Computer

Worms & Viruses

ERICA SANTIAGO
ASHLEY GUY
DAVID HOLLAND
ASHLEY WHITE
JESSICA PUETTNER
 Viruses
By: Erica Santiago
 What is a Virus?

a virus is software that spreads from

program to program, or from disk to
disk, and uses each infected program or
disk to make copies of itself. basically
computer sabotage.
 The History of the Virus
• the term comes from biology. a
computer virus reproduces by making,
possibly modified, copies of itself in the
computer’s memory, storage, or over a
network. similar to the way a biological
virus would work.
• the very first virus to be created outside
the single computer or lab was the
program called "Elk Cloner.” it was
written by Rich Skrenta in 1982. the
virus attached itself to the Apple DOS
3.3 operating system and spread
through floppy disk. the virus was
originally a joke, created by a high
school student and put onto a game.
the 50th time someone played the
game, the virus would be released. so
instead of playing the game, the user
saw a blank screen that read a poem
about the virus named Elk Cloner.
 How does a Virus Spread?
first a programmer writes the virus most often
being attached to a normal program;
unknown to the user, the virus spreads to
other software. then the virus is passed by
disk or network to other users who use other
computers. the virus then remains dormant
as it is passed on.
The Internet
 The types of Viruses
• the way viruses are usually categorized is by
what they do.

• the boot virus which infects the boot sector of disk storage
• the program virus which infects the executable programs
• the multipartite virus which is a combination of the boot and
program virus
• the stealth virus which is able avoid detection by a variety of
means such as removing itself from the system registry, or
masquerading as a system file
• the parasitic virus which embeds itself into another file or
program such that the original file is still viable
• the polymorphic virus which changes its code structure to avoid
detection and removal
• the macro virus which exploits the macro language of a program
like Microsoft Word or Excel.
 Protect Yourselves
• run a more secure operating
system like UNIX, another
computer operating system in
which you never hear about
viruses on these operating
systems because the of the
security features
• if you are using an unsecured
operating system, you can buy
virus protection software like
McAfee or Norton AntiVirus
• to help avoid viruses, it’s very
important that your computer is
current with the latest update
and antivirus tools, try to stay
informed with recent threats
about viruses and that you be
careful when surfing the Internet,
downloading files and opening
attachments
Worms
By: Ashley Guy
 Worms 101
• worms have been around since 1988.
• a computer worm is very similar to that of a normal
computer virus.
• unlike a virus though, the worm is a program that can
copy itself across a network and it can run on itself.
• a worm also has a unique feature in the sense it
doesn’t have to have a host program in order to run.
• a worm works by copying itself into nodes or network
terminals which does not require any intervention
from the user itself
• worms began to take off in the late ‘90s and early
2000’s.
• these modern worms ran themselves through the
internet and many file sharing programs such as
KaZaa, a music file-sharing program.
 Types of Worms
• the “email worm”
• the email worm spreads itself through email
• the worm can hide itself in messages as a link or an
attachment that will redirect the user to an infected website.
• many users become victims to this particular worm due to
their vulnerability and willingness to read and open
messages that they think could be interesting.
• the Instant Messaging worm
• this worm masks itself in the form of an “IM” with the
contents of a link that will redirect the user to an infected
website and then try to gain full access of the machine.
 Protect Yourselves
• even though it seems impossible to not catch a
worm, it’s not.
• one of the best things a computer owner can do is
install and run anti-virus software, especially the kind
that updates automatically.
• anti-virus software will notify the user when a virus or worm
is found and prevent it from running and/or copying itself.
• other precautions:
• choosing secure passwords and changing them regularly
• not opening unfamiliar emails or attachments and most
importantly not running or copying software from an
unsecured website.
 Viruses vs. Worms
• spreads from program • uses computer hosts to
to program, or from disk reproduce themselves
to disk • travel independently
• uses each infected over computer networks
program or disk to make • software sabotage
copies of itself • resides in memory
• computer sabotage rather on disk
• destroys data or erases • puts computers at a
disks standstill
• operating system
specific
AntiVirus Software
By: David Holland
 What is AntiVirus Software?

computer programs intended to identify

and eliminate computer viruses.
 The Best Defense
• this years best defense against computer viruses, spyware,
hackers and spam is an antivirus program called BitDefender.
• has a user-friendly interface that scans all existing files on your
computer, all incoming and outgoing emails, and even IM
transfers.
• features include privacy protection and web scanning for
internet use. a years subscription is about $24.99.
 NAV

• the most widely used software is the Norton AntiVirus. (NAV)

• since its release in 1990, over 100 million people around the
world have used it.
• it’s a free program but in order to receive live updates, a valid
subscription is needed.
• a yearly subscription is only $29.99.
 McAfee

• McAfee VirusScan is another popular antivirus program.

