Study of Computer Virus Transmission

Home , Conficker, Staog

© 2019 IJRAR February 2019, Volume 6, Issue 1 www.ijrar.org (E-ISSN 2348-1269, P- ISSN 2349-5138) STUDY OF COMPUTER VIRUS TRANSMISSION 1Roshan Kumar, 2Smita Dey 1Research Scholar, 2Associte Professor 1,2University Department of Mathematics, 1,2Ranchi University, Ranchi, Jharkhand, India

Abstract: In process of digitalization all of us addicted to use of computer devices. In this situation the computer virus is no longer potential but real and risky. So in this paper we discussed about how researchers giving more interest in computer virus compare to Trojan and Worm. Also discussed virus control analysis through mail network, virtual and wireless local area network. Proposed the mathematical model for computer virus transmission through Kermack and Mckendrick classical Susceptible-Infected-Susceptible (SIS), Susceptible-Infected-Recovered (SIR) and Susceptible-Exposed-Infected-Recovered (SEIR).

Keywords - Susceptible, Infected, Recovered, virtual local area network, wireless local area network, computer virus.

I. INTRODUCTION Increase in population and digitalization have increased the interest in computer virus. A virus is a computer program created to infect other programs with copies of itself. It has the ability to clone itself, so that it can multiply, constantly seeking new host environments (McAfee et al, 1989). Since a virus’ goal is to get executed by the computer, it must attach itself to a COM, EXE or SYS file. (Ludwig , 1996).Mathematical models have been important tools in analyzing the transmission of virus (Roshan and Smita, 2017). Network analysis is powerful because of its breadth. By abstracting away the details of a problem and mapping it onto a network, we can describe the important topological features with a clarity that would be impossible were all the details retained (Newman et al, 2011). The computer virus impacted financial loss. The most damaging virus/worm is ‘MyDoom’ which caused $38 billion in damages by slowing global Internet access by 10% in 2004, ‘Sasser’ which brought down Delta Airlines and crashed millions of PCs to cause more than $18 billion in damages in 2008, ‘ILOVEYOU’ which ended up shutting down the US government’s email servers and causing $15 billion in damages in 2000 (WebFX, 2014). In modern life, human intervention plays a significant role in preventing the breakout of computer viruses (Yang et al, 2012). The rest of the paper is organized as follows. Malicious objects details in section II , analysis of malicious objects research work from different research journals in section III , discussed the computer virus problems in section IV , comparison of computer virus Vs biological virus in section V, computer virus control methods in section VI , analysis of SIS and SIR model in section VII , timeline of computer virus in section VIII and Finally, this paper is summarized by a conclusion.

II. MALICIOUS OBJECTS Malicious object is a program/code that damage computer systems. There are different kinds of malicious objects such as: Virus, Worm, and Trojan horse. Which differ according to the way they attack computer systems and the malicious actions they perform. Its details are mentioned below (Norton secured, 2019). Virus: A computer virus attaches itself to a program or file so it can spread from one computer to another, leaving infections as it travels. Much like human viruses, computer viruses can range in severity: Some viruses cause only mildly annoying effects while others can damage your hardware, software or files. Almost all viruses are attached to an executable file, which means the virus may exist on your computer but it cannot infect your computer unless you run or open the malicious program. It is important to note that a virus cannot be spread without a human action, (such as running an infected program) to keep it going. People continue the spread of a computer virus, mostly unknowingly, by sharing infecting files or sending e-mails with viruses as attachments in the e-mail. Worm: A worm is similar to a virus by its design, and is considered to be a sub-class of a virus. Worms spread from computer to computer, but unlike a virus, it has the capability to travel without any help from a person. A worm takes advantage of file or information transport features on your system, which allows it to travel unaided. The biggest danger with a worm is its capability to replicate itself on your system, so rather than your computer sending out a single worm, it could send out hundreds or thousands of copies of itself, creating a huge devastating effect. One example would be for a worm to send a copy of itself to everyone listed in your e-mail address book. Then, the worm replicates and sends itself out to everyone listed in each of the receiver's address book, and the manifest continues on down the line. Due to the copying nature of a worm and its capability to travel across networks the end result in most cases is that the worm consumes too much system memory (or network bandwidth), causing Web servers, network servers and individual computers to stop responding. In more recent worm attacks such as the much-talked-about .Blaster Worm., the worm has been designed to tunnel into your system and allow malicious users to control your computer remotely. Trojan horse: A Trojan horse is not a virus. It is a destructive program that looks as a genuine application. Unlike viruses, Trojan horses do not replicate themselves but they can be just as destructive. Trojans also open a backdoor entry to your computer which gives malicious users/programs access to your system, allowing confidential and personal information to be theft.

