What is virus?
A computer virus is a computer program that can copy itself and infect a computer. The term “virus” is also commonly but erroneously used to refer to other types of malware, including but not limited to adware and spyware programs that do not have the reproductive ability. A true virus can spread from one computer to another (in some form of executable code) when its host is taken to the target computer; for instance because a user sent it over a network or the Internet, or carried it on a removable medium such as a floppy disk, CD, DVD, or USB drive.
Impact of Viruses on Computer Systems
Virus can be reprogrammed to do many kinds of harm including the following.
1.Copy themselves to other programs or areas of a disk.
2.Replicate as rapidly and frequently as possible, filling up the infected system’s disk and memory rendering the systems useless.
3.Display information on the screen.
4.Modify, corrupt or destroy selected files.
5.Erase the contents of entire disks.
6.Lie dormant for a specified time or until a given condition is met, and then become active.
7.Open a back door to the infected system that allows someone else to access and even control of the system through a network or internet connection.
8.Some viruses can crash the system by causing some programs (typically Windows) to behave oddly.
Types of virus:
- stealth virus
- polymorphic virus
- fast and slow infectors
- sparse infector
- companion virus
- armored virus
- virus hoax
A stealth virus hides the modification it has made in the file or boot record. Usually by monitoring the system functions used by programes to read files or physical blocks from storage media, and forging the results of such system function so that programs which try to read these areassee the original unifected from of the file instead of the actual infected form. Thus the viral modifications go undetected by anti-viral programs. However, in order to do this, the virus must be resident in memory when the anti-viral program is executed. The very first DOS virus, Brain, a boot-sector infector, monitors physical disk I\O and re-directs any attept to read a Brain infected boot sector to the disk area where the original boot sector is stored. The next viruses to use this technique were the file infectors Number of the Beast and Frodo.
b. polymorphic virus:
A polymorphic virus produces varied copies of itself, in the hope that virus scanners will not be able to detect all instances of the virus. The most sophisticated form of polymorphism discover so far is the MtE(Mutation Engine) written by the Bulgarian virus writer who calls himself the Dark Avenger.
c.Fast and slow infectors:
A typical file infector (jerusalem virus) copies itself to memory when a program infected by it is executed. Then it infects other programs when they are executed. A fast infector is a virus, when it is active in memory, infects not only programs which are executed,but also those which are merely opened. The result is that if such a virus is in memory, running a scanner or integrity checker can result in all programs becoming infected all at once. The term Slow Infector is sometimes used for a virus. If it is active in memory, infects only files as they are modified or created. The purpose is to fool people who use integrity checkers into thinking that the modification reported by the integrity checker is due solely to legitimate reasons. Darth Vader virus is an example.
d. Spare infector:
The term Spare Infector is sometimes given to a virus that infects only occasionally, e.g. every 10th executed file, or only files whose lengths fall within a narrow range, etc. by infecting less often, such virus try to minimize the probability of being discovered by the user.
A companion virus is one that, instead of modifying an existing file, creates a new program, which gets executed by the command-line interpreter instead of the intended program. This is done by creating an infected. COM file with the same name as an existing. EXE file. Note that this type of malicious code is not always considered to be a virus, since it does not modify existing files.
f. Armored virus:
An armored virus is one that uses special tricks to make the tracing, disassembling and understanding of its code more difficult. A good example is the Whale virus. Macro virus many aspplication allow to creat macros. A macro is a series of commands to perform an application-specific task. Those commands can be stored as a series of keystrokers, or in a special macro language. A macro virus is a virus that propagates through only one type of prpgram, usually either Microsoft Word or Microsoft Excel. It can do this because these types of programs contain auto open macros, which automatically run when open a document or a spreadsheet. Along with infecting auto open macros, the macro virus infects the global macro template, which is executed anytime run the program. Thus, onec global macro template isinfected, any file opens after that becomes infected and the virus spreads.
How Computer Viruses Work
Strange as it may sound, the computer virus is something of an Information Age marvel. On one hand, viruses show us how vulnerable we are — a properly engineered virus can have a devastating effect, disrupting productivity and doing billions of dollars in damages. On the other hand, they show us how sophisticated and interconnected human beings have become.
For example, experts estimate that the Mydoom worm infected approximately a quarter-million computers in a single day in January 2004. Back in March 1999, the Melissa virus was so powerful that it forced Microsoft and a number of other very large companies to completely turn off their e-mail systems until the virus could be contained. The ILOVEYOU virus in 2000 had a similarly devastating effect. In January 2007, a worm called Storm appeared — by October, experts believed up to 50 million computers were infected. That’s pretty impressive when you consider that many viruses are incredibly simple.
