Computer Viruses, What You Need to Know to Protect Yourself by drieant.03


									                         Computer Viruses:
              What You Need to Know to Protect Yourself

   This lesson will provide learners with basic information they need to know about
computer viruses.

Target Audience
   This lesson plan is designed for college students in any curriculum, or persons with
equivalent background and interest.

    This module assumes learners have a basic understanding of using computers,
     Email programs
     Word processing
     Web browsing

    30-45 minutes

    Upon completion of this module, learners will have a basic understanding of:
     Computer viruses & common ways viruses are spread
     How to prevent virus attacks
     What to do if a computer becomes infected
     Virus hoaxes

       Overhead or computer projector with PowerPoint capability
       Overheads OH-1 through OH-12 and/or Viruses PowerPoint
       Paper and pens/pencils
       If theVirus-Spreading example is done as an in-class activity: seven note cards
        labeled with character names, 12 note cards labeled “Virus”, Virus Activity Sheet,
        and two rubber bands or paperclips
       If selecting Small Group activity, Small Group learning materials identified as
        Small Group Jigsaw Activity (SG-1 through SG-7)

[PowerPoint and Overhead Note: All overheads are also available as a PowerPoint
 presentation, "Viruses”. This module provides a foundation for the concepts and
 teaching approaches, and educators should continue using the selected using the
 selected overheads or PowerPoint presentation throughout the module. References to
 specific overhead pages will be included throughout the module.]

Instructor Note: This module has two approaches for different size groups. Group
S is suggested for classes smaller than 30 students. Group L is suggested for classes
larger than 30 students but can be executed with any class size.


                Educator Instruction

1S. & 1L. Introduce viruses with the following example: (both groups)

    A. A computer virus is a program designed to replicate and spread on its own,
       usually without the computer user’s knowledge. When a computer or disk has a
       virus on it, it is said to be “infected.” Virus infection is becoming increasingly
       common as people become more connected.

        Example: In early 1999, 80 out of every 1000 computers were infected with a
        virus, more than twice the infection rate of the previous year1. Some viruses are
        merely annoying while others can cause serious damage.

Group S: Small class (less than 30) [Group L continued on next page]

[Note: Learners will be involved in a Jigsaw activity. For further clarification of this
strategy, refer to the Teaching Strategy section. If you feel confident with this strategy,
continue with step 2.]

2. Divide learners into four groups with equal number. Each group should receive one
   of the following sets of learning materials:

    A. Kinds of Viruses
    B. Ways Viruses Spread [Note: In order to complete the "Spreading a Virus"
       activity, this group will need six or seven members].
    C. How to Prevent Viruses AND Recognizing Virus Hoaxes
    D. How to Tell if You Have a Virus, and What to Do

3. Instruct learners to read material, with the goal of becoming experts on their
   materials. Groups should be prepared to teach material to other members of the

4. Allow groups an allotted amount of time to present their concepts to class.

 ICSA Labs. “Computer Virus Prevalence Survey 2000” p.10. Available: (October 2000).

5. Summarize key ideas as a large group.

6. Continue with Conclusion and Assessment Options, found near the end of this
   module (p.8).

Group L: Large class (greater than 30)

   2. Types of Viruses [Refer to OH-1]

  Viruses can be categorized in different ways. One way to classify viruses is by the
way they multiply. We will discuss three types of viruses and the way they spread.

   A. File Infector Viruses.
       Viruses commonly attach themselves to programs on an infected computer.
       When a user runs a program, the virus also runs.
       These kinds of viruses are called “file infector” viruses.

   B. Boot-Sector Infector Viruses.
       Another way viruses work is to infect the boot sector of a disk.
       The boot sector is the part of the disk that tells the computer information
        about the disk, such as whether it is formatted for IBM compatible or
       When a hard disk is infected with this type of virus, the virus activates
        whenever the computer is rebooted.
       This type of virus is called a “boot-record” or “boot-sector infector” virus.

   C. Macro Viruses.
       This type of virus spreads by attaching itself to documents and spreadsheet
        files on a user’s computer.
       It works by inserting a small program, called a macro, into the file. When a
        user opens a document that is infected with a macro virus and the macro
        runs, the virus enables itself to spread to any documents opened after that.
       “Script” viruses are often included in this category. Scripts are small
        programs similar to macros, that also can run when a document or email is

   [Educators may wish to clarify that not all macros are viruses; for example, a
   spreadsheet may include a macro for entering data into a form. If the word
   processor or spreadsheet program has macros enabled, a macro is automatically
   executed upon opening the file.]

