case study on computer viruses

11 real and famous cases of malware attacks

Updated at June 4, 2021
Blog , Threat Research

Many cases of famous hacker attacks use malware at some point. For example, first, the cybercriminal can send you a phishing email . No attachment. No links. Text only. After he gains your trust , in a second moment, he can send you a malicious attachment , that is, malware disguised as a legitimate file.

Malware is a malicious software designed to infect computers and other devices. The intent behind the infection varies. Why? Because the cybercriminal can use malware to make money, to steal secret information that can give strategic advantages, to prevent a business from running or even just to have fun.

Yes, there are hackers who act for pleasure.

In fact, malware is a broad term. It’s like a category. Within this category are different types of threats, such as virus , worm , trojan , and ransomware .

To fight malware delivered via email, here at Gatefy we offer a secure email gateway solution and an anti-fraud solution based on DMARC . You can request a demo or more information .

To get an idea, according to the FBI , damages caused by ransomware amounted to more than USD 29.1 million just in 2020. And one of the most widely used form of malware spreading continues to be via email . As a Verizon report confirmed : 30% of the malware was directly installed by the actor, 23% was sent there by email and 20% was dropped from a web application.

The cases listed below show how malware attacks can work and give you a glimpse of the harm they cause to businesses and individuals.

In this post, we’ll cover the following malware cases:

Icon of the Gatefy's cloud email security solution.

Check out 11 real cases of malware attacks

1. covidlock, ransomware, 2020.

Fear in relation to the Coronavirus (COVID-19) has been widely exploited by cybercriminals. CovidLock ransomware is an example. This type of ransomware infects victims via malicious files promising to offer more information about the disease.

The problem is that, once installed, CovidLock encrypts data from Android devices and denies data access to victims. To be granted access, you must pay a ransom of USD 100 per device.

2. LockerGoga, ransomware, 2019

LockerGoga is a ransomware that hit the news in 2019 for infecting large corporations in the world, such as Altran Technologies and Hydro. It’s estimated that it caused millions of dollars in damage in advanced and targeted attacks.

LockerGoga infections involve malicious emails , phishing scams and also credentials theft. LockerGoga is considered a very dangerous threat because it completely blocks victims’ access to the system.

3. Emotet, trojan, 2018

Emotet is a trojan that became famous in 2018 after the U.S. Department of Homeland Security defined it as one of the most dangerous and destructive malware. The reason for so much attention is that Emotet is widely used in cases of financial information theft, such as bank logins and cryptocurrencies.

The main vectors for Emotet’s spread are malicious emails in the form of spam and phishing campaigns . 2 striking examples are the case of the Chilean bank Consorcio, with damages of USD 2 million, and the case of the city of Allentown, Pennsylvania, with losses of USD 1 million.

4. WannaCry, ransomware, 2017

One of the worst ransomware attacks in history goes by the name of WannaCry , introduced via phishing emails in 2017. The threat exploits a vulnerability in Windows.

It’s estimated that more than 200,000 people have been reached worldwide by WannaCry, including hospitals, universities and large companies, such as FedEx, Telefonica, Nissan and Renault. The losses caused by WannaCry exceed USD 4 billion.

By the way, have you seen our article about the 7 real and famous cases of ransomware attacks ?

5. Petya, ransomware, 2016

Unlike most ransomware , Petya acts by blocking the machine’s entire operating system. We mean, Windows system. To release it, the victim has to pay a ransom.

It’s estimated that the losses involving Petya and its more new and destructive variations amount to USD 10 billion since it was released in 2016. Among the victims are banks, airports and oil and shipping companies from different parts of the world.

6. CryptoLocker, ransomware, 2013

The CryptoLocker is one of the most famous ransomware in history because, when it was released in 2013, it used a very large encryption key, which made the experts’ work difficult. It’s believed that it has caused more than USD 3 million in damage, infecting more than 200,000 Windows systems.

This type of ransomware was mainly distributed via emails, through malicious files that looked like PDF files , but, obviously, weren’t.

7. Stuxnet, worm, 2010

The Stuxnet deserves special mention on this list for being used in a political attack, in 2010, on Iran’s nuclear program and for exploiting numerous Windows zero-day vulnerabilities . This super-sophisticated worm has the ability to infect devices via USB drives, so there is no need for an internet connection.

Once installed, the malware is responsible for taking control of the system. It’s believed that it has been developed at the behest of some government. Read: USA and Israel.

8. Zeus, trojan, 2007

Zeus is a trojan distributed through malicious files hidden in emails and fake websites, in cases involving phishing . It’s well known for propagating quickly and for copying keystrokes, which led it to be widely used in cases of credential and passwords theft, such as email accounts and bank accounts.

The Zeus attacks hit major companies such as Amazon, Bank of America and Cisco. The damage caused by Zeus and its variations is estimated at more than USD 100 million since it was created in 2007.

9. MyDoom, worm, 2004

In 2004, the MyDoom worm became known and famous for trying to hit major technology companies, such as Google and Microsoft. It used to be spread by email using attention-grabbing subjects, such as “Error”, “Test” and “Mail Delivery System”.

MyDoom was used for DDoS attacks and as a backdoor to allow remote control. The losses are estimated, according to reports, in millions of dollars.

10. ILOVEYOU, worm, 2000

The ILOVEYOU worm was used to disguise itself as a love letter, received via email. Reports say that it infected more than 45 million people in the 2000s, causing more than USD 15 billion in damages.

ILOVEYOU is also considered as one of the first cases of social engineering used in malware attacks. Once executed, it had the ability to self-replicate using the victim’s email.

Also see 10 real and famous cases of social engineering .

11. Melissa, virus, 1999

The Melissa virus infected thousands of computers worldwide by the end of 1999. The threat was spread by email, using a malicious Word attachment and a catchy subject: “Important Message from (someone’s name)”.

Melissa is considered one of the earliest cases of social engineering in history. The virus had the ability to spread automatically via email. Reports from that time say that it infected many companies and people, causing losses estimated at USD 80 million.

How to fight malware attacks

There are 2 important points or fronts to fight and prevent infections caused by malware.

1. Cybersecurity awareness

The first point is the issue regarding cybersecurity awareness. You need to be aware on the internet. That means: watch out for suspicious websites and emails . And that old tip continues: if you’re not sure what you’re doing, don’t click on the links and don’t open attachments.

2. Technology to fight malware

The second point involves the use of technology . It’s important that you have an anti-malware solution on your computer or device. For end-users, there are several free and good options on the market.

For companies, in addition to this type of solution, we always recommend strengthening the protection of your email network. As already explained, email is the main malware vector. So, an email security solution can rid your business of major headaches.

Here at Gatefy we offer an email gateway solution and a DMARC solution . By the way, you can request a demo by clicking here or ask for more information . Our team of cybersecurity experts will contact you shortly to help.

Latest news

10 real and famous cases of bec (business email compromise), 8 reasons to use dmarc in your business, what is mail server.

Men hand shaking in one of the potential business email compromise cases

Artificial Intelligence
Generative AI
Business Operations
IT Leadership
Application Security
Business Continuity
Cloud Security
Critical Infrastructure
Identity and Access Management
Network Security
Physical Security
Risk Management
Security Infrastructure
Vulnerabilities
Software Development
Enterprise Buyer’s Guides
United States
United Kingdom
Newsletters
Foundry Careers
Terms of Service
Privacy Policy
Cookie Policy
Member Preferences
About AdChoices
E-commerce Links
Your California Privacy Rights

Our Network

Computerworld
Network World

11 infamous malware attacks: The first and the worst

Whether by dumb luck or ruthless skill, these malware attacks left their mark on the internet..

binary code, magnifying lens, skull and crossbones

Viruses and other malware spreading for sinister or baffling reasons has been a staple of cyberpunk novels and real-life news stories alike for decades. And in truth, there have been computer viruses on the internet since before it was the internet. This article will take a look at some of the most important milestones in the evolution of malware: These entries each represent a novel idea, a lucky break that revealed a gaping security hole, or an attack that turned to be particularly damaging—and sometimes all three.

Creeper virus (1971)
Brain virus (1986)
Morris worm (1988)
ILOVEYOU worm (2000)
Mydoom worm (2004)
Zeus trojan (2007)
CryptoLocker ransomware (2013)
Emotet trojan (2014)
Mirai botnet (2016)
Petya ransomware/NotPetya wiper (2016/7)
Clop ransomware (2019-Present)

1. Creeper virus (1971)

Computer pioneer John von Neumann’s posthumous work Theory of Self-Reproducing Automata , which posited the idea of computer code that could reproduce and spread itself, was published in 1966. Five years later, the first known computer virus, called Creeper , was a written by Bob Thomas. Written in PDP-10 assembly language, Creeper could reproduce itself and move from computer to computer across the nascent ARPANET.

Creeper did no harm to the systems it infected—Thomas developed it as a proof of concept, and its only effect was that it caused connected teletype machines to print a message that said “I’M THE CREEPER: CATCH ME IF YOU CAN.” We’re mentioning it here despite its benign nature because it was the first, and set the template for everything that followed. Shortly after Creeper’s release, Ray Tomlinson, best known for implementing the first email program, wrote a rival program called Reaper that spread from computer to computer eliminating Creeper’s code.

2. Brain virus (1986)

Creeper was designed to leap across computer networks, but for most of the 1970s and ’80s that infection vector was in limited simply because most computers operated in isolation. What malware did spread from computer to computer did so via floppy disks. The earliest example is Elk Cloner , which was created by a 15-year-old as a prank and infected Apple II computers. But probably the most important of this generation of viruses was one that came to be known as Brain, and started spreading worldwide in 1986.

Brain was developed by computer programmers (and brothers) Amjad and Basit Farooq Alvi, who lived in Pakistan and had a business selling medical software. Because their programs were often pirated, they created a virus that could infect the boot sector of pirated disks. It was mostly harmless but included contact information for them and an offer to “disinfect” the software.

Whether they could actually “fix” the problem isn’t clear, but as they explained 25 years later, they soon started receiving phone calls from all over the world , and were shocked by how quickly and how far Brain had spread (and how mad the people who had illegally copied their software were at them, for some reason). Today Brain is widely regarded as the first IBM PC virus, so we’re including it on our list despite its benign nature, and the brothers still have the same address and phone number that they sent out 25 years ago.

3. Morris worm (1988)

1988 saw the advent of a piece of malware called Morris, which could claim a number of firsts. It was the first widespread computer worm , which meant it could reproduce itself without needing another program to piggyback on. It targeted multiple vulnerabilities to help it spread faster and further. While not designed to do harm, it was probably the first malware to do real substantive financial damage, more than earning its place on this list. It spread incredibly swiftly—within 24 hours of its release, it had infected 10 percent of all internet-connected computers —and created multiple copies of itself on each machine, causing many of them to grind to a halt. Estimates of the costs of the attack ranged into the millions.

The worm is named after its creator Robert Morris , who was a Cornell grad student at the time and meant it as a proof-of-concept and demonstration of widespread security flaws. Morris didn’t anticipate that it would spread so quickly or that its ability to infect individual computers multiple times would cause so much trouble, and he tried to help undo the damage, but it was too late. He ended up the unfortunate subject of another first: The first person convicted under the 1986 Computer Fraud and Abuse Act.

4. ILOVEYOU worm (2000)

Unlike the previous malware creators on this list, Onel de Guzman, who was 24 in 2000 and living in the Philippines, crafted his creation with straightforward criminal intent: he couldn’t afford dialup service, so he built a worm that would steal other people’s passwords so he could piggyback off of their accounts. But the malware so cleverly took advantage of a number of flaws in Windows 95—especially the fact that Windows automatically hid the file extensions of email attachments so people didn’t realize they were launching executable files—that it spread like wildfire, and soon millions of infected computers were sending out copies of the worm and beaming passwords back to a Filipino email address . It also erased numerous files on target computers, causing millions of dollars in damage and briefly shutting down the U.K. Parliament’s computer system.

de Guzman was never charged with a crime, because nothing he did was illegal in the Philippines at the time, but he expressed regret in an interview 20 years later , saying he never intended the malware to spread as far as it did. He also ended up being something of a pioneer in social engineering : the worm got its name because it spread with emails with “ILOVEYOU” in the subject line . “I figured out that many people want a boyfriend, they want each other, they want love, so I called it that,” de Guzman said.

5. Mydoom worm (2004)

Mydoom may be almost 20 year old as of this writing, but as of today still holds a number of records. The Mydoom worm infected computers via email , then took control of the victim computer to email out more copies of itself, and did it so efficiently that at its height it accounted for a quarter of all emails sent worldwide, a feat that’s never been surpassed. The infection ended up doing more than $35 billion in damages, which, adjusted for inflation, has also never been topped.

The creator and ultimate purpose of Mydoom remain mysteries today. In addition to mailing out copies of the worm, infected computers were also used as a botnet to launch DDoS attacks on the SCO Group (a company that aggressively tried to claim intellectual property rights over Linux ) and Microsoft , which led many to suspect some rogue member of the open source community . But nothing specific has ever been proven.

6. Zeus trojan (2007)

Zeus was first spotted in 2007, at the tail end of the Web 1.0 era, but it showed the way for the future of what malware could be. A Trojan that infects via phishing and drive-by downloads from infected websites, isn’t just one kind of attacker; instead, it acts as a vehicle for all sorts of malicious payloads. Its source code and operating manual leaked in 2011, which helped both security researchers and criminals who wanted to exploit its capabilities .

You’ll usually hear Zeus referred to as a “banking Trojan,” since that’s where its variants focus much of their energy. A 2014 variant, for instance, manages to interpose itself between a user and their banking website , intercepting passwords, keystrokes, and more. But Zeus goes beyond banks, with another variation slurping up Salesforce.com info .

