- 1. Introduction
Virus is defined as a program inserted into another. It gets activated by its host program. It replicates itself and spreads to others through floppy transfer. A virus infected data or program every time the user runs the infected program and the virus takes advantages and replicates itself.
Two type of viruses have been identified. They are’ parasitic’ and ‘boot’ virus.
- I. Parasitic virus
Parasitic virus attaches itself to other programs and is activate when the host program is executed. It tries to get attached to more programs so that chances’ of getting activated is more. It spreads to other computers when the affected’ programs are copied. Jerusalem and Data crime are considered as parasitic viruses.
- II. Boot virus
Boot virus is designed to enter the boot sector of a floppy disc. It works by replacing the first sector on the disc with part of itself. It hides the rest of itself elsewhere on the disc, with a copy of the first sector. The virus is loaded by the built-in program when the machine is machine is switched on. The virus loads, installs, hides the rest of itself and then loads the original. On a hard disc, virus can occupy DOS boot-sector or master boot sector. :
- 2. Some Known Viruses
I. C-Brain
Amjad and Basit, two Pakistani brothers, developed this software in January 1986 to discourage people from buying, illegal software at throwaway prices. This was the most famous virus ever found and has a record of damaging few millions of personal computers this is designed to stayin the boot sector of the disc or near zero sector. The virus enters the machine memory once the PC is booted with the infected floppy.
II. Macmag
This virus attacked Apple Macintosh computers only. Not much damage is reported because of this virus. This was not noticed on any IBM or compatible PCs. It displayed a message of peace on the monitor and killed itself. More-data is not available on this virus.
- III. Scores
This virus also was found only on Apple Macintosh computers. This virus was first found in March 1987. it affected mainly two programs within Electronic Data System Corp. Not much data is available on this virus also.
- IV. Cascade
Cascade virus attacked IBM PCs and compatibles. The letters on the screen could be seen dropping vertically down to the bottom of screen after the virus picked them of in alphabetical order. This is a sort of parasitic virus. It attaches itself to other programs and gets activated when the host program is executed it gets copied to other PCs when the programs are copied.
- V. Jerusalem
Found in 1987 at Hebrew University, Jerusalem, this virus was designed to activate only on Friday, January 13 and delete at the files executed on that day. This infects COM and EXE files. This is similar to Cascade virus in that it is parasitic in nature. This virus attaches itself to COM and EXE files to damage the data.
- VI. Data crime or Columbus or October the 13th virus
Data crime virus is similar to Jerusalem and was programmed to attack on October 13, 1989. Track zero of computer hard disc is destroyed and the contents of discs are rendered unreadable. This virus enters COM and EXE files and damages the hard disc. And antidote called ‘V Checker’ was developed by the American Computer Society. Fortunately the virus was located in March 1989 itself and the damage reported after October 13 was minimal. The Royal National institute for the Blind, UK was the worst hit and much data was reported to be lost.
- VII. Patch Exe
It is similar to Patch COM virus but affects only EXE files. This attacks both COM and EXE files.
- VIII. PC Stoned or Marijuana
This virus was found in Bangalore during October 1989. It resides in the boot sector of infected floppy. When the PC is booted through the infected floppy, the virus enters the hard disc and some sectors allocation tables (FAT) are damaged. Whenever the PC is booted from the hard disc as usual the virus copies itself on to boot sector of the floppy diskette in drive A and spreads to other PCs. This virus will not enter the hard disc unless it is booted through the infected floppy disc.
- IX. Bomb
This is also known as ‘Logic Bomb’ and Time Bomb”. An event triggered routine in a program that causes program to crash is defined as a ^bomb’. Generally, ‘bomb’ is a Software inserted in a program by a person working in company. Any frustrated programme can create a program to delete all the company files if he gets an indication that I may be sacked or transferred else where
- X. Bell Labs Virus
A compiler program which translates a programmer’s instructions into numbers that a computer can read had been altered so that it embedded a hidden “trapdoor” each time it created a new version of the operating system. The trapdoor altered the systems so that, in addition to normal users’ password, it would recognize a secret password known only to one person. The instructions never showed up the program listing – they were undetectable through normal means. The Virus never escaped Bell Labs.
