13 A DETECTION SCHEME FOR THE SK VIRUS Eng. Dalia Salah l , Dr. Reba K. Aslan 2 , and Dr. Mahmoud T. EI-Radide I System Engineer, Khalda Petroleum Company. E. mail: Dalia_nour@yahoo.com 2Informatics Dept., Electronics Research Institute, Dokki, Giza, Cairo, Egypt. E-mail: haslan@eri.sci.eg 3 Professor of Computer Networks, Dept. of Electronics & Elect. Comm., Faculty of Engineering, Cairo University, Giza, Cairo, Egypt. E-mail: hadidi@mailer.scu.eun.eg Abstract: Computer viruses pose an increasing risk to computer data integrity. They cause loss of valuable data and require an enormous effort in restoration/duplication of lost and damaged data. Each month many new viruses are reported. As the problem of viruses increases, we need to detect them and to eradicate them. This paper provides a brief introduction to computer viruses and points to the emergence of more intelligent and targeted viruses. Existing methods of virus detection are discussed. A method for the detection and removal of a macro virus called" SK virus" is described. This is achieved through the development of a scanner written in Visual Basic. 1. INTRODUCTION In the information era, various software attacks to sensitive information could take place. The damage produced could range from degrading system efficiency to losing valuable data. The virus history began in 1986 when it was realized that the code in the boot sector of a floppy could be replaced with a program that could reside in memory and then copy itself onto any accessed floppy. The authors called their program a virus: all it did was to put a volume label on infected diskettes. In the same year, the first file virus named Virdem, was written as a demonstration that it was possible to do it. Then in 1987, the first file viruses and the first EXE infectors were written in Tel Aviv, including the famous Jerusalem. In 1988, the first anti-virus The original version of this chapter was revised: The copyright line was incorrect. This has been corrected. The Erratum to this chapter is available at DOI: © IFIP International Federation for Information Processing 2002 10.1007/978-0-387-35586-3_46 M. A. Ghonaimy et al. (eds.), Security in the Information Society