|



Ô
   
  
 

  
 

 
    

  



    
 
 
  

  


  


   

    
    

   
 


   
  
 

 
In some cases, a virus will execute
only a gentle "personality quirk,"
such as causing your computer to
make seemingly random bleeps
bleeps..
But a virus can be very destructive
destructive;; it
could =
  

 





  

 

   


 =  and render your
machine inoperable.
inoperable.
Keneral virus types
While there are thousands of
variations of viruses, most fall
into one of the following general
categories, each of which works
slightly differently.
differently.
r  

v

eplaces or implants itself in

the boot sector. This kind of
virus can prevent you from
being able to boot your hard
disk..
disk
V

v
Written using a simplified macro
programming language, these viruses
affect Microsoft Office applications,
such as Word and Excel. A document
infected with a macro virus generally
modifies a pre-
pre-existing, commonly used
command (such as Save) to trigger its
payload upon execution of that
command..
command
V 
  

Infects both files and the boot
sector--
sector-- a double whammy that
can reinfect your system dozens of
times before it's caught.
caught.
Ö 
 
v

Changes code whenever it

passes to another machine.
 
v
hides its presence by
making an infected file
not appear infected
 '  





An e-mail virus moves around
in e-mail messages, and
usually replicates itself by
automatically mailing itself to
dozens of people in the victim's
e-mail address book
book..
|
v
A worm is a computer program that
has the ability to copy itself from
machine to machine.
machine. Worms
normally move around and infect
other machines through computer
networks.. Worms eat up storage
networks
space and slows down the computer
computer..
But worms don't alter or delete files.
files.
(

 v
A Trojan horse is simply a
computer program that claims
to do one thing (it may claim to
be a game) but instead does
damage when you run it (it
may erase your hard disk)
disk)..
When loaded onto your machine, a
Trojan horse can capture
information from your system --
such as user names and passwords
or could allow a malicious hacker
to remotely control your
computer..
computer
Trojan horses have no way to
replicate automatically.
automatically.
Origins of Viruses v

eople create viruses.
viruses. A person has to
write the code, test it to make sure it
spreads properly and then release the
virus.. A person also designs the virus's
virus
attack phase, whether it's a silly
message or destruction of a hard disk
disk..
   =     



 =
 

=
=
sow They Spread ?
Early viruses were pieces of code attached
to a common program like a popular game
or a popular word processor
processor.. A person
might download an infected game from the
internet or copy it from a floppy disk and
run it
it.. A virus like this is a small piece of
code embedded in a larger, legitimate
program.. Any virus is designed to run first
program
when the legitimate program gets
executed..
executed
The virus loads itself into memory and looks
around to see if it can find any other programs
on the disk
disk.. If it can find one, it modifies it to
add the virus's code to the unsuspecting
program.. Then the virus launches the "real
program
program.." The user really has no way to know
program
that the virus ever ran. ran. Unfortunately, the
virus has now reproduced itself, so two
programs are infected.
infected. The next time either of
those programs gets executed, they infect other
programs, and the cycle continues.
continues.
If one of the infected programs is given
to another person on a floppy disk, or if
it is uploaded to internet, then other
programs get infected.
infected.

This is how the virus spreads.

spreads.
The spreading part is the infection phase of the
virus..
virus
Viruses wouldn't been so violently disliked if all
they did was replicate themselves.
themselves. Unfortunately,
most viruses also have some sort of destructive
attack phase where they do some damagedamage.. Some
sort of trigger will activate the attack phase, and
the virus will then "do something" -- anything from
printing a silly message on the screen to erasing all
of your data.
data. The trigger might be a specific date,
or the number of times the virus has been
replicated, or something similar
similar..
SOME T ICKS TsE VI USES
AY v

One important trick is the ability to load

viruses into memory so that they can
keep running in the background as long
as the computer remains on.
on. This gives
viruses a much more effective way to
replicate themselves.
themselves.
Another trick is the ability to infect the boot sector
disks.. The boot sector is a
on floppy disks and hard disks
small program that is the first part of the operating
system that the computer loads and tells the
computer how to load the rest of the operating
system..
system
By putting its code in the boot sector, a virus can
guarantee that it gets executed
executed.. It can load itself
into memory immediately, and it is able to run
whenever the computer is on.
on. Boot sector viruses
can infect the boot sector of any floppy disk
inserted in the machine, and on campuses where
lots of people share machines they spread like
wildfire..
wildfire
In general, both executable and boot sector viruses are
not very threatening any more
more..
The first reason for the decline has been the huge size
of today's programs
programs.. The programs are so big that the
only easy way to move them around is in CDsCDs..
eople
certainly can't carry applications around on a floppy
disk like they did in the early days.
days. Compact discs
cannot be modified, and that makes viral infection of a
CD impossible
impossible..
Boot sector viruses have also declined because
operating systems now protect the boot sector
sector..
Both boot sector viruses and executable viruses are
still possible, but they are a lot harder now and they
don't spread nearly as quickly as they once could.
could.

revention is the best cure v
ã
  

 





   






 


 
 


  !






 


 "
"



#


#





$

#

"


#

"


#


sow antivirus software works v
Scanning software looks for a virus in one of
two ways
ways.. If it's a known virus (one that has
already been detected in the wild and has an
antidote written for it) the software will look
for the virus's signature -- a unique string of
bytes that identifies the virus like a fingerprint
-- and will zap it from your system system.. Most
scanning software will catch not only an initial
virus but many of its variants as well, since the
signature code usually remains intact.
intact.
In the case of new viruses for which no antidote has
been created, scanning software uses methods that
look for unusual virus like activity on your system.
system.
If the program sees any funny business, it
quarantines the questionable program and
broadcasts a warning to you about what the
program may be trying to do (such as modify your
Windows egistry)
egistry).. If you and the software think
the program may be a virus, you can send the
quarantined file to the antivirus vendor, where
researchers examine it, determine its signature,
name and catalog it, and release its antidote
antidote.. It's
now a known virus
virus..
If the virus never appears again --
which often happens when the virus is
too poorly written to spread -- then
vendors categorize the virus as
dormant.. But viruses are like
dormant
earthquakesvv The initial outbreak is
earthquakes
usually followed by aftershocks
aftershocks..
Variants (copycat viruses that emerge
in droves after the initial outbreak)
make up the bulk of known viruses
viruses..

ractice safe computing
The best way to protect yourself from viruses
is to avoid opening unexpected e-mail
attachments and downloads from unreliable
sources..
sources esist the urge to double-
double-click
everything in your mailbox
mailbox.. If you get a file
attachment and you aren't expecting one, e-
mail the person who sent it to you before you
open the attachment
attachment.. Ask them if they meant
to send you the file, what it is, and what it
should do
do..
mor added safety, you need to install
reliable antivirus scanning software and
download updates regularly
regularly.. Major
antivirus software vendors, including
Symantec, Network Associates, Computer
Associates, and Trend Micro, provide
regular updates.
updates. (Computer Associates'
InoculateIT is also free.
free.) Some of the
vendors also offer a service that will
automatically retrieve updates for you
from the company's Web site
site..
 egular updates are essential.
essential.
esearchers at Computer Economics
estimate that 30 percent of small
businesses are vulnerable to viruses
either because they don't keep their
virus--scanning software updated or
virus
because they don't install it correctly.
correctly.