Bilogical Virus

A virus (from the Latin virus meaning "toxin" or "poison"), is a sub-microscopic infectious agent that is unable to grow or reproduce outside a host cell. Each viral particle, or virion, consists of genetic material, DNA or RNA, within a protective protein coat called a capsid. The capsid shape varies from simple helical and icosahedral (polyhedral or near-spherical) forms, to more complex structures with tails or an envelope. Viruses infect all cellular life forms and are grouped into animal, plant and bacterial types, according to the type of host infected.

Examples of common human diseases caused by viruses include the common cold, influenza, chickenpox, diarrhea and cold sores. Serious diseases such as Ebola, AIDS, avian influenza and SARS are caused by viruses. The relative ability of viruses to cause disease is described in terms of virulence. Viruses have different mechanisms by which they produce disease in an organism, which largely depends on the species. Mechanisms at the cellular level primarily include cell lysis, the breaking open and subsequent death of the cell. In multicellular organisms, if enough cells die the whole organism will start to suffer the effects. Although viruses cause disruption of healthy homeostasis, resulting in disease, they may exist relatively harmlessly within an organism. An example would include the ability of the herpes simplex virus, which cause cold sores, to remain in a dormant state within the human body. This is called latency, and is a characteristic of the herpes viruses including the Epstein-Barr virus, which causes glandular fever, and the Varicella zoster virus, which causes chicken pox. Latent chickenpox infections return in later life as the disease called shingles.

Some viruses can cause life-long or chronic infections, where the viruses continue to replicate in the body despite the hosts' defense mechanisms, for examples the infections by HIV and hepatitis C virus. Viral infections in human and animal hosts usually result in an immune response and disease. Often, a virus is completely eliminated by the immune system. Antibiotics have no effect on viruses, but antiviral drugs have been developed to treat life-threatening infections. Vaccines that produce lifelong immunity can prevent viral infections.

Biologists debate whether or not viruses are living organisms. Some consider them non-living as they do not meet all the criteria used in the common definitions of life. For example, unlike most organisms, viruses do not have cells. However, viruses have genes and evolve by natural selection. Others have described them as organisms at the edge of life.

List of viruses

Enteric Adenoviruses

Herpes simplex virus

Leukemia cells that contain Epstein Barrvirus

ProxVirus

Computer virus

A computer virus is a computer program that can copy itself and infect a computer without permission or knowledge of the user. The term "virus" is also commonly used, albeit erroneously, to refer to many different types of malware and adware programs. The original virus may modify the copies, or the copies may modify themselves, as occurs in a metamorphic virus. A virus can only spread from one computer to another when its host is taken to the uninfected computer, for instance by a user sending it over a network or the Internet, or by carrying it on a removable medium such as a floppy disk, CD, or USB drive. Meanwhile viruses can spread to other computers by infecting files on a network file system or a file system that is accessed by another computer. Viruses are sometimes confused with computer worms and Trojan horses. A worm can spread itself to other computers without needing to be transferred as part of a host, and a Trojan horse is a file that appears harmless. Worms and Trojans may cause harm to either a computer system's hosted data, functional performance, or networking throughput, when executed. In general, a worm does not actually harm either the system's hardware or software, while at least in theory, a Trojan's payload may be capable of almost any type of harm if executed. Some can't be seen when the program is not running, but as soon as the infected code is run, the Trojan horse kicks in. That is why it is so hard for people to find viruses and other malware themselves and why they have to use spyware programs and registry processors.

Most personal computers are now connected to the Internet and to local area networks, facilitating the spread of malicious code. Today's viruses may also take advantage of network services such as the World Wide Web, e-mail, Instant Messaging and file sharing systems to spread, blurring the line between viruses and worms. Furthermore, some sources use an alternative terminology in which a virus is any form of self-replicating malware.

Some malware is programmed to damage the computer by damaging programs, deleting files, or reformatting the hard disk. Other malware programs are not designed to do any damage, but simply replicate themselves and perhaps make their presence known by presenting text, video, or audio messages. Even these less sinister malware programs can create problems for the computer user. They typically take up computer memory used by legitimate programs. As a result, they often cause erratic behavior and can result in system crashes. In addition, much malware is bug-ridden, and these bugs may lead to system crashes and data loss. Many CiD programs are programs that have been downloaded by the user and pop up every so often. This results in slowing down of the computer, but it is also very difficult to find and stop the problem.

Computer virus timeline

1949 Theories for self-replicating programs are first developed.

1981

Apple Viruses 1, 2, and 3 are some of the first viruses in the world or in the public domain. Found on the Apple II operating system, the viruses spread through Texas A&M via pirated computer games.

1983 Fred Cohen, while working on his dissertation, formally defines a computer virus as “a computer program that can affect other computer programs by modifying them in such a way as to include a (possibly evolved) copy of itself.”

1986 Two programmers named Basit and Amjad replace the executable code in the boot sector of a floppy disk with their own code designed to infect each 360kb floppy accessed on any drive. Infected floppies had “© Brain” for a volume label.