When we listen to the news, we hear about many different forms of electronic infection. The most common are:
- Viruses – A virus is a small piece of software that piggybacks on real programs. For example, a virus might attach itself to a program such as a spreadsheet program. Each time the spreadsheet program runs, the virus runs, too, and it has the chance to reproduce (by attaching to other programs) or wreak havoc.
- E-mail viruses – An e-mail virus travels as an attachment to e-mail messages, and usually replicates itself by automatically mailing itself to dozens of people in the victim’s e-mail address book. Some e-mail viruses don’t even require a double-click — they launch when you view the infected message in the preview pane of your e-mail software [source: Johnson].
- Trojan horses – A Trojan horse is simply a computer program. The program claims to do one thing (it may claim to be a game) but instead does damage when you run it (it may erase your hard disk). Trojan horses have no way to replicate automatically.
- Worms – A worm is a small piece of software that uses computer networks and security holes to replicate itself. A copy of the worm scans the network for another machine that has a specific security hole. It copies itself to the new machine using the security hole, and then starts replicating from there, as well.
How viruses spread from one system to another?
The most likely virus entry points are email, Internet and network connections, floppy disk drives, and modems or other serial or parallel port connections. In today’s increasingly interconnected workplace (Internet, intranet, shared drives, removable drives, and email), virus outbreaks now can spread faster and wider than ever before.
The following are some common ways for a virus to enter the users’ computer system:
•Malicious scripts in web pages or HTML email
•FTP traffic from the Internet (file downloads)
•Shared network files & network traffic in general
•Shrink-wrapped, production programs (rare)
•Electronic bulletin boards (BBS)
•Diskette swapping (using other people’s diskettes for carrying data and programs back and forth)
High risk files
The most dangerous files types are:
EXE, .COM, .XLS, .DOC, .MDB
Because they don’t need any special conversion to infect a computer — all they’ve got to do is run and consequently the virus spreads. It has been estimated that 99% of all viruses are written for these file formats.
A list of possible virus carriers includes:
EXE – (Executable file)
SYS – (Executable file)
COM – (Executable file)
DOC – (Microsoft Word)
XLS – (Microsoft Excel)
MDB – (Microsoft Access)
ZIP – (Compressed file, common in the USA)
ARJ – (Compressed file, common in the USA)
DRV – (Device driver)
BIN – (Common boot sector image file)
SCR – (Microsoft screen saver)
Common Symptoms Of Virus Infection
Computer does not¯ boot.
Computer hard drive space is reduced.¯
Applications will not¯ load.
An application takes longer to load than normal time period.¯
Hard¯ dive activity increases especially when nothing is being done on the computer.
An anti virus software message appears.¯
The number of hard¯ drive bad sectors steadily increases.
Unusual graphics or messages appear¯ on the screen
Files are missing (deleted)¯
A message appears that hard¯ drive cannot be detected or recognized.
Strange sounds come from the¯ computer.
Some viruses take control of the keyboard and occasionally¯ substitute a neighboring key for the one actually pressed. Another virus “swallows” key presses so that nothing appears on the screen.
Also¯ interesting are system time effects. Clocks going backwards are especially frightening for workers who cannot wait to go home. More seriously though, this type of virus can cause chaos for programs which depend on the system time or date.
Some viruses can cost the user dearly by dialing out on his modem. We¯ do not know of one which dials premium telephone numbers but no doubt we shall see one soon.
How to Protect our Computer from Viruses?
We can protect our computer system against viruses with a few simple steps:
- If we are truly worried about traditional (as opposed to e-mail) viruses, we should be running a more secure operating system like UNIX. we never hear about viruses on these operating systems because the security features keep viruses (and unwanted human visitors) away from our hard disk.
- If we are using an unsecured operating system, then buying virus protection software is a nice safeguard.
- If we simply avoid programs from unknown sources (like the Internet), and instead stick with commercial software purchased on CDs,we eliminate almost all of the risk from traditional viruses.
- we should make sure that Macro Virus Protection is enabled in all Microsoft applications, and we should NEVER run macros in a document unless we know what they do. There is seldom a good reason to add macros to a document, so avoiding all macros is a great policy.
- we should never double-click on an e-mail attachment that contains an executable. Attachments that come in as Word files (.DOC), spreadsheets (.XLS), images (.GIF), etc., are data files and they can do no damage (noting the macro virus problem in Word and Excel documents mentioned above). However, some viruses can now come in through .JPG graphic file attachments. A file with an extension like EXE, COM or VBS is an executable, and an executable can do any sort of damage it wants. Once you run it, we have given it permission to do anything on we machine. The only defense is never to run executables that arrive via e-mail.