   In addition, two programs similar to viruses exist. These programs have many of the
same effects as viruses, but technically are not viruses. [Refer to OH-2 & OH-3]

   Trojan Horses. [Refer to OH-2]
       Involves human interaction
       Users run the program intentionally, but it has effects that they did not know
          about or want.
          o Example: A friend may send an individual a game found on the Internet.
              The user runs the game and find it fun. However, unknown to the user
              running the game, part of the program searches the hard drive for
              password files and sends them to the person who wrote the program.
       It is not a virus because it does not spread on its own, but it has virus-like

   Worms. [Refer to OH-3]
      Involves no direct human intervention
      Like a virus, but spreads from computer to computer via a network
      Recently many worms have been detected that spread through email
        attachments. When it runs, the worm emails itself to everyone in the user's
        email address book, often without their knowledge.
      Script viruses are also sometimes put in this category, because they often
        spread themselves via email.

         o Example:

      Your computer has fallen victim to the Code Red Worm. How did this happen?

      An Internet Information Server (IIS), often running by default in many Windows
      operating systems and found to have vulnerabilities, served as the transmitter of
      the Code Red worm. Through the Internet, the Code Red actively sought
      computers running the IIS. Many users were unaware they had the ISS program
      operating on their computer, thus were infected by the Code Red worm.

   Another way of classifying viruses involves the seriousness of damage incurred by
other computers. Viruses may be organized into two categories: [Refer to OH-4]

   A. Benign Viruses.
       Benign viruses do little harm to computers, perhaps only displaying a
        message whenever an infected file is found.
       These viruses are not serious and rarely cause permanent damage.
        o The Parity Boot virus is an example of a benign virus. The only effect of
           this virus is a visually displayed message “PARITY CHECK” whenever the
           computer is shut down.

   B. Malignant Viruses.
       Malignant viruses can cause a great deal of damage, from deleting files to
        making systems unusable.
       These viruses are serious and can cause damage that may or may not be
        o The CIH virus is an example of a malignant virus, activating on the 26th of
            each month and overwriting most of the data on an infected hard drive. In
            addition, the virus attempts to overwrite the computer’s “Flash BIOS,” the
            small piece of software in the computer’s motherboard that tells it how to
            boot. If this is successful, the computer will no longer boot.

3. Common Ways Viruses Spread [Refer to OH-5]

   A. Email attachments. A virus can spread quickly by email, either by people
      sending files to others or by viruses attaching themselves to emails without the
      sender’s knowledge. Some recent viruses/worms automatically attempt to send
      themselves to every address in the user’s email address book.

   B. Shared files. Trojan viruses are often passed around between users via shared
      documents and files.

   C. Floppy disks. Floppy disks can become infected if an infected computer
      accesses them. Hard drives may become infected if the computer is booted with
      an infected disk in the drive. This is how Boot sector-infectors are usually

   D. Infected documents and infected word processors. A document infected with a
      macro virus can infect the word processor opening the document. Any future
      documents opened with that word processor will also be infected, thus
      perpetuating the virus.

   On the other hand, as a rule, viruses written for one operating system will not run on
other operating systems. For example, a virus that targets Windows systems will not do
anything on a Macintosh system.

4. Simple Example: Spreading a Virus

[Note: This example can be accomplished as a group activity using volunteers for each
part. Instructions are included in this section. Educators may elect to use the Virus
PowerPoint presentation or Overheads OH-6 & OH-7 as alternatives.]

Characters: Jake, Aaron, Becky, Chad, Danielle, Eric, and Narrator

   Request six volunteers from the class, and distribute the six character cards among
    the volunteers. Clip or rubber band six of the “Virus” cards together in one bundle,
    and two more "Virus" cards together in a second bundle; the rest remain separate.
    As the Narrator reads the story, volunteers will play the role of the person whose
    name is on their card. Begin by giving all of the “Virus” cards to “Jake.”

