By Thomas Pantone Cosc 380

 A virus is a type of malware that self replicates after being executed and inserts itself into other programs, data files, and/or the boot sector of the hard disk  Upon Infection the virus performs malicious activities that include corrupting data, logging keystrokes, stealing personal and any number of other damaging actions.  The two key points of a computer virus are it is program that makes unauthorized changes to the system when it is executed and a virus will not do anything until the file is opened or executed.

 10. Melissa: This virus rapidly spread due being from an attachment that once run took over the victim’s and sent copies of itself to everyone in the victim’s address book. This caused servers to crash from overload.  9. ILOVEYOU: This Virus is more of a worm but it is similar to Meilissa in it’s spread by but this was more malignant. ILOVEYOU copied itself into the victim’s system, replaced files with copies of itself, downloaded another executable that stole the victim’s information and relayed it to the original hacker.  8.Klez Virus: This Virus spread via hijacking address books bit it spread faster by spoofing changing the from field of the to circumvent address blocking and trick victim’s with a trusted identity.  7.Code Red and Code II: Exploited an OS vulnerability in Windows 2000 and WindowNT, a buffer overflow issue which meant when the computers received more info than the buffers could handle the adjacent memory would be overwritten. Creating a backdoor to take over the system all part of a plan for a DDoS attack on the Whitehouse.  6.The Nimda worm created a backdoor into the victim's operating system. It allowed the person behind the attack to access the same level of functions as whatever account was logged into the machine currently. In other words, if a user with limited privileges activated the worm on a computer, the attacker would also have limited access to the computer's functions. On the other hand, if the victim was the administrator for the machine, the attacker would have full control.

 5.SQL SLAMMER:The worm exploited the buffer overflow vulnerability in the Microsoft SQL server. It is a small piece of code that does little other than generate random IP addresses and send itself out to those addresses. If a selected address happens to belong to a host that is running an unpatched copy of Microsoft SQL Server Resolution Service, the host immediately becomes infected and begins spraying the Internet with more copies of the worm program. This caused server crashes and global internet slowdowns.  4. The MyDoom (or Novarg) virus is another worm that can create a backdoor in the victim computer's operating system. The original MyDoom virus -- there have been several variants -- had two triggers. One trigger caused the virus to begin a DoS attack starting Feb. 1, The second trigger commanded the virus to stop distributing itself on Feb. 12, Even after the virus stopped spreading, the backdoors created during the initial infections remained active. This also spread by spoofing s  3. The Sasser worm attacked computers through a Microsoft Windows vulnerability. Unlike other worms, it didn't spread through . Instead, once the virus infected a computer, it looked for other vulnerable systems. It contacted those systems and instructed them to download the virus. The virus would scan random IP addresses to find potential victims. The virus also altered the victim's operating system in a way that made it difficult to shut down the computer without cutting off power to the system.  2.The Netsky virus moves through s and Windows networks. It spoofs addresses and propagates through a 22,016-byte file attachment As it spreads, it can cause DoS attack as systems collapse while trying to handle all the Internet traffic. At one time, security experts at Sophos believed Netsky and its variants accounted for 25 percent of all computer viruses on the Internet

 1. The Storm Worm is a Trojan horse program. Its payload is another program, though not always the same one. Some versions of the Storm Worm turn computers into zombies or bots. As computers become infected, they become vulnerable to remote control by the person behind the attack. Some hackers use the Storm Worm to create a botnet and use it to send spam mail across the Internet. Although the Storm Worm is widespread, it's not the most difficult virus to detect or remove from a computer system. If you keep your antivirus software up to date and remember to use caution when you receive s from unfamiliar people or see strange links, you'll save yourself some major headaches.

There are Three main methods of Virus Detection  Signature Based Detection: This is the standard method used by anti-virus software, using a dictionary of virus/malware signatures each file is scanned in its entirety for a match if there is a match the software takes actions. The flaw of this method is viruses without definitions are undetectable by the software.  Heuristics: This method searches for Viruses using generic signatures to detect the various mutations of viruses and it can detect viral behaviors in files and respond to them. The issue with this method it takes time and is donw by the Anti-virus firm not the indvidual users.  Real Time Protection: This applies the above two methods in real time every time a file is opened/executed or new files enter the system.  Also according to Fredrick B. Cohen’s 1987 Demonstration there is no algorithm that can detect all possible viruses.

 When an infected file is detected the anti-virus software quarantines the file before it spreads. Next it removes the file from the system and asks the user to shutdown and reboot the system. After the reboot the virus may still exist in the system which indicates it’s severity.  There are some viruses that are not detected until they have thoroughly corrupted the system. In this case they have taken control of the system, disabled the anti-virus, and generally ruining the system.  At this point the only course of action would be to completely wipe the system clean and reinstall the Operating System.

 Vaccine is a colloquial term to describe the solution to a computer virus. Creating a vaccine involves analyzing a previously unknown virus using several methods.  Code Analysis which involves reading the machine code of the file without executing it to detect and malware behaviors. This method is limited by the complexity of the file as some are designed to counter this method.  Emulation which creates a virtual machine that can safely run portions of the file to determine the results without infecting the machine in use. This is faster than Code Analysis  Generic Signatures from preexisting viruses can be applied to newer ones as most new viruses are redesigns of older viruses completely new viruses are rare. Logically counter-measures to older versions could be applied to new versions.  Logically after finding solutions they are distributed to the clients of Anti-virus programs in the form of updates.  In some cases special Virus Removal Tools are created to deal with the more severe viruses that cannot be attached to a simple update.

 Computer Viruses are self-replicating files that once executed make unauthorized malicious changes to the system  Over the decades there have been dozens of dangerous viruses  Viruses are detected with three main methods Signature Based Detections, Heuristics, and Real time protections.  Viruses are usually quarantined and removed by anti- virus software but more damaging viruses require more drastic measure to resolve  Vaccines are created after the Virus goes through Code Analysis, Emulation and Generic Signature then distributed once solutions are found.

  computer-viruses.htm#page=1 computer-viruses.htm#page=1  e#Issues_of_concern e#Issues_of_concern   to-tech/how-to-remove-computer-virus.htm to-tech/how-to-remove-computer-virus.htm