• it’s designed for home and home-office use.
• it’s used specifically on a Microsoft Windows platform.
• the 2007 edition includes a number of features including on
access file sharing, inbound and outbound firewall protection,
and daily definition updates.
 Sophos
• Sophos AntiVirus is an antivirus and anti-spyware program that
is primarily aimed at corporate environments or businesses.
• includes a number of security tools and advice.
• also includes 24/7 support including upgrade alerts.
 Kasperski
• for the average home user and advanced users the Kasperski
antivirus software has an easy to use interface.
• the program uses 3 tabs for protection, settings and support.
• it updates itself on an hourly basis and is one of the fastest
antivirus programs available.
• however, quality comes at a price and year subscription is
$49.99.
Antivirus software:
How it works
By: Ashley White
“Antivirus software is the equivalent to
penicillin of the computer world.”
• like penicillin, antivirus applications act as a
guard over your system, scanning incoming
files and applications, “quarantining” or
cleaning up unwanted viruses looking to
cause harm to your system
• antivirus software is considered to be an aid
that detects, fixes and even prevents viruses
and worms from spreading to your computer
as well as connecting computers.
 Why is software an issue?
• some antivirus software can considerably
reduce performance
• there should not be more than one antivirus
software installed on a single computer at any
given time
• it’s sometimes necessary to temporarily
disable virus protection when installing major
updates
• some argue that antivirus software often
delivers more “pain than value to end users
 Two main types
• there are different types of antivirus
software for different computers
• some are designed for personal
computers
• some are for servers and others for
enterprises
• there are mainly two types of antivirus
software: specific and generic
 Specific Scanning
• specific scanning or signature detection
• the application scans files to look for known
viruses matching definitions in a “virus
dictionary”
• when the antivirus looks at a file it refers to a
dictionary of known viruses and matches a
piece of code (specific patterns of bytes) from
the new file to the dictionary.
 Specific scanning cont..
• after recognizing the malicious software
the antivirus software can take one of
the following actions:
• (1): attempt to repair the file by
removing the virus itself from the file
• (2): quarantine the file
• (3): or delete the file completely
 Specific Scanning cont…

• however, specific scanning is not always

reliable because virus authors are creating
new ways of disguising their viruses so the
antivirus software does not match the virus’
signature to the virus dictionary.
 Generic Scanning
• generic scanning is also referred to as
the suspicious behavior approach.
• generic Scanning is used when new
viruses appear.
• in this method the software does not
look for a specific signature but instead
monitors the behavior of all applications.
 Generic Scanning cont…
• if anything questionable is found by the
software the application is quarantined
and a warning is broadcasted to the
user about what the program may be
trying to do.
• if the software is found to be a virus the
user can send it to a virus vendor.
 Generic Scanning cont…
• there, researchers examine it,
determine its signature, name and
catalogue it and release antivirus
software to stop its spread.
• if the virus never reappears the vendors
categorize the virus as dormant.
 Two other approaches

• heuristic analysis
• another form of generic scanning
• the sandbox method
 Another Approach…
• heuristic analysis
• in the heuristic method the software, for example, “could try to
emulate the beginning of the code of each new executable that
the system invokes before transferring control to that executable.”
if the program attempts to use “self-modifying code” or appears to
be a virus, it’s assumed that the virus has infected the
executable.
• in this method there are a lot of false positives.