[Narrator:] Jake finds a neat game on the Internet. The game is infected with a virus,
but has disguised itself. The virus does not do anything obvious right away, so Jake is
not aware it exists. He sends the game to five friends (Aaron, Becky, Chad, Danielle,
and Eric) as an attachment to an email. [Jake hands one “Virus” card to Aaron, Chad,
and Danielle; the 6-bundle to Becky; the 2-bundle to Eric; and holds up the remaining

[Narrator:] Aaron receives Jake’s email. He is not expecting an attachment, so he
emails Jake back asking what the file is and where he got it. Since Jake is not
comfortable running a program from a random Internet site, he deletes the file. [Aaron
tears up his “Virus” card.]

[Narrator:] Becky runs the program. She also thinks it is neat, and sends the program
by email to five more friends. [Becky gives one “Virus” card each to five students in the
audience, and holds up her remaining “Virus” card.]

[Narrator:] Chad receives the email and tries to run the program. Since Chad has an
iMac, and the program is a Windows program, it will not run. [Chad puts the card in his
pocket or on the desk.]

[Narrator:] Danielle tries to run the program, but her virus checker detects a virus in the
program and stops it from running. [Danielle puts the card in her pocket or on the desk]

[Narrator:] Eric runs the program and deems it fun, so he copies it to a floppy disk and
takes it to class. The disk is passed to a friend who does not have email. [Eric gives
one “Virus” card to someone in the audience, and holds up the remaining one.]

    Many people have received a copy of the program that may or may not be infected
with a virus. Based upon the story, determine which people might be infected with the
virus. [Allow students a minute or two to process, calling on individuals for answers.
Answer: Jake, Becky, possibly Becky’s five friends, Eric, possibly Eric’s friend]

5. Small Group Activity: How to Prevent Viruses

[Note: Learners will be involved in a Turn To Your Partner (TTYP) activity. For further
clarification of this strategy, refer to the Teaching Philosophy manual. If you feel
confident with this strategy, continue with step A.]

   A. Divide learners into groups of 2-4, depending on number of learners.

   B. Instruct learners to think of ways in which they could prevent a computer from
      becoming infected with a virus. Allow a few minutes for this activity.

   C. Call on groups to share solutions with the entire class. Using OH-8 titled "Ways
      to Prevent Viruses", compare group responses to possible solutions.

 Ways to Prevent Viruses [Refer to OH-8 & OH-9]

      Install a virus scanner
       o Many are available for free
       o You may be able to get one for free from your school/company
       o Program it to run automatically; some can scan whenever a file is accessed
      Keep it updated, or have it update automatically
      Some examples of virus scanners: (in no particular order)
       o VirusScan
       o Antivirus
       o F-Prot
       o InnoculateIT
      Do not open email attachments you are not expecting, even if they come from
       someone you know
      If you download a file from the internet, scan it with a virus scanner before
       opening it
      If you use Microsoft Word or Excel, disable macros
      Keep your operating system and programs up-to-date
      Do not run random programs you find on the internet
      Turn off scripting in your web browser
      Disable auto-run features in email programs

6. The best approach to avoiding viruses is to be proactive, trying to avoid viruses from
   reaching your computer system. Unfortunately, this does not always happen.
   Viruses can be disguised, and even computer savvy individuals cannot always avoid
   a virus. It is essential to know what might be indicators of a virus attacking or
   residing on your system. [Refer to OH-10, "How Do I Know if I Have a Virus?"]

How Do I Know if I Have a Virus? [Refer to OH-10]

Some typical symptoms that may indicate a virus infection are:

      Virus checker pops up a warning that it has detected a virus
      Strange messages appear on the screen
      Computer crashes frequently, or starts crashing more often
      Strange files you do not recognize start appearing
      Files start getting bigger for no reason. This may appear as disk space shrinking
       without reason
      Programs stop working as expected

7. You recognize some of the symptoms occurring with your computer, but have
   not connected the unusual quirks with having a virus. Is it possible you have a
   virus? If so, what do you do about it? [Refer to OH-11, "I Think I Have a Virus. Now

I Think I Have a Virus. Now What? [Refer to OH-11]

      Don’t panic!
      Stop using the computer
      If any strange messages or warnings from your antivirus program have
       appeared, write them down
      Do not reboot. The changes might not be permanent yet
      Do not run programs or open files
      If you have a virus scanner, run it. It may be able to get rid of the virus if there is
      If you believe you have a virus and the scanner can not remove the virus, does
       not detect one, or if you do not have a virus scanner, contact your
       school/company tech support
      Search the web for “anti virus help”