7. CryptoLocker ransomware (2013)

Zeus could also be used to create botnets of controlled computers held in reserve for some later sinister purpose. The controllers of one such botnet, called Gameover Zeus, infected their bots with CryptoLocker, one of the earliest prominent versions of what became known as ransomware . Ransomware encrypts many of the files on the victim’s machine and demands a payment in cryptocurrency in order to restore access.

CryptoLocker became famous for its rapid spread and its powerful asymmetric encryption that was (at the time) uniquely difficult to break. It also became famous due to something unusual in the malware world: a happy ending. In 2014, the U.S. DoJ and peer agencies overseas managed to take control of the Gameover Zeus botnet , and restore the files of CryptoLocker victims free of charge. Unfortunately, CryptoLocker spread via good old-fashioned phishing as well, and variants are still around.

8. Emotet trojan (2014)

Emotet is another piece of malware whose functionality has shifted and changed of the years that it has remained active. In fact, Emotet is a prime example of what’s known as polymorphic malware , with its code changing slightly every time it’s accessed, the better to avoid recognition by endpoint security programs . Emotet is a Trojan that, like others on this list, primarily spreads via phishing (repeat after us: do not open unknown email attachments ).

Emotet first appeared in 2014, but like Zeus, is now a modular program most often used to deliver other forms of malware, with Trickster and Ryuk being two prominent examples. Emotet is so good at what it does that Arne Schoenbohm, head of the German Federal Office for Information Security, calls it the “king of malware.”

9. Mirai botnet (2016)

All the viruses and other malware we’ve been discussing so far have afflicted what we think of as “computers”—the PCs and laptops that we use for work and play. But in the 21st century, there are millions of devices with more computing power than anything that Creeper could have infected. These internet of things (IoT) devices are omnipresent, ignored, and often go unpatched for years.

The Mirai botnet was actually similar to some of the early malware we discussed because it exploited a previously unknown vulnerability and wreaked far more havoc than its creator intended. In this case, the malware found and took over IoT gadgets (mostly CCTV cameras) that hadn’t had their default passwords changed. Paras Jha, the college student who created the Mirai malware, intended to use the botnets he created for DoS attacks that would help settle scores in the obscure world of Minecraft server hosting, but instead he unleashed an attack that focused on a major DNS provider and cut off much of the U.S. east coast from the internet for the better part of a day.

10. Petya ransomware/NotPetya wiper (2016/7)

The ransomware Trojan dubbed Petra started afflicting computers in 2016. Though it had a clever mechanism for locking down its victims’ data—it encrypts the master file table, which the OS uses to find files—it spread via conventional phishing scams and wasn’t considered particularly virulent.

It would probably be forgotten today if not for what happened the following year. A new self-reproducing worm variant emerged that used the NSA’s leaked EternalBlue and EternalRomance exploits to spread from computer to computer. Originally distributed via a backdoor in a popular Ukrainian accounting software package, the new version— dubbed NotPetya —quickly wreaked havoc across Europe. The worst part? Though NotPetya still looked like ransomware, it was a wiper designed wholly to ruin computers, as the address displayed where users could send their ransom was randomly generated and did no good. Researchers believe that Russian intelligence repurposed the more ordinary Petya malware to use as a cyberweapon against Ukraine—and so, in addition to the massive damage it caused, NotPetya earns its place on this list by illustrating the symbiotic relationship between state sponsored and criminal hackers.

11. Clop ransomware (2019-Present)

Clop (sometimes written Cl0p) is another ransomware variant that emerged on the scene in 2019 and has grown increasingly prevalent since, to the extent that it was dubbed one of the top malware threats of 2022 . In addition to preventing victims from accessing their data, Clop allows the attacker to exfiltrate that data as well. McAfee has a breakdown of the technical details , including a review of ways it can bypass security software.

What makes Clop so interesting and dangerous, however, is not how it’s deployed, but by whom. It’s at the forefront of a trend called Ransomware-as-a-Service , in which a professionalized group of hackers does all the work for whoever will pay them enough (or share in a percentage of the ransomware riches they extract from victims). The earlier entries in this list are from a day when the internet was for hobbyists and lone wolves; today, it seems even cybercrime is largely the province of governments and the professionals.

More from this author

Pci dss explained: requirements, fines, and steps to compliance, tabletop exercises explained: definition, examples, and objectives, the 6 best password managers for business, most popular authors.

Show me more

Iranian hackers harvest credentials through advanced social engineering campaigns.

Dropbox Sign hack exposed user data, raises security concerns for e-sign industry

UnitedHealth hack may impact a third of US citizens: CEO testimony

CSO Executive Sessions: The personality of cybersecurity leaders

CSO Executive Sessions: Geopolitical tensions in the South China Sea - why the private sector should care

Hybrid Epidemics—A Case Study on Computer Worm Conficker

* E-mail: [email protected] (CZ); [email protected] (SZ)

Affiliations Department of Computer Science, University College London, London, United Kingdom, Security Science Doctoral Research Training Centre, University College London, London, United Kingdom

Affiliation Department of Computer Science, University College London, London, United Kingdom

Affiliation Division of Infection and Immunity, University College London, London, United Kingdom

Changwang Zhang,
Shi Zhou,
Benjamin M. Chain

Published: May 15, 2015
https://doi.org/10.1371/journal.pone.0127478
Reader Comments

Conficker is a computer worm that erupted on the Internet in 2008. It is unique in combining three different spreading strategies: local probing, neighbourhood probing, and global probing. We propose a mathematical model that combines three modes of spreading: local, neighbourhood, and global, to capture the worm’s spreading behaviour. The parameters of the model are inferred directly from network data obtained during the first day of the Conficker epidemic. The model is then used to explore the tradeoff between spreading modes in determining the worm’s effectiveness. Our results show that the Conficker epidemic is an example of a critically hybrid epidemic, in which the different modes of spreading in isolation do not lead to successful epidemics. Such hybrid spreading strategies may be used beneficially to provide the most effective strategies for promulgating information across a large population. When used maliciously, however, they can present a dangerous challenge to current internet security protocols.

Citation: Zhang C, Zhou S, Chain BM (2015) Hybrid Epidemics—A Case Study on Computer Worm Conficker. PLoS ONE 10(5): e0127478. https://doi.org/10.1371/journal.pone.0127478

Academic Editor: Gui-Quan Sun, Shanxi University, CHINA

Received: December 12, 2014; Accepted: April 14, 2015; Published: May 15, 2015

Copyright: © 2015 Zhang et al. This is an open access article distributed under the terms of the Creative Commons Attribution License , which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited

Data Availability: All relevant data are within the paper.

Funding: This work was supported in part by the Engineering and Physical Sciences Research Council of UK (no. EP/G037264/1), the China Scholarship Council (file no. 2010611089), and the National Natural Science Foundation of China (project no. 60970034, 61170287, 61232016). The funders had no role in study design, data collection and analysis, decision to publish, or preparation of the manuscript.

Competing interests: The authors have declared that no competing interests exist.

Introduction

Epidemic spreading phenomena exist in a wide range of domains [ 1 , 2 ]. Well-known examples include disease spreading [ 3 – 5 ], computer worm proliferation [ 6 – 8 ], and information propagation [ 9 – 11 ]. Modelling and understanding of such phenomena can have important practical values to predict and control real world epidemics [ 3 – 5 , 12 – 15 ].

Some typical spreading mechanisms have been extensively studied, such as the fully-mixed spreading model and the network spreading model. Many epidemics are hybrid as they spread via two or more different mechanisms simultaneously. Previous work on hybrid epidemics has focused on what we call the non-critically hybrid epidemic, where at least one of the spreading mechanisms alone is able to cause an epidemic outbreak, and a mixture of mechanisms brings no advantage.

We are interested in the critically hybrid epidemic, where each spreading mechanism alone is unable to cause any significant spreading whereas the mixture of such mechanisms leads to a huge epidemic outbreak. Recently we proposed a model that explains the behaviour of critically hybrid epidemics, which incorporates two spreading mechanisms in the setting of a metopopulation [ 16 ]. We demonstrated that it is indeed possible to have a highly contagious epidemic by mixing simple, ineffective spreading mechanisms. The properties of such epidemics are critically determined by the ratio at which the different spreading mechanisms are mixed, and usually there is an optimal ratio that leads to a maximal outbreak size.

In this paper we present a detailed analysis of a real hybrid epidemic—the Internet worm Conficker, which erupted on the Internet in 2008 and infected millions of computers. The worm is a hybrid epidemic as the code analysis [ 17 ] has revealed the worm applied three distinct spreading mechanisms: (1) global random spreading, (2) local network spreading, and (3) neighbourhood spreading. It is a critically hybrid epidemic because the first and second spreading mechanisms are highly ineffective if used alone, and the third mechanism, as we will show later, is most effective when mixed with the other two.

We introduce a mathematical model to describe the spreading behaviour of Conficker. Our study was based on measurement data provided by Center for Applied Internet Data Analysis (CAIDA)’s Network Telescope project [ 18 , 19 ], which monitors Internet traffic anomalies. We proposed algorithms to extract Conficker–related features from the CAIDA data. Then we infer the values of our model’s parameters that characterise the worm.

We evaluated our inference results by comparing theoretical predictions with the actual measurement results. Our predictions closely reproduced the outbreak process of Conficker. We then explored possible spreading scenarios based on simulations using different values of parameters. One of the interesting results was that we showed the worm could spread faster, reach a larger outbreak size or survive for longer time by just revising the ratios at which the worm allocated its time on each of the spreading mechanisms (while keeping everything else the same), which can be easily achieved by changing a few lines in its coding.

This paper’s contributions are two fold. Firstly, we present the first study on a real-life critically hybrid epidemic, where the epidemic’s parameter values are inferred from measurement data. Secondly, we analyse the complex interactions among Conficker’s three spreading mechanisms, and show that the worm can be more contagious if it mixes its three spreading mechanisms in an optimal way.

Epidemic spreading mechanisms

A number of epidemic spreading mechanisms have been extensively studied [ 20 , 21 ]. For example, in the fully-mixed spreading models [ 20 , 22 ], a node is connected to all other nodes in a population, thus an epidemic can potentially spread between any two nodes according to a probability. Whereas in the network spreading models [ 1 , 2 , 20 , 23 ], nodes are connected to their neighbours via a network structure, therefore an epidemic can only spread along the connections among nodes. Recent network-based models considered additional physical properties such as location-specific contact patterns [ 24 , 25 ], human mobility patterns [ 26 – 29 ] and spatial effects [ 30 – 33 ].

Hybrid epidemics

Many epidemics are hybrid in the sense that they spread via two or more spreading mechanisms simultaneously. A hybrid epidemic can use fully-mixed spreading and network spreading, or use fully-mixed spreading but at two or more different levels, e.g. at the global level covering the whole population or at the local level consisting of only a part of the population.

There are many real examples. Mobile phone viruses can spread via Bluetooth communication with any nearby devises (local, fully-mixed spreading) and Multimedia Messaging Service with remote contacts (global, network spreading) [ 27 ]. A computer that is infected by the worm Red Code II spends 1/8 of its time probing any computers on the Internet at random (global, fully-mixed spreading) and the rest of the time probing computers located in local area networks (local, fully-mixed spreading) [ 34 ]. Today information is propagated in society via mass media (TV, newspaper, posters) as well as online social media (Facebook, Twitter and emails). Mass media (global, fully-mixed spreading) can potentially deliver the information to a big audience, but the effectiveness of information transmission at an individual level may be small (for example, its ability to alter the target individuals behaviour). In contrast, social media (local, network spreading) may have little or no access to the majority of people who are not connected to the local group, but they provide rapid penetration of a selected target group with higher effectiveness.

It is clear that hybrid epidemics are much more complex than simple epidemics. Their behaviour is affected not only by multiple spreading mechanisms that they use, but also by the population’s overlaid structure on which they spread. Studying hybrid epidemics may provide crucial clues for better understanding of many real epidemics.

Previous works on hybrid epidemics

Hybrid epidemics were initially studied as two levels of mixing in a population where nodes are mixed at both local and global levels [ 35 ]. Recently hybrid epidemics were studied as two levels of mixing in a network [ 36 – 38 ], in structured populations [ 39 ], in structured households [ 40 – 42 ], and in a meta-population which consists of a number of weakly connected sub-populations[ 43 – 48 ]. Studies of epidemics in clustered networks [ 49 – 51 ] are also relevant to the hybrid epidemics.

These previous works focused on analysing how a network’s structure affects hybrid spreading. And most of them studied the non-critically hybrid epidemics, where at least one of the two spreading mechanisms alone can cause an infection outbreak and therefore the mix of two mechanisms is not a necessary condition for an epidemic outbreak. In this case, a hybrid epidemic using two spreading mechanisms is often less contagious than an epidemic using only one of the mechanisms. [ 36 , 52 ].

Our recent study on critically hybrid epidemics

We are interested in the critically hybrid epidemics, where each of the spreading mechanisms alone is not able to cause any significant infection whereas a combination of the mechanisms can cause an epidemic outbreak. In this case, the mix of different spreading mechanisms is a critically condition for an outbreak (see Fig 1 ).

PPT PowerPoint slide
PNG larger image
TIFF original image

(a) Non-critically hybrid epidemic, where at least one of the two mechanisms can cause an outbreak by its own (i.e. when α = 1 or α = 0). (b) critically hybrid epidemics, where each mechanism alone cannot cause any significant infection whereas a mix of them produces an epidemic outbreak. There exists an optimal α that produces the maximum outbreak.

https://doi.org/10.1371/journal.pone.0127478.g001

Recently we proposed a generic model to study the critically hybrid epidemics [ 16 ]. We considered an epidemic which spreads in a meta-population (consisting of many weakly connected sub-populations ) using a mix of the following two typical spreading mechanisms. (1) Fully-mixed spreading on the global level, i.e. infection between any two nodes in the meta-population. (2) Network (or fully-mixed) spreading on the local level, i.e. infection between nodes within a sub-population where the internal topology of a sub-population is a network (or a fully-connected mesh). Each spreading mechanism has its own infection rate and an infected node recovers at a recovery rate. We define a parameter called the hybrid trade-off, α , as the proportion of time that the epidemic devotes to the first spreading mechanism (or the probability of using the first spreading mechanism in a time unit). Thus the proportion of time spent on the second mechanism is (1 − α ).

