Computer Notes | JKSSB / JKPSC / FAA / Junior Assistant
Computer Virus & Antivirus — Complete JKSSB Notes
All Malware Types, Cyber Threats, PYQs & New Pattern MCQs
Virus · Worm · Trojan · Ransomware · Spyware · Rootkit · Keylogger · Antivirus · Firewall · Encryption
📌 Why This Topic is Critical for JKSSB
Computer Security is asked in every JKSSB Computer Awareness section. Questions on virus types, antivirus software, firewall, encryption and cybercrime appear across all posts — Junior Assistant, FAA, Wildlife Inspector, Graduate Level, SI Finance. Expect 3–6 questions per paper. This post covers every concept and all known PYQs.
// Jump to Section
1. What is Malware? — Introduction
Malware (Malicious Software) is any software intentionally designed to cause damage to a computer, server, network or user. The term was coined by Yisrael Radai in 1990.
🦠 Infectors
Self-replicate and attach to or infect other programs/files
→ Virus, Worm, Boot Sector Virus
🎭 Deceptive
Disguise themselves as legitimate software
→ Trojan Horse, Rootkit, Backdoor
👁️ Surveillance
Monitor/steal user data and activity
→ Spyware, Keylogger, Adware
💰 Extortion
Lock/encrypt data and demand payment
→ Ransomware, Scareware
History of Computer Viruses — Exam Timeline
| Year | Virus/Malware | Significance |
|---|---|---|
| 1971 | Creeper | First self-replicating program — displayed 'I'm the creeper, catch me if you can!' |
| 1982 | Elk Cloner | First virus to spread via floppy disk — affected Apple II computers |
| 1986 | Brain | First IBM PC virus — created by Pakistani brothers Basit and Amjad Farooq Alvi |
| 1988 | Morris Worm | First internet worm — caused major disruption to ARPANET. Created by Robert Morris. |
| 1999 | Melissa Virus | Email macro virus — sent infected Word docs to first 50 Outlook contacts |
| 2000 | ILOVEYOU / Love Bug | Email worm — billions in damage. Sent from Philippines. Subject: 'ILOVEYOU' |
| 2004 | MyDoom | Fastest-spreading email worm at the time |
| 2010 | Stuxnet | World's first cyber weapon — targeted Iran's nuclear centrifuges. Created by US/Israel. |
| 2017 | WannaCry | Global ransomware attack — encrypted files, demanded Bitcoin. Affected NHS UK, 150+ countries. |
| 2017 | NotPetya | Destructive ransomware — affected Ukraine, spread globally |
🎯 History PYQ Facts:
• First virus = Creeper (1971)
• First IBM PC virus = Brain (1986) — created in Pakistan
• First internet worm = Morris Worm (1988)
• ILOVEYOU = most damaging email virus (2000)
• Stuxnet = first cyber weapon targeting physical infrastructure
• WannaCry (2017) = most famous ransomware attack — demanded Bitcoin
• First virus = Creeper (1971)
• First IBM PC virus = Brain (1986) — created in Pakistan
• First internet worm = Morris Worm (1988)
• ILOVEYOU = most damaging email virus (2000)
• Stuxnet = first cyber weapon targeting physical infrastructure
• WannaCry (2017) = most famous ransomware attack — demanded Bitcoin
2. Computer Virus — In Depth
A computer virus is a malicious program that attaches itself to a legitimate program or file and replicates when that file is executed. Like a biological virus, it needs a host to survive and spread. The term was coined by Fred Cohen in 1983.