With an estimated 40,000 viruses already identified and some 300 new viruses created each month, keeping a computer free of viruses is a daunting but not impossible task. The following are steps every computer user should follow to protect his or her computer from viruses.
- Install an anti-virus software program to identify and remove viruses before they can cause any damage. These programs scan, or review, files that may come from floppy diskettes, the Internet, email attachments, or networks, looking for patterns of code that match patterns in the anti-virus software vendor’s database of known viruses. Once detected, the software isolates and removes the virus before it can be activated.
- Because the number of viruses is increasing all the time, it is important to keep anti-virus software up to date with information on newly identified viruses. Anti-virus software vendors are constantly updating their databases of information on viruses and making this information available to their customers via their web sites or email.
- Do not open email from unknown recipients or messages that contain unexpected attachments. A user should delete these types of messages. As a general rule, a user should scan every email attachment for viruses before opening it—even an expected attachment—as the sender may have unknowingly sent an infected file.
Anti-virus program usefulness
Computer experts say many private citizens, businesses, and local governments are not concerned about computer security until they suffer a damaging attack. Such an attack can cost computer users a great deal of money in lost business, lost information or damaged computer equipment. They say the attack can be more costly than providing good communications security.
The experts say that using a computer anti-virus program is the first step in protecting a business or private computer. An anti-virus program searches the computer for, and guards against, viruses. It also inspects incoming e-mail and new programs for viruses.
The experts say that many good computer companies produce anti-virus protection programs. Most companies that offer anti-virus programs also provide new information called “updates” to protect against new viruses or worms as they appear.
Computer virus Security, Law Enforcement, and the Balance of Order and Liberty
With respect to the law enforcement aspects of computer security, a number of interesting issues and problems are revealed. The cross-border nature of computerized information exchange highlights the limits of national laws and law enforcement strategies and reveals the need for a coordination of law and law enforcement across jurisdictions. At the same time, continued efforts have to be made to protect liberty, privacy, and other democratic values that are promoted in an open and free society.
The Coordination of Law and Law Enforcement
A central concern with the existence of diverse national legal systems on computer security is that for national laws to be enforceable, the jurisdictional authority of a nation has to be recognized by other states .Consensus among the standards of law across nations would alleviate this problem, but there are difficulties with harmonizing various approaches to computer security issues such as copyright infringement and intellectual property theft. International treaties are surely a worthwhile ideal (Weber, 2003), but they cannot be effective unless the participating nations already resemble one another in social, cultural, and economic respects and it is precisely this condition of egalitarianism that is often not met. The cultures of nations, for instance, differ widely in terms of the emphasis they place on privacy, appropriate law enforcement strategies, and the very notion of jurisdictional sovereignty.
Policing Technology, Maintaining Liberty
Some cyber crimes involve criminal offenses that also exist in “real space” (O’Neill, 2000) but that can now be executed with more speed and efficiency. The technological sophistication of threats to computer security change the nature of appropriate law enforcement activities, as detection and prosecution become considerably more difficult. As such, the policing of computer security relates intimately to the ever-evolving relationship between technology and law and the continued need to find the most efficient and appropriate way to handle concerns of law and law enforcement in a technologically advanced world. Because of the speed with
Which technological advances are made and the intrinsic complexity of modern technologies, existing systems of law and law enforcement are often
Viruses and the Law: Why the Law is Ineffective.
Increasingly, the Internet and electronic document interchange are required business tools. Where even a few years ago, Web sites and e-mail were novelties, and e-commerce virtually non-existent, these are now commonplace. Businesses of any size have Web sites, e-mail is ubiquitous, and e-commerce is booming.
Unfortunately, the increase in Internet usage and dependence has been accompanied by a commensurate increase in illegal and improper activities. Some of these phenomena are merely electronic versions of older activities — stock kiting, pyramid schemes, and the like, while others are uniquely Internet-based — viruses, worms, and other devices designed to disrupt Internet service or damage computers.
In many countries, the nature of the legal system makes criminalizing of viruses a relatively simple matter. China, for example, has laws in place forbidding even discussion of computer viruses (Grable 1996). In the United StatesUnited States, officially United States of America, republic (2005 est. pop. 295,734,000), 3,539,227 sq mi (9,166,598 sq km), North America. The United States is the world’s third largest country in population and the fourth largest country in area.
….. Click the link for more information., however, things are not so simple; the very nature of viruses puts them in a category of objects that are difficult to regulate.