Our mathematical analysis and numerical simulations based on the model highlight the following two results. Firstly, it is possible to mix two ineffective spreading mechanisms to produce a highly contagious epidemic, because the mix of the mechanisms can help to overcome the weakness of each mechanisms. Secondly, the threshold and the size of outbreak is critically determined by the hybrid trade-off α . We also provided an analytical prediction of the optimal trade-off for the maximum outbreak size.

Computer Worm Conficker

In this paper we will analyse a critically hybrid epidemic, the computer worm Conficker, based on real measurement data. It is one of the most contagious computer worms on record. It erupted on the Internet on 21 November 2008 and infected millions of computers in just a few days [ 7 ]. The worm’s ability to spread to such a large number of computers in so short a time and the fact [ 53 ] that it is still active on the Internet has caused serious concern.

Global spreading, where the worm probes computers with random IP addresses on the Internet;
Local spreading, where the worm on an infected computer probes computers in the same Local Area Network (LAN) with the same IP address prefix;
Neighbourhood spreading, where it probes computers in ten neighbouring LANs (with smaller consecutive IP address prefixes).

(1) global spreading, where it probes any computer on the Internet at random; (2) local spreading, where it probes computers in the same local network; (3) neighbourhood spreading, where it probes computers in ten neighbouring local networks.

https://doi.org/10.1371/journal.pone.0127478.g002

Previous research on Conficker has studied the geographical distribution of infected IP addresses, the distribution of probing packet size [ 7 , 54 , 55 ], and properties of the worm’s global probing [ 56 , 57 ]. The parameters of Conficker’s hybrid spreading and how they affect the epidemic dynamics of the worm can help explain why the worm is so contagious. But they have been hitherto little studied.

Our Model of Conficker

Global spreading with probability α g , where the worm probes nodes on the Internet at random with the global infection rate β g ∈ [0, 1].
Local spreading with probability α l , where it probes nodes in the local subnet with the local infection rate β l ∈ [0, 1];
Neighbourhood spreading with the probability α n , where it probes nodes in ten neighbouring subnets with the neighbourhood infection rate β n ∈ [0, 1];

An infected node is recovered with recovery rate γ ∈ [0, 1]. A recovered node remains recovered and cannot be infected again. Note that for mathematical analysis, the mixing probabilities could be incorporated into the infection rates. But we have treated them as separate parameters, considering that an infection rate reflects inherent properties of a computer worm in the context of a specific target population, whereas mixing probabilities are settings that can be easily modified in the worm’s code. This is also the reason we use the mixing probabilities as controlling parameters in our study below and keep other parameters the same.

Only nodes that can potentially be infected by Conficker are relevant to our study. We call them the relevant nodes. A subnet is relevant if it contains at least one relevant node. Irrelevant nodes include unused IP addresses and those computers that do not have the vulnerabilities that the worm can exploit. Note that although the irrelevant nodes and subnets do not participate in the spreading of Conficker, they will be probed by the worm as the worm does not have the priori knowledge about which nodes are vulnerable.

Let n represent the total number of relevant nodes and N the number of relevant subnets. The average number of relevant nodes in a subnet is n N = n / N . Let N + represent the average number of relevant subnets in ten neighbouring subnets.

At time t , the total number of susceptible, infected, and recovered nodes are S ( t ), I ( t ), and R ( t ), respectively. Then the average number of infected nodes in a subnet is I N ( t ) = I ( t )/ N , and the average number of infected nodes in ten neighbouring subnets is I + ( t ) = I N ( t ) N + . Hence on average a susceptible node can be infected via (1) global probing by I ( t ) infected nodes in the Internet; (2) local probing by I N ( t ) infected nodes in the local subnet; (3) neighbourhood probing by I + ( t ) infected nodes in the neighbouring subnets.

Inferring Conficker Parameters From Data

We infer the parameter values of our Conficker model from the Internet measurement data [ 18 , 19 ] collected by the Center for Applied Internet Data Analysis (CAIDA) in 2008. This is the only publicly available dataset that has captured the initial outbreak process of the worm. The CAIDA Network Telescope project [ 18 , 19 ] monitors Internet traffic sent to a large set of unusable IP addresses, which account for around 1/256 of all addresses. No legitimate traffic should be sent to these monitored addresses because they are not allocated for normal usage [ 58 ]. Thus the traffic data captured by this project provides a good view on various abnormal behaviours on the Internet.

When Conficker spreads on the Internet, its global spreading mechanism sends out probing packets to randomly generated IP addresses, some of which are unused IP addresses and therefore are monitored by the Network Telescope project. Conficke’s probing packets are characterised by the Transmission Control Protocol (TCP) with destination port number 445. This feature can be used to distinguish Conficker packets from other packets in the Network Telescope data.

For each record of Conficker’s probing packet, we are interested in two things: (1) the time when the packet is monitored by the Network Telescope project, and (2) the packet’s source IP address, which gives the location of a Conficker-infected node. We ignore the destination address, as it is a randomly-generated, unused IP address.

We study the Network Telescope project’s daily dataset collected on November 21, 2008, the day when Conficker broke out on the Internet. We use two earlier datasets collected on November 12 and 19, 2008 to filter out background ‘noise’ that has been happening before the outbreak. That is, in the outbreak dataset, we discard packets that were sent from any source address that had already sent packets to any of the unusable addresses in the two earlier datasets. We use the prefix of /24 (i.e. IP address mask of 255.255.255.0) to distinguish different subnets [ 7 ]. Our analysis uses a 10-minute window.

Step One: Inferring node status at a given time

We first infer the status of each node at time t from the CAIDA data. On the day of Conficker outbreak, all relevant nodes were initially susceptible. In the analysis, we assume a node is just infected by the worm when we observe the first Conficker probing packet coming from it; and the node is recovered when we observe its last probing packet before the end of the day. Fig 3 shows the number of susceptible, infected and recovered nodes as observed in a 10-minute window.

Numbers of susceptible nodes S ( t ), infected nodes I ( t ) and recovered nodes R ( t ) as a function of time t , as inferred from CAIDA’s dataset on 21/Nov/2008, the day of Conficker’s outbreak.

https://doi.org/10.1371/journal.pone.0127478.g003

Step Two: Inferring new infections caused by each spreading mechanism

Let dI l ( t ), dI n ( t ) and dI g ( t ) represent the numbers of nodes that are newly infected through local, neighbourhood and global spreading, respectively, at time step t . Our analysis on the data shows that 84% of new infections occurred within already infected subnets or their neighbourhood subnets, i.e. only 16% of new infections appeared outside the reach of local and neighbourhood probing. This agrees with our understanding that local and neighbourhood probing are significantly more effective than global probing [ 7 ]. And 73% of those new infections within the reach of local and neighbourhood probing (i.e. 73%×84% of all new infections) occurred in already infected subnets. This indicates the local probing is more effective than neighbourhood probing. Based on the above analysis we can then approximately identify the probing mechanism that is responsible for a newly infected node by analysing the states of other relevant nodes at the time when the new infection happens.

IF there is an infected node already in the same subnet, the new infection is caused by that infected node via local spreading.
ELSE IF there is an infected node in the ten neighbouring subnets, then the new infection is via neighbourhood spreading.
OTHERWISE, the newly infected node is infected via global spreading.

Fig 4 shows the inferred results, plotting the number of new infections caused by each spreading mechanism as a function of time.

Numbers of nodes newly infected by Conficker via each of the three spreading mechanisms in 10-minute windows on the day of Conficker’s outbreak, as inferred from CAIDA’s dataset on 21/Nov/2008.

https://doi.org/10.1371/journal.pone.0127478.g004

Step Three: Inferring parameters of the Conficker model

Inference results and evaluation

The inferred values of the Conficker model parameters are shown in Table 1 , including the mixing probability α and the infection rate β for three spreading mechanisms, the recover rate γ , the recovery time τ = 1/ γ which is the average time it takes for an infected node to recover, and the probing frequency λ . The parameter values are averaged over time windows between 4:00 and 16:00 when the spreading behaviour was stable. Computers are online and offline on a daily basis following a diurnal pattern [ 59 ]. We find that this factor only has a marginal impact on our results.

https://doi.org/10.1371/journal.pone.0127478.t001

We observe in the data that the worm had infected in total n = 430,135 nodes, which were located in N = 92,267 subnets. On average, each subnet has n N = 4.7 relevant nodes, and N + = 4.3 of ten neighbouring subnets are relevant.

With these parameter values, we can use our Conficker model (see Eq 2 ) to theoretically predict the worm’s outbreak process. As measured from the data, the number of nodes in the three statuses were S = 423,899, I = 3,945, and R = 2,291 at 4:00am. Our prediction starts from 4.00am and uses these numbers as the initial condition. As shown in Fig 5 , our model’s predictions closely match the measurement data.

Points are measured from Network Telescope’s dataset collected on the outbreak day. Curve is theoretical prediction from our Conficker model using the inferred parameters.

https://doi.org/10.1371/journal.pone.0127478.g005

The inferred parameters are in agreement with our expectations. For example the local spreading has a high infection rate because if a computer is already infected, then other computers in the same subnet are likely to have a similar computer system and thus are also likely to be vulnerable to the worm. By comparison, global spreading has an extremely low infection rate. On average, more than 10 million global probings will produce only a single new infection. On average an infected node retains its status for 2.5 hours (156 mins) before it recovers (e.g. switched off or updated with new anti-virus database). The worm only sends out 8 probing packets per minute. Such a deliberately low probing rate helps the worm to evade a computer’s or network’s security systems.

Analysis on Conficker’s Hybrid Spreading

Mix of two spreading mechanisms.

We run simulations using our Conficker model with the parameter values inferred above. The simulation network has 100k subnets. Each subnet contains 5 relevant nodes and has 4 relevant adjacent subnets. This topology setting resembles Conficker’s spreading network observed in the data. Initially two random nodes are infected. The only controlling parameter is the mixing probabilities of the spreading mechanisms. Simulation results on mix of two spreading mechanisms are shown in Fig 6 .

(a) Mix of global ( α g ) and local (1 − α g ) mechanisms; (b) Mix of global ( α g ) and neighbourhood (1- α g ) mechanisms; (c) Mix of local ( α l ) and neighbourhood (1- α l ) mechanisms. In each case we measure the outbreak size, the total duration of the spreading, and the speed of spreading. The outbreak results include both the final outbreak size (square) and the outbreak size at time step 100 (filled circle). Each data point is averaged over 100 runs of a simulation. Note the y axes are all logarithmic.

https://doi.org/10.1371/journal.pone.0127478.g006

Fig 6a shows that as explained above, global spreading or local spreading alone cannot cause an outbreak, whereas a mixture at a ratio of 0.8 to 0.2 produces a large and rapid outbreak. Fig 6b shows that the neighbourhood spreading alone ( α g = 0) can cause a large, but very slow outbreak, whereas the mix of neighbourhood spreading with just a small amount of global spreading can dramatically accelerate the spreading process. Fig 6c shows that adding local spreading to neighbourhood spreading slows down the spreading process considerably. When they are mixed at the ratio of 0.8 to 0.2, the spreading reaches the same final outbreak size but the whole process lasts for the longest time.

Mix of THREE spreading mechanisms

Simulation results on mixing three spreading mechanisms are shown in Fig 7 . Fig 7a shows it is not difficult to achieve a large final outbreak size when the three mechanisms are all present and neither local spreading nor global spreading is dominant. Fig 7b shows spreading will last for longer time if there is less global probing. Fig 7c shows that the most contagious variation of the worm is a mix of global, local and neighbourhood spreading at the probabilities of 0.4, 0.2 and 0.4 (see circle on the plot), which causes the largest final outbreak with the highest spreading speed.

Spreading properties shown include the final outbreak size, the survival time and the spreading speed (see colour maps) as functions of the mixing probabilities of global spreading α g (x axis) and local spreading α l (y axis), where the mixing probability of neighbourhood spreading is α n = 1 − α g − α l .

https://doi.org/10.1371/journal.pone.0127478.g007

In this study, we infer the epidemic spreading parameters of the Conficker worm from observed data collected during the first few hours of the epidemic. Simulations of worm spreading, based on these parameters, allow us to reach some important conclusions about the worm’s use of hybrid spreading mechanisms.

Advantage of mixing hybrid spreading mechanism

Conficker’s global probing is extremely ineffective. The infection rate of global probing is many orders of magnitude smaller than the recovery rate. This means, if Conficker used only the global probing, it would not have caused any significant infection on the Internet at all.

Local probing has a remarkably high infection rate, β l = 0.32, which means when an infected node conducts only local spreading, a susceptible node in the same subnet has an 1/3 chance of being infected in a step (10-mins). However, local probing is confined within a subnet. If the worm used only the local probing, it would not have infected any other subnet apart from those initially containing infected nodes.

Neighbourhood probing is constrained to a neighbourhood of ten subnets. It has a high infection rate because computers in adjacent IP address blocks often belong to the same organisation and they use similar computer systems and therefore have similar vulnerabilities that can be exploited by the worm. Since different nodes’ neighbourhoods can partially overlap with each other, it is in theory possible for the worm to reach any node in the whole meta-population by using only the neighbourhood probing. Such process, however, would be extraordinarily slow as we have shown in Fig 6b .

In summary, if Conficker used only a single spreading mechanism, it would have vanished on the Internet without causing any significant impact.