III. STUDY OF MALICIOUS OBJECTS FROM DIFFERENT RESEARCH JOURNALS On searching the text ‘Computer virus’, ‘Computer worm’ and ‘Computer Trojan’ from Elsevier, IEEE, Wiley and Springer research journals sites then found that 56% researcher are doing research on ‘Computer virus’, 26% on ‘Computer worm’ and 18% on ‘Computer Trojan’ [Figure-1]. So in this paper we focused on the study of ‘Computer virus’.

IJRAR19J2801 International Journal of Research and Analytical Reviews (IJRAR) www.ijrar.org 542

Figure -1: Analysis of ‘Computer virus’, ‘Computer worm’ and ‘Computer Trojan’ text from research journals.

IV. COMPUTER VIRUS VS BIOLOGICAL VIRUS The computer virus differs from biological virus on the basis of nature of occurrence, affect and its treatment (Karsten, 1994). However they share many similar characteristics, as demonstrated in the below Table-1.

Table -1: Similar characteristics of computer virus and biological virus Computer Virus Biological Virus Viruses require infected files to spread them Viruses require infected cells to spread them Viruses attack/infect specific file types Viruses attack/infect specific cell types Viruses modify the victim's data in some way to make Viruses modify the victim's genetic material in some way to make reproduction possible reproduction possible Virus code is executed before passing control to the host Viruses take all or most of the control of their host cell Most viruses will not infect files already infected by their Most viruses will not infect cells already infected by their own own strain strain Symptoms may not appear, or may be delayed from the time Symptoms may not appear, or may be delayed from the time of of initial infection initial infection Viruses often contain mutating code, or other "safeguards", Viruses often mutate, making detection and disinfection difficult making detection and disinfection difficult Files can be protected against particular viruses Cells can be vaccinated against particular viruses

V. COMPUTER VIRUS PROBLEMS The computer system gets infected due to different reasons such as installing free applications, sharing files, accessing their system through network connections, sending and receiving e-mail messages. There are common problems occur due to the virus attacks which means that the system is infected. The following are some primary indicators that a computer may be infected with a virus: . Computer system freezes, stops responding or keeps on rebooting. . An entire disk drive is erased or became inaccessible. . A partition of the hard drive disappears. . Unexplained pop-up messages appear on the screen as shown in Figure -2.

Figure -2: Unexplained pop-up messages

IJRAR19J2801 International Journal of Research and Analytical Reviews (IJRAR) www.ijrar.org 543

© 2019 IJRAR February 2019, Volume 6, Issue 1 www.ijrar.org (E-ISSN 2348-1269, P- ISSN 2349-5138) VI. COMPUTER VIRUS CONTROL METHODS The Computer virus differs from biological virus on the basis. Here we are going to discuss mail virus, virtual and wireless loan area network virus control methods. VIRTUAL LOCAL AREA NETWORK (VLAN) METHOD: It’s easy to share an Internet connection by purchasing a low-cost router and subscribing a broadband line. As shown in the following Figure-3, all the home computers (PC-A to PC-E), wired or wireless, share one Internet connection through a Router (Edimax, 1999).

Figure -3: PC is not affected by virus

But what if you are a mid-sized enterprise owner and you have 150 employees working with 150 computers. As shown in the following Figure-4, if you connect all the 150 PCs to the router in a single LAN, the network performance will downgrade to an intolerable level, and an even worse scenario is the network will totally crash when one PC is affected with virus or malfunctioned network card.