Any computer code is intellectual output and property with certain legal protections just the same as books or sound recordings. In the United States, such intellectual properties are legally considered a kind of speech and are entitled to legal protection under the Constitution’s First Amendment.
Although there are limits on the protections afforded under the First Amendment, (e.g., we cannot shout “fire” in a crowded theater and claim First Amendment protection), generally, the government cannot prevent the creation or free dissemination of “speech.” The government may impose “reasonable” time, place, and manner limitations on speech, but these limitations can only be put in place in response to an immediate need to protect the public welfare in a particular case. For example, people wishing to hold a public demonstration may have to get a permit or restrict their protest to a particular area.
When it comes to the mere creation of words or ideas, however, time, place, and manner restrictions Limits that government can impose on the occasion, location, and type of individual expression in some circumstances.
The First Amendment to the U.S. Constitution guarantees Freedom of Speech. are very difficult to enact in a manner that will withstand scrutiny by the courts. Over the years, a great many potentially dangerous intellectual products have appeared in the United States — books containing instructions on how to make bombs, magazine articles on assassination Assassination
See also Murder.
Fanatical Moslem sect that smoked hashish and murdered Crusaders (11th—12th centuries). [Islamic Hist.: Brewer Note-Book, 52]
Brutus conspirator and assassin of Julius Caesar. [Br. , books on how to make drugs, and many others. On a number of occasions, either federal or state government has attempted to suppress them on the grounds that they would encourage illegal or dangerous activity. The courts have routinely struck down such laws as restraints on free speech.
A similar analysis has been applied to computer code. The U.S. government attempted to restrict dissemination of encryption software Encryption software is software whose main task is encryption and decryption of data, usually in the form of files on hard drives and removable media, email messages, or in the form of packets sent over computer networks. by passing a law forbidding its posting on Internet sites, citing law enforcement and national security interests as the justification. A court determined that the code was speech and that the government could not so restrict its dissemination. (1) As a result, it is not really possible, at least in the United States, to make mere development or possession of virus code illegal. Virus code is thus freely available through various Web sites and Internet chat groups.
Restrictions on the government’s ability to regulate an object are not, however, absolute. Although the possession of virus code cannot is criminalized or prohibited, using it can? Thus, it is illegal to distribute computer code or place it in the stream of commerce with intent to cause damage or economic loss. (2) Conceptualized in this manner, computer code regulation is comparable to regulation of firearms or other potentially harmful objects. It is not mere possession, or thoughts, or words that are regulated; rather, actions are regulated or criminalized. In this case, the damage to computer systems and the economic losses arising out of it are the focus of the law. This is the approach taken by the Computer Fraud and Abuse Act The Computer Fraud and Abuse Act is a law passed by the United States Congress in 1986 intended to reduce “hacking” of computer systems. It was amended in 1994, 1996 and in 2001 by the USA PATRIOT Act. (CFAA CFAA Canadian Fire Alarm Association
CFAA Country Financial Accountability Assessment (World Bank)
CFAA Canadian Federation of Apartment Associations (Ottawa, ON, Canada) )(3), which provides criminal penalties for either knowingly or recklessly releasing a computer virus into computers used in interstate commerceinterstate commerce
In the U.S., any commercial transaction or traffic that crosses state boundaries or that involves more than one state. Government regulation of interstate commerce is founded on the commerce clause of the Constitution (Article I, section 8), which
….. Click the link for more information..(4)
Penalties for perpetrators are potentially severe. In the United States, a successful prosecution under the CFAA can result in a prison sentence as long as 20 years(5) and a fine up to $250,000 dollars.(6) The perpetrator A term commonly used by law enforcement officers to designate a person who actually commits a crime. may face criminal charges under state law as well. Both the federal government and the courts have inclined toward severity for virus authors. Recent prosecutions under the CFAA and other computer crime statutes have resulted in significant jail sentences.(7)
Problems in Obtaining a Conviction
To prosecute someone for doing something knowingly, it is necessary to prove that they intended to do the culpableBlameworthy; involving the commission of a fault or the breach of a duty imposed by law.
Culpability generally implies that an act performed is wrong but does not involve any evil intent by the wrongdoer.
….. Click the link for more information. act. Intent is a mental state. Therefore, a successful prosecution requires that the state prove the defendant’s mental state in order to obtain a conviction.
This may be done inferentially by deducing mental state from actions. Nonetheless, it remains an element of the offense, and failure to prove it to a judge’s or jury’s satisfaction may result in an acquittal The legal and formal certification of the innocence of a person who has been charged with a crime.