1987 The Lehigh virus, one of the first file viruses, infects command.com files.

1988 One of the most common viruses, Jerusalem, is unleashed. Activated every Friday the 13th, the virus affects both .exe and .com files and deletes any programs run on that day. MacMag and the Scores virus cause the first major Macintosh outbreaks.

1990 Symantec launches Norton AntiVirus, one of the first antivirus programs developed by a large company.

1991 Tequila is the first widespread polymorphic virus found in the wild. Polymorphic viruses make detection difficult for virus scanners by changing their appearance with each new infection.

1992 1300 viruses are in existence, an increase of 420% from December of 1990. The Dark Avenger Mutation Engine (DAME) is created. It is a toolkit that turns ordinary viruses into polymorphic viruses. The Virus Creation Laboratory (VCL) is also made available. It is the first actual virus creation kit.

1994 Good Times email hoax tears through the computer community. The hoax warns of a malicious virus that will erase an entire hard drive just by opening an email with the subject line “Good Times.” Though disproved, the hoax resurfaces every six to twelve months.

1995 Word Concept becomes one of the most prevalent viruses in the mid-1990s. It is spread through Microsoft Word documents.

1996 Baza, Laroux (a macro virus), and Staog viruses are the first to infect Windows95 files, Excel, and Linux respectively.

1998 Currently harmless and yet to be found in the wild, StrangeBrew is the first virus to infect Java files. The virus modifies CLASS files to contain a copy of itself within the middle of the file's code and to begin execution from the virus section. The Chernobyl virus spreads quickly via .exe files. As the notoriety attached to its name would suggest, the virus is quite destructive, attacking not only files but also a certain chip within infected computers. Two California teenagers infiltrate and take control of more than 500 military, government, and private sector computer systems.

1999 The Melissa virus, W97M/Melissa, executes a macro in a document attached to an email, which forwards the document to 50 people in the user's Outlook address book. The virus also infects other Word documents and subsequently mails them out as attachments. Melissa spread faster than any previous virus, infecting an estimated 1 million PCs. Bubble Boy is the first worm that does not depend on the recipient opening an attachment in order for infection to occur. As soon as the user opens the email, Bubble Boy sets to work. Tristate is the first multi-program macro virus; it infects Word, Excel, and PowerPoint files.

2000 The Love Bug, also known as the ILOVEYOU virus, sends itself out via Outlook, much like Melissa. The virus comes as a VBS attachment and deletes files, including MP3, MP2, and .JPG. It also sends usernames and passwords to the virus's author. W97M.Resume.A, a new variation of the Melissa virus, is determined to be in the wild. The “resume” virus acts much like Melissa, using a Word macro to infect Outlook and spread itself. The “Stages” virus, disguised as a joke email about the stages of life, spreads across the Internet. Unlike most previous viruses, Stages is hidden in an attachment with a false “.txt” extension, making it easier to lure recipients into opening it. Until now, it has generally been safe to assume that text files are safe. “Distributed denial-of-service” attacks by hackers knock Yahoo, eBay, Amazon, and other high profile web sites offline for several hours.

2001 Shortly after the September 11th attacks, the Nimda virus infects hundreds of thousands of computers in the world. The virus is one of the most sophisticated to date with as many as five different methods of replicating and infecting systems. The “Anna Kournikova” virus, which mails itself to persons listed in the victim's Microsoft Outlook address book, worries analysts who believe the relatively harmless virus was written with a “tool kit” that would allow even the most inexperienced programmers to create viruses. Worms increase in prevalence with Sircam, CodeRed, and BadTrans creating the most problems. Sircam spreads personal documents over the Internet through email. CodeRed attacks vulnerable webpages, and was expected to eventually reroute its attack to the White House homepage. It infected approximately 359,000 hosts in the first twelve hours. BadTrans is designed to capture passwords and credit card information.

2002 Author of the Melissa virus, David L. Smith, is sentenced to 20 months in federal prison. The LFM-926 virus appears in early January, displaying the message “Loading.Flash.Movie” as it infects Shockwave Flash (.swf) files. Celebrity named viruses continue with the “Shakira,” “Britney Spears,” and “Jennifer Lopez” viruses emerging. The Klez worm, an example of the increasing trend of worms that spread through email, overwrites files (its payload fills files with zeroes), creates hidden copies of the originals, and attempts to disable common anti-virus products. The Bugbear worm also makes it first appearance in September. It is a complex worm with many methods of infecting systems.

2003 In January the relatively benign “Slammer” (Sapphire) worm becomes the fastest spreading worm to date, infecting 75,000 computers in approximately

ten minutes, doubling its numbers every 8.5 seconds in its first minute of infection. The Sobig worm becomes the one of the first to join the spam community. Infected computer systems have the potential to become spam relay points and spamming techniques are used to mass-mail copies of the worm to potential victims.