Figure -4: PC is affected by virus

So the solution is by breaking a large network (150 PCs) into 3 small networks (50 PCs for each). As shown in the Figure-5, three networks are builded (called VLAN2, VLAN3 and VLAN4 respectively. When one PC of the VLAN4 is affected with virus, only the PCs in that VLAN4 may be impacted, leaving all the other PCs in the VLAN2 and VLAN3 intact. Simply put, we separate these 150 PCs into 3 totally different groups (again this is called VLAN, short for Virtual LAN), and when some PCs fall into virus victims and may endanger others, this damage is contained in that particular VLAN.

Figure -5: VLAN approach for affected PC by virus

VLANs do not necessarily improve performance in and of themselves, but I would say they ensure performance. A quick example is if some workstation gets a virus/worm/malware that affects the subnet. At least with VLANs you may prevent that from spreading to your servers. Another example could be a NIC failure or network loop that disrupts the VLAN, but only one VLAN rather than the entire network (Santiagoberreta, 2019). In order to minimize/prevent the VLAN from computer virus infection we need to practice below steps (Brian, 2014 ). 1. Subscribe to a good anti-virus protection program and keep it up to date. Some good ones include MacAfee, Norton, Kaspersky. Keep your anti-virus software up to date. Run regularly scheduled scans with your anti-virus software. 2. Back up your files. 3. Think before you click the websites that provide pirated material. Avoid such suspicious websites.

IJRAR19J2801 International Journal of Research and Analytical Reviews (IJRAR) www.ijrar.org 544

© 2019 IJRAR February 2019, Volume 6, Issue 1 www.ijrar.org (E-ISSN 2348-1269, P- ISSN 2349-5138) WIRELESS LOCAL AREA NETWORK (WLAN) METHOD: Wireless networks are naturally less secure than wired networks. Any wireless device can attempt to connect to a WLAN, so it is important to limit access to the network if security is a concern. This is typically done using wireless authentication such as WEP or WPA, which encrypts the communication. Additionally, wireless networks are more susceptible to interference from other signals or physical barriers, such as concrete walls. Since LANs offer the highest performance and security, they are still used for many corporate and government networks [Figure-6].

Figure -6: Devices connected through WLAN

Security controls for WLAN are grouped into three categories: Management, Technical, and Operational controls. Management controls are security controls that focus on management of risk and information system security (Noor Aida Idris, 2010). The management needs to understand the objectives, benefits, threats and vulnerabilities, as well as risks, before deciding on the deployment of a wireless LAN in an organisation. Once the decision is made, the management shall identify strategies and security controls to prevent any compromise to the wireless LAN. However, the management controls cannot work independently; it should and usually is complemented by two other aspects: technical and operational. Technical controls are security controls which are primarily implemented and executed through mechanisms contained in computing related equipments (hardware, software, or firmware components of the system) . They involve the use of countermeasures or safeguards which are already incorporated into computing related equipments or wireless devices. Operational controls are security controls which are primarily implemented and executed by people (as opposed to systems) . They involve providing security awareness and training to employees, and securing the physical premise which houses the wireless LAN facilities and/or devices. These controls need to be implemented by organizations continuously throughout the year to ensure wireless network risks can be identified and mitigated effectively to reduce their impact to organizations. These three security controls, Management, Technical, and Operational are to be used together not just to mitigate security risks in wireless LANs, but also to ensure the preservation of confidentiality, availability and integrity of transactions, and data transmitted via wireless LANs.

MAIL VIRUS (퐌퐯) METHOD: An e-mail virus travels as an attachment to e-mail messages, and usually replicates itself by automatically mailing itself to dozens of people in the victim's e-mail address book. Some e-mail viruses don't even require a double-click, they launch when you view the infected message in the preview pane of your e-mail software. Example: ILOVEYOU virus. The virus called “I LOVE YOU” caused over $15 billion loss in productivity as it crippled e-mail systems worldwide (WebFX, 2014). The chance of contracting one of these computer viruses over the internet has increased dramatically (Yusuf et al, 2017). Some viruses are relatively harmless to individuals. They just attach themselves to outgoing massages or email themselves to all the contacts that are listed in your address book. As a result, the sudden flood of e-mail overwhelmed mail servers causing the system to crash. In a technical report (Towsley et al, 2005) describe a model of e-mail worm propagation. The authors model the Internet e-mail service as an undirected graph of relationship between people (i.e. if user A has user B’s e-mail address in his address book, B has probably A’s address in her contacts also). Email viruses install themselves as startup services on the system, and spread themselves at each opportunity spread rate of viruses gets higher as the variability of users’ e-mail checking times increases.

