2. Defination of Computer Viruses –
Virus is a kind of app or software which
actually piggy-back on the other software so
to give order or commands to excute. They
copy itselfs on other software or programs
and corrupts them which leads to data loss.
3. In order to virus attacks your pc or device it
should be run. So basically the virus is
attached to the software and when the
victim run the software or infected program
which turns in the execution of code. Then
the computer will shows some sympthons or
signs like poping up adds, slowing of pc , auto
refreshing of icons, networks usage or slow
network, program unresponsive etc. And also
include some major changes like permanent
deleting of data from the hard disk without
even knowing or it can steal your Steal
passwords.
How
virus
attacks –
5. Frequent pop-up windows -- Pop-ups might encourage you to visit
unusual sites. Or they might prod you to download antivirus or other
software programs.
Changes to your homepage -- Your usual homepage may change to
another website, for instance. Plus, you may be unable to reset it.
Mass emails being sent from your email account -- A criminal may take
control of your account or send emails in your name from another
infected computer.
Frequent crashes-- A virus can inflict major damage on your hard drive.
This may cause your device to freeze or crash. It may also prevent your
device from coming back on.
Unusually slow computer performance -- A sudden change of processing
speed could signal that your computer has a virus.
Unknown programs that start up when you turn on your computer --
You may become aware of the unfamiliar program when you start your
computer. Or you might notice it by checking your computer’s list of
active applications.
Unusual activities like password changes -- This could prevent you from
logging into your computer.
Signs of Computer Virus --
6. Types of Virus --
1. Boot sector virus
This type of virus can take
control when you start — or
boot — your computer. One
way it can spread is by
plugging an infected USB drive
into your computer.
2. Web scripting virus
This type of virus exploits the
code of web browsers and web
pages. If you access such a web
page, the virus can infect your
computer.
3. Browser hijacker
This type of virus “hijacks”
certain web browser
functions, and you may be
automatically directed to an
unintended website.
4. Resident virus
This is a general term for any
virus that inserts itself in a
computer system’s memory. A
resident virus can execute
anytime when an operating
system loads.
6. Polymorphic virus
A polymorphic virus changes
its code each time an
infected file is executed. It
does this to evade antivirus
programs.
7. Worm is a self-replicating program, similar to a computer
virus. A virus attaches itself to, and becomes part of,
another executable program; however, a worm is self-
contained and does not need to be part of another program
to propagate. Worm is a small piece of software that uses
computer networks and security holes to replicate itself.
Like the ILOVEYOU virus, which destroyed the files of more
than 50 million internet users worldwide, rendered PCs
unbootable, copied people’s passwords and sent them to its
creators, and caused up to US$9 billion in damages in the
year 2000.
Worms --
8. A Trojan horse or Trojan is a type of malware that is often
disguised as legitimate software. Trojans can be employed
by cyber-thieves and hackers trying to gain access to users'
systems. Trojans may allow an attacker to access users'
personal information such as banking information,
passwords, or personal identity. It can also delete a user's
files or infect other devices connected to the
network. Ransomware attacks are often carried out using a
Trojan.
The most common way Trojan horses spread is through e-
mail attachments. The developers of these applications
typically use spamming techniques to send out hundreds or
even thousands of e-mails to unsuspecting people; those who
open the messages and download the attachment end up
having their systems infected
Trojan --
9. A rootkit is software used by a hacker to gain constant
administrator-level access to a computer or network. A
rootkit is typically installed through a stolen password or by
exploiting a system vulnerabilities without the victim's
consent or knowledge.
Rootkits primarily aim at user-mode applications, but they
also focus on the kernel, or even firmware. Rootkits can
completely deactivate or destroy the anti-malware software
installed in an infected computer, thus making a rootkit
attack difficult to track and eliminate. When done well, the
intrusion can be carefully concealed so that even system
administrators are unaware of it.
Rootkit --
10. Some of the impacts of rootkits are often to:
--- Provide the attacker with complete backdoor access,
permitting them to falsify or steal documents.
Hide other malware, especially keyloggers. The keyloggers
may then be used to access and steal the victim's sensitive
data.
--- Enable the attacker to use the infected machine as a
zombie computer to trigger attacks on others.
11. Ransomware in which the data on a victim's computer is
locked, typically by encryption, and payment is demanded
before the ransomed data is decrypted and access is
returned to the victim. The motive for ransomware attacks
is nearly always monetary, and unlike other types of attacks,
the victim is usually notified that an exploit has occurred
and is given instructions for how to recover from the attack.
Payment is often demanded in a virtual currency, such
as Bitcoin, so that the cybercriminal's identity is not known.
Ransomware malware can be spread through malicious email
attachments, infected software apps, infected external
storage devices and compromised websites. Attacks have
also used remote desktop protocol and other approaches
that do not rely on any form of user interaction.
Ransomware --
12.
13. Types of ransomware
Attackers may use one of several different approaches to extort digital currency
from their victims. For example:
Ransomware known as scareware will try and pose as security software or tech
support. Victims may receive pop-up notifications saying malware has been
discovered on their system (which, an un-owned security software would not
have access to this information). Not responding to this will not do anything
except lead to more pop-ups.