Thus the enormous outbreak of the worm lies in its ability to do two things. Firstly it needs to devote great efforts to explore every corner of the Internet to find a new vulnerable computer. Every new victim will open a new colony full of similar vulnerable computers. Secondly it needs to make the most out of each new colony.

This is exactly what Conficker does. It allocates most of its time on global probing with a mixing probability of α = 89%. This in a degree compensates the ineffectiveness of global probing. Although the worm allocates small amounts of time on local and neighbouring probing, their high infection rates allow them to exploit all possible victims in the subnets with efficiency. And all newly infected nodes will join the collective effort to flood the Internet with more global random probes.

In short, the Conficker worm is an example of a critically hybrid epidemic. It can cause an enormous outbreak not because it has an advanced ability to exploit weaknesses of a computer, but because it has remarkable capability to discover all potentially vulnerable computers in the Internet, i.e. it is not the infectivity, but the hybrid spreading that makes Conficker one of the most infectious worms on record.

Implication of critically hybrid epidemics

The analysis of critically hybrid epidemics such as Conficker has important general implications. Firstly, it demonstrates that it is possible to design a high impact epidemic based on mechanisms, each of relatively low efficiency. Indeed our result in Fig 7 suggests that Conficker could have had a larger outbreak with higher speed if it had used a different set of mixing probabilities, which requires change of only a few lines of Conficker’s program code. Hybrid mechanisms may therefore be ideal for rapid efficient penetration of a network, for example in the context of an advertising campaign or in order to promulgate important public health or security information. An interesting example might be the use of media campaigns (global spreading) where the reader or viewer is specifically requested to pass on a message via Twitter or Facebook to their “local” group contacts.

Conversely, malicious hybrid epidemics can be extremely difficult to defend against, and many existing defence strategies may not be effective. For example immunising a selected portion of a local population in order to isolate and hence protect the vulnerable nodes will not be effective, because the vulnerable nodes can still be found by the worm through random global spreading.

Another possible measure is to reduce the average time it takes for an infected node to recover, for example to speed up the release of anti-virus software updates or increase the frequency of security scanning on computers. Our theoretical predictions (using Eq 2 ) in Fig 8 show that the final outbreak size (in terms of total recovered nodes) does not change significantly when the recovery time is reduced from 156 minutes to 140 or 120 minutes. In practice, even achieving such reductions represents a remarkable technical challenge. It is clear from the discussion above that epidemics can spread with extremely low global infection rates (far below individual recovery rates), provided there is efficient local infection. The extremely efficient spreading achieved once a given subnet or set of subnets has been penetrated is therefore obviously a key determinant of the worm’s outbreak [ 7 ]. Thus, defence strategies that focus on security co-operation between nodes with a local network neighbourhood (a “neighbourhood watch” strategy [ 7 ]) may be the key to future prevention of similar outbreaks.

Conficker’s recovery time is 156 minutes.

https://doi.org/10.1371/journal.pone.0127478.g008

Our Conficker model

The Conficker worm can be described as a discrete model or a continuous model. The two modelling approaches should give the same prediction results of the spreading dynamics of the worm. In this work we used a discrete approach to model the Conficker worm for three reasons. Firstly the model’s parameters can be defined with clear physical meanings. Secondly we can directly calculate the parameters’ values from the CAIDA measurement data. Lastly it is more convenient to run simulations with a discrete model. If a continuous model were used, the model parameters would be defined differently with less clear physical meanings, and their values would have to be obtained through iterative data fitting.

In our Conficker model, we set the local and global population as fully mixed, because this is how the Conficker worm perceives the structure of the Internet. We considered more complex network structures in a separate work [ 16 ] where we studied hybrid epidemics in general.

Our study uses data collected during the first day of the Conficker epidemic to parametrise a hybrid model to capture the worm’s spreading behaviour. The study highlights the importance of mixing different modes of spreading in order to achieve large, rapid and sustained epidemics, and suggests that the trade-off between the different modes of spreading will be critical in determining the epidemic outcome.

Author Contributions

Conceived and designed the experiments: CZ SZ BMC. Performed the experiments: CZ. Analyzed the data: CZ SZ BMC. Wrote the paper: SZ BMC CZ.

View Article
Google Scholar
PubMed/NCBI
16. Zhang C, Zhou S, Cox IJ, Chain BM. Optimizing Hybrid Spreading in Metapopulations; 2014. Preprint. Available: arXiv:1409.7291. Accessed 10 Feb 2015.
17. Chien E. Downadup: Attempts at Smart Network Scanning; 2010. Available: http://www.symantec.com/connect/blogs/downadup-attempts-smart-network-scanning . Accessed Dec 2014.
18. Center for Applied Internet Data Analysis. The CAIDA UCSD Network Telescope “Three Days Of Conficker”; 2008. Available: http://www.caida.org/data/passive/telescope-3days-conficker_dataset.xml . Accessed Dec 2014.
19. Center for Applied Internet Data Analysis. The CAIDA UCSD Network Telescope “Two Days in November 2008” Dataset; 2008. Available: http://www.caida.org/data/passive/telescope-2days-2008_dataset.xml . Accessed Dec 2014.
20. Newman M. Networks: An Introduction. Oxford University Press, USA; 2010.
34. Moore D, Shannon C, Claffy KC. Code-Red: a case study on the spread and victims of an internet worm. In: Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment. IMW. ACM; 2002. pp. 273–284.
53. ESET Virusradar. Win32/Conficker Charts; 2014. Available: http://www.virusradar.com/en/Win32_Conficker/chart/week . Accessed Dec 2014.
54. Irwin B. A network telescope perspective of the Conficker outbreak. In: Information Security for South Africa; 2012. pp. 1–8.
56. Li R, Gan L, Jia Y. Propagation Model for Botnet Based on Conficker Monitoring. In: International Symposium on Information Science and Engineering; 2009. pp. 185–190.
57. Yao Y, Xiang Wl, Guo H, Yu G, Gao FX. Diurnal Forced Models for Worm Propagation Based on Conficker Dataset. In: International Conference on Multimedia Information Networking and Security; 2011. pp. 431–435.
58. Aben E. Conficker/Conflicker/Downadup as seen from the UCSD Network Telescope; 2009. Available: http://www.caida.org/research/security/ms08-067/conficker.xml . Accessed Dec 2014.
59. Dagon D, Zou C, Lee W. Modeling botnet propagation using time zones. In: Annual Network & Distributed System Security Symposium; 2006.

Computer viruses: What they are, how they work, how they might get you, and how to control them in academic institutions

Session XIII Tutorial: Computer Viruses
Published: March 1989
Volume 21 , pages 334–340, ( 1989 )

Cite this article

Walter Schneider 1

21k Accesses

5 Citations

Explore all metrics

A computer virus is a program that replicates itself and spreads to computers with the goal of disrupting or destroying normal computer use. In academic computing, viruses represent a serious problem that costs millions of dollars in losses annually and hinders the free exchange of information so critical to education. Viruses operate in incubation, infection, and destroy phases. The nature, mechanisms, and preventive measures for personal-computer viruses are reviewed. Different procedures are recommended to protect research laboratories, instructional laboratories, and software lending libraries. Tradeoffs between providing adequate protection and not having the security become too burdensome are considered.

Article PDF

Download to read the full article text

Plagiarism in research

Your Brain Is Like a Computer: Function, Analogy, Simplification

Ethical implications and accountability of algorithms.

Avoid common mistakes on your manuscript.

Computer Security Institute . (1988). A manager’s guide to computer viruses . Northborough, MA: Author.

Google Scholar

Duncan, R. (Ed.). (1988). The MS-DOS encyclopedia . Redmond, WA: Microsoft Press.

Roberts, R. (1988). Computers computer viruses . Radnor, PA: Compute! Publishing.

Download references

Author information

Authors and affiliations.

Learning Research and Development Center, University of Pittsburgh, 3939 O’Hara St., 15260, Pittsburgh, PA

Walter Schneider

You can also search for this author in PubMed Google Scholar

Additional information

This work was supported in part by Office of Naval Research Contracts N00014-87-K-0397 and N00014-86-K-0678 and Army Research Institute Contract MDA903-86-C-0149.

Rights and permissions

Reprints and permissions

About this article

Schneider, W. Computer viruses: What they are, how they work, how they might get you, and how to control them in academic institutions. Behavior Research Methods, Instruments, & Computers 21 , 334–340 (1989). https://doi.org/10.3758/BF03205604

Download citation

Issue Date : March 1989

DOI : https://doi.org/10.3758/BF03205604

Share this article

Anyone you share the following link with will be able to read this content:

Sorry, a shareable link is not currently available for this article.

Provided by the Springer Nature SharedIt content-sharing initiative

False Alarm
Computer Virus
Floppy Disk
Public Site
Executable File
Find a journal
Publish with us
Track your research

To read this content please select one of the options below:

Please note you do not have access to teaching notes, an introduction to computer viruses: problems and solutions.

Library Hi Tech News

ISSN : 0741-9058

Article publication date: 14 September 2012

The purpose of this paper is to discuss various types of computer viruses, along with their characteristics, working, effects on the computer systems and to suggest measures for detecting the virus infection in a computer system and to elaborate means of prevention.

Design/methodology/approach

The author undertook an extensive study and review of the literature available online and on relevant web sites on the present topic.

A large number of viruses were found during the study, which are causing serious damages to computer systems. The author suggests ways to detect and prevent the different computer viruses.

Research limitations/implications

The research is based on and limited to the study of the relevant literature available on different relevant web sites.

Practical implications

The research will benefit business organizations, business houses, educational institutions and libraries working in fully computerized environments, in detection of viruses and preventing infection of their computer systems.

Social implications

The society will also benefit by attaining knowledge about the different types of computer viruses and the measures of prevention of infection.

Originality/value

There are a number of studies and articles available on the topic but almost all of them appear to be incomplete in the sense that either they discuss only a limited number of known viruses or suggest only limited ways of prevention. The paper has made an attempt to discuss almost all the computer viruses and every possible way of prevention of infection from them.

Computer viruses
Data security
Computer security
Information security
Security measures

Khan, I. (2012), "An introduction to computer viruses: problems and solutions", Library Hi Tech News , Vol. 29 No. 7, pp. 8-12. https://doi.org/10.1108/07419051211280036

Emerald Group Publishing Limited

We’re listening — tell us what you think, something didn’t work….

Report bugs here

All feedback is valuable

Please share your general feedback

Join us on our journey

Platform update page.

Visit emeraldpublishing.com/platformupdate to discover the latest news and updates

Questions & More Information

Answers to the most commonly asked questions here

281.412.7766
[email protected]
Learner Dashboard
GET YOUR CAUSE MAPPING TEMPLATE

About Cause Mapping®
What is Root Cause Analysis?
Cause Mapping® Method
Cause Mapping® FAQs
Why ThinkReliability?
Online Workshops
On-Demand Training Catalog
On-Demand Training Subscription
Company Case Study
Upcoming Webinars
Webinar Archives
Public Workshops
Private Workshops
Cause Mapping Certified Facilitator Program
Our Services
Facilitation, Consulting, and Coaching
Root Cause Analysis Program Development
Work Process Reliability™
Cause Mapping® Template
Root Cause Analysis Examples
Video Library
Articles and Downloads
About ThinkReliability
Client List
Testimonials

Case Study: The Morris Worm Brings Down the Internet

In 1988, Robert Morris created and released the first computer worm which significantly disrupted the young internet and served as a wakeup call on the importance of cybersecurity. Read our root cause analysis example to learn more about this disaster and the lessons that can be learned from it.

On November 3, 1988, Robert Morris, a graduate student at Cornell, created and released the first computer worm that could spread between computers and copy itself. Morris didn’t have malicious intent and his worm appears to have been more the result of intellectual curiosity rather than a purposefully destructive cyber-attack, but an error in the program led to it propagating much faster than he intended. The worm significantly disrupted the young internet, introduced the world to the concept of a software worm and served as a wakeup call on the importance of cybersecurity.

Build a Cause Map

A Cause Map, a visual root cause analysis, can be used to create a root cause analysis case study and analyze this incident. A Cause Map is built by asking “why” questions and using the answers to visually lay out the causes that contributed to an issue to intuitively show the cause-and-effect relationships . Mapping out all the causes that contributed to an issues ensures that all facets of a problem are well understood and helps facilitate the development of effective, detailed solutions that can be implemented to reduce the risk of a similar issues in the future.

Known flaws

To create his worm, Morris exploited known software bugs and weak passwords that no one had worried about enough to fix. At the time the Morris worm was released, the internet was in its infancy and only used by academics. There was no commercial traffic on the internet, and websites did not exist. Only a small, elite group had access to the internet, so concerns about cybersecurity hadn’t really come up.

What went wrong

Morris was trying to build a harmless worm to highlight security flaws, but an error in the program led to the worm causing a significant amount of disruption. The worm was intended to infect each computer one time, but the worm was designed to duplicate itself every seventh time a computer indicated it had already been infected to make the worm more difficult to remove. The problem was that the speed of propagation was underestimated. Once released, the worm quickly reinfected computers over and over again until they were unable to function, and the internet came crashing down.

The worm did more damage than Morris had expected and once he realized what he had done, he asked a colleague to anonymously apologize for the worm and explain how to update computers to prevent it from spreading. But the warning came too late to prevent massive disruption.

Impacts of the Morris Worm

In the short term, The Morris worm created a mess that took many computer experts days to clean up. One of the lasting impacts from the Morris worm that is hard to quantify, but is the most significant consequence of this incident, is the impact on cybersecurity. If the first “hacker” had malicious intent and came a little later, it's likely that the damage would have been much more severe. The Morris worm highlighted the need to consider cybersecurity relatively early in the development of the internet.

The Morris worm also had a significant impact on its creator, Robert Morris, who became the first person to be indicted under the 1986 Computer Fraud and Abuse Act. He was hit with a $10,050 fine, 400 hours of community service and a three-year probation. After this initial hiccup, Morris went on to have a successful career and now works in the MIT Computer Science and Artificial Intelligence Laboratory.

