How A Computer Virus Actually Works Computer Science Essay

Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

In the eighties. The Amjad brothers of Pakistan ran a computer store and since they were frustrated by computer piracy they wrote the first computer virus in the world. A boot sector virus called Brain. Which infected 360 kb floppy disks. From the simple start of this virus. Thousands and thousands of viruses have evolved and been created.

Spyware is any unwanted program that infects computers for commercial gain. They can cause pop ups to appear in your web browser, steal personal information, monitor web activity for marketing purposes, or cause you to automatically surf to advertising sites.

Worms are pieces of code that use the computer network and security loop holes to transfer its self from machine to machine. In 2001 the code red worm coppied itself to over 250,000 times in a nine hour span. It specifically attacked swindows NT servers and windows 2000 running microsoft internet imformation server. The worm found the unsecured servers and attached its self to them. It was created for 3 purposes . To replicate its self for the first 20 days of the infection. It replaces the victoms web page with that states that they have been hacked by the chinese. It also tried to attack the white house's web server by overwhelming it.

Email viruses are different types of viruses that use email messages to transport itself and can automatically send itself to hundreds of thousands of people depending on whose email address they pick to transport the virus. There are basic rules that you can follow that can help to avoid email viruses. Never open any attachment unless you know the sender and you were expecting it. If you happen to receive a particular email message with an attachment from someone you don't know you should delete it immediately and never open it. Always use antivirus software and remember to constantly download updates.Always let someone know when you will be sending them an attachment in an email so that they can be expecting it. Always use spam filters to block unwanted and unrecognizable mail.

A resident virus is a virus that embeds itself into the memory on a computer. Activating whenever the opperating system performs a specific function so that it can infect files on the computer. Resident viruses can be quite destructive as it can spread through a system and even attach to antivirus programs, infecting the very thing that is supposed to find it.

A macro virus is written in a macro language and placed within a document. Viruses have to be run to do the task. When the document is opened and the macro is executed. Commands in the macro language do the destruction. Unlike typical file infecting viruses. Macro viruses infect data files. Mostly ones created in Word, Excel, PowerPoint, or even Access. Visual Basic macros are miniture programs embedded in the document.

The polymorphic virus is one of the more complex computer threats.  During infection it creates modified copies of itself.  This is primarily done to fake the detection of a virus scanner as some are not able to identify the infection.  One method it commonly uses to bypass a scanner. Involves self encryption with a variable key. To create an effective polymorphic virus. A coder chooses from a number of different encryption types that require different methods of decryption  A virus scanner based on a string-driven detection would have to find many different strings, one for each probable decryption type.  This is the best technique for reliably identifying this type of virus.      

More advanced forms of the polymorphic virus alter the instruction sequences of their variants by scattering decryption instructions with other instructions designed to fail the process of encryption.  It may also interchange mutually independent instructions to load inaccurate letters such as moving 0 to A or replacing A with a B.  A basic antivirus software would have no way to identify all of the infection.  Even more advanced programs has to really research this type of various and make special configurations to their scanner in order to detect it. A logic bomb virus is a piece of code programed into a software that will set off a malicious function when specified conditions are met. For example a programmer may hide a piece of code that starts deleting important files if they ever get terminated from the company. Software that is malicious such as a virus or worms most of the time contain logic bombs that execute a certain pre-determined set time or when some other condition is met. This technique can be used by a virus or worm to gain momentum and spread before being noticed. Many viruses attack their systems on specific dates. such as 12:00 tonight or April fools day. Trojans viruses that start doing damage on certain dates are called time bombs. To be considered a logic bomb. The dammage should be unwanted and unknown to the user of the software. For example, trial software with code that disables functionality after a set time are not normally logic bombs.

A Trojan horse virus is a malware that looks to do a reasonable task or function for the user prior to running or installing it but instead allows unauthorized access of the user's system. A Trojan horse may change the user's computer to display advertisements in places they dont want, like the desktop or in pop ups, or it may be less noticeable, like installing a toolbar on to the user's browser without notice. This can create the author of the Trojan money by people clicking on them. Trojan horses can allow a hacker remote access to a target computer system. Once a Trojan horse has been installed on a target computer system. A hacker may have access to the computer remotely and mess with different operations. There are different actions the hacker can do for instance using the machine as part of a botnet to perform automated spamming or to give senial of service attacks, data theft by retrieving passwords or credit card information, installation of software such as third party malware, by downloading or uploading files on the user's computer, modifying or deleting files, keystroke logging, watching the users screen, and crashing the users computer. Trojan horses require interaction with a hacker to do their purpose. The hacker does'nt have to be the individual responsible for distributing the Trojan horse virus. It is possible for individual hackers to scan computers on a network with a port scanner in the hope of finding one with a Trojan horse virus installed. Then the hacker can then use the computer to control the target computer. They can be installed a number of different ways such as, downloading software, bundleing, email attachments websites that have executable content, and application exploits.

