Blog picture

Lecturer(c)

Blog image Anjana Kumari Shared publicly - Jun 9 2020 3:48PM

Sem VI COMPUTER MAINTENANCE What is a Computer Virus and its Types


Computer Virus

A computer virus is a malicious program that self-replicates by copying itself to another program. In other words, the computer virus spreads by itself into other executable code or documents. The purpose of creating a computer virus is to infect vulnerable systems, gain admin control and steal user sensitive data. Hackers design computer viruses with malicious intent and prey on online users by tricking them.

One of the ideal methods by which viruses spread is through emails – opening the attachment in the email, visiting an infected website, clicking on an executable file, or viewing an infected advertisement can cause the virus to spread to your system. Besides that, infections also spread while connecting with already infected removable storage devices, such as USB drives.

It is quite easy and simple for the viruses to sneak into a computer by dodging the defense systems. A successful breach can cause serious issues for the user such as infecting other resources or system software, modifying or deleting key functions or applications and copy/delete or encrypt data.

How does a computer virus operate?

A computer virus operates in two ways. The first kind, as soon as it lands on a new computer, begins to replicate. The second type plays dead until the trigger kick starts the malicious code. In other words, the infected program needs to run to be executed. Therefore, it is highly significant to stay shielded by installing a robust antivirus program.

Of late, the sophisticated computer virus comes with evasion capabilities that help in bypassing antivirus software and other advanced levels of defenses. The primary purpose can involve stealing passwords or data, logging keystrokes, corrupting files, and even taking control of the machine.

Subsequently, the polymorphic malware development in recent times enables the viruses to change its code as it spreads dynamically. This has made the virus detection and identification very challenging.

The History of Computer Virus

Robert Thomas, an engineer at BBN Technologies developed the first known computer virus in the year 1971. The first virus was christened as the “Creeper” virus, and the experimental program carried out by Thomas infected mainframes on ARPANET. The teletype message displayed on the screens read, “I’m the creeper: Catch me if you can.”

But the original wild computer virus, probably the first one to be tracked down in the history of computer viruses was “Elk Cloner.” The Elk Cloner infected Apple II operating systems through floppy disks. The message displayed on infected Apple Computers was a humorous one. The virus was developed by Richard Skrenta, a teenager in the year 1982. Even though the computer viruses were designed as a prank, it also enlightened how a malicious program could be installed in a computer’s memory and stop users from removing the program.

It was Fred Cohen, who coined the term “computer virus” and it was after a year in 1983. The term came into being when he attempted to write an academic paper titled “Computer Viruses – Theory and Experiments” detailing about the malicious programs in his work.

Types of Computer Viruses

A computer virus is one type of malware that inserts its virus code to multiply itself by altering the programs and applications. The computer gets infected through the replication of malicious code. Computer viruses come in different forms to infect the system in different ways. Some of the most common viruses are,

  • Boot Sector Virus
  • Direct Action Virus
  • Resident Virus
  • Multipartite Virus
  • Polymorphic Virus
  • Overwrite Virus
  • Spacefiller Virus

Boot Sector Virus – This type of virus infects the master boot record and it is challenging and a complex task to remove this virus and often requires the system to be formatted. Mostly it spreads through removable media.

Direct Action Virus – This is also called non-resident virus, it gets installed or stays hidden in the computer memory. It stays attached to the specific type of files that it infect. It does not affect the user experience and system’s performance.

Resident Virus – Unlike direct action viruses, resident viruses get installed on the computer. It is difficult to identify the virus and it is even difficult to remove a resident virus.

Multipartite Virus – This type of virus spreads through multiple ways. It infects both the boot sector and executable files at the same time.

Polymorphic Virus – These type of viruses are difficult to identify with a traditional anti-virus program. This is because the polymorphic viruses alters its signature pattern whenever it replicates.

Overwrite Virus – This type of virus deletes all the files that it infects. The only possible mechanism to remove is to delete the infected files and the end-user has to lose all the contents in it. Identifying the overwrite virus is difficult as it spreads through emails.

