By: Angelica JurczakBy: Angelica JurczakAnna RogAnna Rog

David BrackettDavid Brackett

Computer Computer VirusesViruses

What is a Computer Virus?What is a Computer Virus? A computer virus is a computer program that A computer virus is a computer program that

can copy itself and infect a computer without the can copy itself and infect a computer without the permission or knowledge of the owner. permission or knowledge of the owner.

One of the first detected virus was the Creeper One of the first detected virus was the Creeper virus in the early 70’s virus in the early 70’s

Before computer networks became widespread, Before computer networks became widespread, most viruses spread on removable media, most viruses spread on removable media, particularly floppy disk.particularly floppy disk.

Basic Computer VirusesBasic Computer Viruses Trojan HorsesTrojan Horses

appears as interesting program file but when installed appears as interesting program file but when installed it allows intruders to access and read your filesit allows intruders to access and read your files

WormsWorms virus that copies and multiplies itself byvirus that copies and multiplies itself by using using

computer networks and securitycomputer networks and security flaws flaws E-mail VirusesE-mail Viruses

use e-mail messages to spread which allow it to use e-mail messages to spread which allow it to automatically forward itself to thousands of peopleautomatically forward itself to thousands of people

Types of VirusesTypes of Viruses Boot Sector VirusBoot Sector Virus

Infects the boot or MBR of diskettes and hard drives through the Infects the boot or MBR of diskettes and hard drives through the sharing of infected disks and pirated software applicationssharing of infected disks and pirated software applications

Once your hard drive is infected all diskettes that you use in your Once your hard drive is infected all diskettes that you use in your computer will be infectedcomputer will be infected

Program VirusProgram Virus Becomes active when the program file (usually with Becomes active when the program file (usually with

extensions .BIN, .COM, .EXE, .OVL, .DRV) carrying the virus is extensions .BIN, .COM, .EXE, .OVL, .DRV) carrying the virus is openedopened

It then makes copies of itself and will infect other programs on It then makes copies of itself and will infect other programs on the computerthe computer

Multipartite VirusMultipartite Virus Hybrid of a Boot Sector and Program virusesHybrid of a Boot Sector and Program viruses It infects program files and when the infected program is active it It infects program files and when the infected program is active it

will affect the boot recordwill affect the boot record

Types of VirusesTypes of Viruses Stealth VirusStealth Virus

Disguises itself to prevent from being detected by antivirus Disguises itself to prevent from being detected by antivirus softwaresoftware

It alters its file size or conceals itself in memoryIt alters its file size or conceals itself in memory Polymorphic VirusPolymorphic Virus

Act like a chameleon, changing its virus signature (binary Act like a chameleon, changing its virus signature (binary pattern) every time it multiples and infects a new filepattern) every time it multiples and infects a new file

Macro VirusMacro Virus Programmed as a macro embedded in a document, usually Programmed as a macro embedded in a document, usually

found in Microsoft Word and Excelfound in Microsoft Word and Excel Once it gets in to your computer, every document you produce Once it gets in to your computer, every document you produce

will become infectedwill become infected Relatively new type of virus and may slip by your antivirus Relatively new type of virus and may slip by your antivirus

software if you don't have the most recent version installedsoftware if you don't have the most recent version installed

Signs Your Computer is InfectedSigns Your Computer is Infected

Functions slower than Functions slower than normalnormal

Responds slowly and Responds slowly and freezes oftenfreezes often

Restarts itself oftenRestarts itself often See uncommon error See uncommon error

messages, distorted messages, distorted menus, and dialog boxesmenus, and dialog boxes

Notice applications fail to Notice applications fail to work correctlywork correctly

Fail to print correctlyFail to print correctly

First half of the 70'Late 60,s, early 70,s- "Rabbits" cloned First half of the 70'Late 60,s, early 70,s- "Rabbits" cloned themselves occupied system resources, slowing down the productivity.  themselves occupied system resources, slowing down the productivity. 

-"The Creeper"  capable of entering a network by itself and transferring a -"The Creeper"  capable of entering a network by itself and transferring a copy of itself to the system.copy of itself to the system.

Early 80,s-Increasing number of programs written by individuals not by Early 80,s-Increasing number of programs written by individuals not by software companies. Programs caused miner viruses called "Trojan horses".software companies. Programs caused miner viruses called "Trojan horses".

