Live Chat Support

Wednesday, August 10, 2011

Research paper on Computer Virus, Computer Worms and Trojan Horse

Computer Viruses


For a layman who has little knowledge about the language of computers, there is no difference among virus, worm and Trojan horse.  These three concepts are often used interchangeably because they are all malicious programs that can destroy files and data and cause damage to the computers.  In this sense they are similar.  They are, however, different.  This report aims to find out the differences between a computer virus, a computer worm and a Trojan horse.  The report will also include the common computer viruses, the different types of computer viruses, the reasons why computer viruses can be destructive and the different ways by which computer users can protect themselves against viruses, worms and Trojan horses.


Computer Viruses


A computer virus is a computer program that is hidden within another program that is capable of reproducing copies of itself and inserting them into other programs or files.  It is often attached to a software or document that a computer user receives.  When the software containing the virus is run or when the file is opened the virus may infect the computer’s software and cause damage. 
A computer virus is so-called a virus because it has similar characteristics with a biological virus.  In the same manner that a biological virus can be transferred from one person to another a computer virus can likewise be transferred from one computer to another.  A biological virus is capable of reproducing itself by injecting its DNA into a cell.  The virus which is now inside the cell can use the capabilities of the cell to reproduce itself.  In the same manner, a computer virus can also attach itself to a program or document in order for it to replicate itself or to cause damage.


Because viruses can replicate themselves they can cause annoyance as they reduce the performance of the computer system by taking up huge memory or disk space.  However, other viruses are malicious which are capable of damaging or corrupting data, changing data, erasing files or locking up the whole computer systems.  Others however are less harmful as they only spread themselves within the files in the computer or they can spread through the internet.
Viruses are attached to an executable file.  It is possible that viruses may exist on the computer without actually causing damage. But once the computer user runs or opens the malicious program the computer may become infected.  For this reason, a virus cannot spread without human action by running an infected program.


In 2000, the world realized the impact a computer virus can cause.  The I love You virus spread throughout the world causing billions of dollars in damages in different countries.  The source of the ‘Love Bug’ virus was eventually traced in the Philippines.  At the time, the world is still unfamiliar with computer viruses and the damage they can cause. However, computer viruses have existed years before the year 2000.  In fact, computer viruses have existed for almost thirty years now.  The first virus was said to have been created in 1982 by a 15 year old boy named Rich Skrenta. (Kim Zetter 2)  According to Kim Zetter, Skrenta created the virus known as the Elk Cloner Program when he was playing jokes on his friends by introducing in the Apple II gaming programs a trick code that was capable of shutting down the computer or doing annoying things while the user is playing the computer game.  The Elk Cloner Program he created was the self-replicating boot-sector virus that infected the Apple II computers.  The following words appear on the Apple II computers Skrenta infected with a virus “It will get on all your disks, It will infiltrate your chips, Yes, it’s Cloner! It will stick to you like glue It will modify RAM too, Send in the Cloner!


Four years after, or in 1986, the Brain virus was created in 1986 by two Pakistani brothers. (Kim Zetter 2)  The Brain Virus is considered the first attempt at the marketing of virus.  Amjad and Basd Farooq Alvi created the virus supposedly for the purpose of infecting the IBM PCs.  This virus only infected boot records and not computer hard drives which the viruses of today do.  Once infected the PC shall display a message on the screen advertising the name of the two Pakistani brothers and their phone numbers so that those whose IBM PCs have been infected can contact them to obtain a vaccination.


How viruses spread



Infections spread from one computer to another in a number of ways.  The most common way of spreading computer viruses is via the Internet.  When a user downloads files or programs from the Internet, the same may contain viruses which the user is unaware of. 


However, there are also other means by which a computer virus may spread.  Computer viruses may also spread from removable media.  For instance, a person has a removable flash drive that has been infected with a computer virus from a source computer.  When the person boots the removable flash drive in another personal computer it will trigger the spread of the virus from the removable flash drive to the personal computer.  Any person therefore who inserts a floppy disk or a removable flash drive in the infected personal computer may also get a computer virus.  The transfer of virus will continue until the computer virus is detected.  Or, when a person purchases software that is infected with a computer virus and then uses the same software in his personal computer the running of the software can trigger the virus to spread to this personal computer. 


