A SEMINAR

REPORT
ON
COMPUTER VIRUS

BY
SHIVANG BHATT
 WHAT IS VIRUS??
 Virus is a small program code which switches
internal electronic circuit.

 It is just like the application program.

 They can not help us in any way at all.

 WHY VIRUS??
 Vital Information Resources Under Siege.

 Computer virus share some of the traits of

biological virus.
 BRIEF HISTORY
 David gerrold used the term virus first time.
 It is was defined by the Fred Cohen in 1983.
 The first virus appear on pc was lehigh virus.
 Then Jerusalem, dark average, ping-pong ball,
raindrop etc have come.
 In 1992 Basit and Amjad Farooq alvi
developed the first virus called Brain.
 ATTACK
 Virus may enter a pc through many ways like:

 Through corrupted cds,floppies or infected h/w

 Through network connection: e-mail att.

 Through computer game. Etc

 INFECTION
 Viruses are activated when you execute an
infected program start up the comp. with
infected boot sector.
 Viruses spread in one of the two ways:
 Direct Action Infector: This type of virus is
activated when an infected file is executed.
 Memory Resident Infector: This type of virus
is much like Terminate-and-stay-resident
program. It hooks the system when activated.
 TYPE OF VIRUS
 A Virus has a target cell-an area or a program it has
been designed to attack.

 Such targets are boot sector of o.s., o.s. utilities

or executable file of application s/w.

 The viruses that attack these component of the comp.

sys. Are divided into following classes
 BOOT VIRUS
Uninfected disk
0 1 2 . . . (sector No)
+-----+-----+-----+--- --+-----+-----+-----+-----+-----+---
|.....| | | | | | | | |
+-----+-----+-----+--- --+-----+-----+-----+-----+-----+---
|
+-- Boot sector or Master Boot Record
Infected disk (replaced boot/MBR)
0 1 2 ...
+-----+-----+-----+--- --+-----+-----+-----+-----+-----+---
|XXXXX| | | | |.....|XXXXX|XXXXX|XXXXX|
+-----+-----+-----+--- --+-----+-----+-----+-----+-----+---
| | | | ... |
+-- Virus top | +---+-----+-----+
| +-- The rest of virus
|
+-- Original Boot or Master Boot Record
Infected disk (modified address of active boot sector)
0 1 2 ...
+-----+-----+-----+--- --+-----+-----+-----+-----+---
|....X| | | | |XXXXX|XXXXX|XXXXX|
+-----+-----+-----+--- --+-----+-----+-----+-----+---
| ^ | | ... |
 FILE VIRUS
 This virus infect files containing app. program

 When a user runs an infected app. Like game the

virus code executed first and attaches itself in the
computer’s memory and then copy itself within the
file.

 “Fast infector” and “Slow infector”

 File virus: Sunday and cascade.

 MACRO VIRUS
 This viruses infect the files regarded as data.
 The virus code can be attached to d.b. of word
processing program.
 When user accesses document containing a
viral macro then this virus can then copy itself
into that app. Startup file.
 Any doc. That uses the same app. Can then
become infected.
HOW VIRUS SPREADS??
 POLYMORPHIC VIRUS
 When this virus infect the program, it
scrambles its virus code in the prog. body. this
makes the detection more difficult.

 The first polymorphic virus was “chameleon”

 Then bootache,civilwar,crusher,fly,freddy,
ginger ect. have come.
 COPANION VIRUS
 This virus creates a new file an relies on a
behavior of dos to execute it instead of
program file.

 It creates .COM file with a name identical to

existing .EXE file.
 OTHER VIRUSES
 Multipartite viruses are both program and boot
virus.
 Tunneling viruses finds the interrupt handlers
in dos and bios and call them directly.
 Retro virus is any virus that attacks antivirus
programs.
 Cluster viruses change the directory so that
when you try to run a program you first run it.
 Network viruses make a use of net. Protocols
and capabilities of local and global access net.

 This virus is capable to transfer the code to a

remote server or workstation on its own
through network.
 DIAGNOSIS
 Sudden change in size of programs
 Change of data in program or file i.e. your file get
corrupted.
 Program take longer time to load.
 modification of boot sector which paralyze operation
of a comp. sys.
 Modification of FAT.
 Physical damage of the hard drive or other h/w.
 Bad sector begin to appear.
 WHAT VIRUS CAN’T DO??
 Virus can never infect your write protected
diskette.
 Virus can not be generated spontaneously.
 Virus can not infect the data file.
 Virus can not spread across different platform.
 PROTECTION
 Never accept pirate copies of software; use
only shrink-wrapped commercial software
purchased from a reliable vendor.
 Do not use network connections to outside
organizations without a mutual review of
security practices.
 Use virus detectors regularly.
 Viruses can never infect your write protected
diskette.
 ANTI-VIRUS S/W
 Anti-virus software can monitor a computer system
for virus-like behavior and periodically check
programs for unusual modifications.
 Due to increase in the spread of viruses anti-virus
program have been developed some of them which
we hear every day are: MacAfee, eScan.AVG,
Norton, PC-cillin, Panda Antivirus Titanium etc.
 It is vital to understand exactly how your product
works so that you understand what type of protection
you really have.