1986'Brain virus' - by Amjad and Basit Farooq Alvi. 1986'Brain virus' - by Amjad and Basit Farooq Alvi. - spread through floppy disks, spread through floppy disks, - infected boot records and not computer hard drivesinfected boot records and not computer hard drives Lahore, Pakistani Brain, Brain-A and UIUC virus Lahore, Pakistani Brain, Brain-A and UIUC virus

-took over free space on the floppy disk and hid from detection -took over free space on the floppy disk and hid from detection ”disguised itself by ”disguised itself by displaying the uninfected boot sector on the disk.”displaying the uninfected boot sector on the disk.”

1987-Lehigh virus1987-Lehigh virus- the first memory resident file infector that attacked executable files and - the first memory resident file infector that attacked executable files and took control when a file was openedtook control when a file was opened

The Jerusalem Virus The Jerusalem Virus -had bugs that re-infected programs that were already infected-had bugs that re-infected programs that were already infected

1988: Robert Morris made a worm that invaded ARPANET computers1988: Robert Morris made a worm that invaded ARPANET computers- disabled 6,000 computers on the network by overflowing their memory banks disabled 6,000 computers on the network by overflowing their memory banks

with copies of itselfwith copies of itself1991:1991: Norton Anti-Virus software Norton Anti-Virus software1999:1999: "Melissa" virus "Melissa" virus -infected thousands of computers very fast by sending copies of itself to 50 -infected thousands of computers very fast by sending copies of itself to 50

names in the address book on Outlook e-mailnames in the address book on Outlook e-mail- Led to an estimated $80 million in damage and record sales of anti-virus Led to an estimated $80 million in damage and record sales of anti-virus

products. products. 2000:2000: "I Love You" virus "I Love You" virus -was sent by email and infected 10 % of computers in only one day-was sent by email and infected 10 % of computers in only one day-created by a young Filipino computer student who did not get punished -created by a young Filipino computer student who did not get punished

because then the Philippines had no laws against hacking which led to the because then the Philippines had no laws against hacking which led to the European Union's global Cybercrime Treaty.European Union's global Cybercrime Treaty.

2001:2001: "Nimda" virus (days after 9/11) "Nimda" virus (days after 9/11)-had 5 ways of infecting systems-had 5 ways of infecting systems

20042004MyDoom spreads through emails and file-sharing software faster MyDoom spreads through emails and file-sharing software faster

than any previous virus or worm. than any previous virus or worm. Allows hackers to access the hard drive of the infected computer.Allows hackers to access the hard drive of the infected computer.

An estimated one million computers running Windows are An estimated one million computers running Windows are affected by the fast-spreading Sasser computer worm.affected by the fast-spreading Sasser computer worm.

The worm does not cause irreparable harm to computers or data, The worm does not cause irreparable harm to computers or data, but it does slow computers and cause some to quit or reboot without but it does slow computers and cause some to quit or reboot without explanation.explanation.

20062006Discovery of the first-ever malware trojan horse for Mac OS XDiscovery of the first-ever malware trojan horse for Mac OS X

20082008Torpig is a Trojan horse which affects Windows, turning off anti-Torpig is a Trojan horse which affects Windows, turning off anti-

virus applications.virus applications. It allows others to access the computer, modifies data, steals It allows others to access the computer, modifies data, steals

confidential information and installs malware on the victim's confidential information and installs malware on the victim's computer.computer.

20092009Conficker infects anywhere from 9 to 15 million Microsoft server Conficker infects anywhere from 9 to 15 million Microsoft server

systems.systems. French air force, Royal Navy warships and submarines, French air force, Royal Navy warships and submarines,

Sheffield Hospital network, UK Ministry of Defence, German Sheffield Hospital network, UK Ministry of Defence, German Bundeswehr and Norwegian Police were all affected. Bundeswehr and Norwegian Police were all affected.

Total Number of Viruses by year Total Number of Viruses by year January 1985 1 January 1985 1 January 1985 1 January 1985 1 January 1987 3 January 1987 3 January 1989 6 January 1989 6 January 1990 142 January 1990 142 January 1991 357 January 1991 357 January 1992 1,161 January 1992 1,161 January 1993 2,482 January 1993 2,482 January 1994 3,687 January 1994 3,687 January 1995 5,626 January 1995 5,626 January 1996 7,764 January 1996 7,764 January 1997 11,037 January 1997 11,037 January 1998 16,726 January 1998 16,726 January 1999 40,850 January 1999 40,850 January 2000 44,000 January 2000 44,000 January 2001 48,000 January 2001 48,000 January 2002 55,000 January 2002 55,000 January 2003 62,000January 2003 62,000

MelissaMelissa

Another virus that fired up the media was Melissa, a Word macro Another virus that fired up the media was Melissa, a Word macro virus.virus.