VII. ANALYSIS OF SIS AND SIR MODEL We can perform the comparative analysis of SIS and SIR model through memory function of virus. In SIS model there is no memory function (fm=0) of virus, so it has certain ability to control and prevention. The applied network type is VLAN and WLAN. On the other hand in SIR model have memory function (fm>0) virus, so it has strong ability to control and prevent the propagation of virus [Figure-7]. The applied network type are VLAN, WLAN and Mv.

IJRAR19J2801 International Journal of Research and Analytical Reviews (IJRAR) www.ijrar.org 545

Figure -7: Memory function of virus in SIS and SIR model

SIS The SIS (susceptible-infected-susceptible)disease model can be regarded as one of the simplest virus infection models, in which nodes in a network is either in two states: “healthy, but susceptible to infection” or “infected by the virus and, thus, infectious to neighbors” (Daley, 1999 ). Each individual oscillates between the Susceptible (S) state and the Infectious (I) state. The susceptible individual becomes infectious at a rate β if it is connected to one or more neighbors. The infectious individual becomes susceptible at a rate γ, independent of its neighbors. Here at specific time, N represent the total number of network nodes.

Figure -8: Schematic diagram for the flow of virus in SIS model

푆′(푡) = −훽푆퐼 + 훾퐼 퐼′(푡) = 훽푆퐼 − 훾퐼 푆(0) = 푁 − 퐼0 , 퐼(0) = 퐼0

SIR SIR (susceptible-infected-recovery) is the extension of SIS model, here R is the number of node recovered/immune from virus.

Figure -9: Schematic diagram for the flow of virus in SIR model

푆′(푡) = −훽푆퐼 퐼′(푡) = 훽푆퐼 − 훾퐼 푅′(푡) = 훾퐼 푆(0) = 푁 − 퐼0 , 퐼(0) = 퐼0 , 푅(0) = 0

SEIR SEIR (Susceptible–Exposed–Infected–Recovered) model that assumes, with a given mathematical probability, a permanent immunization period related to the recovered hosts, which simply bears no relation to reality (P. Yan and S. Liu, 2006). In this

IJRAR19J2801 International Journal of Research and Analytical Reviews (IJRAR) www.ijrar.org 546

© 2019 IJRAR February 2019, Volume 6, Issue 1 www.ijrar.org (E-ISSN 2348-1269, P- ISSN 2349-5138) model the β and γ is same as earlier but here α and µ are new symbols. Here α represent the probability of transmission from exposed to infect and µ represent the probability of transmission from infected to suspected.

Figure -10: Schematic diagram for the flow of virus in SEIS model

푆′(푡) = −훽푆퐼 + 휇퐼 퐸′(푡) = 훽푆퐼 − 훼퐸 퐼′(푡) = 훼퐸 − (휇 + 훾)퐼 푅′(푡) = 훾퐼 푆(0) = 푁 − 퐼0 , 퐸(0) = 0, 퐼(0) = 퐼0 , 푅(0) = 0

VIII. TIME LINE OF COMPUTER VIRUSES (1949 – TO DATE)

The following is a timeline of many of the significant viruses discovered publicly from 1949 to date (Bert, 2018). Not every virus is listed below, but many of the major outbreaks or changes in virus infection techniques are highlighted.