2004 In January a computer worm, called MyDoom or Novarg, spreads through emails and file-sharing software faster than any previous virus or worm. MyDoom entices email recipients to open an attachment that allows hackers to access the hard drive of the infected computer. The intended goal is a “denial of service attack” on the SCO Group, a company that is suing various groups for using an open-source version of its Unix programming language. SCO offers a $250,000 reward to anyone giving information that leads to the arrest and conviction of the people who wrote the worm. An estimated one million computers running Windows are affected by the fast-spreading Sasser computer worm in May. Victims include businesses, such as British Airways, banks, and government offices, including Britain's Coast Guard. The worm does not cause irreparable harm to computers or data, but it does slow computers and cause some to quit or reboot without explanation. The Sasser worm is different than other viruses in that users do not have to open a file attachment to be affected by it. Instead, the worm seeks out computers with a security flaw and then sabotages them. An 18-year-old German high school student confessed to creating the worm. He's suspected of releasing another version of the virus.

Virus OriginsComputer viruses are called viruses because they share some of the traits of biological viruses. A computer virus passes from computer to computer like a biological virus passes from person to person.

Unlike a cell, a virus has no way to reproduce by itself. Instead, a biological virus must inject its DNA into a cell. The viral DNA then uses the cell's existing machinery to reproduce itself. In some cases, the cell fills with new viral particles until it bursts, releasing the virus. In other cases, the new virus particles bud off the cell one at a time, and the cell remains alive.

A computer virus shares some of these traits. A computer virus must piggyback on top of some other program or document in order to launch. Once it is running, it can infect other programs or documents. Obviously, the analogy between computer and biological viruses stretches things a bit, but there are enough similarities that the name sticks.

Virus HistoryTraditional computer viruses were first widely seen in the late 1980s, and they came about because of several factors. The first factor was the spread of personal computers (PCs). Prior to the 1980s, home computers were nearly non-existent or they were toys. Real computers were rare, and they were locked away for use by "experts." During the 1980s, real computers started to spread to businesses and homes because of the popularity of the IBM PC (released in 1982) and the Apple

Macintosh (released in 1984). By the late 1980s, PCs were widespread in businesses, homes and college campuses.

Floppy disks were factors in thedistribution of computer viruses.

Virus EvolutionAs virus creators became more sophisticated, they learned new tricks. One important trick was the ability to load viruses into memory so they could keep running in the background as long as the computer remained on. This gave viruses a much more effective way to replicate themselves. Another trick was the ability to infect the boot sector on floppy disks and hard disks. The boot sector is a small program that is the first part of the operating system that the computer loads. It contains a tiny program that tells the computer how to load the rest of the operating system. By putting its code in the boot sector, a virus can guarantee it is executed. It can load itself into memory immediately and run whenever the computer is on. Boot sector viruses can infect the boot sector of any floppy disk inserted in the machine, and on college campuses, where lots of people share machines, they could spread like wildfire.

In general, neither executable nor boot sector viruses are very threatening any longer. The first reason for the decline has been the huge size of today's programs. Nearly every program you buy today comes on a compact disc. Compact discs (CDs) cannot be modified, and that makes viral infection of a CD unlikely, unless the manufacturer permits a virus to be burned onto the CD during production. The programs are so big that the only easy way to move them around is to buy the CD. People certainly can't carry applications around on floppy disks like they did in the 1980s, when floppies full of programs were traded like baseball cards. Boot sector viruses have also declined because operating systems now protect the boot sector.

Infection from boot sector viruses and executable viruses is still possible. Even so, it is a lot harder, and these viruses don't spread nearly as quickly as they once did. Call it "shrinking habitat," if you want to use a biological analogy. The environment of floppy disks, small programs and weak operating systems made these viruses possible in the 1980s, but that environmental niche has been largely eliminated by huge executables, unchangeable CDs and better operating system safeguards.

How to Protect Your Computer from VirusesYou can protect yourself against viruses with a few simple steps:

If you are truly worried about traditional (as opposed to e-mail) viruses, you should be running a more secure operating system like UNIX. You never hear about viruses on these operating systems because the security

features keep viruses (and unwanted human visitors) away from your hard disk.

If you are using an unsecured operating system, then buying virus protection software is a nice safeguard.

If you simply avoid programs from unknown sources (like the Internet), and instead stick with commercial software purchased on CDs, you eliminate almost all of the risk from traditional viruses.

You should make sure that Macro Virus Protection is enabled in all Microsoft applications, and you should NEVER run macros in a document unless you know what they do. There is seldom a good reason to add macros to a document, so avoiding all macros is a great policy.

You should never double-click on an e-mail attachment that contains an executable. Attachments that come in as Word files (.DOC), spreadsheets (.XLS), images (.GIF), etc., are data files and they can do no damage (noting the macro virus problem in Word and Excel documents mentioned above). However, some viruses can now come in through .JPG graphic file attachments. A file with an extension like EXE, COM or VBS is an executable, and an executable can do any sort of damage it wants. Once you run it, you have given it permission to do anything on your machine. The only defense is never to run executables that arrive via e-mail.

Open the Options dialog from the Tools menu in Microsoft Word and make sure that Macro Virus Protection is enabled. Newer versions of Word allow you to

customize the level of macro protection you use.

Filtering Software Protects Your Computer Before Something Happens

Statistics of growth of virusesComputer virus incident reports

The Computer Virus & Unauthorized Computer Access Countermeasures Group (VUAC)

receives reports about detections and damage caused by intrusive computer viruses. The

VUAC operates Anti-Computer-Virus Committee, whose members are representatives from

associations of IT industries and academies.

