Computer Virus - Forensic's blog

Introduction

Viruses are designed to spread from host to host and can replicate themselves, much like flu viruses. Naturally occurring computer viruses do not exist on the internet. They are always the result of human action.

What is Virus?

Virus is a malicious code or programme designed to change how a computer operates and spread from one computer. In order to execute its code, a virus attaches or inserts itself into a legitimate programme or document that supports macros. Unexpected or damaging effects can be caused by a virus during this process, such as corrupting or destroying system software. Some, for example, can infect files without increasing their size, while others aim to avoid detection by terminating antivirus software processes before they are discovered. When infecting a host file, some old viruses make sure the “last modified” date remains the same.

Who Coined the term “Virus”?

Fred Cohen was the first to use the term “Computer Virus” in a formal sense in 1983. The many of few viruses do not cause harm. However, the majority of them perform malicious actions, such as destroying data. Others lie dormant until a specific programme is initiated that causes their code to run in the computer. It is possible for viruses to spread from one computer to another via a network, a disc, file sharing methods or infected emails. Some viruses employ a variety of stealth techniques to avoid detection by anti-virus software.

History of Computer Viruses

John von Neumann and “self-replicating devices” in 1949

John von Neumann, a mathematician, engineer, and polymath, gave a presentation on the Theory and Organization of Complicated Automata in which he first proposed that computer programmes may “self-reproduce” in those early days of computing. Neumann’s ideas must have sounded like something out of a science fiction adventure novel in an era when computers were the size of houses and programmes were stored on mile-long punch tapes.

The first computer virus was discovered in 1982

Neumann’s theory was proven true in 1982 by a fifteen-year-old boy pranking his pals. Elk Cloner, created by Rich Skrenta, is widely recognised as the first proto-computer virus. It was a virus that attacked Apple II computers’ boot sectors causing infected machines to display a poem from Skrenta:

Elk Cloner: The program with a personality
It will get on all your disks
It will infiltrate your chips
Yes, it’s Cloner!
It will stick to you like glue
It will modify RAM too
Send in the Cloner!

Elk Cloner was also the first computer virus to spread via removable storage devices. It created a copy of itself on any floppy disc that was placed into the computer.

In 1984, the term “computer virus” was coined

Fred Cohen, a computer scientist, created the phrase “computer virus” in his graduation thesis article, Computer Viruses – Theory and Experiments, which he submitted in 1984. Cohen defined “computer virus” as “a programme that can ‘infect’ other programmes by modifying them to include a possibly evolved copy of itself” in the same paper.

Core War, 1984

Until recently, most discussions regarding computer viruses took place only on college campuses and in research labs. However, the virus was let out of the lab in 1984 Scientific American article. A.K. Dewdney, an author and computer scientist, revealed the specifics of Core War, an interesting new computer game he created.

The first computer virus was discovered in 1986

The first virus to target Microsoft’s text-based Windows predecessor, MS-DOS, was the Brain virus. Basit and Amjad Farooq, brothers and software developers from Pakistan, created Brain as an early form of copyright protection, preventing people from pirating their heart monitoring software. If the target PC had a pirated version of the brother’s software, the “victim” would see the message “WELCOME TO THE DUNGEON… CONTACT US FOR VACCINATION” on the screen, along with the brothers’ names, phone numbers, and Pakistani company addresses. Brain had no disastrous affects other than guilt-tripping victims into paying for their illegal software.

Viruses go into stealth mode in 1986

The BHP virus was the first to attack the Commodore 64 computer in 1986. Infected computers showed a text message containing the identities of the virus’s creators, the digital equivalent of scrawling “(your name) was here” on the side of a building. BHP also holds the distinction of being the first stealth virus, which hides the changes it makes to a target system’s files in order to evade detection.

Computer Virus of the Year, 1988

One may say that 1988 was the year that computer viruses became mainstream. TIME magazine featured an article on computer viruses on the cover in September of that year. Viruses were depicted as charming, googly-eyed cartoon insects swarming all over a desktop computer in the cover image. Computer viruses had previously been thought to be quite innocuous. Yes, they were annoyances, but they were not harmful.
“Viruses were all about peace and love—until they crashed people’s computers.”