1949 Theories for self-replicating programs are first developed. 1981 Apple Viruses 1, 2, and 3 are some of the first viruses “in the wild,“ or in the public domain. Found on the Apple II operating system, the viruses spread through Texas A&M via pirated computer games. 1983 Fred Cohen, while working on his dissertation, formally defines a computer virus as “a computer program that can affect other computer programs by modifying them in such a way as to include a (possibly evolved) copy of itself.“ 1986 Two programmers named Basit and Amjad replace the executable code in the boot sector of a floppy disk with their own code designed to infect each 360kb floppy accessed on any drive. Infected floppies had “Brain” for a volume label. 1987 The Lehigh virus, one of the first file viruses, infects command.com files. 1988 One of the most common viruses, Jerusalem, is unleashed. Activated every Friday the 13th, the virus affects both .exe and .com files and deletes any programs run on that day.MacMag and the Scores virus cause the first major Macintosh outbreaks. 1990 Symantec launches Norton AntiVirus, one of the first antivirus programs developed by a large company. 1991 Tequila is the first widespread polymorphic virus found in the wild. Polymorphic viruses make detection difficult for virus scanners by changing their appearance with each new infection. 1992 1300 viruses are in existence, an increase of 420% from December of 1990. The Dark Avenger Mutation Engine (DAME) is created. It is a toolkit that turns ordinary viruses into polymorphic viruses. The Virus Creation Laboratory (VCL) is also made available. It is the first actual virus creation kit. 1994 Good Times email hoax tears through the computer community. The hoax warns of a malicious virus that will erase an entire hard drive just by opening an email with the subject line “Good Times.“ Though disproved, the hoax resurfaces every six to twelve months. 1995 Word Concept becomes one of the most prevalent viruses in the mid-1990s. It is spread through Microsoft Word documents. 1996 Baza, Laroux (a macro virus), and Staog viruses are the first to infect Windows95 files, Excel, and Linux respectively. 1998 Currently harmless and yet to be found in the wild, StrangeBrew is the first virus to infect Java files. The virus modifies CLASS files to contain a copy of itself within the middle of the file's code and to begin execution from the virus section. The Chernobyl virus spreads quickly via .exe files. As the notoriety attached to its name would suggest, the virus is quite destructive, attacking not only files but also a certain chip within infected computers. Two California teenagers infiltrate and take control of more than 500 military, government, and private sector computer systems. 1999 The Melissa virus, W97M/Melissa, executes a macro in a document attached to an email, which forwards the document to 50 people in the user's Outlook address book. The virus also infects other Word documents and subsequently mails them out as attachments. Melissa spread faster than any previous virus, infecting an estimated 1 million PCs. Bubble Boy is the first worm that does not depend on the recipient opening an attachment in order for infection to occur. As soon as the user opens the email, Bubble Boy sets to work. Tristate is the first multi-program macro virus; it infects Word, Excel, and PowerPoint files. 2000 The Love Bug, also known as the ILOVEYOU virus, sends itself out via Outlook, much like Melissa. The virus comes as a VBS attachment and deletes files, including MP3, MP2, and .JPG. It also sends usernames and passwords to the virus's author. W97M.Resume.A, a new variation of the Melissa virus, is determined to be in the wild. The “resume“ virus acts much like Melissa, using a Word macro to infect Outlook and spread itself. IJRAR19J2801 International Journal of Research and Analytical Reviews (IJRAR) www.ijrar.org 547