They analyze the accumulated incident reports and endeavor in devising countermeasures.

The results of their investigations as well as recommendations are publicized monthly

through the media such as newspapers and magazines.

Computer Virus Incident Reports [Summary]

The worst virus ever !

There were approximately 10,000 reports for W32/Klez in one year ! !

This is a summary of Computer Virus Incident Reports for December 2002 and for the year

2002 compiled by IPA: Information-technology Promotion Agency.

1. Computer Virus Incident Reports

1-1. Annual virus incident report for 2002

-- W32/Klez had the worst number of reports ever --

In 2002, 20,352 reports were submitted to IPA, and the number decreased slightly

compared from 2001 having 24,261 reports. W32/Klez had the worst number

reported for 9 consecutive months, having 9,648 reports (approximately 50% of

total), which made a single virus to have the worst number of reports ever for a

year. This was followed by W32/Badtrans having 3,336 reports and W32/Hybris having

870 reports.

For more information, please refer to "Computer Virus Detection Incident Reports in 2002"

1-2. December computer virus incident reports

In December, 1,135 reports were submitted to IPA (November: 1,408 reports). The top

number of viruses reported were W32/Klez having 465 reports with new variants

having subjects such as "Happy Christmas" and "Happy New year", W32/Bugbear

having 133 reports, and W32/Opaserv and VBS/Redlof, having 67 reports.

In addition, an alert was announced for a massive spread of virus mail during the year

change period since there was a concern, but there was no serious viral damage.

Caution necessary for infection through web page ! !

There are viruses, such as VBS/Redlof , where infection is obtained just by browsing

a web page . When infected with this virus, infection is spread through ways provided

below.

*Infected computer will record the virus program in the body of the sending e-

mail , hence spreads the infection.

*Infects HTML and other files on the computer, and when the infected file is uploaded on

the web page without noticing this, infection will spread to people who browse the

web page.

Especially, there are more cases where one gets infected through browsing a web page,

so caution is necessary.

There are various ways for virus infection to happen. The most common type is obtained

through attached file on the e-mail, such as W32/Klez and W32/Bugbear. But there are

infections obtained from browsing a web page, such as W32/Nimda and

VBS/Redlof, and infections obtained from shared network, such as W32/Opaserv.

In order to prevent infection damages through various paths from happening, it is

essential to use the anti-virus software with the latest version of virus detecting

data file on a constant monitoring setting.

3 steps for anti virus software

1.Must be installed  === Necessity for countermeasure

2.Appropriate setting  === Constant monitoring setting is effective

3.Updating virus detecting data file  === New virus emerges everyday Update at

least once a week !

Status of damage report

The pie charts show the result of analysis of the computer virus damage cases reported in

2001.

Statistics of computer virus damage reports

Note)14 cases reported between April and December in 1990, 57 cases reported in 1991,

253 cases reported in 1992, 897 cases reported in 1993, 1127 cases reported in 1994,

668 cases reported in 1995, 755 cases reported in 1996, 2391 cases in 1997, and 2035

cases in 1998.

Information security seminars

ISEC hosts Information security seminars all over Japan in every year. In 2001, 13

seminars were held from Hokkaido to Okinawa, in which computer virus countermeasures,

and unauthorized computer access countermeasures.

The VUAC conducts the following activities to promote computer virus prevention

measures.

= Help Desk (Tel, Fax,E-mail)

= Exhibition at computer-related shows

= Distribution of anti-virus brochures and CD-ROMs

= Anti-virus WEB site

= Anti-virus articles on magazines and papers

= Information exchange with anti-virus software vendors

Investigation of actual damage by computer viruses in Japan

The VUAC conducts a questionnaire survey to estimate the actual status of damage due to

computer virus in Japan.

Investigation of number of damaged bodies

  1995 1996 1997 1998 1999 2000

Government and municipal

offices 84 91 99 82 71 101

Public organization and

Universities 212 215 158 154 179 162

Private industries 893 1,094 1,013 1,334 1,279 1,410

Total 1,189 1,400 1,270 1,570 1,529 1,673

number of damaged

bodies

158

(14.2%)

482

(17.9%)

482

(38.6%)

614

(39.8%)

661

(44.1%)

824

(49.3%)

What are the Types of Computer Viruses?Computer viruses are generally defined as a program inputted into a computer that allows replication of the program installed. As it replicates, the program intentionally infects the computer, typically without even the user knowing about the damage being done. A virus, unlike worms or Trojan horses, needs an aid to transfer them to computers. Viruses usually take a large amount of computer memory, resulting into system crashes. Viruses are categorized to several parts based on its features.

Computer Virus is a kind of malicious software written intentionally to enter a computer without the user’s permission or knowledge, with an ability to replicate itself, thus continuing to spread. Some viruses do little but replicate others can cause severe harm or adversely effect program and performance of the system. A virus should never be assumed harmless and left on a system. Most common types of viruses are mentioned below:

Resident Viruses This type of virus is a permanent which dwells in the RAM memory. From there it can overcome and interrupt all of the operations executed by the system: corrupting files and programs that are opened, closed, copied, renamed etc.

Examples include: Randex, CMJ, Meve, and MrKlunky.