Download a copy of our Cause Map of the incident.

Share This Post With A Friend

READ BY - - - - - - - - - -

Other Resources - - - - - - - - - -

Sign Up For Our eNewsletter

computer viruses Recently Published Documents

Total documents.

Latest Documents
Most Cited Documents
Contributed Authors
Related Sources
Related Keywords

A Study on Hazards of Computer Viruses

Computer use is becoming part of our lives every other day however there have been considerable threats of computer viruses in the recent past. Viruses have had adverse effects on data and programs ranging from formatting hard disks, damaging information infrastructure, suddenly restarting machines, deleting or modifying data and in some cases mild effects such as slowing down machines or producing irritating sounds. Viruses have been a major cause for worry especially with the advances in data processing, storage and movement of information technologically. Many computer users and organizations especially the computer intensive organizations have had to invest heavily in dealing with viruses particularly those organizations running the windows platform. These computer viruses have been defined by their characteristics of entry and multiplication without the user’s notice as well as diverting the normal functioning of the computer. This paper seeks to define a virus and explain its related terms such as malicious software, worms, and Trojan horses. It explains vulnerabilities of operating systems in relation to viruses, it makes an observation on strengths of Linux versus Windows, outline the present state of affairs, apart from using anti-virus software, there are other procedures which can help protect against viruses which are also mentioned, the future of computer viruses and the conclusion that the Internet is serving its purpose of interconnecting computer and hence promoting distribution of viruses then makes some recommendations on viruses.

Comparison, Analysis and Analogy of Biological and Computer Viruses

Correlation of biological and computer viruses through evolutionary game theory, pemodelan matematika terhadap penyebaran virus komputer dengan probabilitas kekebalan.

The increase in the number of computer viruses can be modeled with a mathematical model of the spread of SEIR type of diseases with immunity probability. This study aims to model the pattern of the spread of computer viruses. The method used in this research is the analytical method with the probability of mathematical immunity. Based on the analysis of the model, two equilibrium points free from disease E1 and endemic equilibrium points E2 were obtained. The existence and local stability of the equilibrium point depends on the basic reproduction number R0. Equilibrium points E1 and E2 tend to be locally stable because R0<1 which means there is no spread of disease. While the numerical simulation results shown that the size of the probability of immunity will affect compartment R and the minimum size of a new computer and the spread of computer viruses will affect compartments S and E on the graph of the simulation results. The conclusion obtained by the immune model SEIR successfully shows that increasing the probability of immunity significantly affects the increase in the number of computer hygiene after being exposed to a virus.

Predicting Spread Probability of Learning-Effect Computer Virus

With the rapid development of network technology, computer viruses have developed at a fast pace. The threat of computer viruses persists because of the constant demand for computers and networks. When a computer virus infects a facility, the virus seeks to invade other facilities in the network by exploiting the convenience of the network protocol and the high connectivity of the network. Hence, there is an increasing need for accurate calculation of the probability of computer-virus-infected areas for developing corresponding strategies, for example, based on the possible virus-infected areas, to interrupt the relevant connections between the uninfected and infected computers in time. The spread of the computer virus forms a scale-free network whose node degree follows the power rule. A novel algorithm based on the binary-addition tree algorithm (BAT) is proposed to effectively predict the spread of computer viruses. The proposed BAT utilizes the probability derived from PageRank from the scale-free network together with the consideration of state vectors with both the temporal and learning effects. The performance of the proposed algorithm was verified via numerous experiments.

EVOLUTION OF COMPUTER VIRUSES

The dynamical analysis of computer viruses model with age structure and delay.

This paper deals with the dynamical behaviors for a computer viruses model with age structure, where the loss of the acquired immunity and delay are incorporated. Through some rigorous analyses, an explicit formula for the basic reproduction number of the model is calculated, and some results about stability and instability of equilibria for the model are established. These findings show that the age structure and delay can produce Hopf bifurcation for the computer viruses model. The numerical examples are executed to validate the theoretical results.

A Fractional SAIDR Model in the Frame of Atangana–Baleanu Derivative

It is possible to produce mobile phone worms, which are computer viruses with the ability to command the running of cell phones by taking advantage of their flaws, to be transmitted from one device to the other with increasing numbers. In our day, one of the services to gain currency for circulating these malignant worms is SMS. The distinctions of computers from mobile devices render the existing propagation models of computer worms unable to start operating instantaneously in the mobile network, and this is particularly valid for the SMS framework. The susceptible–affected–infectious–suspended–recovered model with a classical derivative (abbreviated as SAIDR) was coined by Xiao et al., (2017) in order to correctly estimate the spread of worms by means of SMS. This study is the first to implement an Atangana–Baleanu (AB) derivative in association with the fractional SAIDR model, depending upon the SAIDR model. The existence and uniqueness of the drinking model solutions together with the stability analysis are shown through the Banach fixed point theorem. The special solution of the model is investigated using the Laplace transformation and then we present a set of numeric graphics by varying the fractional-order θ with the intention of showing the effectiveness of the fractional derivative.

Information Technology Act 2000 and the Potential Use of Data Analytics in Reducing Cybercrime in India

Cybercrime is increasing rapidly in this digitized world. Be it business, education, shopping, or banking transactions, everything is on cyberspace. Cybercrime covers a wide range of different attacks such as financial cybercrime, spreading computer viruses or malware, internet fraud, pornography cybercrime, intellectual property rights violation, etc. Due to increased cyber-attacks these days, the online users must be aware of these kinds of attacks and need to be cautious with their data online. Each country has their own laws for dealing with cybercrime. The different measures taken by the government of India to combat cybercrime are explained in this chapter. How the potential use of data analytics can help in reducing cybercrime in India is also explained.

Export Citation Format

Share document.

Personal Support
Business Support
Get a Quote
Contact Press
Submit Vulnerability
About Malwarebytes
News & Press
MyAccount sign in: manage your personal or Teams subscription >
Cloud Console sign in: manage your cloud business products >
Partner Portal sign in: management for Resellers and MSPs >

Computer Virus

A computer virus is a type of malware that attaches to another program and can replicate and spread to other computers. Think you have a computer virus? Download Malwarebytes free to scan your computer.

FREE COMPUTER VIRUS SCAN FOR ALL DEVICES

What is computer virus?

A computer virus is a type of malware that attaches to another program (like a document), which can replicate and spread after a person first runs it on their system. For instance, you could receive an email with a malicious attachment, open the file unknowingly, and then the computer virus runs on your computer. Viruses are harmful and can destroy data, slow down system resources, and log keystrokes.

Cybercriminals aren’t creating new viruses all the time, instead they focus their efforts on more sophisticated and lucrative threats. When people talk about “getting a virus” on their computer, they usually mean some form of malware—it could be a virus, computer worm, Trojan, ransomware or some other harmful thing. Viruses and malware continue to evolve, and often cybercriminals use the type that gives them the best return at that particular time.

“When people talk about “getting a virus” on their computer, they usually mean some form of malware—it could be a virus, computer worm, Trojan, ransomware or some other harmful thing.”

Virus vs. malware – what is the difference?

The terms “virus” and “malware” are often used interchangeably, but they’re not the same thing. While a computer virus is a type of malware, not all malware are computer viruses.

The easiest way to differentiate computer viruses from other forms of malware is to think about viruses in biological terms . Take the flu virus, for example. The flu requires some kind of interaction between two people—like a hand shake, a kiss, or touching something an infected person touched. Once the flu virus gets inside a person’s system it attaches to healthy human cells, using those cells to create more viral cells.

A computer virus works in much the same way:

A computer virus requires a host program.
A computer virus requires user action to transmit from one system to another.
A computer virus attaches bits of its own malicious code to other files or replaces files outright with copies of itself.

It’s that second virus trait that tends to confuse people. Viruses can’t spread without some sort of action from a user, like opening up an infected Word document. Worms, on the other hand, are able to spread across systems and networks on their own, making them much more prevalent and dangerous.

Famously, the 2017 WannaCry ransomware worm spread around the world, took down thousands of Windows systems, and raked in an appreciable amount of untraceable Bitcoin ransom payments for the alleged North Korean attackers.

Computer viruses don’t typically capture headlines like that—at least not anymore. They are still a harmful type of malware, but they are not the only type of threat out there today, on your computer or mobile device.

Windows, Mac, Android, and iOS

Many computer viruses target systems running Microsoft Windows. Macs, on the other hand, have enjoyed a reputation as virus-proof super machines, but in Apple’s own admission, Macs do get malware . There are more Windows users in the world than Mac users and cybercriminals simply choose to write viruses for the operating system (OS) with the largest amount of potential victims.

Today, the “computer” in our pockets may be the one we use most often: our smartphones. Android and iOS are susceptible to various forms of malware, too. Fortunately, most cybersecurity companies like Malwarebytes offer protection for Windows, Mac, Android, and iOS today.

Computer virus examples

Sometimes to understand what something is, we have to examine what it isn’t. Keeping that in mind, let’s play: Is It a Virus ?

In the Is It a Virus game we’re going to take a look at examples of things people on the Internet commonly believe to be a virus and explain why it is or isn’t. What fun!

Is a Trojan a virus? Trojans can be viruses. A Trojan is a computer program pretending to be something it’s not for the purposes of sneaking onto your computer and delivering some sort of malware. To put it another way, if a virus disguises itself then it’s a Trojan. A Trojan could be a seemingly benign file downloaded off the web or a Word doc attached to an email. Think that movie you downloaded from your favorite P2P sharing site is safe? What about that “important” tax document from your accountant? Think twice, because they could contain a virus.

Is a worm a virus? Worms are not viruses, though the terms are sometimes used interchangeably. Even worse, the terms are sometimes used together in a strange and contradictory word salad; i.e. a “worm virus malware.” It’s either a worm or a virus, but it can’t be both, because worms and viruses refer to two similar but different threats. As mentioned earlier, a virus needs a host system to replicate and some sort of action from a user to spread from one system to the next.

A worm, conversely, doesn’t need a host system and is capable of spreading across a network and any systems connected to the network without user action. Once on a system, worms are known to drop malware (often ransomware) or open a backdoor .

Is ransomware a virus? Ransomware can be a virus. Does the virus prevent victims from accessing their system or personal files and demands ransom payment in order to regain access à la ransomware? If so, then it’s a ransomware virus. In fact, the very first ransomware was a virus (more on that later). Nowadays, most ransomware comes as a result of computer worm, capable of spreading from one system to the next and across networks without user action (e.g. WannaCry).

Is a rootkit a virus? Rootkits are not viruses. A rootkit is a software package designed to give attackers “root” access or admin access to a given system. Crucially, rootkits cannot self-replicate and don’t spread across systems.

Is a software bug a virus? Software bugs are not viruses. Even though we sometimes refer to a biological virus as a “bug” (e.g. “I caught a stomach bug”), software bugs and viruses are not the same thing. A software bug refers to a flaw or mistake in the computer code that a given software program is made up of. Software bugs can cause programs to behave in ways the software manufacturer never intended.

The Y2K bug famously caused programs to display the wrong date, because the programs could only manage dates through the year 1999. After 1999 the year rolled over like the odometer on an old car to 1900. While the Y2K bug was relatively harmless, some software bugs can pose a serious threat to consumers. Cybercriminals can take advantage of bugs in order to gain unauthorized access to a system for the purposes of dropping malware, stealing private information, or opening up a backdoor. This is known as an exploit .

How do I prevent computer viruses?

Preventing computer viruses from infecting your computer starts with situational awareness. “Situational awareness is something law enforcement and militaries have practiced for decades. It refers to a police officer or a soldier’s ability to perceive threats and make the best decision possible in a potentially stressful situation,” said Malwarebytes Head of Security, John Donovan.

“As it applies to cybersecurity, situational awareness is your first line of defense against cyberthreats. By staying on the lookout for phishing attacks and avoiding suspicious links and attachments, consumers can largely avoid most malware threats.”

Regarding email attachments and embedded links, even if the sender is someone you know: viruses have been known to hijack Outlook contact lists on infected computers and send virus laden attachments to friends, family and coworkers, the Melissa virus being a perfect example.

If an email reads oddly, it’s probably a phishing scam or malspam . When in doubt about the authenticity of an email, don’t be afraid to reach out to the sender. A simple call or text message can save you a lot of trouble.

Next, invest in good cybersecurity software. We’ve made a distinction between computer viruses and malware, which now begs the question, “Do I need antivirus software or anti-malware software?” We’ve covered this topic before in great detail so checkout our article on antivirus vs. anti-malware . For now, though, here’s a quick gloss on the subject.

Antivirus (AV) refers to early forms of cybersecurity software focused on stopping computer viruses. Just viruses. Anti-malware refers to all-encompassing threat protection designed to stop old-fashioned viruses as well as today’s malware threats. Given a choice between traditional AV with limited threat detection technology and modern anti-malware with all the bells and whistles, invest in anti-malware and rest easy at night.

As mentioned previously in this piece, traditional AV solutions rely on signature-based detection. AV scans your computer and compares each and every file against a database of known viruses that functions a lot like a criminal database. If there’s a signature match, the malicious file is thrown into virus jail before it can cause any damage.

The problem with signature-based detection is that it can’t stop what’s known as a zero-day virus; that is, a virus that cybersecurity researchers have never seen before and for which there is no criminal profile. Until the zero-day virus is added to the database, traditional AV can’t detect it.

Malwarebytes’ Multi-Vector Protection, conversely, combines several forms of threat detection technology into one malware crushing machine. Amongst these many layers of protection, Malwarebytes uses what’s called heuristic analysis to look for telltale malicious behavior from any given program. If it looks like a virus and behaves like a virus, then it’s probably a virus.