Types of Computer Viruses
| Virus Type | Description | Examples |
|---|---|---|
| File Infector Virus | Attaches to executable files (.exe, .com). Activates when infected file is run. Most common type. | CIH (Chernobyl) virus |
| Boot Sector Virus | Infects the Master Boot Record (MBR) — the first sector of a disk. Loads before OS. Hard to detect/remove. | Stone virus, Michelangelo |
| Macro Virus | Infects documents using macro programming (MS Word, Excel). Spreads via email attachments. | Melissa, Concept virus |
| Multipartite Virus | Infects both boot sector AND executable files — spreads through multiple paths. | Invader, Flip virus |
| Polymorphic Virus | Changes its own code each time it replicates — makes signature detection harder. | Storm Worm, Virut |
| Metamorphic Virus | Completely rewrites itself each generation — no consistent signature at all. Hardest to detect. | Zmist, Simile |
| Stealth Virus | Hides its presence from antivirus by intercepting system calls and masking infection. | Brain, Frodo |
| Resident Virus | Installs itself in computer memory (RAM) — stays active even when original program closes. | CMJ, Meve, MrKlunky |
| Non-Resident Virus | Does not install in memory — only active when infected file is opened. | Vienna, Cascade |
| Overwrite Virus | Overwrites original file content with its own code — destroys the host file. | Way, Trj.Reboot |
| Directory Virus | Changes directory paths so OS executes virus instead of original program. | Dir-2 virus |
| Web Scripting Virus | Exploits web browser and website vulnerabilities via JavaScript/HTML code. | JS/Fortnight |
🎯 Most Asked Virus Types in JKSSB:
• Macro Virus = spreads through MS Office documents — most commonly asked
• Boot Sector Virus = infects MBR — loads before OS
• Polymorphic Virus = changes signature to evade antivirus
• File Infector = attaches to .exe/.com files
• Stealth Virus = hides from antivirus
• Viruses need a host file to attach to — this differentiates them from Worms
• Macro Virus = spreads through MS Office documents — most commonly asked
• Boot Sector Virus = infects MBR — loads before OS
• Polymorphic Virus = changes signature to evade antivirus
• File Infector = attaches to .exe/.com files
• Stealth Virus = hides from antivirus
• Viruses need a host file to attach to — this differentiates them from Worms
3. All Malware Types — Complete Cards
4. All Malware Types — Master Comparison Table
| Malware Type | Key Characteristic | Self-Replicates? | Spreads Automatically? | Primary Damage |
|---|---|---|---|---|
| Virus | Needs host file to attach to. Self-replicates when host executes. User action needed to spread. | ✅ Yes (needs host) | ❌ No (needs user) | Corrupts/deletes files, slows system |
| Worm | Standalone — no host needed. Spreads automatically through networks. Fastest spreader. | ✅ Yes (standalone) | ✅ Yes (automatic) | Consumes bandwidth, crashes networks, delivers payloads |
| Trojan | Disguised as legitimate software. Does NOT self-replicate. Needs user to install. | ❌ No | ❌ No (user installs) | Backdoor access, data theft, downloads more malware |
| Ransomware | Encrypts files and demands ransom. Most financially damaging type. | Sometimes | Varies | Complete data loss, financial ransom, business disruption |
| Spyware | Silently monitors user — sends data to attacker. Does NOT damage files. | ❌ No | ❌ No | Privacy violation, credential theft, financial fraud |
| Adware | Shows unwanted ads. Mildest form of malware. May track browsing. | ❌ No | ❌ No | Slow browser, intrusive ads, minor privacy invasion |
| Rootkit | Hides in OS kernel — hardest to detect. Provides persistent backdoor. | Sometimes | Varies | Undetectable persistent access, hides other malware |
| Keylogger | Records keystrokes. Can be software or hardware device. | ❌ No | ❌ No | Steals passwords, banking details, private messages |
| Backdoor | Secret entry point bypassing authentication. Often installed by Trojans. | ❌ No | Varies | Persistent remote access by attackers |
| Botnet | Network of infected 'zombie' computers controlled remotely. | ❌ No | Automatic via C&C | DDoS attacks, spam, crypto mining |
| Scareware | Fake virus alerts to trick users into buying fake security software. | ❌ No | ❌ No | Financial fraud, stress, may install real malware |
🎯 JKSSB Key Distinctions:
• Virus needs host → Worm does NOT need host
• Trojan does NOT self-replicate — user must install it
• Ransomware = encrypts files + demands ransom
• Spyware = monitors silently — does NOT damage files
• Rootkit = hardest to detect — hides in OS kernel
• Adware = mildest — shows ads
• Keylogger = records keystrokes = steals passwords
• Virus needs host → Worm does NOT need host
• Trojan does NOT self-replicate — user must install it
• Ransomware = encrypts files + demands ransom
• Spyware = monitors silently — does NOT damage files
• Rootkit = hardest to detect — hides in OS kernel
• Adware = mildest — shows ads
• Keylogger = records keystrokes = steals passwords
5. Antivirus Software — Complete Coverage
An antivirus (AV) program is security software designed to detect, prevent and remove malware from a computer. Also called anti-malware in modern usage.
