A virus actually consists of 2 parts. The most popular part is the portion of the software that actually does the damage. However, most viruses are classified by how they are sent or infect your computer.

Virus: a program or part of a program that is developed for the intention of disrupting the normal operation of a computer. Disruption can consist simply of annoying the user with a harmless message to destruction of data and/or damaging hardware.

 Propagation methods: This portion of the virus program is used to distribute the virus from one computer to another. The program can include measures to avoid anti-virus programs. This can be done by disk, other storage medium or a network (including internet). The main categories are as follows

1.       Find the following viruses in the virus database (Virus Definitions from F-Secure)  

http://www.f-secure.com/v-descs/  and describe them

a.                   Melissa

b.                   I love you

c.                   Funlove

d.                   Word Alex

e.           Java script

f.            Klez

    2.    Classify the above with respect to the following virus transmission methods:

a.     Trojan horse: This method embeds the virus into the code of another program a user would not expect to be or contain a virus. Some of the more popular files today are MS Word *.doc, executable files *.exe, Acrobat files *.pdf, and picture files *.jpeg.

b.     Boot sector: This methods installs the virus program or part of it into the boot sector of a storage medium (i.e. floppy disk, hard disk, etc.). The advantage of this is that the boot sector gets read and loaded first before any programs on the remainder of the disk. Thus, the virus can be loaded first before the anti-virus program.

c.     Logic bomb: is a trigger built into a virus program that activates it at a certain time (i.e. date) or after a certain number of events (i.e. running the associated program 50 times).

d.     Worm: This method is dependent on having an functioning network (includes internet) before it can transfer itself. Many worms can only work with a network running as part of the program is resides in a different part of the network while it does its damage.

e.     Polymorphic: This method changes the binary structure of its offspring once it has reproduced itself or copied itself to a new location. As anti-virus methods look for binary “signatures” (a distinctive sequence of binary code), polymorphic propagation methods create offspring that are unknown to the anti-virus program and thus not detected.

f.       Macro: This method uses a popular application software (i.e. MS Word) that provides an internal language to help the user automate repetitive tasks. The virus is written in this language and is activated when the infected file is loaded into the software application. As long as this particular file is NOT loaded the virus is not activated.

g.     Email: Email is now the most popular method to transfer files. Most of these viruses are transferred in the form of attachments that are a separate file from the email message but are transferred together. These files can only be activated once the attachment is opened. The one exception is if the user is using MS Outlook as their mail program. In this case once the infected email is read the virus can be activated.

------------------------------------------------------------------

Example:

I Love You:

-         Spreads-transmission method: through email as chain letter

-         Type: worm

-         System: copies itself to system and registry files

-         sends out to all contacts on address book

-         deletes your jpg files and hides your mp3 files