Use a VPN to protect your privacy online, especially when you’re on the public Wi-Fi network. A VPN app hides your IP address and tunnels your traffic through a secure connection. Read more about VPN here – What is VPN .

How do I remove computer viruses?

Going back to our virus analogy one final time—removing a virus from your body requires a healthy immune system. Same for your computer. A good anti-malware program is like having a healthy immune system. As your immune system moves through your body looking for and killing off invading viral cells, anti-malware scans for files and malicious code that don’t belong on your system and gets rid of them.

The free version of Malwarebytes is a good place to start if you know or suspect your computer has a virus. Available for Windows and Mac, the free version of Malwarebytes will scan for malware infections and clean them up after the fact. Get a free premium trial of Malwarebytes for Windows or Malwarebytes for Mac to stop infections before they start. You can also try our Android and iOS apps free to protect your smartphones and tablets.

History of computer viruses

Today’s malware authors owe a lot to the cybercriminals of yesteryear. All the tactics and techniques employed by cybercriminals creating modern malware were first seen in early viruses. Things like Trojans, ransomware, and polymorphic code. These all came from early computer viruses. To understand the threat landscape of today, we need to peer back through time and look at the viruses of yesteryear.

1949, John von Neumann and “self-reproducing machines” It was in those salad days of computing that mathematician, engineer, and polymath John von Neumann delivered a lecture on the Theory and Organization of Complicated Automata in which he first argued that computer programs could “self-reproduce.” In an era where computers were the size of houses, and programs were stored on mile-long punch tapes, Neumann’s ideas must’ve sounded like something from a sci-fi pulp novel.

1982, The proto computer-virus In 1982 a fifteen-year-old boy pranking his friends proved Neumann’s theory a reality. Rich Skrenta’s Elk Cloner is widely regarded as the first proto-computer virus (the term “computer virus” didn’t exist just yet). Elk Cloner targeted Apple II computers, causing infected machines to display a poem from Skrenta:

Elk Cloner: The program with a personality It will get on all your disks It will infiltrate your chips Yes, it’s Cloner!

It will stick to you like glue It will modify RAM too Send in the Cloner!

Other notable firsts—Elk Cloner was the first virus to spread via detachable storage media (it wrote itself to any floppy disk inserted into the computer). For many years to come, that’s how viruses travelled across systems—via infected floppy disk passed from user to user.

1984, Computer virus, defined In 1984 computer scientist Fred Cohen handed in his graduate thesis paper, Computer Viruses – Theory and Experiments in which he coined the term “computer virus,” which is great because “complicated self-reproducing automata” is a real mouthful. In the same paper, Cohen also gave us our first definition of “computer virus” as “a program that can ‘infect’ other programs by modifying them to include a possibly evolved copy of itself.”

1984, Core War Up to this point, most talk about computer viruses happened only in the rarified air of college campuses and research labs. But a 1984 Scientific American article let the virus out of the lab. In the piece, author and computer scientist A.K. Dewdney shared the details of an exciting new computer game of his creation called Core War. In the game, computer programs vie for control of a virtual computer.

The game was essentially a battle arena where computer programmers could pit their viral creations against each other. For two dollars Dewdney would send detailed instructions for setting up your own Core War battles within the confines of a virtual computer. What would happen if a battle program was taken out of the virtual computer and placed on a real computer system?

In a follow-up article for Scientific American, Dewdney shared a letter from two Italian readers who were inspired by their experience with Core War to create a real virus on the Apple II. It’s not a stretch to think other readers were similarly inspired.

1986, the first PC virus The Brain virus was the first to target Microsoft’s text-based Windows precursor, MS-DOS. The brainchild of Pakistani brothers and software engineers, Basit and Amjad Farooq, Brain acted like an early form of copyright protection, stopping people from pirating their heart monitoring software.

If the target system contained a pirated version of the brother’s software, the “victim” would receive the on-screen message, “WELCOME TO THE DUNGEON . . . CONTACT US FOR VACCINATION” along with the brothers’ names, phone number, and business address in Pakistan. Other than guilt tripping victims in to paying for their pirated software, Brain had no harmful effects.

Speaking with F-Secure , Basit called Brain a “very friendly virus.” Amjad added that today’s viruses, the descendants of Brain, are “a purely criminal act.”

1986, Viruses go into stealth mode Also in 1986, the BHP virus was the first to target the Commodore 64 computer. Infected computers displayed a text message with the names of the multiple hackers who created the virus—the digital equivalent of scrawling “(your name) was here” on the side of a building. BHP also has the distinction of being the first stealth virus; that is, a virus that avoids detection by hiding the changes it makes to a target system and its files.

1988, Computer virus of the year 1988, one could argue, was the year computer viruses went mainstream. In September of that year, a story on computer viruses appeared on the cover of TIME magazine. The cover image depicted viruses as cute, googly eyed cartoon insects crawling all over a desktop computer. Up to this point, computer viruses were relatively harmless. Yes, they were annoying, but not destructive. So how did computer viruses go from nuisance threat to system destroying plague?

“Viruses were all about peace and love—until they started crashing people’s computers.”

1988, A message of peace goes haywire Viruses were all about peace and love—until they started crashing people’s computers. The MacMag virus caused infected Macs to display an onscreen message on March 2, 1988:

RICHARD BRANDOW , publisher of MacMag, and its entire staff would like to take this opportunity to convey their UNIVERSAL MESSAGE OF PEACE to all Macintosh users around the world

Unfortunately, a bug in the virus caused infected Macs to crash well before Brandow’s day of “universal peace.” The virus was also designed to delete itself after displaying Brandow’s message but ended up deleting other user files along with it. One of the victims, a software executive working for Aldus Corp, inadvertently copied the virus to a pre-production version of Aldus’ Freehand illustration software. The infected Freehand was then copied and shipped to several thousand customers, making MacMag the first virus spread via legitimate commercial software product.

Drew Davidson, the person who actually coded the MacMag virus (Brandow wasn’t a coder), told TIME he created his virus to draw attention to his programming skills.

“I just thought we’d release it and it would be kind of neat,” Davidson said.

1988, front page of The New York Times A little over a month after the TIME magazine piece, a story about the “most serious computer ‘virus’ attack” in US history appeared on the front page of The New York Times . It was Robert Tappan Morris’ Internet worm, erroneously referred to as a “virus.” In all fairness, no one knew what a worm was. Morris’s creation was the archetype.

The Morris worm knocked out more than 6,000 computers as it spread across the ARPANET , a government operated early version of the Internet restricted to schools and military installations. The Morris worm was the first known use of a dictionary attack. As the name suggests, a dictionary attack involves taking a list of words and using it to try and guess the username and password combination of a target system.

Robert Morris was the first person charged under the newly enacted Computer Fraud and Abuse Act , which made it illegal to mess with government and financial systems, and any computer that contributes to US commerce and communications. In his defense, Morris never intended his namesake worm to cause so much damage. According to Morris, the worm was designed to test security flaws and estimate the size of the early Internet. A bug caused the worm to infect targeted systems over and over again, with each subsequent infection consuming processing power until the system crashed.

1989, Computer viruses go viral In 1989 the AIDS Trojan was the first example of what would later come to be known as ransomware. Victims received a 5.25-inch floppy disk in the mail labelled “AIDS Information” containing a simple questionnaire designed to help recipients figure out if they were at risk for the AIDS virus (the biological one).

While an apt (albeit insensitive) metaphor, there’s no indication the virus’ creator, Dr. Joseph L. Popp, intended to draw parallels between his digital creation and the deadly AIDS virus. Many of the 20,000 disk recipients, Medium reported, were delegates for the World Health Organization (WHO). The WHO previously rejected Popp for an AIDS research position.

Loading the questionnaire infected target systems with the AIDS Trojan. The AIDS Trojan would then lay dormant for the next 89 boot ups. When victims started their computer for the 90th time, they’d be presented with an on-screen message ostensibly from “PC Cyborg Corporation” demanding payment for “your software lease,” similar to the Brain virus from three years earlier. Unlike the Brain virus, however, the AIDS Trojan encrypted the victims’ files.

In an era before Bitcoin and other untraceable cryptocurrencies, victims had to send ransom funds to a PO box in Panama in order to receive the decryption software and regain access to their files. Funds, Popp claimed after his arrest, were destined for AIDS virus research.

1990s, Rise of the Internet By 1990 ARPANET was decommissioned in favor of its public, commercially accessible cousin the Internet. And thanks to Tim Berners-Lee’s pioneering work on web browsers and web pages, the Internet was now a user-friendly place anyone could explore without special technical knowledge. There were 2.6 million users on the Internet in 1990, according to Our World in Data. By the end of the decade, that number would surpass 400 million.

With the rise of the Internet came new ways for viruses to spread.

1990, Mighty morphin’ 1260 virus Cybersecurity researcher Mark Washburn wanted to demonstrate the weaknesses in traditional antivirus (AV) products. Traditional AV works by comparing the files on your computer with a giant list of known viruses. Every virus on the list is made of computer code and every snippet of code has a unique signature—like a fingerprint.

If a snippet of code found on your computer matches that of a known virus in the database, the file is flagged. Washburn’s 1260 virus avoided detection by constantly changing its fingerprint every time it replicated itself across a system. While each copy of the 1260 virus looked and acted the same, the underlying code was different. This is called polymorphic code, making 1260 the first polymorphic virus.

1999, “You’ve got mail (and also a virus)” Think back to 1999. If someone you knew sent you an email that read “Here is the document you requested … don’t show anyone else ;-),” you opened the attachment.

This was how the Melissa virus spread and it played on the public’s naiveté about how viruses worked up to that point. Melissa was a macro virus. Viruses of this type hide within the macro language commonly used in Microsoft Office files. Opening up a viral Word doc, Excel spreadsheet, etc. triggers the virus. Melissa was the fastest spreading virus up to that point, infecting approximately 250,000 computers, Medium reported.

2012, A full Shamoon over Saudi Arabia By the turn of the 21st century, the roadmap for future malware threats had been set. Viruses paved the way for a whole new generation of destructive malware. Cryptojackers stealthily used our computers to mine cryptocurrencies like Bitcoin. Ransomware held our computers hostage. Banking Trojans, like Emotet , stole our financial information. Spyware and keyloggers shoulder surfed us from across the web, stealing our usernames and passwords.

Old-school viruses were, for the most part, a thing of the past. In 2012, however, viruses made one last grab at the world’s attention with the Shamoon virus. Shamoon targeted computers and network systems belonging to Aramco, the state-owned Saudi Arabian oil company, in response to Saudi government policy decisions in the Middle East.

The attack stands as one of the most destructive malware attacks on a single organization in history, completely wiping out three-quarters of Aramco’s systems, The New York Times reported. In a perfect example of what comes around goes around, cybersecurity researchers have suggested the attack started with an infected USB storage drive—the modern equivalent of the floppy disks used to carry the very first virus, Elk Cloner.

Today, tech support scams Decades have passed since computer viruses reached their destructive zenith but there’s a related threat you should know about. Commonly referred to as a tech support scam or a virus hoax , this modern threat isn’t a virus at all.

Here’s how tech support scams work. The victim is served up a bogus pop-up ad after landing on a spoofed website or as a result of an adware infection. In a recent example , scammers used malvertising to link victims to malicious support sites after victims searched for things like cooking tips and recipes.

We’ve also seen hacked WordPress sites redirecting to support scam sites. The bogus ad is designed to look like a system alert generated by the operating system, and it may say something like, “Security alert: Your computer might be infected by harmful viruses,” along with contact information for “Technical Support.” There’s no virus and no technical support—just scammers who will make it seem like you have a virus and demand payment to “fix” it.

According to the Federal Trade Commission there were 143,000 reports about tech support scams in 2018, with total losses reaching $55 million. What makes this scam particularly insidious is that cybercriminals frequently target the most vulnerable part of the world’s population. People 60-years-old and over were five times more likely to report being a victim of a tech support scam.

Is Chromium a virus?

As discussed above, a number of things that are called viruses are not actually viruses. Some of those, like ransomware or computer worms, are still malicious, but they are not computer viruses. Some things that are not malicious are sometimes suspected as viruses, and Chromium is a good example of this.

Chromium is not a virus. Chromium is a free open-source web browser project by Google. Much of the Chromium code serves as source code for Google Chrome, a legitimate and popular web browser. Just because you suddenly have Chromium on your computer doesn’t necessarily mean that it’s malware. You may have unwittingly installed a legitimate copy of Chromium that was bundled with other software.

Because Chromium is open-source, anyone can download Chromium and modify it to suit their needs. Bad actors could download Chromium and alter it to serve malicious purposes. WebNavigator Chromium browser is an example of a threat actor adapting Chromium code and using it as a search hijacker. However to reiterate, Chromium itself is not a virus.

What is a VPN?

What is IP address?

What is internet security?

What is cyber security?

What are computer viruses?

A computer virus is a type of malware that attaches to another program (like a document), which can replicate and spread after a person first runs it on their system . or instance, you could receive an email with a malicious attachment, open the file unknowingly, and then the computer virus runs on your computer.

How do I check my computer from viruses?

Run a virus scan which scans your system for viruses and malware.

Select your language

Throwback Thursday

Biological viruses versus computer viruses, why is it important to understand both today.

During recent months, we’ve witnessed an unexpected and distressing pandemic of a coronavirus disease. What I find especially distressing about it is how the worldwide adversity was caused by just a tiny thing — namely, a virus called SARS-CoV-2.

However, biological viruses have always been a potent threat to humanity, as historic pandemics have proved. No wonder viruses became an ideal weapon model in a totally different world — a world of programming. The first computer viruses were created as early as in the 1970s. Starting as pranks, they evolved to become a major threat to the stability of computer networks worldwide. And the more I think of viruses, both biological and digital, the more amazed I am by their similarities.

We don’t know what kind of challenges viruses of either type will cause in the future, but understanding how they infect, the symptoms they induce, how they spread, and the damage they can cause can help us fight both.