Screen lockers, or lockers, are a type of ransomware designed to completely lock
a user out of their computer. Upon starting up the computer a victim may then
see what looks to be an official government seal, leading the victim into
believing they are the subject of an official inquiry
In encrypting ransomware, or data kidnapping attacks, the attacker will gain
access to and encrypt the victim’s data and ask for a payment to unlock the files.
Once this happens, there is no guarantee that the victim will get access to their
data back- even if they negotiate for it.
Mobile ransomware is ransomware which affects mobile devices. An attacker can
use mobile ransomware to steal data from a phone or lock it and require a
ransom to return the data or unlock the device.
14. WannaCry
In May 2017, the WannaCry ransomware attack spread
through the Internet, using an exploit vector
named EternalBlue, which was leaked from the U.S. National
Security Agency. The ransomware attack, unprecedented in
scale, infected more than 230,000 computers in over 150
countries, using 20 different languages to demand money
from users using Bitcoin cryptocurrency. WannaCry
demanded US$300 per computer. The attack
affected Telefonica and several other large companies in
Spain, as well as parts of the British National Health
Service (NHS), where at least 16 hospitals had to turn away
patients or cancel scheduled operations, FedEx, Deutsche
Bahn, Honda, Renault, as well as the Russian Interior
Ministry and Russian telecom MegaFon. The attackers gave
their victims a 7-day deadline from the day their computers
got infected, after which the encrypted files would be
15. The damage caused by viruses and worms can be divided
into two categories: intentional damage and unintentional
damage. Intentional damage, or harmless effects, is caused
explicitly by the payload routine. Unintentional damage may
be caused as a side effect when the virus replicates. It is a
common misconception that all viruses are malicious by
nature. As a matter of fact, many common viruses lack a
payload(component of virus that executes malicious activity)
altogether.
Several of the groups listed here apply to all viruses,
especially the unintentional PR damages and IT support
workload. Many viruses also contain a single or multiple
intentional effects
Effects on the IT systems --
16. 4.1.1 Harmless effects
These effects are always produced by the payload routine, but they are
not malicious. The effect may be a picture, animations or video, music
or sounds, interactive functions, political messages etc. These effects
usually give you an idea about the virus author’s way of thinking, age or
nationality. These effects may be funny or annoying and may distract or
disturb the user, but they do not cause any permanent damage.
4.1.2 Compatibility problems
Individuals make viruses and worms and they do not have resources to
test their creations on a wide range of computer systems. Nor do they
develop the viruses according to quality control systems and guidelines.
This makes it likely that they cause compatibility problems when run on
systems that differ from the one on which they were developed. These
problems can occur as error messages, crashes, inability to access
certain functions etc. These problems are grouped as unintentional
damage.
17. 4.1.3 Compromising system Integrity
Intentional damage is often caused by erasure or
modification of data. Erasing files is perhaps the most
obvious way to cause damage. Erasing files, however, is a
clumsy way and modern, well maintained, systems can
usually recover from backups. Modifying data is a much more
sophisticated strategy. Small changes are made to the
system now and then. The backup routine stores partially
corrupted data until the virus is detected. Restoring the data
is hard or impossible as several generations of backups are
compromised.
4.1.4 Granting unauthorized access
Viruses may plant backdoors in the system, or steal
passwords. These functions can later be used by hackers to
access the system. Damage caused by such hacking activities
is hard to predict. Unauthorized usage of the system may,
for example, continue unnoticed for a long time.
18. 4.1.5 Disclosure of confidential data
Viruses and worms have access to the same communication
methods as the user, and even use them to replicate. A
payload routine may easily locate documents that match
certain criteria and send them to anyone on the Internet.
Some email worms also cause disclosure of data as a part of
replication. The worms that replicate when attached to a
document, such as Melissa, send this document to recipients
to whom the user had no intention of sending the document.
The following example illustrates this. A company asks for
offers from several vendors. One of the vendors is infected
with Melissa. The offer is mailed to the buyer as a document
infected with Melissa. The buyer opens the document and
becomes infected immediately. The Melissa worm examines
the address book and send itself to the first 50 addresses on
the list. The document that is sent is the offer from the
infected vendor, and the list of recipients probably contains
the competitors.
19. 4.1.6 Computer resource usage
Viruses and worms can disturb computer systems by spending
resources, either intentionally or unintentionally. Some
viruses contain payloads that deliberately eat system
resources, but resource consumption is probably
unintentional in most cases. Unintentional resource
consumption may be caused by errors in the virus or the
replication.
4.1.7 Human resource usage
Cleaning virus infections means extra work for the IT support
staff. This damage, and the downtime for the user, may
result in great expense unless the viruses are stopped
properly using anti-virus software. Even if viruses are
successfully stopped using anti-virus software, the cost of
maintaining this system may be seen as a cost caused by
viruses
20. The replication speed of viruses depends on the replication
strategy and the available communication methods. Today's
more powerful computer environments enable viruses and
worms to spread much faster than a decade ago. This table
describes typical replication speeds for the most common
virus types.
The conclusion is that replication speed has increased
dramatically over the past decade. This emphasizes even
further the fact that anti-virus software must be kept up to
date to protect the system efficiently. A typical update rate
for anti-virus software has accordingly decreased from
monthly or bi-monthly to daily or real time.