How Antivirus Works — Detection Methods
| Detection Method | How It Works | Examples |
|---|---|---|
| Signature-Based Detection | Most traditional method. Antivirus maintains a virus definition database (signature database) of known malware patterns. Scans files and compares against known signatures. Advantage: Fast, accurate for known threats Disadvantage: Cannot detect NEW/unknown viruses. Requires regular updates. | Norton, McAfee (traditional scanning) |
| Heuristic Analysis | Analyzes code behaviour and structure to identify suspicious patterns even if the exact virus is not in the database. Looks for virus-like behaviour. Advantage: Can detect new/unknown viruses Disadvantage: False positives — may flag legitimate software | Kaspersky, Bitdefender |
| Behaviour Monitoring (Dynamic Analysis) | Monitors programs while they run in real-time — detects malicious behaviour like registry modifications, file encryption, or unusual network activity. Advantage: Detects zero-day threats Disadvantage: Higher system resource usage | Windows Defender, ESET |
| Sandbox Analysis | Runs suspicious programs in an isolated virtual environment (sandbox) to observe behaviour without risking the real system. Advantage: Very safe — real system not exposed Disadvantage: Slow, some malware detects sandboxes | Enterprise-level AV solutions |
| Cloud-Based Detection | Sends suspicious file hashes/data to cloud servers for analysis. Leverages collective intelligence from millions of users. Advantage: Rapid response to new threats Disadvantage: Requires internet connection | Windows Defender, Google Safe Browsing |
| Machine Learning / AI | Uses AI algorithms trained on millions of malware samples to predict and identify new malware without needing signatures. Advantage: Handles unknown threats well Disadvantage: Complex, resource intensive | Cylance, CrowdStrike Falcon |
Popular Antivirus Software
| Antivirus | Developer | Key Feature |
|---|---|---|
| Windows Defender | Microsoft (Built-in Windows 10/11) | Free, built-in, good for basic protection |
| Norton 360 | NortonLifeLock | Comprehensive — antivirus + VPN + password manager |
| McAfee | McAfee LLC | Enterprise and consumer products |
| Kaspersky | Kaspersky Lab (Russia) | Excellent detection rates — some countries have restricted it |
| Bitdefender | Bitdefender (Romania) | High detection rates, low false positives |
| Avast | Avast Software | Popular free antivirus — large user base |
| AVG | AVG Technologies (owned by Avast) | Free antivirus with good basic protection |
| ESET NOD32 | ESET (Slovakia) | Lightweight, fast — popular in enterprise |
| Quick Heal | Quick Heal Technologies (India) | Popular Indian antivirus brand |
| K7 | K7 Computing (India) | Indian antivirus company |
🎯 Antivirus PYQ Facts:
• Signature-based detection = compares against known virus database — cannot detect new viruses
• Heuristic = detects unknown viruses by suspicious behaviour patterns
• Windows Defender = built into Windows 10 and 11 — no separate install needed
• Quick Heal and K7 are Indian antivirus companies
• Antivirus database must be regularly updated to stay effective
• False positive = antivirus mistakenly flags legitimate file as malware
• Zero-day attack = attack on a vulnerability that has no patch yet
• Signature-based detection = compares against known virus database — cannot detect new viruses
• Heuristic = detects unknown viruses by suspicious behaviour patterns
• Windows Defender = built into Windows 10 and 11 — no separate install needed
• Quick Heal and K7 are Indian antivirus companies
• Antivirus database must be regularly updated to stay effective
• False positive = antivirus mistakenly flags legitimate file as malware
• Zero-day attack = attack on a vulnerability that has no patch yet
6. Firewall — Network Security
A firewall is a network security system that monitors and controls incoming and outgoing network traffic based on pre-defined security rules. It acts as a barrier between a trusted internal network and untrusted external networks (like the Internet).