The Common Thread

Let’s start with the basics: What does a virus look like?

The images in Figure 1 might look vastly different, but, essentially, they’re the same: a string of code. In the coronavirus, it’s the RNA genome in a shell; in Melissa, it’s computer code. In both cases, the code is an “instruction” for the virus to follow.

What are the other similarities?

Let’s not forget that both types of viruses represent just a single type of threat in their respective worlds. Along with biological viruses, there are bacteria, fungi, and other germs. However, in our daily life, we often say we “caught a virus” whenever we feel ill.

Similarly, computer viruses are just one kind of malware — malicious computer programs . Still, we usually call all the harmful programs by the common word “viruses.” In fact, classic viruses are not that widespread. Many infamous cyber outbreaks were caused by computer worms, close relatives of viruses that are more infectious and independent. We’ll talk more about worms, too.

There have been multiple outbreaks of viral diseases and computer malware in history, with some cases causing terrible damage. Biological virus epidemics are, of course, more severe in their impact — smallpox, Spanish flu, AIDS, Ebola, and COVID-19 are just a few.

While computer viruses aren’t lethal, nor do they cause devastating health consequences, they can still have a dangerous global impact. For example, in 2010, Stuxnet worm managed to cause substantial damage to the nuclear program of Iran. In 2008, Conficker worm infected, among others, the French Navy computer network forcing their aircraft to be grounded. MyDoom worm caused more than $38 billion in damage —comparable to the $40 billion global economic loss caused by the SARS coronavirus outbreak from 2002-2004.

Figure 2 shows some similarities between biological and computer viruses by analyzing the rate in which they spread over a certain timeframe. In the examples above, Code Red virus managed to infect over 350,000 computers in less than 24 hours, while the Ebola virus affected over 25,000 people in more than a year. Though infection rates are dissimilar, the general pattern is similar: the infection starts from single points and quickly becomes massive; you can see the exponential growth on both graphs above.

The crucial factor is that it is possible to stop the virus at the very beginning, drastically reducing the resulting damage. This leads us to a few important conclusions.

What Do Virus Outbreaks Teach Us?

I believe there are three principles we can (and should) follow each time we are at risk of epidemics, be they biological or digital. When are we at such risk? Basically, all the time.

1) Prevention is key

This can’t be stressed enough. Vaccination saves lives. Proper hygiene habits are essential. Investments in the immune system through a healthy diet, sleep, and exercise are important as well. These are ways to both avoid infection and to recover quickly should it happen.

Similarly, we need to protect our devices with security software and keep it updated. At the same time, we all should practice safe behavior online — avoid clicking on suspicious links, using weak passwords, running shady apps, and so on.

In both cases, we’re not just protecting our bodies or computers - this way we can stop the outbreak and prevent the infection curve from going up. We are also helping to protect other people.

2) Responsible behavior is a must

If we catch a virus, from the common cold to something more serious, we should act responsibly. Staying at home instead of rushing to the office, getting professional help instead of self-medicating, covering up when coughing or sneezing — these are basic rules for everyone who’s sick.

Containing a virus on your machine has similar protocols. You must isolate to prevent virus spread. If a computer has “fallen ill” or just shows symptoms, it also needs proper diagnostics and treatment. If there are any signs of a virus, we need to scan the device with a reliable antivirus. It’s important not to connect the computer to any networks or other devices until the malware is deleted. And if the case seems complicated, it’s better to contact an expert.

Eventually, the behavior of infected ones strongly influences how the virus outbreak goes.

3) Panic is our enemy

Being careful and responsible is good; overreacting and panicking is not.

Whenever a disease spreads, we need to educate ourselves and know what’s true about it and what’s not. It is important to be extra careful with information we receive and share. While official sources, such as the Center for Disease Control and prevention or World Health Organization, are trustworthy and reliable, apocalyptic gossips on social media are not and bring only harm.

Similarly, there’s no need to install 12 different antivirus applications or disconnect from the internet forever. Instead, it makes sense to choose one reliable security program and only follow advice from trusted specialists.

Closing Thoughts

While biological and computer viruses have similarities, there are, of course, significant differences in how they behave and how they can be tackled.

It's important to remember that humans come with a built-in, self-enhancing “antivirus,” but most devices don’t. Our immune system is a remarkably efficient tool that beats most germs. While we should help it by practicing healthy habits, it is already a strong and evolving mechanism. As for our devices, we need to arm them with their own immune system. People should thoroughly research antivirus software and wisely choose a reputable solution that best fits their needs. Once up and running, they should also stay on top of critical updates to ensure their software continues to run smoothly and maintain efficacy against the latest viruses.

What is universally true is that relevant prevention, care, and treatment are crucial in all cases. Unfortunately, we all can involuntarily become part of a virus outbreak, be it medical or technical. As the coronavirus continues, and we increasingly rely on digital services, we should do our best to stay healthy both online and offline. By acting wisely and responsibly, we can protect ourselves and many, many others. Let’s take care together.

Share This Story

Alun Baker is CEO of Clario .

Restricted Content

You must have JavaScript enabled to enjoy a limited number of articles over the next 30 days.

Data Center Hardware Versus Software

Cloud-Based SQL Server Performance Monitoring: Fact Versus Fiction

Hyperconverged Infrastructure Versus Cloud Strategies

Get our new emagazine delivered to your inbox every month., stay in the know on the latest data center news and information..

Design, CMS, Hosting & Web Development :: ePublishing

We use cookies for security purposes, to improve your experience on our site and tailor content for you. Our Privacy Statement explains how we use cookies.

The following form allows you to search all of BT.

Practice management
Managing your business

Case studies – malware attacks

As our lives increasingly move online, cybersecurity is an important consideration for all businesses, including financial advice businesses. For many financial advisers understanding how to protect sensitive client information from cyber attacks is becoming an important part of sound practice management.

A cyber attack is essentially an attempt by hackers to damage or destroy a computer network or system. One of the ways they can do this, is by installing malware (also known as malicious software)on your computer that allows unauthorised access to your files and can allow your activity to be watched without you knowing. Cyber criminals can then steal personal information and login details for secure websites to commit fraudulent activities.

In this article we discuss steps financial advisers can take to protect themselves from cyber attacks and explore different scenarios that demonstrate what a cyber attack can look like and how it can be prevented.

How can financial advisers improve their cyber security?

Turn on auto-updates for your business operating system – such as windows or Apple’s ios, and be sure to keep computer security up to date with anti-virus and anti-spyware, as well as a good firewall.
Back up important data – to an external hard drive, to a USB or a cloud to protect your business from lost data.
Enable multi-factor authentication – start using two or more proofs of identity such as a PIN, passphrase, card or token, or finger print before access is enabled.
Implement premissions on a ‘need to know’ basis – your employees don’t need to access everything. Be selective about what permissions are allowed to which staff.
Conduct regular employee cyber training. Show staff how to ‘recognise, avoid, report, remove and recover’. Your employees can be your defence against cyber crime. Reward staff for their efforts; and
Always be cautious of the below when receiving emails: - requests for money, especially urgent or overdue - Bank account changes - Attachments, especially from unknown or suspicious email addresses - Requests to check or confirm login details

Case studies - malware attacks

Protect yourself and your business

Cyber security assessment tool

The Department of Industry, Science, Energy and Resources has developed a tool to help you identify your business' cyber security strengths and areas where your business can improve. This tool will ask you a series of questions about how you manage your cyber security risks and based on your answers, you will receive a list of recommendations to action. You can download the recommendations as a PDF and access the tool here.

Scenario 1 – Advisory practices attacked by a trojan virus

Scenario 2 - Adviser subject to a malware attack causing account lock

Scenario 3 - opening email attachment causes all pcs in the office to shutdown, scenario 1 - advisory practices attacked by a trojan virus.

In this scenario, a number of advisory practices were subject to a targeted malware attack via a Trojan virus. This virus helped the cyber criminals access several advisers’ PCs and obtain the login details for systems that had been used.

This attempted fraud took place while the practice was closed over the Christmas holidays.

"We locked up the office that afternoon just before Christmas and went home. We were all looking forward to a nice long break, it’d been a busy year. We wouldn’t be back in the office until the New Year."

Transactions were submitted to the platform over the Christmas period using several advisers’ user IDs.

Direct credit (EFT) bank account details were edited to credit the cyber criminals' ‘mule’ Australian bank account. From this account the cyber criminals would be free to transfer the funds overseas.

Luckily for the practice, the fraud was uncovered before any funds were paid out.

"Even though we were on holiday, we all continued to check our transaction updates via the platform each day. We called the platform right away and they were able to stop the fraudulent payments in time."

Preventing this type of fraud

Be diligent about checking platform transaction updates sent by email or displayed online. Specifically look out for withdrawal requests, new accounts opened, asset sell downs and changes to contact details.
When taking annual leave, nominate a colleague to check platform transaction updates on your behalf in your absence.
Call us immediately if you suspect fraud or malware on your system. We’ll suspend your login ID to attempt to prevent further fraudulent transactions.
Bring in a tech specialist immediately to run and update security software and restore your systems back to normal.

A Melbourne advisory practice was the target of a malware attack, having found malware on their system which locked their access to the platform. The malware allowed the cyber criminal to gain access to an adviser’s login details for all systems he had used recently.

The cyber criminals now had access to every website or account that required a login. This included personal banking, platform desktop software, Xplan software and Facebook.

The next time the adviser tried to log in to his platform desktop software, he was locked out.

He rang our account executive team to report his access was locked. He couldn’t login, even though he was using his correct user name and password.

The platform reset his password. The next day when the adviser tried again to login, he was locked out of the system again.

It became obvious that the adviser’s user ID had been compromised. At this point, the user ID was deleted.

Where you have had your platform access locked or you suspect fraud or malware on your system call us immediately as part of your reporting response so we can suspend your login ID to attempt to prevent further fraudulent transactions. Bring in a tech specialist immediately to run and update security software and restore your systems back to normal.

Be on the lookout for requests to check and confirm login details.
Increase the strength of your identifiers and ensure two or more proofs of identity are required before access to company systems is enabled.
Use virus protection software to prevent hackers from accessing your information and to help protect you if you click on a suspicious link or visit a fake website.
Schedule regular training for employees so that they can better detect malicious links or avoid downloading content from untrustworthy sources.

A staff member in an advisory practice opened a file attached to an email received one morning.

It turned out the attachment contained a ‘worm’ that infected not only the staff member’s PC, it also spread to all other PCs in the practice network.

This malware caused all PCs in the office to shut down.

The adviser needed to use the platform software that day to ensure his clients participated in a Corporate Action that was closing the following day.

With help from their Business Development Manager, the office worked through the issue so they were able to log into the platform software to complete this critical work from a home laptop that hadn’t been infected with the virus.

Never open attachments in emails if you don’t know or trust the source.
Ensure your office network is protected with up-to-date anti-virus software.
Call us immediately if you suspect fraud or malware on your system. We’ll suspend your login ID to attempt to prevent any further criminal activity.
Bring in a tech specialist immediately to run and update security software and restore your systems back to normal.

Whitepaper: The critical trends impacting the future of US Wealth Advisory

Technology and advice landscapes, the power of perspective.

share this!

April 29, 2024

This article has been reviewed according to Science X's editorial process and policies . Editors have highlighted the following attributes while ensuring the content's credibility:

fact-checked

trusted source

Machine learning classifies 191 of the world's most damaging viruses

by University of Waterloo

researchers use machine learning to classify 191 of the world’s most damaging viruses

Researchers from the University of Waterloo have successfully classified 191 previously unidentified astroviruses using a new machine learning-enabled classification process.

The study, "Leveraging machine learning for taxonomic classification of emerging astroviruses," was recently published in Frontiers in Molecular Biosciences .

Astroviruses are some of the most damaging and widespread viruses in the world. These viruses cause severe diarrhea, which kills more than 440,000 children under the age of 5 annually. In the poultry industry , astroviruses like avian flu have an 80% infection rate and a 50% mortality rate among livestock, leading to economic devastation, supply chain disruption, and food shortages.

Astroviruses mutate quickly and can spread easily across their more than 160 host species , putting researchers and public health officials in a constant race to classify and understand new astroviruses as they emerge. In 2023, there were 322 unidentified astroviruses with distinct genomes. This year, that number has risen to 479.

"At any given point, between 2% and 9% of humans carry one of these viruses. That number can be as high as 30% in some countries," said Fatemeh Alipour, Ph.D. candidate in computer science at Waterloo and the lead computer science author of the research study. "Understanding and classifying these viruses effectively is essential for developing vaccines."

The astrovirus research team included computer science researchers at Waterloo and biology researchers at the University of Western Ontario.

The new three-part classification method includes supervised machine learning, unsupervised machine learning, and manual labeling of each astrovirus's host.

"The main idea behind the classification method is to leverage machine learning to classify species by learning from their 'genomic signatures,'" said Lila Kari, professor in the David R. Cheriton School of Computer Science. "The classification method is exciting both in its speed and general applicability."

"This method can help us understand how viruses are transmitted between different animals. It can also be used to classify viruses in other virus families like HIV and Dengue."

Provided by University of Waterloo

Explore further

Feedback to editors

Hungry, hungry white dwarfs: Solving the puzzle of stellar metal pollution

9 hours ago

How E. coli get the power to cause urinary tract infections

10 hours ago

Male or female? Scientists discover the genetic mechanism that determines sex development in butterflies

New study is first to use statistical physics to corroborate 1940s social balance theory

Stony coral tissue loss disease is shifting the ecological balance of Caribbean reefs

Assyriologist claims to have solved archaeological mystery from 700 BC

11 hours ago

Scientists show how to treat burns with an environmentally friendly plant-based bandage

Rising mercury levels may contribute to declining Steller sea lion populations

Call of the conch: Archaeologists suggest Indigenous Americans used sound to organize local communities

Aligned peptide 'noodles' could enable lab-grown biological tissues

Relevant physicsforums posts, the cass report (uk).