Direct Action Viruses The main purpose of this virus is to replicate and take action when it is executed. When a specific condition is met, the virus will go into action and infect files in the directory or folder that it is in and in directories that are specified in the AUTOEXEC.BAT file PATH. This batch file is always located in the root directory of the hard disk and carries out certain operations when the computer is booted.

Overwrite Viruses Virus of this kind is characterized by the fact that it deletes the information contained in the files that it infects, rendering them partially or totally useless once they have been infected.

The only way to clean a file infected by an overwrite virus is to delete the file completely, thus losing the original content.

Examples of this virus include: Way, Trj.Reboot, Trivial.88.D.

Boot Virus This type of virus affects the boot sector of a floppy or hard disk. This is a crucial part of a disk, in which information on the disk itself is stored together with a program that makes it possible to boot (start) the computer from the disk.

The best way of avoiding boot viruses is to ensure that floppy disks are write-protected and never start your computer with an unknown floppy disk in the disk drive.

Examples of boot viruses include: Polyboot.B, AntiEXE.

Macro Virus Macro viruses infect files that are created using certain applications or programs that contain macros. These mini-programs make it possible to automate series of operations so that they are performed as a single action, thereby saving the user from having to carry them out one by one.

Examples of macro viruses: Relax, Melissa.A, Bablas, O97M/Y2K.

Directory Virus

Directory viruses change the paths that indicate the location of a file. By executing a program (file with the extension .EXE or .COM) which has been infected by a virus, you are unknowingly running the virus program, while the original file and program have been previously moved by the virus.

Once infected it becomes impossible to locate the original files.

Polymorphic Virus Polymorphic viruses encrypt or encode themselves in a different way (using different algorithms and encryption keys) every time they infect a system.

This makes it impossible for anti-viruses to find them using string or signature searches (because they are different in each encryption) and also enables them to create a large number of copies of themselves.

Examples include: Elkern, Marburg, Satan Bug, and Tuareg.

File Infectors This type of virus infects programs or executable files (files with an .EXE or .COM extension). When one of these programs is run, directly or indirectly, the virus is activated, producing the damaging effects it is programmed to carry out. The majority

of existing viruses belong to this category, and can be classified depending on the actions that they carry out.

Companion Viruses Companion viruses can be considered file infector viruses like resident or direct action types. They are known as companion viruses because once they get into the system they "accompany" the other files that already exist. In other words, in order to carry out their infection routines, companion viruses can wait in memory until a program is run (resident viruses) or act immediately by making copies of themselves (direct action viruses).

Some examples include: Stator, Asimov.1539, and Terrax.1069

FAT Virus The file allocation table or FAT is the part of a disk used to connect information and is a vital part of the normal functioning of the computer. This type of virus attack can be especially dangerous, by preventing access to certain sections of the disk where important files are stored. Damage caused can result in information losses from individual files or even entire directories.

Worms A worm is a program very similar to a virus; it has the ability to self-replicate, and can lead to negative effects on your system and most importantly they are detected and eliminated by antiviruses.

Examples of worms include: PSWBugbear.B, Lovgate.F, Trile.C, Sobig.D, Mapson.

Trojans or Trojan Horses Another unsavory breed of malicious code are Trojans or Trojan horses, which unlike viruses do not reproduce by infecting other files, nor do they self-replicate like worms.

Logic Bombs They are not considered viruses because they do not replicate. They are not even programs in their own right but rather camouflaged segments of other programs.

Their objective is to destroy data on the computer once certain conditions have been met. Logic bombs go undetected until launched, and the results can be destructive.

Antivirus

Antivirus software are computer programs that attempt to identify, neutralize or eliminate malicious software. The term "antivirus" is used because the earliest examples were designed exclusively to combat computer viruses; however most modern antivirus software is now designed to combat a wide range of threats, including worms, phishing attacks, rootkits, trojan horses and other malware. Antivirus software typically uses two different approaches to accomplish this:

examining (scanning) files to look for known viruses matching definitions in a virus dictionary, and

identifying suspicious behavior from any computer program which might indicate infection.

The second approach is called heuristic analysis. Such analysis may include data captures, port monitoring and other methods.

Most commercial antivirus software uses both of these approaches, with an emphasis on the virus dictionary approach. Although some people consider network firewalls to be a type of antivirus software, this categorization is not correct

In the virus dictionary approach, when the antivirus software looks at a file, it refers to a dictionary of known viruses that the authors of the antivirus software have identified. If a piece of code in the file matches any virus identified in the dictionary, then the antivirus software can take one of the following actions:

1. attempt to repair the file by removing the virus itself from the file, 2. quarantine the file (such that the file remains inaccessible to other programs

and its virus can no longer spread), or 3. delete the infected file.

To achieve consistent success in the medium and long term, the virus dictionary approach requires periodic (generally online) downloads of updated virus dictionary entries. As civically-minded and technically-inclined users identify new viruses "in the wild", they can send their infected files to the authors of antivirus software, who then include information about the new viruses in their dictionaries.