Acquittals in fact take place when a jury finds a verdict of not guilty. . Even if the prosecution only attempts to prove reckless behavior, it must still prove that the defendant acted in blatant disregard of some standard of care — again, an element of mental culpability culpability (See: culpable) . The inherent difficulties are illustrated thusly thus·ly
adv. Usage Problem
Usage Note: Thusly was introduced in the 19th century as an alternative to thus in sentences such as Hold it thus or He put it thus. : the first defendant convicted under the CFAA promptly challenged his conviction on the grounds that the court had misconstrued the element of intent.(8)
In addition, damage, or the potential for damage, must also be proven. For a widespread and virulent virus that erases hard drives or does other severe damage, it is relatively easy; however, the burden of proving these things “These Things” is an EP by She Wants Revenge, released in 2005 by Perfect Kiss, a subsidiary of Geffen Records. Music Video
The music video stars Shirley Manson, lead singer of the band Garbage. Track Listing
1. “These Things [Radio Edit]” – 3:17
2. and tying them to the defendant adds to the burden and complexity of the government’s case.
The Global Nature of the Problem
Simply getting to the point of bringing a defendant to trial poses formidable challenge. Viruses are often released through spurious, stolen, or temporarily commandeered addresses. Therefore, tracking down the location of release is difficult. In addition, viruses may come from any country.
In the case of a foreign perpetrator, there is the need to
* convince local authorities that the virus originated in that country
* persuade them to cooperate and to allow experts to assist them
* satisfy them that the level of proof is adequate under local standards to justify prosecution or extradition
* seek prosecution or extradition, persuading their own courts that the extradition is valid
The end result is that few virus perpetrators are found and prosecuted. In the average month, as many as 500 new viruses may be created and set loose on the Internet (Vibert 1998). Only occasionally is the author successfully located and prosecuted. In 1998, the FBI and all other federal investigative agencies Federal Investigative Agency (FIA) is a premier Federal Law Enforcement Agency created under an Act of Parliament of Pakistan. It serves and assists justice through an effective law enforcement. sent 419 computer crime cases to federal prosecutors, of which only a handful involved viruses. In only 83 cases were charges actually filed? Of cases completed the same year, there were only 21 convictions for computer crimes of all types (ZDNET News, quoting Banisar, 1999). Again, only a handful was for virus dissemination.
Will this change? Will the law someday successfully discourage virus authors from their nefarious work? Probably not. The issues discussed are difficult to change or overcome. Ultimately, the solution is technical — better anti-virus softwareanti-virus software n → Antivirensoftware f
….. Click the link for more information., e-mail packages, and the like — and cultural — people must learn to be careful about backups, e-mail attachments, and so on. In this respect, viruses are like many other criminal activities; however draconian the sanctions may be, the behavior easily eludes all but a few prosecutions, a reality that is simply inadequate to deter future perpetrators. Ultimately, the solutions rest with us, the user community.
Preventive measure for virus disimination under ICT Act, 2006 in Bangladesh:
In our country there is no preventive measur in this matter.ICT is not so developed in our country and the law relating to it is not so adduquate for give the appropriate support for this.Specially on this matter there is not a single provision regarding any safeguard for virus dessimination;though it could creat irreparable damage to any ones computer system.but our ict act is totally scilent in this matter.To get rid of it we need new law with enough safeguard on the importanat matter of ict(e.g virus dessiminitaion) and need some forensic exparties on these matter .All these can possible by the proper management and policy.
Law enforcement is an important and necessary component among the efforts to maintain computer security. Because of the rapid and widespread expansion of computerized technologies and because of the border-transcending nature of computers linked through networks, the policing of threats against computer security presents a challenge to traditional means of crime detection and investigation on an international scale. Existing notions of jurisdictional authority have to be redefined to meet the global needs of information security. Trying to avert cyber crimes and the economic and social harm they can cause, many nations across the world have developed new legislation. Extending these legislative efforts are international systems of law, such as the European Convention on Cyber-Crime, to respond to the need for international legal cooperation and more adequately address cyber crimes and related cross-borders threats against computer security.
Without adequate law enforcement, laws remain ineffective. In the case of computer security, law enforcement agencies have instituted specialized computer crime teams to focus on the ways in which crimes can be perpetrated against or with the aid of computers. As with their accompanying legal systems, pertinent law enforcement activities often extend beyond the reach of jurisdictional boundaries, whether via cooperation among the police forces of different nations or through unilaterally enacted police actions abroad. International police operations pose special problems of coordination among the law enforcement agencies of various countries and they also lead us to rethink the need for police to preserve liberty and legitimate computer transactions while seeking to police computer crimes effectively.