What Is a Computer
Virus?
|
A computer virus is a program
A computer virus is a program – a piece of executable
code – that has the unique ability to replicate. Like
biological viruses, computer viruses can spread quickly
and are often difficult to eradicate. They can attach
themselves to just about any type of file and are spread
as files that are copied and sent from individual to
individual. Besides replication, some computer viruses
have something else in common: a damage routine that can
deliver the virus payload. While payloads may only
display messages or images, they can also destroy files,
reformat your hard drive, or cause other kinds of
damage. If the virus doesn’t contain a damage routine,
it can still cause trouble by taking up storage space
and memory, and downgrading the overall performance of
your computer. Several years ago most viruses spread
primarily via floppy disk, but the Internet has
introduced new virus distribution mechanisms. With email
now used as an important business communication tool,
viruses are spreading faster than ever.
Viruses attached to email messages can infect an entire
enterprise in a matter of minutes, costing companies
millions of dollars annually in productivity loss and
clean-up expenses. Viruses won’t go away any time soon.
More than 10,000 have been identified, and 200 new ones
are created every month, according to the International
Computer Security Association. With numbers like those,
it’s safe to say that most organizations will deal
regularly with virus outbreaks. No one who uses
computers is immune from viruses.
Life
Cycle of a Virus
Computer
viruses have a life cycle that starts when they’re
created and ends when they’re completely eradicated. The
following outline describes each stage.
Creation
Until a few years ago, creating a virus required
knowledge of a computer programming language. Today
anyone with even a little programming knowledge can
create a virus. Usually, though, viruses are created by
misguided individuals who wish to cause widespread,
random damage to computers.
Replication
Viruses replicate by nature. A well-designed virus will
replicate for a long time before it activates, which
allows it plenty of time to spread.
Activation
Viruses that have damage routines will activate when
certain conditions are met, for example, on a certain
date or when a particular action is taken by the user.
Viruses without damage routines don’t activate, instead
causing damage by stealing storage space.
Discovery
This phase doesn’t always come after activation, but it
usually does. When a virus is detected and isolated, it
is sent to the International Computer Security
Association in Washington, D.C., to be documented and
distributed to antivirus developers. Discovery normally
takes place at least a year before the virus might have
become a threat to the computing community.
Assimilation
At this point, antivirus developers modify their
software so that it can detect the new virus. This can
take anywhere from one day to six months, depending on
the developer and the virus type.
Eradication
If enough users install up-to-date virus protection
software, any virus can be wiped out. So far no viruses
have disappeared completely, but some have long ceased
to be a major threat. Virus Types The majority of
viruses fall into four main classes: Boot sector File
infector Multi-partite Macro viruses
Boot
Sector Viruses
Until the
mid-1990s, boot sector viruses were the most prevalent
virus type, spreading primarily in the 16-bit DOS world
via floppy disk. Boot sector viruses infect the boot
sector on a floppy disk and spread to a user’s hard
disk, and can also infect the master boot record (MBR)
on a user’s hard drive. Once the MBR or boot sector on
the hard drive is infected, the virus attempts to infect
the boot sector of every floppy disk that is inserted
into the computer and accessed. Boot sector viruses work
like this: by hiding on the first sector of a disk, the
virus is loaded into memory before the system files are
loaded. This allows it to gain complete control of DOS
interrupts so that it can spread and cause damage. These
viruses often replace the original contents of the MBR
or DOS boot sector with their own contents and move the
sector to another area on the disk. Cleaning up a boot
sector virus can be performed by booting the machine
from an uninfected floppy system disk rather than from
the hard drive, or by finding the original boot sector
and replacing it in the correct location on the disk.
File
Infecting Viruses
File infectors, also known as parasitic viruses, operate
in memory and usually infect executable files with the
following extensions: *.COM, *.EXE, *.DRV, *.DLL, *.BIN,
*.OVL, *.SYS. They activate every time the infected file
is executed by copying themselves into other executable
files and can remain in memory long after the virus has
activated. Thousands of different file infecting viruses
exist, but similar to boot sector viruses, the vast
majority operate in a DOS 16-bit environment. Some,
however, have successfully infected the Microsoft
Windows, IBM OS/2, and Apple Computer Macintosh
environments.
Multi-Partite Viruses
Multi-partite
viruses have characteristics of both boot sector viruses
and file infecting viruses.
Macro
Viruses
Macro viruses
currently account for about 80 percent of all viruses,
according to the International Computer Security
Association, and are the fastest growing viruses in
computer history. Unlike other virus types, macro
viruses aren’t specific to an operating system and
spread with ease via email attachments, floppy disks,
Web downloads, file transfers, and cooperative
applications. Macro viruses are, however,
application-specific. They infect macro utilities that
accompany such applications as Microsoft Word and Excel,
which means a Word macro virus cannot infect an Excel
document and vice versa. Instead, macro viruses travel
between data files in the application and can eventually
infect hundreds of files if undeterred. Macro viruses
are written in "every man’s programming language" –
Visual Basic – and are relatively easy to create. They
can infect at different points during a file’s use, for
example, when it is opened, saved, closed, or deleted.
|
|
|