   Remember, not all “strange” computer behavior is caused by viruses. It is always a
good idea to have someone check it out, especially if your virus scanner does not detect

8. How Do I Tell if a Virus Warning is Real or a Hoax? [Refer to OH-12, only
   uncovering the email portion.]

    You receive the following email:

               DO NOT OPEN ANY EMAIL TITLED "A GREAT IDEA". This virus will
       erase your hard drive, disable your mouse, and demagnetize your sound card
       and speakers. It can lie dormant in your BIOS set-up, only to re-appear after you
       have had to reformat your hard drive. According to antivirus webpages, no
       antivirus programs have been able to remove the virus, so please forward this
       letter out to as many people as you can. This is a VERY DANGEROUS virus!

    This email sounds very genuine, and can cause great concern and panic for
computer users. The message is forwarded to several people, who in turn also forward
to other people. Soon, you read about this virus warning in the newspaper. Panic is
evident. This really must be a bad virus! Or is it? Could this possibly be true, or could
it be a hoax?

    Hoaxes are very common, but by using common sense and reading carefully, you
can often spot them. [Using OH-12, uncover the following questions relative to
distinguishing between real virus warnings and hoaxes.]

   Real or Hoax? Questions to Consider When Evaluating Virus Warnings [Refer
to OH-12]

    1. Did the warning come from a trusted, knowledgeable source?

    2. Is there a link in the warning to a site where you can find more information?
       Almost all real virus warnings will provide this information.

    3. Can you find the virus named in a warning listed on an antivirus company
       homepage? On a hoax listing page?

    4. Does the warning make sense?

   Use the example email "A GREAT IDEA" for further discussion. As part of
    classroom discussion, modify the example email by including information that would
    illustrate the example as a real virus warning (i.e. state source, webpage link,
    change possible damage mentioned to plausible damage, etc.


    Viruses are becoming increasingly common. We have discussed several types of
viruses, some being more dangerous than others. By exercising a few precautions,
they can be relatively simple to prevent. Despite these practical prevention tactics
acquired in the group activity, viruses can still be found on computers. Knowing what a
virus may or may not look like or do to your computer is valuable. If a computer is
determined to have a virus, following several guidelines suggested in this module might
serve to eradicate the virus. In addition, the section focusing on real and hoax viruses
should prove worthy the next time a virus warning captures your attention.

Assessment Options

      Several assessment options have been provided. Educators have the
opportunity to select the option or options that correlate to their individual assessment


   1. Towards the end of class, learners will be given an informal assessment.
      Learners will be asked to do a One Minute Paper, responding to the questions,
      "What is the most important thing you learned today?" and "What do you still
      have questions about from today's class?"


   2. Identify three main types of viruses and two programs that are like viruses.

       Answer 2: File infector, boot-sector infector, and macro (main viruses) and
       Trojan horses and worms (programs like viruses)

   3. Describe two ways that viruses spread.

       Answer 3: See related overhead, OH-5, for possible answers

   4. Which of the following is not a strategy for virus prevention?
      a) Setting your virus scanner to update and scan automatically
      b) Enabling auto-run or scripting features in email programs
      c) Deleting unexpected email attachments
      d) Disabling macros

       Answer 4: Auto-run and scripting features should be disabled.

5. You suspect your computer might have a virus. Besides not sharing files, explain
   what you should do.

   Answer 5: See related overhead, OH-11, for possible answers

6. Name two clues that might tip you off that a virus warning is a hoax.

   Answer 6: See related overhead, OH-12, for typical answers


The following sources were used in the development of this lesson, or are considered
worthy sources for supplementary information about computer viruses.

F-Secure Virus Info Center

ICSA Labs Antivirus Resources, a site that includes a list of certified antivirus software
( AntiVirus:

Stiller Research Virus Hoax News:

Symantec AntiVirus Research Center:

The Wildlist Organization International, site listing common viruses known to be
currently infecting systems

Additional Notes:
  1. Addresses are valid as of January 2002.
  2. Inclusion in this list does not indicate endorsement of any particular product or


To top