
Trojans” on the computer, allowing the virus writer to connect to your
computer and use it for their own purposes.
? Corrupt data:
The Compatible virus makes
changes to the data in Excel spreadsheets.
? Delete data:
The Sircam worm may
attempt to delete or overwrite the hard disk on a certain day.
? Disable hardware:
CIH, also known as Chernobyl, attempts
to overwrite the BIOS chip on April 26, making the computer unusable.
? Play pranks:
The Netsky-D worm made
computers beep sporadically for several hours one morning.
? Display messages:
Cone-F displays a political message if the month
? Damage your credibility:
If a virus forwards itself from your
computer to your customers and business partners, they may refuse to do
business with you, or demand compensation.
and Detection For Viruses:
are variety of defenses against viruses, and ways to detecting their presence.
A natural first question is : “Is it possible to detect all viruses?”, Unfortunately
Not. However, there are a variety of imperfect ways to detect the (possible)
presence of computer viruses.
technique, such as scanning for viruses, often lead to a positive
identification of a virus. In many cases, the infection caused by the virus is
are several ways for defense and detection of viruses:
1. Known-Virus Scanning.
2. Heuristic Analysis.
3. Behavior Blocker/ Monitor:
4. Integrity Checker/ Integrity Shell.
are variety of other ways to help prevent virus infections. For example, as
great majority of PC virus infection are boot sector viruses, changing the
order in which a computer searches its disk drives for a bootable disk is an
effective defense in many cases. Precautions will still have to be taken to
deal with multipartite and other non-boot sector viruses.
a computer virus can be likened in many ways to building a bomb. Ali of the
” information necessary for its construction are readily available, The
technical proficiency required is substantial, but not beyond the reach of any
reasonably intelligent computer hacker. The only missing element is a
propensity for destruction on the part of the computer virus author. Computer
viruses can easily infect unprotected computer systems and there is no limit to
the amount of damage that can be inflicted once a system becomes infected.
Since computer viruses are simply malicious computer programs, anything that
can be done on a computer can be done within the context of a computer virus.
The damage inflicted in this manner is limited only by the virus author’s
imagination. Computer viruses must be dealt with in a rammer similar to any
other computer security problem. The paranoia that exists in the computing
community relating to computer viruses only serves to compound the problem.
Although computer viruses are more difficult to detect and deal with, their
infiltration methods are similar to those of any other type of destructive
software. Computer viruses are more dangerous only because they are capable of
replicating. If a computer system is protected such that it cannot be initially
infected by a computer virus, then this capacity does not pose a further