Why writing virus code:-

Someone did this to a bank one time (and by the way he was
never caught!)He was given the task of designing their operating system
and security, and he decided he wasn't getting paid enough, so he devised
his own method of compensation.Every so often, the computer would steal
a certain amount of money from the bank (by just CREATING it electronic-
ally) and would put it in an account that didn't exist as far as the bank
or the IRS or anybody knew, and whenever this guy wanted, he went to
the bank and withdrew some money.They aren't sure how he did it, but
he probably visited the electronic teller as often as possible.As I
said, the authorities still haven't found him, but after several years
of his leech program being in service, it "expired."They assume that
he set it up to destroy itself after so long, and when this little
program was gone, the bank suddenly was missing several million dollars.

Types of viruses:-

(1)Resident Viruses
This type of virus is a permanent which dwells in the RAM memory. From there it can overcome and
interrupt all of the operations executed by the system: corrupting files and programs that are opened,
closed, copied, renamed etc. 

Examples include: Randex, CMJ, Meve, and MrKlunky.

(2)Direct Action Viruses

(3)Overwrite Viruses
Virus of this kind is characterized by the fact that it deletes the information contained in the files that it
infects, rendering them partially or totally useless once they have been infected. 

The only way to clean a file infected by an overwrite virus is to delete the file completely, thus losing the
original content. 

Examples of this virus include: Way, Trj.Reboot, Trivial.88.D.

(4)Boot Virus
All disks and hard drives contain smaller sections called sectors. The first sector is called the boot. The
boot carries the Mater Boot Record (MBR). MBR functions to read and load the operating system. So, if a
virus infects the boot or MBR of a disk, such as a floppy disk, your hard drive can become infected, if you
re-boot your computer while the infected disk is in the drive. Once your hard drive is infected all diskettes
that you use in your computer will be infected. Boot sector viruses often spread to other computers by the
use of shared infected disks and pirated software applications.

Prevention:-

(i)The best way to disinfect your computer of the boot sector virus is by using antivirus software.

(ii)The best way of avoiding boot viruses is to ensure that floppy disks are write-protected and never start
your computer with an unknown floppy disk in the disk drive. 

Examples of boot viruses include: Polyboot.B, AntiEXE.

(5)Macro Virus

A macro virus is programmed as a macro embedded in a document. Many applications, such as Microsoft
Word and Excel, support macro languages. Once a macro virus gets on to your computer, every
document you produce will become infected. This type of virus is relatively new and may slip by your
antivirus software if you don't have the most recent version installed on your computer. .

Examples of macro viruses: Relax, Melissa.A, Bablas, O97M/Y2K.

(6)Directory Virus
Directory viruses change the paths that indicate the location of a file. By executing a program (file with the
extension .EXE or .COM) which has been infected by a virus, you are unknowingly running the virus
program, while the original file and program have been previously moved by the virus. 

Once infected it becomes impossible to locate the original files. 

(7)Polymorphic Virus
 A polymorphic virus acts like a chameleon, changing its virus signature.

Polymorphic viruses encrypt or encode themselves in a different way (using different algorithms and
encryption keys) every time they infect a system.

This makes it impossible for anti-viruses to find them using string or signature searches (because they are
different in each encryption) and also enables them to create a large number of copies of themselves. 

Examples include: Elkern, Marburg, Satan Bug, and Tuareg.

(8)File Infectors
This type of virus infects programs or executable files (files with an .EXE or .COM extension). When one
of these programs is run, directly or indirectly, the virus is activated, producing the damaging effects it is
programmed to carry out. The majority of existing viruses belong to this category, and can be classified
depending on the actions that they carry out.

(9)Companion Viruses
(usually with extensions .BIN, .COM, .EXE, .OVL, .DRV)Companion viruses can be considered file
infector viruses like resident or direct action types. They are known as companion viruses because once
they get into the system they "accompany" the other files that already exist. In other words, in order to
carry out their infection routines, companion viruses can wait in memory until a program is run (resident
viruses) or act immediately by making copies of themselves (direct action viruses).

Some examples include: Stator, Asimov.1539, and Terrax.1069

(10)FAT Virus
The file allocation table or FAT is the part of a disk used to connect information and is a vital part of the
normal functioning of the computer. 
This type of virus attack can be especially dangerous, by preventing access to certain sections of the disk
where important files are stored. Damage caused can result in information losses from individual files or
even entire directories.

(11)Logic Bombs
They are not considered viruses because they do not replicate. They are not even programs in their own
right but rather camouflaged segments of other programs.

Their objective is to destroy data on the computer once certain conditions have been met. Logic bombs
go undetected until launched, and the results can be destructive.

(12) Stealth viruses: A stealth virus can disguise itself by using certain tactics to prevent being detected
by antivirus software. These tactics include altering its file size, concealing itself in memory, and so on.
This type of virus is nothing new, in fact, the first computer virus, dubbed Brain, was a stealth virus. A
good antivirus should be able to detect a stealth virus lurking on your hard drive by checking the areas the
virus infected and evidence in memory.
(13) Blended threats
Malicious code threats consisting of a combination of viruses, worms and Trojans. Linked descriptions provided courtesy of F-
Secure.

Some example of virus:-

NAME: Babylonia
ALIAS: Win95.Babylonia, W95/Babylonia
SIZE: 4096
This virus contains a worm and has automatic updating capabilities - connecting to a Japanese website to download new viral
plugins before the site was shutdown by authorities.

Babylonia is a memory resident Windows-based virus with worm and automatic update capabilities. The
virus infects PE EXE (Windows Portable Executables) and HLP (Windows Help files). It also patches
Windows socket library WSOCK32.DLL to send its copies to Internet and drops additional component that
is able to download and install 'virus plugins' from Internet.

When an infected EXE file is run, the virus installs its resident copy into Windows memory, drops and
runs an additional file (update component) and returns control to the host program.

To install itself into memory the virus scans Windows kernel, gets necessary Windows functions
addresses and installs itself as a system driver (VxD

The virus then creates an additional PE EXE file 4 kb long in root directory of drive C: -
C:\BABYLONIA.EXE

Cybernet
This is a mass-mailing worm and macro virus that also infects Excel files.
 Symptoms of viruses :-

 Your computer functions slower than normal