Dictionary-based antivirus software typically examines files when the computer's operating system creates, opens, closes, or e-mails them. In this way it can detect a known virus immediately upon receipt. Note too that a System Administrator can typically schedule the antivirus software to examine (scan) all files on the computer's hard disk on a regular basis.

Proprietary

eScan AntiVirus ArcaVir by arcabit.com avast! Avira

AVG Anti-Virus BitDefender BullGuard CA Anti-Virus Cisco Security Agent Dr.Web DriveSentry (antivirus, antispyware and HIPS technologies) eSafe Fortinet FortiClient End Point Security F-PROT F-Secure G DATA AntiVirus IKARUS antivirus INCA Internet Kaspersky Anti-Virus LinuxShield McAfee VirusScan Mks vir NOD32 Norman ASA Norton AntiVirus Panda Security PC Tools AntiVirus Rising AntiVirus Sophos Anti-Virus Trend Micro Internet Security TrustPort Antivirus -AEC Vba32 AntiVirus Virus Chaser Windows Live OneCare ZoneAlarm

Freeware Avira AntiVir Personal - Free Antivirus AOL Active Virus Shield (no longer available via AOL) AVG Anti-Virus Free (Registerware, Nagware) avast! Home (Registerware) BitDefender Free version does not provide real time scanning Comodo AntiVirus DriveSentry Fully functional free version F-PROT (for Linux, FreeBSD and DOS only) PC Tools AntiVirus Free Edition

Open Clam AntiVirus ClamWin OpenAntiVirus Winpooch Untangle

Abandonware Cyberhawk (now ThreatFire AntiVirus)

Eliashim (now eSafe) The Antidote and Antidote SuperLite

Comparisons

Anti-Virus Software  

Windows  

Mac OS X  

Linux  

FreeBSD  

Unix  

License  

on-demand scan  

on-access

scan  

SignatureDetectioncount[1]  

SignatureDetection%[1]  

False Positives

[1]  

Proactive Detection(HIPS)  

Avira AntiVir Personal - Free Antivirus

Yes No Yes Yes Yes Freeware Yes Yes 1,020,627 99.6% 1 Good

Avira AntiVir Premium

Yes No Yes Yes YesProprietary

(commercial)Yes Yes 1,020,627 99.6% 1 Good

AOL Active Virus Shield

Yes No No No No Freeware Yes Yes

Avast! Yes Yes Yes No NoProprietary

(commercial)Yes Yes 1,018,204 99.4% 2 Satisfactory

Avast! Home Yes Yes Yes No NoFreeware

(commercial)Yes Yes 1,018,204 99.4% 2 Satisfactory

AVG Anti-Virus

Yes No Yes Yes NoProprietary

(commercial)Yes Yes 1,005,006 98.1% 1 Satisfactory

AVG Anti-Virus Free

Yes No Yes No NoFreeware

(commercial) (Nagware)

Yes Yes 1,005,006 98.1% 1 Satisfactory

AVK 2008 (G DATA)

Yes No No No NoProprietary

(Commercial)Yes Yes 1,022,418 99.8% 2 Good

BitDefender Yes No Yes Yes NoProprietary

(Commercial)Yes Yes 1,003,902 98.0% 2 Very Good

BitDefender Free Edition

Yes No No No No Freeware YesYes (with

Winpooch)1,003,902 98.0% 2 Very Good

BullGuard Yes No No No NoProprietary

(Commercial)Yes Yes

Clam AntiVirus

see ClamWin

see ClamXav

see KlamAV

and ClamTk

Yes Yes GPL Yes No 791,505 77.3% 3 Poor

ClamWin Yes No No No No GPL YesYes (with

Winpooch)791,505 77.3% 3 Poor

Command AntiVirus

729,233 71.2% 1 Poor

Comodo AntiVirus

Yes Freeware Yes Yes

Dr Web 887,736 86.7% 2 GoodeTrust-VET 566,161 55.3% 0 PoorFortinet FortiClient End Point Security

Yes No No No NoProprietary

(commercial)Yes Yes 957,558 93.5% >3 Very Good

F-Prot Yes No Yes Yes Yes Proprietary Yes Yes 1,003,731 96.3% 1 Poor

Kaspersky Anti-Virus

YesYes

(BETA)

Yes (SMB and

ENT)

No No Proprietary Yes Yes 1,003,470 98.0% 2 Good

McAfee VirusScan

Yes Yes Yes Yes YesProprietary

(commercial)Yes Yes 959,919 93.7% 0 Good

Metascan Yes No No Yes YesProprietary

(commercial)Yes Yes

Moon Secure AntiVirus

Yes No No No No GPL Yes Yes

NOD32 Yes No Yes Yes NoProprietary

(commercial)Yes Yes 953,936 93.1% 1 Very Good

Norton AntiVirus (Symantec)

Yes Yes Yes Yes No Proprietary Yes Yes 1,006,849 98.3% 0 Good

Panda Antivirus

Yes No Yes No NoProprietary

(commercial)Yes Yes 979,409 95.6% 2 Very Good

PC Tools AntiVirus

Yes Yes No No NoProprietary

(commercial)Yes Yes

Protector Plus

Yes No No No NoProprietary

(commercial)Yes Yes

Sophos Anti-Virus

Yes Yes Yes Yes Yes Proprietary Yes Yes 1,001,655 97.8% 1 Very Good

Anti-Virus Software

WindowsMac OS

XLinux FreeBSD Unix License

on-demand

scan

on-access scan

SignatureDetection

on-demand

SignatureDetection

%[1]

False Positives

Proactive Detection(HIPS)[1]

Monthly Malware Statistics for July 2008

The format of the 'Virus Top Twenty' reports from Kaspersky Lab has changed as of July 2008. The previous method used to compile these reports and to assess the current threat landscape was based on data generated by analysing email traffic and the files checked using our Online Scanner. However, this method no longer provides an accurate reflection of the changing nature of malicious threats; email is no longer the main attack vector, and our data shows that malicious programs make up a very small proportion of all mail traffic.