Another common way of spreading viruses is through e-mail attachments.  Most people send email messages containing attachments.  These attachments often always contain computer viruses so that when a computer user downloads n attachment the compute virus is eventually transmitted to the user.  For instance, in 1999, the FBI warned the public against a virus known as the Worm.Explore.Zip which even affected the computers of Microsoft, Compaq and Computer and General Electric. (Steven L. Harrison 2)  According to the FBI, the virus is very tricky because it disguises itself as a friendly e-mail reply bearing an attached file.  Once a user opens the file a virus is released that enters the computer hard drive and destroys the contents of the documents, spreadsheets and important files.




Most Common Computer Viruses


There are many common computer viruses that are spreading nowadays.  Based on the materials gathered for this report, one of the most common viruses is called the Win32/Virut.NBK.  This virus is a malicious and destructive program that sneaks inside the systems such as the XP or Vista.  According to Microsoft website, this virus is a polymorphic file infector that targets .exe and .scr file.  It is capable of modifying the files names and installing various files on the infected machine.  It can also create corrupt .exe and .dll files and download further malware threats onto the system.  The common source of this virus are the adult web sites which allow its users to download films, infected e-mail attachments or through file sharing.  This virus is so destructive that Microsoft considers that the alert level for this virus is severe.


Another common computer virus is the XP Antivirus 2009 which is classified as a rogue scanner. (Mary Landesman 1) This virus is dangerous because it masquerades itself as an anti-virus, antispyware or any security software which informs and claims that a user’s system is infected with a virus so that the user will purchase the XP Antivirus 2009.  It creates a list of entries in the PC with a warning that the computer is infected with a virus.  The reality however is that these are not actually virus infections.  They are fake infections to trick the user into purchasing the anti-virus software.


Types of Viruses


There are different types of viruses.  The first is the Boot sector virus which is a virus that resides in a portion of a computer drive that is read when the computer is booted up.  At this moment, the virus is also loaded into the memory of the computer.  Boot sector viruses may also spread through floppy disks which also have boot sector that can be infected.  The Michelangelo virus is a well-known boot sector virus.  The Michelangelo virus destroys data by overwriting a portion of a hard disk.  (“Michelangelo-The Virus- Fizzles Again” 1) The infection happens when a PC is booted from a Michelangelo-infected floppy disk.  The virus which stays in the computer’s memory and infects the partition sector of the hard disk becomes active every time the system is booted from the hard drive.  It can also infects other floppy disks which are inserted in the same hard drive.


A File Infector virus is also another kind of virus.  It infects files on a computer by attaching themselves to the executable files.  This is done by duplicating the malicious programs and code and applying it to other executable applications on the computer.  When a file is infected the virus copies the file and places into an area where it can be executed. Once the file is executed the malicious code runs first while the infected file remains dormant.  The virus then replicates itself in a location that is different from where the infection happened.  The infection goes on continuously. A famous example of a file infector is the cleevix virus which was first discovered in January 2006.


A multipartite virus is a virus that is the combination of the features of a boot sector virus and a file infector virus.  A macro virus is a set of code or instructions within a data file that can be used to automate tasks.  It can automatically perform system operations such as creating or deleting files, or writing into an existing file.  This virus replicates itself every time a document is created from a template that is infected by a macro virus.


Indicators of a computer virus


There are several known indicators that a computer has been infected with a virus.  One of the indicators is when the computer runs slower than usual. This is an indication that the virus has replicated itself and may be consuming a substantial portion of the computer’s memory and available space. Another indicator is when the computer stops responding to the commands or when it locks up or hangs frequently.  When computer crashes happens more frequently and restarts every few minutes.  It may also happen that certain applications are not running properly.  Other indictors of presence of computer virus are: appearance of unusual messages and distorted menus and dialog boxes, improper functioning of the anti-virus program and appearance of new icon on the desk top that was not downloaded to the computer.  These are indicators that the personal computer may have been infected by viruses, worms, or Trojan horses.


Impact of Computer Viruses

Computer viruses have severe economic impact.  According to a report released by Computer Economics in 2001 computer viruses have wreaked an estimated $10.7 billion in clean-up costs and lost productivity worldwide as of August for the same year. (Marcia Savage 1)  In 1999 and 2000, the economic impact of viruses has reached a total of $12.1 billion and $ 17.1 billion, respectively. (Marcia Savage 1) 


According to Eyad Al-Hazmi citing Computer Economics (2007), below is the data on the financial impact on malware attacks from 1997 to 2006.