© 2019 IJRAR February 2019, Volume 6, Issue 1 www.ijrar.org (E-ISSN 2348-1269, P- ISSN 2349-5138) The “Stages“ virus, disguised as a joke email about the stages of life, spreads across the Internet. Unlike most previous viruses, Stages is hidden in an attachment with a false “.txt“ extension, making it easier to lure recipients into opening it. Until now, it has generally been safe to assume that text files are safe. “Distributed denial-of-service“ attacks by hackers knock Yahoo, eBay, Amazon, and other high profile web sites offline for several hours. 2001 Shortly after the September 11th attacks, the Nimda virus infects hundreds of thousands of computers in the world. The virus is one of the most sophisticated to date with as many as five different methods of replicating and infecting systems. The “Anna Kournikova“ virus, which mails itself to persons listed in the victim's Microsoft Outlook address book, worries analysts who believe the relatively harmless virus was written with a “tool kit“ that would allow even the most inexperienced programmers to create viruses. Worms increase in prevalence with Sircam, CodeRed, and BadTrans creating the most problems. Sircam spreads personal documents over the Internet through email. CodeRed attacks vulnerable webpages, and was expected to eventually reroute its attack to the White House homepage. It infected approximately 359,000 hosts in the first twelve hours. BadTrans is designed to capture passwords and credit card information. 2002 Author of the Melissa virus, David L. Smith, is sentenced to 20 months in federal prison. The LFM-926 virus appears in early January, displaying the message “Loading.Flash.Movie“ as it infects Shockwave Flash (.swf) files. Celebrity named viruses continue with the “Shakira,“ “Britney Spears,“ and “Jennifer Lopez“ viruses emerging. The Klez worm, an example of the increasing trend of worms that spread through email, overwrites files (its payload fills files with zeroes), creates hidden copies of the originals, and attempts to disable common anti-virus products. The Bugbear worm also makes it first appearance in September. It is a complex worm with many methods of infecting systems. 2003 In January the relatively benign “Slammer“ (Sapphire) worm becomes the fastest spreading worm to date, infecting 75,000 computers in approximately ten minutes, doubling its numbers every 8.5 seconds in its first minute of infection. The Sobig worm becomes one of the first to join the spam community. Infected computer systems have the potential to become spam relay points and spamming techniques are used to mass-mail copies of the worm to potential victims. 2004 In January a computer worm, called MyDoom or Novarg, spreads through emails and file-sharing software faster than any previous virus or worm. MyDoom entices email recipients to open an attachment that allows hackers to access the hard drive of the infected computer. The intended goal is a “denial of service attack“ on the SCO Group, a company that is suing various groups for using an open-source version of its Unix programming language. SCO offers a $250,000 reward to anyone giving information that leads to the arrest and conviction of the people who wrote the worm. An estimated one million computers running Windows are affected by the fast-spreading Sasser computer worm in May. Victims include businesses, such as British Airways, banks, and government offices, including Britain's Coast Guard. The worm does not cause irreparable harm to computers or data, but it does slow computers and cause some to quit or reboot without explanation. The Sasser worm is different than other viruses in that users do not have to open a file attachment to be affected by it. Instead, the worm seeks out computers with a security flaw and then sabotages them. An 18-year-old German high school student confessed to creating the worm. He's suspected of releasing another version of the virus. 2005 March saw the world's first cell phone virus: Commwarrior-A. The virus probably originated in Russia, and it spread via text message. In the final analysis, Commwarrior-A only infected 60 phones, but it raised the specter of many more- and more effective-cell phone viruses. 2008 First discovered in November, the Conficker virus is thought to be the largest computer worm since Slammer of 2003. It's estimated that the worm infected somewhere between nine and 15 million server systems worldwide, including servers in the French Navy, the UK Ministry of Defense, the Norwegian Police, and other large government organizations. Since its discovery, at least five variants of the virus have been released. Authorities think that the authors of Conficker may be releasing these variants to keep up with efforts to kill the virus. 2010 Discovered in June, Stuxnet is a computer worm targeting Siemens industrial software through Microsoft Windows. It is the first worm that corrupts industrial equipment. Stuxnet is also the first worm to include a PCL (programmable logic controller), software designed to hide its existence and progress. In August, security software company Symantec states that 60% of the computers infected with Stuxnet are in Iran. In November, Siemens announces that the worm has not caused any damage to customers. However, the Iran nuclear program is damaged by Stuxnet. Iran uses embargoed Siemens equipment for its nuclear program. A Russian computer company, Kaspersky Lab concludes that Stuxnet is the kind of sophisticated attack that could only be conducted with the full support of a nation. 2012 Flame, a malware that attacks computers using Microsoft Windows, is discovered. A report, released on May 28 by Budapest University's CrySyS Lab, states that "arguably, it is the most complex malware ever found." Flame is capable of recording Skype conversations, audio, keyboard activity, network traffic and screenshots. It is spread over a local network or USB stick. Flame also has a kill command, wiping out all traces of it from the computer. On June 1, an article in The New York Times states that Stuxnet is part an intelligence operation by the U.S. and Israel called "Operation Olympic Games." Started during George W. Bush's presidency, the operation has expanded under President Obama. 2013 In June, the U.S. Justice Department announced that an international, cooperative effort dubbed Operation Tovar succeeded in gaining control of the GameOver Zeus (GOZ) botnet (a linked network of compromised computers), which had emerged in 2011. Up to 1 million Microsoft Windows computers were infected and the malware was mostly used to access banking credentials in order to illegally withdraw funds. The GOZ malware was also used in the first example of "ransomware": Cryptolocker, which encrypts personal files and then demands payment in exchange for a key, or secret code, to unlock the files. According to the FBI, there were more