May 1, 2024

Is 5 milliamps at 240 volts dangerous?

Apr 29, 2024

Major Evolution in Action

Apr 22, 2024

If theres a 15% probability each month of getting a woman pregnant...

Apr 19, 2024

Can four legged animals drink from beneath their feet?

Apr 15, 2024

Mold in Plastic Water Bottles? What does it eat?

Apr 14, 2024

Researchers crack COVID-19 genome signature

Apr 28, 2020

New software tool could provide answers to some of life's most intriguing questions

Apr 17, 2019

Using machine learning to identify patients with cancer that would benefit from immunotherapy

Apr 16, 2024

Enhancing rapeseed maturity classification with hyperspectral imaging and machine learning

Mar 18, 2024

AI may predict the next virus to jump from animals to humans

Sep 28, 2021

New research works to improve image classification and analysis

Mar 7, 2024

Recommended for you

Novel triple drug combination effective against antibiotic-resistant bacteria

13 hours ago

'Degree of Kevin Bacon' gene provides possible basis for central players in group connectedness

15 hours ago

New discovery of a mechanism that controls cell division

14 hours ago

International team cracks genomic code for earliest forms of terrestrial plant life

May 2, 2024

Let us know if there is a problem with our content

Use this form if you have come across a typo, inaccuracy or would like to send an edit request for the content on this page. For general inquiries, please use our contact form . For general feedback, use the public comments section below (please adhere to guidelines ).

Please select the most appropriate category to facilitate processing of your request

Thank you for taking time to provide your feedback to the editors.

Your feedback is important to us. However, we do not guarantee individual replies due to the high volume of messages.

E-mail the story

Your email address is used only to let the recipient know who sent the email. Neither your address nor the recipient's address will be used for any other purpose. The information you enter will appear in your e-mail message and is not retained by Phys.org in any form.

Newsletter sign up

Get weekly and/or daily updates delivered to your inbox. You can unsubscribe at any time and we'll never share your details to third parties.

More information Privacy policy

Donate and enjoy an ad-free experience

We keep our content available to everyone. Consider supporting Science X's mission by getting a premium account.

E-mail newsletter

3D rendered image of a bacteriophage virus capsid.

Virtual Viruses Reveal Complex Genomic Dynamics

Researchers used new simulations to obtain the first structures of elusive viruses..

Aparna is a freelance science writer with a PhD in bioinformatics and genomics at Harvard University. Her writing has also appeared in The Philadelphia Inquirer, Popular Science, PBS NOVA, and more.

View full profile.

Learn about our editorial policies.

ABOVE: Using sophisticated computer simulations, researchers predicted the structure of a complete bacteriophage, including its DNA. © iStock, Yabusaka Design

A virus may be microscopic, but it contains thousands of nucleic acid bases strategically packaged into a protein shell. Knowing how the virus organizes these vast information stores in a compact space is the key to understanding viral structure and designing better defenses against pathogenic viruses.

Peering into the viral protein shell, or capsid, is challenging. Typical structure discerning techniques such as cryo-electron microscopy can’t capture the varying configurations of genetic material in each virus. Back in 2010, Aleksei Aksimentiev , a biophysicist at the University of Illinois Urbana-Champaign, had an idea for computationally simulating a virus’s structure. However, computational methods were simply not sophisticated enough at the time.

“It was always at the back of our minds, and then, we made a breakthrough in terms of methodology,” Aksimentiev said.

Now, 14 years later, in a study published in Nature , his team reported using a new computational approach to simulate the individual atoms of a virus that is packed with nucleic acids. 1 They used this method to study the HK97 bacteriophage and proposed the first structure for the virus.

A few years ago, Aksimentiev’s team developed a method for mapping out complex DNA configurations by computationally simulating them at multiple resolutions. 2 They start at a coarse resolution, like a fuzzy image, and then on each iteration, they increase the level of detail in the simulated DNA structure.

Drawing of a ball of multicolored yarn surrounded by a green layer under a spotlight.

In their new study, the researchers used this approach to computationally model the virus and its DNA during viral assembly. With prior experimental data such as the structure of the capsid and the force of the motor that loads DNA into the virus as a starting point, they simulated the behavior of each of the 26 million atoms during the chaotic process of loading DNA into the capsid. This was no small task; each simulation took anywhere between three months and one year to run, even on very powerful computers.

According to Eric May , a structural biologist at the University of Connecticut who was not involved in this study, the simulations provided unprecedented insights into the dynamics between the genome, the capsid, and other molecules in the virus that may be missed by experimental methods that can only obtain the average structure across many particles. “This computational approach doesn't have that kind of limitation,” he said. “We know the protein components already, but now seeing the genomic information in full atomic detail is very exciting.”

For example, the researchers predicted that DNA is packaged into the capsid through a method called loop extrusion , where proteins force the DNA into hairpin configurations. 3 Aksimentiev was surprised to see the diversity of genomic configurations produced by the simulations.

“We intuitively would think each configuration could be different, but what was surprising to us was the scale at which the structures were different,” Aksimentiev said. “If you look at the individual viral particles, they are different by the global configuration, which was introduced by the varied packaging process.”

Matthias Wolf , a structural biologist at the Okinawa Institute of Science and Technology who was not involved in this study, said that this addresses a long standing question about how viruses organize their genomes. However, he noted that the study lacked experimental validation of the predicted structures.

Aksimentiev thinks that they can improve the simulation to account for more physical forces and be less reliant on experimental input data. His group is also running simulations of other viruses that are more complex. May thinks that it will be critical to apply this model to pathogenic viruses such as HIV and SARS-CoV-2, even though they are harder to model because of their RNA genomes. “It would be interesting to see [the researchers] try to move in the direction of systems of great public health importance,” he said. “Also understanding the stages of viral infection: how is the structure of a virus different when it enters the cell? How is the genome getting released from a virus?”

Aksimentiev is optimistic that the simulations will extend to more complex viruses, including RNA viruses, by incorporating more targeted experimental data. His eye is also on an even loftier goal: simulating an entire cell. “It's probably not coming soon, but that's kind of the Holy Grail,” he said.

Explainable AI for Rational Antibiotic Discovery

Where Books Meet Bacteria

New Strategies in the Battle Against Infectious Diseases

IMAGES

(PDF) Computer Viruses in UNIX Environment: Case Study
20+ Different Types of Computer Virus
Computer Viruses, Worms, and Trojans: What are They?
What are Computer Viruses? Explained Simply for Beginners by The Tech Academy
Presentation On Computer Viruses
(PDF) The Impact of Computer Virus

VIDEO

Comparison: Computer Viruses
Acquisition Case Study: Computer Express
Karlstad University
Case Study Computer Network
Computer Virus And Antivirus Essay In English
What is a Computer Virus?

COMMENTS

11 real and famous cases of malware attacks
Check out 11 real cases of malware attacks. 1. CovidLock, ransomware, 2020. Fear in relation to the Coronavirus (COVID-19) has been widely exploited by cybercriminals. CovidLock ransomware is an example. This type of ransomware infects victims via malicious files promising to offer more information about the disease.
11 infamous malware attacks: The first and the worst
Brain virus (1986) Creeper was designed to leap across computer networks, but for most of the 1970s and '80s that infection vector was in limited simply because most computers operated in isolation.
Famous computer viruses: A look at cyberthreats
Jaschan's motivations behind these viruses remain unclear but may have been driven by a desire to outpace even the notorious MyDoom virus. 6. Anna Kournikova virus. The Anna Kournikova virus, named after the famous tennis player, exploited her popularity to trick unwitting users.
Hybrid Epidemics—A Case Study on Computer Worm Conficker
Computer Worm Conficker. In this paper we will analyse a critically hybrid epidemic, the computer worm Conficker, based on real measurement data. It is one of the most contagious computer worms on record. It erupted on the Internet on 21 November 2008 and infected millions of computers in just a few days [ 7 ].
A comprehensive review study of cyber-attacks and cyber security
A virus is a self-replicating program that spreads to other documents and other programs by duplicating itself, and may cause programs to malfunction. A computer virus acts like a biological virus that spreads through its reproduction to cells in the host body. Some of the popular viruses are: NIMDA, SLAMMER, and SASSER. Hacker
SE7- Case study
SE7- Case study - Internet worm. Description. The 1988 Internet Worm was the first major worldwide computer security incident where malware (software that is malicious) propagated throughout the internet. This worm infected Unix servers, taking advantage of different types of vulnerability in installed code such as Sendmail and finger.
Viruses, Worms, and Trojan Horses: Serious Crimes, Nuisance, or Both?
5. The lack of criminological understanding of computer malware can have potentially serious effects, as made clear by a recent case involving two university professors who cited as examples of real computer viruses a number of hoaxes that were part of an April Fool's Day tradition maintained by Datamation magazine. This work, "Trends and ...
An introduction to computer viruses: Problems and solutions
a case study of HMS Central Library", ILA. Bullet in, Vol. 44 Nos 3/4, pp. 24-7 ... Computer viruses are malicious programs designed to alter the way a computer operates without the user's ...
Viruses, Computer
Abstract. Viruses can be defined simply as self-replicating programs; however, viruses continue to be maliciously combined with cybercrime, which has become rampant as society grows more dependent on information systems. Most organizations cannot handle the viruses that are reported every day on their own, because these viruses have developed ...
Computer Viruses in UNIX Environment: Case Study
67. Computer Viruses in UNIX Environment: C ase Study. Asmaa Shaker Ashoor Prof. Sharad Gore Prof. Vilas Kharat. Computer Science Department Statistic Department Computer Science Department. Pune ...
Computer viruses: What they are, how they work, how they ...
A computer virus is a program that replicates itself and spreads to computers with the goal of disrupting or destroying normal computer use. In academic computing, viruses represent a serious problem that costs millions of dollars in losses annually and hinders the free exchange of information so critical to education. Viruses operate in incubation, infection, and destroy phases. The nature ...
An introduction to computer viruses: problems and solutions
The author suggests ways to detect and prevent the different computer viruses., - The research is based on and limited to the study of the relevant literature available on different relevant web sites., - The research will benefit business organizations, business houses, educational institutions and libraries working in fully computerized ...
Case Study: The Morris Worm Brings Down the Internet
The problem was that the speed of propagation was underestimated. Once released, the worm quickly reinfected computers over and over again until they were unable to function, and the internet came crashing down. The worm did more damage than Morris had expected and once he realized what he had done, he asked a colleague to anonymously apologize ...
(PDF) Trojan Horse Malware
Abstract. This study mainly focuses on Trojan Horse Viruses. This study thoroughly describes about what is a Trojan Horse Viruses, how it got the name, what types of Trojan Horse Viruses are there ...
Cyber Security Case Studies
Malwarebytes leads the market with its lightweight footprint, ease of use, and steadfast reliability in stopping threats.". — Shane Hooton, Owner, Hooton Tech. KEEP READING. Cyberprotection for every one. Learn how Malwarebytes secures businesses worldwide in these cyber security case studies focusing on organizations from all industries.
computer viruses Latest Research Papers
This study aims to model the pattern of the spread of computer viruses. The method used in this research is the analytical method with the probability of mathematical immunity. Based on the analysis of the model, two equilibrium points free from disease E1 and endemic equilibrium points E2 were obtained.
Computer Virus: What are Computer Viruses?
A computer virus attaches bits of its own malicious code to other files or replaces files outright with copies of itself. It's that second virus trait that tends to confuse people. Viruses can't spread without some sort of action from a user, like opening up an infected Word document. Worms, on the other hand, are able to spread across ...
Biological Viruses Versus Computer Viruses
Outbreaks. There have been multiple outbreaks of viral diseases and computer malware in history, with some cases causing terrible damage. Biological virus epidemics are, of course, more severe in their impact — smallpox, Spanish flu, AIDS, Ebola, and COVID-19 are just a few. While computer viruses aren't lethal, nor do they cause ...
Case studies
Scenario 1 - Advisory practices attacked by a Trojan virus. In this scenario, a number of advisory practices were subject to a targeted malware attack via a Trojan virus. This virus helped the cyber criminals access several advisers' PCs and obtain the login details for systems that had been used. This attempted fraud took place while the ...
1653 PDFs
Explore the latest full-text research PDFs, articles, conference papers, preprints and more on COMPUTER VIRUS. Find methods information, sources, references or conduct a literature review on ...
Hybrid Epidemics—A Case Study on Computer Worm Conficker
Abstract. Conficker is a computer worm that erupted on the Internet in 2008. It is unique in combining three different spreading strategies: local probing, neighbourhood probing, and global probing. We propose a mathematical model that combines three modes of spreading: local, neighbourhood, and global, to capture the worm's spreading behaviour.
Machine learning classifies 191 of the world's most damaging viruses
The study, "Leveraging machine ... These viruses cause severe diarrhea, which kills more than 440,000 children under the age of 5 annually. ... Ph.D. candidate in computer science at Waterloo and ...
Virtual Viruses Reveal Complex Genomic Dynamics
Now, 14 years later, in a study published in Nature, his team reported using a new computational approach to simulate the individual atoms of a virus that is packed with nucleic acids. 1 They used this method to study the HK97 bacteriophage and proposed the first structure for the virus.. A few years ago, Aksimentiev's team developed a method for mapping out complex DNA configurations by ...
A9kwvjjsuswrj6460Part377 (pdf)
Computer-science document from Hafizabad Institute Of Business Administration, Hafizabad, 1 page, No No No No Monthly Quarterly Quarterly Quarterly Quarterly Quarterly (depending on use) Annually (or whenever case is opened) Annually (or whenever case is opened) Annually Annually Annually Annually Annually Update virus definition files Check power pro
USDA
Access the portal of NASS, the official source of agricultural data and statistics in the US, and explore various reports and products.