The term comes from the construction concept of a fire-resistant wall that prevents fire from spreading between sections of a building.
Types of Firewalls
| Firewall Type | How It Works | Examples | Key Note |
|---|---|---|---|
| Packet Filtering Firewall | Examines packets at the network layer — checks source/destination IP address, port numbers, protocol. Simplest type. Does NOT inspect packet content. | Basic routers, early firewalls | Fast but limited inspection |
| Stateful Inspection Firewall | Tracks the state of network connections. Monitors full conversations, not just individual packets. More secure than packet filtering. | Most modern firewalls | Better security, more resource-intensive |
| Application Layer Firewall (Proxy Firewall) | Operates at application layer — understands specific protocols (HTTP, FTP, DNS). Acts as a proxy — all traffic passes through it. Deepest inspection. | Corporate firewalls | Slowest but most thorough |
| Next-Generation Firewall (NGFW) | Combines traditional firewall with IPS (Intrusion Prevention System), deep packet inspection, SSL inspection, and application awareness. | Enterprise security | Most comprehensive — current standard |
| Software Firewall | Installed on individual computers — controls per-application network access. | Windows Firewall, ZoneAlarm | Easy to deploy on endpoints |
| Hardware Firewall | Dedicated physical device protecting entire network. Sits between internet and network. | Cisco ASA, Fortinet, Palo Alto | Protects all devices on network |
🎯 Firewall PYQ Facts:
• Firewall = barrier between trusted (internal) and untrusted (internet) networks
• Packet Filtering = simplest, checks IP/port only
• Stateful = tracks connection state — more secure
• Proxy/Application Firewall = deepest inspection
• Windows Firewall = built into Windows — software firewall
• Firewall does NOT replace antivirus — they serve different purposes
• DMZ (Demilitarised Zone) = network segment between internet and internal network
• Firewall = barrier between trusted (internal) and untrusted (internet) networks
• Packet Filtering = simplest, checks IP/port only
• Stateful = tracks connection state — more secure
• Proxy/Application Firewall = deepest inspection
• Windows Firewall = built into Windows — software firewall
• Firewall does NOT replace antivirus — they serve different purposes
• DMZ (Demilitarised Zone) = network segment between internet and internal network
7. Encryption & Data Security
Encryption is the process of converting readable data (plaintext) into an unreadable format (ciphertext) using an algorithm and a key, so that only authorised parties can read it.