IJRAR19J2801 International Journal of Research and Analytical Reviews (IJRAR) www.ijrar.org 548

© 2019 IJRAR February 2019, Volume 6, Issue 1 www.ijrar.org (E-ISSN 2348-1269, P- ISSN 2349-5138) than 121,000 victims in the United States and 234,000 victims worldwide, paying approximately $30 million in ransom between Sept. and Dec. 2013. 2014 Backoff: Malware designed to compromise Point-of-Sale (POS) systems to steal credit card data.

2016 Cerber: One of the heavy-hitters in the ransomware sphere. It’s also one of the most prolific crypto-malware threats. At one point, Microsoft found more enterprise PCs infected with Cerber than any other ransomware family. 2017 WannaCry Ransomware: Exploiting a vulnerability first uncovered by the National Security Agency, the WannaCry Ransomware brought major computer systems in Russia, China, the UK, and the US to their knees, locking people out of their data and demanding they pay a ransom or lose everything. The virus affected at least 150 countries, including

hospitals, banks, telecommunications companies, warehouses, and many other industries.

IX. CONCLUSIONS In process of digitalization we need to ensure the network security from computer virus. Due to this computer virus we faced lot of financial loss throughout world. From the study we learn the transmission and control of computer virus. Computer and biological virus having similar characteristics, researcher doing more research on computer virus as compare to worm and Trojan. SIR model have virus memory function but SIS model have no memory function.

REFERENCES [1] McAfee, J. and Haynes, C., “Computer Viruses, Worms, Data Diddlers, Killer Programs, and Other Threats to Your System”, pp. 1, St. Martin's Press, 1989. [2] Mark Ludwig “The little black book of computer virus” page 15, 1996. [3] Roshan Kumar, Smita Dey, “Analysis of SEIR Model of Ebola Virus through Equilibrium Approach” DOI:10.15680/IJIRSET.2017.0606001,2017. [4] Newman, Mark, Albert-Laszlo Barabasi, and Duncan J. Watts, “The structure and dynamics of networks” Princeton University Press, 2011. [5] The real cost of computer virus-https://www.webfx.com/blog/internet/cost-of-computer-viruses-infographic/ [6] C. Gan, X. Yang, W. Liu, Q. Zhu and X. Zhang. “Propagation of computer virus under human intervention: a dynamical model”, Discr. Dyn. Nat. Soc. 2012 ,Article ID 106950, 2012. [7] Security topic-“The Difference Between a Virus, Worm and Trojan Horse” - Norton secured, 2019. [8] Karsten Johansson, ‘COMPUTER VIRUSES: The Technology and Evolution of an Artificial Life Form’, 1994. [9] Wireless development case study-http://www.edimax.com/images/Image/FAQ/General-Q/Edimax-VLAN&Wireless- Deployment-Case-Study.pdf [10] Santiagoberreta, “General networking- VLAN or not VLAN”,2019. [11] Brian Benton, “10 Tips on How to Prevent Malware From Infecting Your Computer—and Your Livelihood”, 2014. [12] Noor Aida Idris, Mohamad Nizam Kassim, “Wireless Local Area Network (LAN) Security Guideline”, CyberSecurity Malaysia, 2010. [13] Yusuf , Onotehinwa and Okon , “Productivity Of Business Enterprises: Effect Of Computer Virus Infection On Files”, Ijcsmc, Page-184, 2017. [14] Zou, C.C., Towsley, D., Gong, W., “Email virus propagation modeling and analysis. Technical Report TR-CSE-03-04”, 2005. [15] Daley DJ, Gani J, “Epidemic modelling: an introduction”, Cambridge University Press, Cambridge, 1999 . [16] P. Yan and S. Liu. “SEIR epidemic model with delay. J. Aust. Math. Soc. Ser. B, 48(1):119– 134”, 2006. [17] Bert Rankin, “A Brief History of Malware — Its Evolution and Impact”, 2018.

IJRAR19J2801 International Journal of Research and Analytical Reviews (IJRAR) www.ijrar.org 549