Figure 1

Financial Impact of Malware Attacks from 1997 to 2006
Year
Worldwide Impact
2006
$13.3 Billion
2005
$14.2 Billion
2004
$17.5 Billion
2003
$13.0 Billion
2002
$11.1 Billion
2001
$13.2 Billion
2000
$17.1 Billion
1999
$13.0 Billion
1998
$ 6.1  Billion
1997
$ 3.3  Billion
Source: Impact of Malicious Codes:  Viruses, Worms, Trojan horses, Computer Economics, p.3


Figure 2

Financial Impact of Major Malware Attacks (1999-2004)
Year
Codename
Worldwide Impact
2004
MdDoom
$5.25 Billion
2004
Sasser
$3.50 Billion
2004
Netsky
$2.75 Billion
2004
Bagle
$1.50 Billion
2004
Sober
$750 Million
2004
Korgo
$400 Million
2003
SoBig
$2.75 Billion
2003
Nachi
$500 Million
2003
Blaster
$1.50 Billion
2003
Slammer
$2.00 Billion
2002
Badtrands
$400 Million
2002
Bugbear
$500 Million
2002
Klez
$1.50 Billion
2001
Nimda
$1.50 Billion
2001
Code  Red
$2.50 Billion
2001
Sir Cam
$1.25 Billion
2000
Love Bug
$8.75 Billion
1999
Melissa
$1.50 Billion
1999
Explorer
$1.10 Billion
Source: Impact of Malicious Codes:  Viruses, Worms, Trojan horses, Computer Economics, p.5



Computer viruses have different consequences on the computer.  One is the inconvenience and annoyance computer viruses may cause in case the virus replicates itself so much that it consumes so many space in the hard disk.  Computer viruses may also impair certain computer programs and applications. When this happens the user may not be able to access the computer software or operate it efficiently. 


Computer viruses may also modify, corrupt or delete files in the computer.  Users of computers often experience failure to access the files infected by virus.  Some often experience computer crashes which may happen frequently. 


Computer viruses also attack the data on the computer’s hard disk which may result in computer crash.  Some computer viruses are difficult to remove from the computer.  Even if the virus has been removed some viruses are capable of reinstalling themselves. 


Computer Worms


A worm is similar to a virus.  It is considered as a sub-class of a virus because it is also capable of spreading from one computer to another.  Worms are also computer programs that are capable of replicating copies of themselves via network connections.  What makes it different however is that unlike a computer virus a computer worm can run itself without any human intervention.  Because of these two qualities of a worm, it is possible that there will be thousands of worms in a computer even if only one computer worm is transferred.  For instance, the worm may send a copy of itself to every person listed in the e-mail address book.  The worm sent may then send a copy of itself to every person who is listed in the address book of the person who receives the email.  Because this may go on ad infinitum worms can not only cause damage to a single computer and to other person’s computer but it can only affect the functionality of Web servers and network servers to the point that they can no longer function efficiently.  One example is the .blaster worm.


While a virus needs a host program to run and the virus runs as part of the host program, a worm can spread even in the absence of a host program. Worms exist as separate entities from the programs.            Another difference is that worms can spread from one computer to another without the need of a human running a program.  A worm is capable of utilizing the file or information transport features of the computer which gives it the ability to travel from one computer to another without human intervention. 


Trojan Horse Virus


A Trojan Horse Virus is also another kind of virus that is capable of damaging the computer.  It is a program that pretends and masks itself as a benign application by hiding within useful software programs.  At first glance it may appear that the software being transferred from one computer to another comes from a legitimate source.  However, once the Trojan horse is activated on the computer it may cause serious damage by infecting and deleting files and destroying data on the computer.  

It is also capable of creating a backdoor on the computer that can grant access to malicious users which may give them opportunity to open or copy confidential or personal information.  Once inside the computer system it can send information to the Internet servers that are designated by the developer of the virus.  Upon receipt of the information the developer can then gain access and control over the computer through the Trojan horse virus.  A sign that a computer has been infected with a Trojan horse virus is when the system has slowed down or when unexpected windows pop up without the intervention of the user.  This may lead to a computer crash.