From July 2008 onwards, the Top Twenty will be composed using data generated by Kaspersky Security Network (KSN), a new technology implemented in the 2009 personal product line. This data not only makes it possible for Kaspersky Lab to get timely information about threats and to track their evolution, but also makes it possible for us to detect unknown threats, and roll out that protection to users, as quickly as possible.

The 2009 personal products haven't been officially launched in all countries, e.g. in Russian and the USA. The data presented in this report therefore provides an objective reflection of the threat landscape in the majority of European and Asian countries. However, in the near future, such reports will include data provided by users in other countries of the world.

The data received from KSN in July 2008 has been used to compile the following rankings.

The first is a ranking of the most widespread malicious, advertising, and potentially unwanted programs. The figures given are a percentage of the number of computers on which threats were detected.

Position Name

1   Trojan.Win32.DNSChanger.ech  

2   Trojan-Downloader.WMA.Wimad.n  

3   Trojan.Win32.Monderb.gen  

4   Trojan.Win32.Monder.gen  

5   not-a-virus:AdWare.Win32.HotBar.ck  

6   Trojan.Win32.Monderc.gen  

7   not-a-virus:AdWare.Win32.Shopper.v  

8   not-a-virus:AdTool.Win32.MyWebSearch.bm  

9   Trojan.Win32.Agent.abt  

10   Worm.VBS.Autorun.r  

11   Trojan.Win32.Agent.rzw  

12   Trojan-Downloader.Win32.CWS.fc  

13   not-a-virus:AdWare.Win32.Mostofate.cx  

14   Trojan-Downloader.JS.Agent.bi  

15   Trojan-Downloader.Win32.Agent.xvu  

16   not-a-virus:AdWare.Win32.BHO.ca  

17   Trojan.Win32.Agent.sav  

18   Trojan-Downloader.Win32.Obitel.a  

19   Trojan.Win32.Chifrax.a  

20   Trojan.Win32.Agent.tfc  

As the rating is only compiled using data received during the course of a single month, it's very hard to make any predictions. However, future reports will include such forecasts.

Nonetheless, it is possible to divide all the malicious and potentially unwanted programs shown above into the fundamental classes used by Kaspersky Lab in its classification: TrojWare, VirWare, AdWare and Other MalWare.

Clearly, most of the time, victim machines are attacked by a wide range of Trojan programs.

Overall, in July 2008, there were 20704 unique malicious, advertising, and potentially unwanted programs detected on users' computers. Our data indicates that out of these, approximately 20000 of them were found in the wild. The second Top Twenty provides figures on the most common malicious programs among all infected objects detected.

Position Name

1   Trojan.Win32.DNSChanger.ech  

1   Virus.Win32.Virut.q  

2   Worm.Win32.Fujack.ap  

3   Net-Worm.Win32.Nimda  

4   Virus.Win32.Hidrag.a  

5   Virus.Win32.Neshta.a  

6   Virus.Win32.Parite.b  

7   Virus.Win32.Sality.z  

8   Virus.Win32.Alman.b  

9   Virus.Win32.Virut.n  

10   Virus.Win32.Xorer.du  

11   Worm.Win32.Fujack.aa  

12   Worm.Win32.Otwycal.g  

13   Worm.Win32.Fujack.k  

14   Virus.Win32.Parite.a  

15   Trojan-Downloader.WMA.GetCodec.d  

16   Virus.Win32.Sality.l  

17   Virus.Win32.Sality.s  

18   Worm.Win32.Viking.ce  

19   Worm.VBS.Headtail.a  

20   Net-Worm.Win32.Allaple.b  

The majority of the programs listed above are able to infect files. The figures given are interesting as they indicate the spread of threats which need to be disinfected, rather than simply dealt with by deleting infected objects.