When people received the host Word document via email and When people received the host Word document via email and opened it, the virus sent a copy of itself to the first 50 people in the opened it, the virus sent a copy of itself to the first 50 people in the victim's address book. victim's address book.

Named after a topless dancer in Florida, the Melissa virus crashed Named after a topless dancer in Florida, the Melissa virus crashed the email servers of corporations and governments in different the email servers of corporations and governments in different spots around the world.spots around the world.

The Computer Emergency Response Team, set up after Robert The Computer Emergency Response Team, set up after Robert Morris mucked up the Internet with his worm in 1988, estimated Morris mucked up the Internet with his worm in 1988, estimated that the virus hit 100,000 computers in its first weekend. that the virus hit 100,000 computers in its first weekend.

David L. Smith posted the infected file to an alt.sex usenet group David L. Smith posted the infected file to an alt.sex usenet group using a stolen AOL account. Initially he entered a plea of using a stolen AOL account. Initially he entered a plea of innocence, but after being confronted with a maximum sentence of innocence, but after being confronted with a maximum sentence of 40 years in prison, he eventually pled guilty and received a much-40 years in prison, he eventually pled guilty and received a much-reduced sentence.reduced sentence.

Love You, Love BugLove You, Love Bug By almost any measure, the so-called Love Bug was the most By almost any measure, the so-called Love Bug was the most

damaging and costly virus ever. I don't know who comes up damaging and costly virus ever. I don't know who comes up with these whack figures, but according to Reuters the bug with these whack figures, but according to Reuters the bug cost the world $15 billion in lost productivity. cost the world $15 billion in lost productivity.

The Love Bug spread far faster than Melissa. Unlike Melissa, The Love Bug spread far faster than Melissa. Unlike Melissa, it would mail itself to everyone in your Outlook address book it would mail itself to everyone in your Outlook address book -- most of whom would probably be delighted to read about -- most of whom would probably be delighted to read about how you love them -- not just the first fifty. Moreover, it would how you love them -- not just the first fifty. Moreover, it would gobble up certain media files stored on your hard drive. gobble up certain media files stored on your hard drive.

Did you know?Did you know? One German newspaper One German newspaper

tragically lost 2,000 tragically lost 2,000 pictures from its archive.pictures from its archive.

The perpetrator turned out The perpetrator turned out to be a 23-year-old Filipino to be a 23-year-old Filipino computer science student computer science student who more or less who more or less plagiarized all of his code.plagiarized all of his code.

The lack of laws in the The lack of laws in the Philippines covering Philippines covering computer crimes, he pretty computer crimes, he pretty much got away with his much got away with his crime. crime.

PreventionPrevention Upload and use antivirus Upload and use antivirus

softwaresoftware Be aware of the e-mails Be aware of the e-mails

and attachments you and attachments you openopen

Check for updates on Check for updates on antivirus software antivirus software regularlyregularly

Make sure antivirus Make sure antivirus software is installed software is installed correctlycorrectly

SourcesSourceshttp://www.tech-faq.com/history-of-computer-viruses.shtml

http://spamlaws.com/history.html

http://en.wikipedia.org/wiki/Computer_virus#History

http://www.infoplease.com/ipa/A0872842.html

ReferencesReferenceshttp://www.spamlaws.com/protect.htmlhttp://www.spamlaws.com/protect.htmlhttp://www.spamlaws.com/virus-types.htmlhttp://www.spamlaws.com/virus-types.htmlhttp://www.spamlaws.com/virus-comtypes.html http://www.spamlaws.com/virus-comtypes.html http://www.spamlaws.com/federal/index.shtml http://www.spamlaws.com/federal/index.shtml http://www.spamlaws.com/virus-types.htmlhttp://www.spamlaws.com/virus-types.htmlWikipediaWikipediawww.suggestafix.comwww.suggestafix.comwww.microsoft.com www.microsoft.com