1988, A peaceful message goes terribly wrong

On March 2, 1988, the MacMag virus infected Macs to show the following message onscreen:

RICHARD BRANDOW, publisher of MacMag, and its entire staff
would like to take this opportunity to convey their
UNIVERSAL MESSAGE OF PEACE
to all Macintosh users around the world

Unfortunately, a bug in the virus resulted in Macs becoming infected. After showing Brandow’s message, the virus was supposed to remove itself, but it ended up wiping other user data as well. One of the victims, an Aldus Corp software executive, mistakenly downloaded the virus to a pre-production version of the company’s Freehand drawing software. The malware was subsequently duplicated and distributed to thousands of clients, making MacMag the first virus to spread through a legal commercial software application. Drew Davidson, the man behind the MacMag malware, told TIME that he built it to highlight his programming abilities.

The New York Times front page, 1988

A storey about the “most serious computer “virus” attack in US history appeared on the front page of The New York Times a little more than a month after the TIME magazine article. It was Robert Tappan Morris’ Internet worm, which was incorrectly labelled as a “virus.” To be fair, no one had ever heard of a worm. The archetype was Morris’ creation. The Morris worm infected nearly 6,000 computers as it transmitted via the ARPANET, a government-run early Internet network restricted to schools and military bases. The Morris worm was the first time a dictionary attack has been used.

Computer viruses go viral in 1989

The AIDS Trojan, which initially appeared in 1989, was the first example of ransomware. Victims received a 5.25-inch floppy disc labelled “AIDS Information” in the mail, which contained a brief quiz designed to determine if they were at risk for the AIDS virus (the biological one).
While it’s an apt (albeit insensitive) metaphor, there’s no evidence that the virus’s designer, Dr. Joseph L. Popp, intended for his digital creation to be compared to the fatal AIDS virus. According to Medium, many of the 20k disc receivers were World Health Organization delegates (WHO).

The AIDS Trojan was loaded onto target systems when the questionnaire was loaded. For the next 89 boot ups, the AIDS Trojan would remain inactive. When victims began their computer for the 90th time, an on-screen message apparently from “PC Cyborg Corporation” demanded payment for “your software leasing,” similar to the Brain virus three years prior. The AIDS Trojan, unlike the Brain virus, encrypted the victims’ files.

The Mighty Morphin’ 1260 Virus had its first appearance in 1990

Mark Washburn, a cybersecurity researcher, sought to show how typical antivirus (AV) systems might be vulnerable. Traditional antivirus software compares your computer’s contents to a massive database of known viruses. Every virus on the list is made up of computer code, and each piece of code has its own distinct signature, similar to a fingerprint. The file is flagged if a piece of code found on your machine matches one in the virus database. Washburn’s 1260 virus evaded detection by changing its fingerprint every time it replicated. The underlying coding of each copy of the 1260 virus was different, even though it appeared and acted the same. This is known as polymorphic code, and 1260 was the first polymorphic virus.

“You’ve Got Mail” in 1999

A person opened the attachment if someone he/she know sent an email that said, “Here is the document you requested… don’t show anyone else ;-).” This was how the Melissa virus spread, and it took advantage of the public’s ignorance of how viruses functioned at the time. Melissa was a macro virus. Viruses of this sort hide in macro language, which is often used in Microsoft Office documents. The virus is activated when person open a virus-infected Word document, Excel spreadsheet, or other file. Melissa was the fastest-spreading virus at the time, infecting almost 250,000 computers, according to Medium.

2012, Saudi Arabia is under a full Shamoon

The road plan for future malware threats had been laid out by the turn of the century. Viruses cleared the way for a whole new breed of malicious software. Cryptojackers utilised computers to mine cryptocurrency such as Bitcoin invisibly. Computer machines were kept prisoner by ransomware. Banking Trojans, such as Emotet, snatched financial data. Spyware and keyloggers snatched usernames and passwords from all across the internet.

