What Is a Computer Virus?

What in the world is the computer virus? We can be scared of it, but if we don't know what that is and what kind of effects we would get from it, we surely cannot identify one.

A computer virus is
"a computer program that can reproduce and spread itself without you noticing it. Usually, viruses also deliver an undesirable "payload," such as deleting or corrupting files on the computer." [1] Once your computer is "infected, it can potentially spread the virus to other computers or files that it contacts."[1]

The alt.comp.virus FAQ lists the aspects of computer virus as follows:

  1. A virus is a program that is able to replicate - that is, create (possibly modified) copies of itself.
  2. The replication is intentional, not just a side-effect.
  3. At least some of the replicates are also viruses, by this definition.
  4. A virus has to attach itself to a host, in the sense that execution of the host implies execution of the virus. [2]

How do we get the virus? How do we know if we get the virus or not?
According to Brown University Computer TLC, "viruses are usually spread by people exchanging files." [1] As people get familiar with the use of computer and virtual communication, it has become pretty common for people to send, give and get others' files, attachments or disketts. Computer TLC also warns their students as "Virus-infected files can also be put up for downloading on the Internet."[1]

This exchanging communication via Internet is really useful and practical, and people often neglect to warn themselves about computer viruses when they accept any files or attachments especially when they know the senders.

What are the types of computer viruses?
There are several different types of viruses. Each one has different way to infect your computer and each symptom to cause.

A BOOT SECTOR VIRUS
"A virus that resides in a portion of a computer drive that is only read when the computer is booted up, at which time the virus is loaded into memory."[2] This virus is often delivered by floppy disks. 3-1/2 inch floppy disk drive (A-dive) is the first drive the computer detects. Therefore, you start your computer when the "infected" boot floppy disk is left in the drive, "the virus will be loaded into memory and can spread to other disks and computers." [2] Floppy disk is the useful way to carry your data and to exchange data with others. Make sure not to have any floppy disk in your drive when you start your computer.

FILE INFECTORS
A virus that infects "files on a computer by attaching themselves to executable files.... This name is also used to describe viruses which to not attach themselves to a file, but rather associate themselves with a file name.... This file infector takes files with a certain extensions, such as .jpg or .doc, creates a virus file with the same name but with a .exe extension so that a user might inadvertently execute virus code when he is attempting to open one of his documents." [2]

MACRO VIRUSES
"The most common type of virus. A macro is a set of instructions within an application that can be used to automate tasks.... macro can often perform system operations such as creating or deleting files, or writing into already existing files, and thus have the potential to cause a great deal of damage. Most macros are written for Microsoft Word and Excel." [2]

STEALTH VIRUSES
A virus that "actively tries to hide themselves from anti-virus software...by taking over some system functions so that even if the virus has changed part of the hard drive...it will return the correct uninfected version, so that it might not be detected."[2]

POLYMORPHIC VIRUSES
A virus that "changes slightly each time they are executed. These are meant to defeat anti-virus scanners which search for certain strings of code to identify viruses." [2]

FAST AND SLOW INFECTORS
A virus that "attempts to avoid detection by either quickly infecting all the files on a system or by infecting them slowly. Fast infectors often "piggyback" on anti-virus software so that when a scan is being run, each time the anti-virus software opens a file to scan it, the virus will infect that file. After a scan is complete, every file the anti-virus software has touched will be infected. Slow infectors only infect a file when it is modified or created. This is so the modification times of files will appear legitimate to the user." [2]

SPARSE INFECTORS
A virus that "infects only occasionally so that they might escape detection. For example, a virus which infects only the 20th time a file is executed would be a sparse infector."[2]

ARMORED VIRUSES
A virus that is "designed to make disassembly difficult. Anti-virus researchers will often have to disassemble a virus' code to learn how it works and how to defeat it. [It] deliberately makes this process difficult so that it is less likely countermeasures can be discovered." [2]

CAVITY VIRUSES
A virus that installs "themselves in empty space which sometimes exists in programs. This way, the infected file keeps a constant size." [2]

TONNELING VIRUSES
A virus that "tries to install itself beneath the anti-virus software by directly intercepting the interrupt handlers of the OS, thus evading detection." [2]

TROJAN HORSE
"A program which has some hidden, generally malicious functionality that the user does not expect or know about. One function could be execute a virus. Some Trojans appear to be anti-virus software, but actually themselves execute virus code.

DROPPERS
A program that "installs viruses on computers. The purpose is often that the dropper itself is not infected with a virus, and thus will not be detected by anti-virus software. Some droppers also have a component which can connect to the internet and download updates to the virus." [2]

Sources

  1. http://www.brown.edu/Facilities/CIS/newsbytes/December97/tlc.html
  2. http://www-cse.stanford.edu/classes/cs201/projects-00-01/viruses/viruses101.html

    Home