| Term | Definition |
|---|---|
| Plaintext | Original readable data before encryption. e.g., 'Hello' |
| Ciphertext | Encrypted/scrambled unreadable data. e.g., 'X#9mK!' |
| Encryption | Process of converting plaintext → ciphertext using a key + algorithm |
| Decryption | Reverse process — converting ciphertext back to plaintext using a key |
| Key | Secret value used by encryption algorithm — like a password for the encryption |
| Cipher | The algorithm used for encryption. e.g., AES, RSA, DES |
| SSL/TLS | Secure Sockets Layer / Transport Layer Security — encrypts data between browser and web server (HTTPS) |
| HTTPS | HTTP + SSL/TLS = encrypted web browsing. Padlock icon in browser address bar. |
| End-to-End Encryption | Only sender and receiver can read messages — even the service provider cannot. Used in WhatsApp, Signal. |
| Hash Function | One-way function — converts data to fixed-length hash. Cannot be reversed. Used for password storage. e.g., MD5, SHA-256 |
| Digital Signature | Cryptographic method to verify authenticity and integrity of a message/document |
| Certificate Authority (CA) | Trusted organisation that issues digital certificates — validates website identity. e.g., DigiCert, Let's Encrypt |
Symmetric vs Asymmetric Encryption
| Type | Description | Algorithms | Used For |
|---|---|---|---|
| Symmetric Encryption | Uses the SAME key for both encryption and decryption. Faster but key sharing is a problem. | AES (Advanced Encryption Standard) — most widely used. DES (older, weaker). | File encryption, disk encryption (BitLocker) |
| Asymmetric Encryption | Uses a KEY PAIR — Public Key (anyone can use) for encryption, Private Key (only owner has) for decryption. Slower but secure for key exchange. | RSA (most common), ECC (Elliptic Curve) | HTTPS, digital signatures, email encryption |
🎯 Encryption PYQ Facts:
• AES = most common symmetric encryption — used in WPA2 Wi-Fi, file encryption
• RSA = most common asymmetric encryption — used in HTTPS
• HTTPS = HTTP + TLS encryption → padlock icon in browser
• MD5 = hash function (128-bit) | SHA-256 = secure hash (256-bit)
• WhatsApp uses end-to-end encryption
• BitLocker = Windows full disk encryption
• Public key = encrypts | Private key = decrypts (in asymmetric)
• AES = most common symmetric encryption — used in WPA2 Wi-Fi, file encryption
• RSA = most common asymmetric encryption — used in HTTPS
• HTTPS = HTTP + TLS encryption → padlock icon in browser
• MD5 = hash function (128-bit) | SHA-256 = secure hash (256-bit)
• WhatsApp uses end-to-end encryption
• BitLocker = Windows full disk encryption
• Public key = encrypts | Private key = decrypts (in asymmetric)
8. Cyber Threats, Attacks & Cybercrime
| Threat/Attack | Description | Example |
|---|---|---|
| Phishing | Fraudulent emails/websites that impersonate legitimate organisations to steal credentials. 'Phishing' for passwords — like fishing. | Fake bank login emails, fake PayPal/Amazon notifications |
| Spear Phishing | Targeted phishing attack aimed at a specific individual or organisation — personalised to seem more convincing. | CEO fraud, targeted corporate attacks |
| Smishing | Phishing via SMS text messages — contains malicious links or phone numbers. | 'Your bank account has been suspended. Click here.' |
| Vishing | Phishing via Voice calls — attacker pretends to be bank/tech support/government. | Fake Microsoft tech support calls, fake CBI calls |
| Social Engineering | Manipulating people into giving up confidential information — exploits human psychology rather than technical vulnerabilities. | Pretexting, baiting, tailgating, impersonation |
| DDoS Attack | Distributed Denial of Service — floods a website/server with traffic from thousands of machines (botnet) to make it unavailable. | Mirai botnet DDoS (2016) took down Twitter, Netflix |
| Man-in-the-Middle (MitM) | Attacker secretly intercepts communication between two parties — can read/modify data. | Public Wi-Fi attacks, ARP poisoning |
| SQL Injection | Inserting malicious SQL code into input fields to manipulate a database — extract, modify or delete data. | Website login forms, search boxes |
| Cross-Site Scripting (XSS) | Injecting malicious scripts into websites viewed by other users — steals cookies/sessions. | Forum/comment injection attacks |