The use of anti virus is to prevent worms and viruses from getting into a organization's network. Some anti virus programs dont detect more complex infections, letting an outbreak to begin.  This issue arose from the widespread use of laptop computers and mobile computing.  Since many users tend to operate mobile devices with no security enabled on them at all. A network becomes very vulnerable to infection.  Once a virus gains a strong connection within the network. Removal of the viruses often becomes hard for the really advanced anti virus software to remove.  Also the intrusion detection systems and firewalls have a difficult time preventing the network virus from spreading to other files and devices.  A network virus has the ability to quickly down the performance of a network, by disabling critical devices, programs and network connections.  After the infection spreads, fully getting rid it often becomes difficult.  Reinfection often occurs which starts a major support effort and inflating cost when attempting to recover from the outbreak. The best way to defend a interconnected organization is to install a program equipped with a network based fire wall.  This type of software can be configured to automatically repair infected network devices and prevent the virus from occurring.  A network firewall uses a bunch of techniques to detect , contain and eliminate viruses known to infect a network. Here is a few ways, by using outbreak monitoring which keeps track of changes in traffic flow, connections made, and sudden increased traffic through ports and protocols such as TCP, UDP, IGMP, and ICMP.  The administrator is notified of any infectious computers that are found.  Out break prevention is another way which prevents the spread of viruses over wide area networks by using file, IP address, port and protocol filtering.

A boot sector virus is spread by infected floppy disks. This usually happens when users unintentionally leave a floppy disk in floppy disk drive . When the system is next started the computer will attempt to boot from the floppy disk. If the disk is infected with a boot sector virus the virus will infect the boot sector of the computers drive hard drive. Unless the floppy disk is a bootable system disk, the user will just see a message that sayes the drive contains a system disk error. Even non bootable disks can spread a boot sector virus when they are used. A boot sector infected hard drive can also infect a floppy disk. The first boot sector virus was discovered in 1986.

A computer virus that inserts its infecting code into executable files on a system is called a file infector file. When the infected file is opened or the program infected containing the virus can overwrite the file and cause damage to the content of the overwritten file. This type of virus targets a number of operating systems, mac, unix, and dos.  This is the most common type of virus. The virus code is most often added so it escapes detection. Files infected by this type of virus usually have a .com, ..exe, or .sys extension.

 Some file infecting viruses are designed for specific programs. Program types that are targeted are overlay files and dynamic link library files. These files are not executed, even though they are called by executable files. The virus is transmitted when the call is made. Damage to data occurs when the virus is set. A virus can be triggered when an infected file is executed, or when a certain environment setting is met like a specific system date.

A companion virus is a computer virus that uses a feature of dos that enables software with the same name, but with different extensions, that operates with different priorities. Like you may have program.exe on your computer, and the virus can create a file called When the computer executes program.exe, the virus runs before prgram.exe is executed. In most cases, the real program will run and the users think the system is running normally when its really not. It can replace a program that finds files and may result in the files that the user wishes to find being deleted.

A michaelangelo virus is a virus that was first discovered in April 1991 in Nw Zealand.The virus was designed to infect dos systems but did not engage the operating system. The michaelangelo virus like all boot sector viruses, operated at the BIOS level and remained dormant until march sixth. The birthday of the renaissance artist michaelangelo. On March sixth if the computer is a AT or ps2 the virus overwrites the first hundred sectors of the hard disk with nulls. The virus takes two hundred and fifty six cylinders, four heads, and seventeen sectors per track. Even though the user's data would still be on the hard disk, it would be next to impossible for the average computer to retrieve. On hard drives the virus moves the original master boot record to cylinder 0, head 0, sector 7. On floppy disks if the floppy is a 360 kb floppy. The virus moves the original boot sector to cylinder 0, head 1, sector 3. even though it is designed to infect dos systems, the virus can easily mess with operating systems on the system. Like other viruses the Michelangelo infects the master boot record of a hard drive. This virus became more widespread in January 1992. When it came to be a few computer and software manufacturers accidentally shipped products infected with the virus. Like intels lanspool print server which was infected. Thousands of computers were infected with this virus. By 1997 there were no more reports of the virus.