Spacefiller Virus – This is also called “Cavity Viruses”. This is called so as they fill up the empty spaces between the code and hence does not cause any damage to the file.

#File infectors:
Few file infector viruses come attached with program files, such as .com or .exe files. Some file infector viruses infect any program for which execution is requested, including .sys, .ovl, .prg, and .mnu files. Consequently, when the particular program is loaded, the virus is also loaded.

Besides these, the other file infector viruses come as a completely included program or script sent in email attachments.

#Macro viruses:
As the name suggests, the macro viruses particularly target macro language commands in applications like Microsoft Word. The same is implied on other programs too.

In MS Word, the macros are keystrokes that are embedded in the documents or saved sequences for commands. The macro viruses are designed to add their malicious code to the genuine macro sequences in a Word file. However, as the years went by, Microsoft Word witnessed disabling of macros by default in more recent versions. Thus, the cybercriminals started to use social engineering schemes to target users. In the process, they trick the user and enable macros to launch the virus.

Since macro viruses are making a come back in the recent years, Microsoft quickly retaliated by adding a new feature in Office 2016. The feature enables security managers to selectively enable macro use. As a matter of fact, it can be enabled for trusted workflows and blocked if required across the organization.

#Overwrite Viruses:

The virus design purpose tends to vary and Overwrite Viruses are predominantly designed to destroy a file or application’s data. As the name says it all, the virus after attacking the computer starts overwriting files with its own code. Not to be taken lightly, these viruses are more capable of targeting specific files or applications or systematically overwrite all files on an infected device.

On the flipside, the overwrite virus is capable of installing a new code in the files or applications which programs them to spread the virus to additional files, applications, and systems.

#Polymorphic Viruses:
More and more cybercriminals are depending on the polymorphic virus. It is a malware type which has the ability to change or mutate its underlying code without changing its basic functions or features. This helps the virus on a computer or network to evade detection from many antimalware and threat detection products.

Since virus removal programs depend on identifying signatures of malware, these viruses are carefully designed to escape detection and identification. When a security software detects a polymorphic virus, the virus modifies itself thereby, it is no longer detectable using the previous signature.

#Resident Viruses:
The Resident virus implants itself in the memory of a computer. Basically, the original virus program is not required to infect new files or applications. Even when the original virus is deleted, the version stored in memory can be activated. This happens when the computer OS loads certain applications or functions. The resident viruses are troublesome due to the reason they can run unnoticed by antivirus and antimalware software by hiding in the system’s RAM.

#Rootkit Viruses:
The rootkit virus is a malware type which secretly installs an illegal rootkit on an infected system. This opens the door for attackers and gives them full control of the system. The attacker will be able to fundamentally modify or disable functions and programs. Like other sophisticated viruses, the rootkit virus is also created to bypass antivirus software. The latest versions of major antivirus and antimalware programs include rootkit scanning.

#System or Boot-record Infectors:

The Boot-record Infectors infect executable code found in specific system areas on a disk. As the name implies, they attach to the USB thumb drives and DOS boot sector on diskettes or the Master Boot Record on hard disks. Boot viruses are no more common these days as the latest devices rely less on physical storage media.

How To Avoid Email Viruses And Worms

Here are some simple rules you can follow to avoid being infected by viruses through email.

How To Be Safe From Email Viruses And Worms

Here are some simple rules you can follow to avoid being infected by viruses through email.

Do’s
1. Use a professional, email service such as Runbox. Subscription services provide higher levels of security and support.
2. Make sure that your Runbox virus filter is activated.
3. Use the Webmail interface at www.runbox.com to read your email, or don’t download all your email to an email client unseen. Screen your email first, and delete suspicious-looking and unwanted messages before downloading the legitimate email to your local email client.
4. Make sure your computer has updated anti-virus software running locally. Automatic updates are essential for effective virus protection. Combined with server-side scanning, you now have two layers of security.
5. Disable message preview in your email client, especially on Windows platforms. Otherwise, malicious programs attached to incoming messages may execute automatically and infect your computer.
6. Ignore or delete messages with attachments appearing to be sent from official Runbox email addresses. Runbox rarely sends email to our users, aside from replies to inquiries and payment reminders. We practically never send an email with attachments to users.
7. Take caution when opening graphics and media attachments, as viruses can be disguised as such files.
8. Maintain several independent email accounts. If a virus infects your only business email address, you’ll be in trouble. Also, keep backups of your most important email and files separately.
9. If any valid message headers of a virus-email indicate what server the message was sent from, contact the service in question and file a formal complaint.