| Zero-Day Attack | Exploiting a software vulnerability that is unknown to the vendor — no patch exists yet. Most dangerous type. | Stuxnet exploited 4 zero-day vulnerabilities |
| Brute Force Attack | Systematically trying every possible password combination until the correct one is found. | Password cracking tools like Hydra, Hashcat |
| Dictionary Attack | Uses a list of common words/passwords to crack passwords — faster than brute force. | Uses wordlists like 'rockyou.txt' |
| Cyber Stalking | Using internet to harass or stalk a person — online harassment. | IT Act 2000 Section 66A (India) |
| Identity Theft | Stealing personal information to impersonate someone for financial gain. | Using stolen Aadhaar/PAN for loans |
Cybercrime Laws in India
| Law / Section | Description | Punishment |
|---|---|---|
| IT Act 2000 | Information Technology Act 2000 — India's primary cybercrime law. Amended in 2008. | Covers most cybercrimes in India |
| Section 43 | Unauthorised access/damage to computer systems | Civil offence — compensation |
| Section 65 | Tampering with computer source code | Up to 3 years imprisonment |
| Section 66 | Computer-related offences (hacking) | Up to 3 years + fine |
| Section 66A | Sending offensive messages online | Struck down by Supreme Court in 2015 (Shreya Singhal case) |
| Section 66B | Receiving stolen computer resources | Up to 3 years + fine |
| Section 66C | Identity theft (using password/digital signature fraudulently) | Up to 3 years + ₹1 lakh fine |
| Section 66D | Cheating by impersonation using computer | Up to 3 years + ₹1 lakh fine |
| Section 66E | Violation of privacy (capturing private images) | Up to 3 years + ₹2 lakh fine |
| Section 66F | Cyber terrorism | Life imprisonment |
| Section 67 | Publishing obscene material online | Up to 5 years + fine |
| CERT-In | Computer Emergency Response Team India — national agency for cyber security incidents | Under Ministry of Electronics & IT |
🎯 Cyber Laws PYQ Facts:
• IT Act 2000 = India's main cybercrime law
• CERT-In = India's cyber security response agency
• Section 66F = Cyber Terrorism = Life imprisonment
• Section 66A was struck down by Supreme Court in 2015
• Section 66C = Identity Theft
• Phishing = fake emails to steal credentials
• DDoS = Distributed Denial of Service = floods server with traffic
• IT Act 2000 = India's main cybercrime law
• CERT-In = India's cyber security response agency
• Section 66F = Cyber Terrorism = Life imprisonment
• Section 66A was struck down by Supreme Court in 2015
• Section 66C = Identity Theft
• Phishing = fake emails to steal credentials
• DDoS = Distributed Denial of Service = floods server with traffic
9. All JKSSB PYQs — Virus, Antivirus & Cyber Security
Actual questions from JKSSB examinations across all posts.
10. New Statement-Based Pattern MCQs
JKSSB 2026 new pattern — evaluate multiple statements simultaneously as seen in Wildlife Inspector paper.
⚡ Quick Revision — Most Exam-Tested Facts
Malware Types
- Virus = needs host, self-replicates
- Worm = no host, spreads via network
- Trojan = disguised, NO self-replicate
- Ransomware = encrypts files + ransom
- Spyware = silent monitoring
- Rootkit = hides in OS kernel
- Keylogger = records keystrokes
- Adware = shows unwanted ads
Antivirus
- Signature = known threats only
- Heuristic = unknown threats
- Windows Defender = built-in Win 10/11
- Quick Heal, K7 = Indian AV
- False positive = legit file flagged
- Zero-day = no patch exists yet
- Regular updates = essential!
Famous Attacks
- Brain (1986) = first IBM PC virus
- Morris Worm (1988) = first internet worm
- ILOVEYOU (2000) = email worm
- Stuxnet (2010) = first cyber weapon
- WannaCry (2017) = famous ransomware
- Mirai (2016) = IoT botnet DDoS
Security Concepts
- Firewall ≠ Antivirus (different roles)
- HTTPS = HTTP + TLS encryption
- AES = symmetric, RSA = asymmetric
- Phishing = fake emails for creds
- DDoS = flood server with traffic
- IT Act 2000 = India's cybercrime law
- CERT-In = India's cyber agency
Tags
#JKSSB#ComputerVirus#Antivirus#Malware#Ransomware#Trojan#Worm#Spyware#Rootkit#Keylogger#Firewall#Encryption#CyberSecurity#Phishing#DDoS#WannaCry#ITAct2000#JKPSC#FAA2026#JuniorAssistant#JKEdusphere#ComputerNotes