A Trojan horse, however, is different from a computer virus or computer worm because it cannot replicate itself or reproduce.  It can spread from one computer to another through a variety of means.  It can be transferred through email attachments.  Once the recipient who receives the computer attachment opens the attachment, the virus can immediately infect the system.  It can also be spread by means of chat software such as Yahoo Messenger or Skype.  Another method is by sending copies of itself to the people in the address book of the user who has a Trojan horse virus.


One of the means to protect a user from a Trojan horse virus is by not opening email attachments or files from which have been sent by a unknown user.  Another is by updating the user’s anti-virus software.


Protection against Computer Viruses, Worms and Trojan Horse


There are two ways to fight viruses, worms and Trojan horse.  The first is prevention and second is to cure.  The best solution against these viruses, worms and Trojan horse is to prevent being infected by it.  One effective way of being protected against computer viruses is by installing an anti-virus program.  Installing an anti-virus program and updating it regularly are worth the cost and the trouble because they provide the computer user with a high level of protection against computer viruses.  It must however be stressed that the anti-virus software should be updated regularly.  According to Noel Veglahn, a LAN desktop support manager stated that oftentimes computer users fail to update their virus protection which creates a false sense of security.  He compared the updated anti-virus software program to childhood vaccinations without which the child becomes exposed to viruses. (Erik Hogstrom 2)


The second way to protect oneself against computer viruses, worms and Trojan horse is never to open and download any attachment from email message that is unrecognized.  Specifically, computer users should watch out for files that has “.exe” or “.com” extension. (Judith B. Rajala 2) Since these attachments may contain harmful and destructive virus prudence dictates that the user refrains from opening any of these attachments.  If it is necessary to download these attachments, users are advised to conduct a scan before running these programs.


The third way is to always have a back-up data (Steven L. Harrison 3).  Accidents do happen.  With the level of sophistication of many computer viruses, worms and Trojan horse, it is always better to have a back-up data so that even if the data is destroyed by them the important files and data are still safe in another file. 


The fourth way is to exercise due caution when using the Internet.  If a link is found and one is not sure that it comes from a safe source or its source is questionable, the computer user should refrain from clicking on this link to avoid being infected with virus. 


The fifth way is to activate the firewall and protect the e-mail systems.  Every personal computer nowadays has a firewall that can protect it against harmful viruses.  Computer users should enable the firewall to protect it against viruses.  To activate the firewall in the Windows Vista, the computer user should click on the Control Panel and click on the Security button.  Next is to click on Windows Firewall on or Off.  The user should select on.  In business organizations, it is advisable to triple check the firewall configuration.  Its configuration should be closely protected and that security administrators should perform a reality check on a regular basis. (Bob Mellinger 2)  In addition, business organizations are also advised to use an e-mail content filtering solution to protect mail systems from malicious activity. (Bob Mellinger 2)


The fifth way is to scan files and disks before they are run, copied or installed in the computer.  Many computer users nowadays forget to scan their disks.  They find it inconvenient and a waste of time.  It must however be stressed that scanning disks is worth all the time and effort as it may save the data and the computer from damage.


The sixth way is to be educated about the presence of harmful viruses, worms and Trojan horses.  (Bob Mellinger 2)  In business organizations, employees expect that their companies take the necessary precaution against the entry and spread of harmful viruses within the company’s computer systems.  It is important to educate the employees that they too have a role in protecting the company against the spread of harmful viruses.  The company must incorporate in the policy the do’s and dont’s rules so that they will be informed that security is everybody’s concern.


Conclusion

The damage computer viruses, worms and Trojan horses to personal computers and even businesses can be devastating.  It can cause a student to flunk his subject or cripple the operations of a business organization.  Due precaution must therefore be taken so that the personal computers may be protected against these harmful viruses.  Computer users must always have an updated anti-virus software, users must refrain from clicking on links or downloading items from a source that is not trusted, activate the firewall, scan files and disks before they are run and most importantly the user should be educated to exercise extreme caution.


This is a free Research paper on Computer Virus, Computer Worms and Trojan Horse.  We are the leading provider of essay writing services in the United States and the United Kingdom.  If you need help we will help you prepare a well-written Research paper on Computer Virus, Computer Worms and Trojan Horse at very affordable costs starting at $7.50/page.


No comments:

Post a Comment