Don’ts
1. Do not open an email attachment unless you were expecting it and know whom it’s from.
2. Do not open any unsolicited executable files, documents, spreadsheets, etc.
3. Avoid downloading executable or documents from the internet, as these are often used to spread viruses.
4. Never open files with a double file extension, e.g. filename.txt.vbs. This is a typical sign of a virus program.
5. Do not send or forward any files that you haven’t virus-checked first.
6. Viruses and spam
7. Virus-makers and spammers often cooperate in devious schemes to send as much spam as possible as efficiently as possible. They create viruses that infect vulnerable computers around the world and turn them into spam-generating “robots”. The infected computers then send massive amounts of spam, unbeknownst to the computer owner.

Such virus-generated email is often forged to appear to be sent from legitimate addresses collected from address books on infected computers. The viruses also use such data, combined with lists of common (user) names, to send spam to huge numbers of recipients. Many of those messages will be returned as undeliverable, and arrive in innocent and unknowing email users’ Inboxes. If this happens to you, use the trainable spam filter to catch those messages.

How To Get Rid Of Computer Virus

Never the neglect to take action on a computer virus residing in your system. There are chances that you might end up losing important files, programs, and folders. In some cases, the virus damages the system hardware too. Thereby, it becomes mandatory to have an effective anti-virus software installed on your computer to steer clear of all such threats.

Signs of Virus Infection

It is vital for any computer user to be aware of these warning signs –

• Slower system performance
• Pop-ups bombarding the screen
• Programs running on their own
• Files multiplying/duplicating on their own
• New files or programs in the computer
• Files, folders or programs getting deleted or corrupted
• The sound of a hard drive

If you come across any of these above-mentioned signs then there are chances that your computer is infected by a virus or malware. Not to delay, immediately stop all the commands and download an antivirus software. If you are unsure what to do, get the assistance of an authorized computer personnel. If you are confident enough, start investigating on your own by following the below mentioned step-by-step procedures.

#Safe Mode
Boot the system and press F8 for Advanced Boot Options menu. Select Safe Mode with Networking and press Enter. You might need to keep repeatedly pressing to get on to the screen.

Working on the Safe Mode helps handle nefarious files as they’re not actually running or active. Last but not the least the internet spreads the infection, so remove the connection.

#Delete Temporary Files
In order to free the disk space, delete temporary files before starting to run the virus scan. This approach helps speed up the virus scanning process. The Disk Cleanup tool helps in deleting your temporary files on the computer.

Here is how you got to go about accomplishing it – Start menu then select All Programs, now you click on Accessories, System Tools, and then click Disk Cleanup.

#Download Virus/Malware Scanner
If you are under the impression that a virus scanner cleanups the bad stuff from your computer then sadly, that’s not true! It helps in eliminating standard infections and not sufficient to remove the latest harmful infections. The virus/malware scanner helps to narrow down on the issue, so, download it now. In order to better protect go for a real-time anti-virus program, since it automatically keeps checking in the background for viruses.

P.S: Don’t install more than one real-time anti-virus program. If you do so, your system will start to behave weirdly.

#Run a Virus/Malware Scan
Download the virus/malware scanner using the internet. Once you have finished downloading the virus scanner, disconnect it for security and safety reasons. After successful download complete the installation procedures of the Virus/Malware scanner, then start running your on-demand scanner first and thereafter run your real-time scanner.

The reason for running both is that one of them will effectively eliminate your computer virus or malware.

#Reinstall the Software or Damaged Files
Once the virus removal from your computer is complete, go ahead and reinstall the files and programs that were damaged by the virus or malware. Make use of the backups for re-installation.

In simple, do the backups regularly 



Post a Comment

Comments (0)