Viruses, on the other hand, made one final push for the world’s attention in 2012 with the Shamoon virus. In response to Saudi government policy decisions in the Middle East, Shamoon targeted computers and network systems belonging to Aramco, the state-owned Saudi Arabian oil company. According to The New York Times, the hack was one of the most damaging malware strikes on a single firm in history, wiping out three-quarters of Aramco’s computers. In a great example of how things circle back, cybersecurity experts believe the attack began with an infected USB storage drive.

Nowadays, there are a lot of tech support scams.
Although computer viruses haven’t been as damaging in decades, there is a related peril you should be aware of. This modern threat is commonly referred to as a tech support scam or a virus hoax, yet it isn’t a virus at all.

After landing on a spoofed website or as a result of an adware infection, the victim is presented with a fake pop-up ad. Scammers utilised malvertising to direct victims to malicious support sites when they searched for Movies, Song,etc. for example. The fake ad is made to look like a system alert from the operating system, with text such as “Security notice: Your computer may be infected by hazardous viruses,” as well as contact information for “Technical Support.” There is no virus, and there is no technical support—only con artists who will make it appear as if you have a virus and demand payment.

What different forms of computer viruses are there?

1.Macrovirus:

Macro viruses are written in the same macro language that software programmes are written in. When you open an infected document, such as an email attachment, the virus spreads.

2. Boot Sector Virus:

When you start — or boot — your computer, this type of virus might take control. Plugging an infected USB device into your computer is one way for it to spreads.

3. Web Scripting Virus:

This malware takes advantage of the programming of web browsers and web pages. The malware can infect your computer if you visit such a website.

4. Polymorphic Virus:

Each time an infected file is executed, a polymorphic virus changes its code. It does this to get around antivirus software.

5. Browser Hijacker:

Certain web Scrib browser functionalities are “hijacked” by this virus, and you may be automatically led to an undesired domain.

6. Resident Virus:

This is a catch-all word for any virus that infects a computer’s memory. When an operating system loads, a resident virus can run at any moment.

7. Direct Action Virus:

When you open a file that contains a virus, this type of virus is activated. It remains dormant otherwise.

8. Multipartite Virus:

This virus can infect and propagate in a variety of ways. Both programme files and system sectors can be infected.

9. File Infector:

This virus inserts malicious code into executable files, which are files that execute specific functions or processes on a computer.

How does a computer virus infect a computer?

Once a virus has successfully attached itself to a software, file, or document, it will remain dormant until the computer or device is forced to run its code. To get a virus to infect your computer, you must first run the infected programme, which then executes the virus code.
This can include wiping data or permanently damaging your hard drive. Worse still, some infections are created with monetary benefit in mind.

What are the ways in which computer viruses spread?

Viruses can be distributed by email and text message attachments, file downloads from the Internet, and social media fraud links. Through shady software downloads, your mobile devices and smartphones might become infected with mobile viruses. Viruses can masquerade as socially shareable information like hilarious photos, greeting cards, or audio and video files.

Indications of a virus on a computer

The following are some of the signs that indicate the presence of a computer virus:

• Frequent window popups: Some computer virus features cause unwanted pop-ups and push you to visit unnecessary websites.

• Unknown programmes running on your system: You may have observed that when you start up your computer, certain unknown programmes appear. If you see an unknown application in the list of active applications, this is certain evidence of the presence of a computer virus on your device.

• Frequent Crashes: They might cause serious damage to your gadget and cause it to freeze often. In the worst-case scenario, the device may never turn on again.

• Strange behaviours such as password changes: A computer virus can modify a legitimate software. As a result, if the viral code alters your password, you will be unable to log into the system.

• Slow computer performance: If your device has suddenly become slow, this could indicate the presence of computer viruses in your system.

• Homepage Changes: You may notice that your web browser’s homepage automatically changes to another website. It will also be tough to re-set it.

• Email Bombs: Someone can hijack your email account and send mass emails from compromised computers in your name.

How to protect computer from viruses?

The following are some methods for preventing the virus from infecting your devices:

• Make sure you have up-to-date antivirus software installed on your computer.

• Before opening an email attachment, scan it.

• Never click on unwelcome pop-up advertising since they may direct you to unexpected websites that may harm you.

• Before using a pen drive, CD, or other device, scan it.

• Scan all files downloaded using file-sharing programmes.