• sandbox method
• when an antivirus program will take suspicious code and run it in
a “virtual machine” to see the purpose of the code and exactly
how the code works. after the program has terminated, the
software analyzes the sandbox for any changes, which could
indicate a virus.
 Heuristic Analysis
• software tries to emulate the beginning of the
code of each new executable that the system
invokes before transferring control to that
executable.
• if the program attempts to use self-modifying
code or appears to be a virus, it’s assumed
the virus has infected the executable.
• there are many false positives in this
approach.
 Sandboxing
• in this approach an antivirus program
will take suspicious code and run it in a
“virtual machine” to see the purpose of
the code and exactly how the code
works.
• after the program is terminated the
software analyzes the sandbox for any
changes, which might indicate a virus.
Specific worms & virus attacks

By: Jessica Puettner

 The Macro Virus
• one of the most common viruses is a macro virus,
which is usually contracted through emails.
• macro viruses attach themselves to a document
usually created in one of the applications in Microsoft
Office.
• when one of these infected documents is sent
through an email.
• it infects the computer by getting into an email
account and reproducing itself by sending it to all the
people in that person’s email address list.
 The Melissa Virus
• one of the biggest virus incidents was the Melissa
virus in 1999.
• this was a macro virus that was built into a Microsoft
Word document and in it was a list of different
pornography websites.
• what the user did not know was the fact that when he
or she opened the document the virus went straight
to Microsoft Outlook and sent the same email to the
first 50 addresses in their address book.
• it was not a destructive virus and there was not really
any damage done to any computers. the man who
created the virus got fined $5,000 and got sentenced
to 20 months in prison.
 The Aftermath
• after the Melissa virus, the door for many was
opened to new viruses.
• one of them was Chernobyl. Unlike Melissa,
this one was destructive and infected over
600,000 computers all over the world.
• Chernobyl infected 300,000 computers in
South Korea and it cost about $250 million in
damages.
• in the Philippines, a virus now known as the
Love Bug infected their computer systems
and cost them billions of dollars in damages
 The Boot Virus
• boot viruses are viruses that infect either the floppy
disk boot records or the master boot records in hard
disks.
• most of the time what happens is the virus overwrites
the boot record program and this is a problem
because the boot record program is what loads the
operating system.
• boot viruses often load into the memory of the
computer while the disk is in use because the virus is
there instead of the operating systems program.
• some examples of these types of viruses would be
Disk Killer or Stone virus.
 The Program Virus
• program viruses are viruses that attack the
executable program files.
• the files it infects are .bin, .com, .exe, .ovl,
.drv, or .sys.
• these kinds of viruses are loaded onto the
computer when the file is being downloaded.
• once the infected program is loaded then the
virus starts making copies of itself.
• examples of these would be Sunday or
Cascade.
 The Stealth Virus
• stealth viruses are very tricky viruses.
• they usually are very hard to detect
because they take up exactly the
amount of space as the program should
so it is very hard to discover the virus
because it is so well hidden.
• an example of this kind of virus would
be the Whale virus.
 The Polymorphic Virus
• polymorphic viruses are also very hard
to detect.
• this virus can actually use an encrypted
code so it looks like a different virus
every time.
• different examples of this type of virus
would be Stimulate or Phoenix.
 Worms Attack
• the first major worm was in 1988 when a student at
Cornell made an experiment that accidentally got
onto the Internet.
• this worm caused 6,000 computers all over the
United States to freeze. all the infected computers
had to be shut off and the worm had to be
terminated.
• there was no really money damage but there was a
lot of lost time at different research institutions.
• one of the most damaging worms in history is named
Code Red in 2001.
• more than 359,000 computers all over the world were
infected with this worm in less than 14 hours.
• the estimate cost of damages due to the worm was
about $2.6 billion.
 Types of Worms
• a few different types of worms are emailing worms, instant
messaging worms, internet worms and file-sharing networks
worms.
• emailing worms are those in the attachments that are
sometimes sent with emails.
• instant messaging worms usually infect a computer when an
infected link is sent to a person and they open it. these also
get into computers and automatically send to most if not all
of the people on your buddy list.
• internet worms usually scan different computers and try to
get into their systems. a lot of times they will try and be
downloaded onto the computer by sending a request to be
downloaded.
• file-sharing networks worms usually copy itself in a shared
file under a name that is not suspicious and will start to infect
the computer as well as those in the same network.
 Conclusion
• Computer viruses and worms can so easily
be placed into your work station so you must
be careful when going on the internet,
opening emails from unknown users, make
sure you have some kind of anti-virus
software and always get updates so that you
aren’t helping to spread viruses and worms to
other people as well as harming yourself and
your pocket.