Introduction to

Information and
Communication
Technology Lab
Semester 01 (Fall 2021)
Lab Engineer(s): Ms. Sidra Rani

Lab 11: To Learn about Virus and Anti-Virus

Objective(s):

To learn about Virus and Anti-virus

Definition

A computer virus is a malicious application or authored code used to perform destructive activity on a
device or local network. The code’s malicious activity could damage the local file system, steal data,
interrupt services, download additional malware, or any other actions coded into the program by the
malware author. Many viruses pretend to be legitimate programs to trick users into executing them on
their device, delivering the computer virus payload.

Types of Computer Viruses

Every virus has a payload that performs an action. The threat actor can code any malicious activity into
the virus payload, including simple, innocuous pranks that don’t do any harm. While a few viruses have
harmless payloads, most of them cause damage to the system and its data. There are nine main virus
types, some of which could be packaged with other malware to increase the chance of infection and
damage. The nine major categories for viruses are:

Boot Sector Virus

Your computer drive has a sector solely responsible for pointing to the operating system so that it can
boot into the interface. A boot sector virus damages or controls the boot sector on the drive, rendering the
machine unusable. Attackers will usually spread this virus type using a malicious USB device. The virus
is activated when users plug in the USB device and boot their machine.

Web Scripting Virus

Most browsers have defenses against malicious web scripts, but older, unsupported browsers have
vulnerabilities that allow an attacker to run code on the local device.

Browser Hijacker
 Introduction to
Information and
Communication
Technology Lab
Semester 01 (Fall 2021)
Lab Engineer(s): Ms. Sidra Rani

A virus that can change the settings on your browser will hijack browser favorites, the home page URL,
your search preferences and redirect you to a malicious site. The site could be a phishing site or an
adware page used to steal data or make money for the attacker.

Resident Virus

A virus that can access computer memory and sit dormant until a payload is delivered is considered a
resident virus. This malware may stay dormant until a specific date, time, or a user performs an action.

Direct Action Virus

When a user executes a seemingly harmless file attached with malicious code, direct action viruses
deliver a payload immediately. These viruses can also remain dormant until a specific action is taken or a
timeframe passes.

Polymorphic Virus

Malware authors can use polymorphic code to change the program’s footprint to avoid detection.
Polymorphic viruses make it more difficult for an antivirus to detect and remove them.

File Infector Virus

To persist on a system, a threat actor uses file infector viruses to inject malicious code into critical files
that run the operating system or important programs. When the system boots or the program runs, the
virus is activated.

Multipartite Virus

These malicious programs spread across a network or other systems by copying themselves or injecting
code into critical computer resources.

Macro Virus

Microsoft Office files can run macros, and these macros can be used to download additional malware or
run malicious code. Macro viruses deliver a payload when the file is opened, and the macro runs.

What Causes Computer Viruses?

Computer viruses are standard programs; only instead of offering useful resources, these programs can
damage your device. For a threat actor to execute a virus on your machine, you must initiate execution. In
some cases, an attacker can execute malicious code through your browser or remotely from another
 Introduction to
Information and
Communication
Technology Lab
Semester 01 (Fall 2021)
Lab Engineer(s): Ms. Sidra Rani

network computer. Modern browsers have defenses against local machine code execution, but third-party
software installed on the browser could have vulnerabilities that allow viruses to run locally.

The delivery of a computer virus can happen in several ways. One common method is via a phishing
email. Another technique is hosting malware on a server that promises to provide a legitimate program. It
can be delivered using macros or by injecting malicious code into legitimate software files.

What Is a Computer Worm?

A computer worm is malware, just like a virus, but a worm takes a copy of itself and propagates it to
other users. Worms can also deliver a payload and exhaust resources. For example, an email worm sends
a copy of itself to everyone on an infected user’s email contact list. When it reaches recipient inboxes,
anyone who runs the worm sends it to their contact list. Email worms exhaust storage space and spread
very quickly across the internet, so they create issues differently than a virus.

What Does a Computer Virus Do?

The way a computer virus acts depends on how it’s coded. It could be something as simple as a prank that
doesn’t cause any damage, or it could be sophisticated, leading to criminal activity and fraud. Many
viruses only affect a local device, but others spread across a network environment to find other vulnerable
hosts.

A virus that infects a host device will continue delivering a payload until it’s removed. Most antivirus
vendors have small removal programs that eliminate the virus. Polymorphic viruses make it difficult for
removal because they change their footprint consistently. The payload could be stealing data, destroying
data, or interrupting services on the network or the local device.

Symptoms of Computer Virus

Malware authors write code that is undetectable until the payload is delivered. However, like any
software program, bugs could present issues while the virus runs. Signs that you have a computer virus
include:

 Popup windows, including ads (adware) or links to malicious websites.