Virus Top 20 for May 2008

PositionChange

in position

NameProactive

Detection FlagPercentag

e

1. 0 Email-Worm.Win32.NetSky.q Trojan.generic 23.12

2. +1 Email-Worm.Win32.NetSky.y Trojan.generic 9.70

3. +2 Email-Worm.Win32.Scano.gen Trojan.generic 9.63

4. +4 Email-Worm.Win32.Nyxem.e Trojan.generic 6.75

5. -3 Email-Worm.Win32.NetSky.d Trojan.generic 6.27

6. Return Email-Worm.Win32.NetSky.x Trojan.generic 4.44

7. -1 Email-Worm.Win32.NetSky.aa Trojan.generic 3.74

8. Return Email-Worm.Win32.NetSky.b Trojan.generic 3.26

9. -5 Email-Worm.Win32.Bagle.gt Trojan.generic 2.75

10. Return Net-Worm.Win32.Mytob.u Worm.P2P.generic

2.60

11. +6 Net-Worm.Win32.Mytob.c Trojan.generic 2.40

12. 0 Email-Worm.Win32.Scano.bn Trojan.generic 2.09

13. Return Email-Worm.Win32.NetSky.r Trojan.generic 1.98

14. +4 Email-Worm.Win32.NetSky.t Trojan.generic 1.94

15. Return Net-Worm.Win32.Mytob.bi Trojan.generic 1.65

16. -5 Email-Worm.Win32.Bagle.gen Trojan.generic 1.39

17. -4 Email-Worm.Win32.Mydoom.l Worm.P2P.generic

1.19

18. Return Net-Worm.Win32.Mytob.t Worm.P2P.generic

1.08

19. -3 Email-Worm.Win32.NetSky.c Trojan.generic 0.97

20. New! Net-Worm.Win32.Mytob.cg Worm.P2P.generic

0.90

Other malicious programs 12.15

The May 2008 Email Top Twenty is a short one; this is explained by the well-known fact that virus writers take a break over the summer months. The complete absence of any epidemics in mail traffic, which is obvious from even a cursory glance at this month's rankings, bears this out.

In fact, the only significant change to the rankings was caused by the re-entry of a few worms which have been in circulation for several years now.

Trojan-Downloader programs such as Agent.ica, Agent.hsl, and Diehard that were active during the first four months of 2008 disappeared without trace in May.

The Warezov and Zhelatin worms have not reappeared since dropping out of the Top Twenty back in February. The authors have stopped sending out the executable components of the worms by email, confining themselves to distributing the code via links on infected websites.

This does mean that the threat posed by malicious code in email has declined. However, phishing and spam continue to pose very real threats and have the potential to create just as big a problem for the end user.

Other malicious programs made up a significant percentage (12.15%) of all malicious code found in mail traffic.

The Top Twenty countries which acted as sources of infected emails in May are shown below:

Position

Change

CountryPercentag

e

1 0 USA 21.72

2 +5 Poland 13.18

3 -1 South Korea 7.88

4 -1 Spain 5.85

5 -1 China 5.15

6 0 France 4.07

7 +1 Germany 3.54

8 -1 Brazil 3.49

9 0 United Kingdom

2.83

10 -2 India 2.82

11 -1 Italy 2.66

12 -1 Isreal 1.80

13 0 Japan 1.66

14 +5 Canada 1.15

15 +2 The Netherlands

1.07

16 -1 Turkey 1.05

17 -1 Australia 1.03

18 -4 Argentina 1.02

19 +1 Russia 0.99

20 New! Austria 0.91

Other Countries 16.13

Summary

← Moved up: Email-Worm.Win32.NetSky.y, Email-Worm.Win32.Scano.gen, Email-Worm.Win32.Nyxem.e, Net-Worm.Win32.Mytob.c, Email-Worm.Win32.NetSky.t.

←← Moved down: Email-Worm.Win32.NetSky.d, Email-Worm.Win32.NetSky.aa,

Email-Worm.Win32.Bagle.gt, Email-Worm.Win32.Bagle.gen, Email-Worm.Win32.Mydoom.l, Email-Worm.Win32.NetSky.c.

←← Returned: Email-Worm.Win32.NetSky.x, Email-Worm.Win32.NetSky.b, Net-

Worm.Win32.Mytob.u, Email-Worm.Win32.NetSky.r, Net-Worm.Win32.Mytob.bi, Net-Worm.Win32.Mytob.t, Net-Worm.Win32.Mytob.cg.

←← No change: Email-Worm.Win32.NetSky.q, Email-Worm.Win32.Scano.bn.

ConclusionsThere are lots of viruses in the world and new viruses are coming up every day. There are new anti-virus programs and techniques developed too. It is good to be aware of viruses and other malware and it is cheaper to protect you environment from them rather then being sorry.

There might be a virus in your computer if it starts acting differently. There is no reason to panic if the computer virus is found.

It is good to be a little suspicious of malware when you surf in the Internet and download files. Some files that look interesting might hide a malware.

A computer virus is a program that reproduces itself and its mission is to spread out. Most viruses are harmless and some viruses might cause random damage to data files.

A trojan horse is not a virus because it doesn't reproduce. The trojan horses are usually masked so that they look interesting. There are trojan horses that steal passwords and formats hard disks.

Marco viruses spread from applications which use macros. Macro viruses spreads fast because people share so much data, email documents and use the Internet to get documents. Macros are also very easy to write.

Some people want to experiment how to write viruses and test their programming talent. At the same time they do not understand about the consequences for other people or they simply do not care.

Viruses mission is to hop from program to other and this can happen via floppy disks, Internet FTP sites, newsgroups and via email attachments. Viruses are mostly written for PC-computers and DOS environments.

Viruses are not any more something that just programmers and computer specialist have to deal with. Today everyday users have to deal with viruses.