- 3. Worms
Worm is a self-propagating program that works its through a system, often causing damage. It does not require a host program to activate it. Someone has to insert a worm directly into network of interconnected computers where messages can be sent from one to anther and data files and programs exchanged. An example is a local area network where each computer has its own files, programs operating systems and hard discs.
(i) Xerox PARC Worm
In 1980, John Shock at the Xerox Palo Alto Research Centre (PARC) devised a worm wriggled through large computer systems, looking for machines that were not being used and harnessing them to help a large problem. The worm could take over an entire system.
(ii)Existential Worm
A worm whose sole purpose is to stay alive. It runs no substantive application program. The Co Monster Worm at MIT was one such. It might display a screen message such as: “I’ m a worm, kill me if you can!”
(iii) Alarm Clock Worm
A worm that reaches out through the network to an outgoing terminal me equipped with mode, and places wake-up calls to a list of users.
(iv) Gladiator Worms
Bill Buckley and James Mouser developed Core Wars, where the object is to write a worm program that can replicate itself faster than another worm program can eat it. The one alive at the end wins. Some of the win programs have a chromosome consisting of only four lines of code. Longer genes can’t execute as fast as short ones, so I tend to get weeded out.
- 4. Worm Watcher
A special program which automatically takes steps to limit the size of a worm, or shut it down if it grows beyond a certain limit. The worm watcher also maintains a running log recording changes in the state of individed segments. This information can be used to analyze what might have gone wrong with a worm.
- 5. Antidotes
It is generally observed that most of the viruses attach themselves mainly to either COM or EXE files or Instruction are given to all users not to copy-in or copy-out COM and EXE files. All the original COM and EXE files it be kept on a write-protected floppy as back-up, whenever these files are required to be copied, they should be copied from this write-protected floppy.
A program called “Antidote” is available to check the infected COM and EXE files. This program checks only viruses and cannot locate boot virus. Hence it is required to run both the programs for- a complete checkup.
Precaution must be taken by all users at a site, not just be a handful of users. One person’s carelessness can enough to infect an entire environment. None of these precautions guarantees safety from viruses, but increased awareness will make a site less likely to suffer.
When product-tampering problems threatened consumers at the retail level in Australia. Drug manufactures there redesigned their packaging to make it easier to detect tampered products. Manufacturers could not guarantee that no one would tamper with the product just that it would easier to detect tampering.
In a similar manner, the software industry should be expected to toughen its packaging an to incorporate methods into software products that will help identify but not prevent tampering while these techniques will not identify every possible virus assault, they could add an extra level of protection.
For example, a checksum-oriented technique could be incorporated into each software company’s application. At stat-up, or periodically during a program’s execution the application could compare the consistency of the disk image of the company’s program with some known value to determine if the image had unexpectedly been modified. It an image was discovered to be inconsistent, an error/ warring message could be printed to alert the user.
Although the odds of being infected by a computer virus are small, the effects are enormous. Common-sense procedures and precautions, combined with some logical programming techniques, can help secure a site from this type of threat.
- 6. Some Hints
- Never allow floppy discs brought from outside your company to be used directly on PC without checking the floppy for virus presence. This includes service engineers and their floppy discs for maintenance.
- Keep all original EXE and COM files in a write-protected floppy.
- If COM and EXE files are required to be copied anywhere, copy only from write-protected original floppy.
- In case the system is ‘hanging’ (or floating), the reason could be virus. Check for virus.
- Avoid playing computer games on a computer where important data is stored as it is generally noticed that virus spreads faster though game floppies.
- Check sector information as a routine by modifying AUTOEXEC. BAT and using virus check programs.
- If virus if found on a PC, isolate it, identify and remove the virus. Only then should the PC be put in to use again.
Finally, the virus deletes the directory information, there by destroying any link between the computer and the data on the disk. At this stage, there is almost no chance of retrieving the data in its original form.