 Your web browser home page changes, and you did not change it.

 Outbound emails to your contact list or people on your contact list alert you to strange messages
sent by your account.

 The computer crashes often, runs out of memory with few active programs, or a blue screen of
death in Windows.
 Introduction to
Information and
Communication
Technology Lab
Semester 01 (Fall 2021)
Lab Engineer(s): Ms. Sidra Rani

 Slow computer performance even when running few programs or the computer was recently
booted.

 Unknown programs start when the computer boots or when you open specific programs.

 Passwords change without your knowledge or your interaction on the account.

Examples of Computer Virus

The web contains millions of computer viruses, but only a few have gained popularity and infect record
numbers of machines. Some examples of widespread computer viruses include:

 Morris Worm

 Nimda

 ILOVEYOU

 SQL Slammer

 Stuxnet

 CryptoLocker

 Conficker

 Tinba

 Welchia

 Shlayer

How to Prevent Computer Viruses

Computer viruses can damage your PC, send sensitive data to attackers, and cause downtime until the
system is repaired. You can avoid becoming the next computer virus victim by following a few best
practices:

 Install antivirus software: Antivirus should run on any device connected to the network. It’s
your first defense against viruses. Antivirus software stops malware executables from running on
your local device.
 Introduction to
Information and
Communication
Technology Lab
Semester 01 (Fall 2021)
Lab Engineer(s): Ms. Sidra Rani

 Don’t open executable email attachments: Many malware attacks including ransomware start
with a malicious email attachment. Executable attachments should never be opened, and users
should avoid running macros programmed into files such as Microsoft Word or Excel.

 Keep your operating system updated: Developers for all major operating systems release
patches to remediate common bugs and security vulnerabilities. Always keep your operating
system updated and stop using end-of-life versions (e.g., Windows 7 or Windows XP).

 Avoid questionable websites: Older browsers are vulnerable to exploits used when just
browsing a website. You should always keep your browser updated with the latest patches, but
avoiding these sites will stop drive-by downloads or redirecting you to sites that host malware.

 Don’t use pirated software: Free pirated software might be tempting, but it’s often packaged
with malware. Download vendor software only from the official source and avoid using software
that’s pirated and shared.

Anti-Virus Software:
Antivirus software is a program or set of programs that are designed to prevent, search for, detect, and
remove software viruses, and other malicious software like worms, trojans, adware, and more.

Why Do I Need Antivirus Software?

These antivirus tools are critical for users to have installed and up-to-date because a computer
without antivirus software protection will be infected within minutes of connecting to the
internet. The bombardment is constant, which means antivirus companies have to update their
detection tools regularly to deal with the more than 60,000 new pieces of malware created daily.
Today's malware (an umbrella term that encompasses computer viruses) changes appearance
quickly to avoid detection by older, definition-based antivirus software. Viruses can be
programmed to cause damage to your device, prevent a user from accessing data, or to take
control of your computer.

What Does Anti-Virus Software Do?

Several different companies build antivirus software and what each offer can vary but all
perform some essential functions:

 Scan specific files or directories for any malware or known malicious patterns
 Allow you to schedule scans to automatically run for you
 Introduction to
Information and
Communication
Technology Lab
Semester 01 (Fall 2021)
Lab Engineer(s): Ms. Sidra Rani

 Allow you to initiate a scan of a particular file or your entire computer, or of a CD or flash drive
at any time.
 Remove any malicious code detected –sometimes you will be notified of an infection and asked if
you want to clean the file, other programs will automatically do this behind the scenes.
 Show you the ‘health’ of your computer

Always be sure you have the best, up-to-date security software installed to protect your
computers, laptops, tablets, and smartphones.

What Are the Benefits of Antivirus Software?

Antivirus solutions protect more than just laptops, office computers, smartphones and tablets.
They protect precious memories, music and photo libraries, and important documents from
destruction by malware. Make sure your protection is up to the challenge of defending against
the latest threats.
Modern antivirus solutions are capable of:

 Detecting, blocking, and removing viruses, malware, and ransomware

 Preventing identity theft and block phishing and fraud
 Warning about dangerous websites and links before you click
 Scanning the Dark Web to find if an email address has been compromised
 Keeping online accounts protected with secure password encryption
 Providing simple training to teach you and your family how to be even safer online
 Tuning up your computer to keep it running smoothly, just like new

How Does Antivirus Software Work?

Many antivirus software programs still download malware definitions straight to your device and
scan your files in search of matches. But since, as we mentioned, most malware regularly morphs
in appearance to avoid detection, Webroot works differently. Instead of storing examples of
recognized malware on your device, it stores malware definitions in the cloud. This allows us to
take up less space, scan faster, and maintain a more robust threat library.