Virus skull
A virus is a computer program that can copy itself and infect a computer without the permission or knowledge of the user. The term "virus" is also commonly but erroneously used to refer to other types of malware, adware, and spyware programs that do not have the reproductive ability. A true virus can only spread from one computer to another when its host (some form of executable code) is taken to the target computer, for instance, because a user sent it over a network or the Internet. The virus could also be carried on a removable medium such as a floppy disk, CD, or USB drive. For instance, if you have two computers in a home and they share the same internet but aren't networked a virus simply cannot be transferred. Viruses can increase their chances of spreading to other computers by infecting files on a network file system or a file system that is accessed by another computer.
Viruses are sometimes confused with worms and Trojan horses, which are technically different. A worm can spread itself to other computers without needing to be transferred as part of a host, and a Trojan horse is a program that appears harmless but has a hidden agenda. Worms and Trojans, like viruses, may cause harm to either a computer system's hosted data, functional performance, or networking throughput, when they are executed. Some viruses and other malware have symptoms noticeable to the computer user, but most are surreptitious. This makes it hard for the average user to notice, find and disable and is why specialist anti-virus programs are now commonplace.
Most personal computers are now connected to the Internet and to local area networks, facilitating the spread of malicious code. Today's viruses may also take advantage of network services such as the World Wide Web, e-mail, Instant Messaging and file sharing systems to spread, blurring the line between viruses and worms. Furthermore, some sources use an alternative terminology in which a virus is any form of self-replicating malware.
How infections occur[]
A virus can infect a computer in a number of ways. It can arrive froma storage device or inside an e-mail message. It can piggyback on files downloaded from the World Wide Web or from an Internet service used to share music and movies. Or it can exploit flaws in the way computers exchange data over a network. So-called blended-threat viruses spread via multiple methods at the same time. Some blended-threat viruses, for instance, spread via e-mail but also propagate by exploiting flaws in an operating system.
Traditionally, even if a virus found its way onto a computer, it could not actually infect the machine—or propagate to other machines—unless the user was somehow fooled into executing the virus by opening it and running it just as one would run a legitimate program. But a new breed of computer virus can infect machines and spread to others entirely on its own. Simply by connecting a computer to a network, the computer owner runs the risk of infection. Because the Internet connects computers around the world, viruses can spread from one end of the globe to the other in a matter of minutes.
Types[]
There are many categories of viruses, including parasitic or file viruses, bootstrap-sector, multipartite, macro, and script viruses. Then there are so-called computer worms, which have become particularly prevalent. A computer worm is a type of virus. However, instead of infecting files or operating systems, a worm replicates from computer to computer by spreading entire copies of itself.
File viruses[]
Parasitic or file viruses infect executable files or programs in the computer. These files are often identified by the extension .exe in the name of the computer file. File viruses leave the contents of the host program unchanged but attach to the host in such a way that the virus code is run first. These viruses can be either direct-action or resident. A direct-action virus selects one or more programs to infect each time it is executed. A resident virus hides in the computer's memory and infects a particular program when that program is executed.
Bootstrap-sector viruses[]
Bootstrap-sector viruses reside on the first portion of the hard disk or floppy disk, known as the boot sector. These viruses replace either the programs that store information about the disk's contents or the programs that start the computer. Typically, these viruses spread by means of the physical exchange of floppy disks.
Multipartite viruses[]
Multipartite viruses combine the abilities of the parasitic and the bootstrap-sector viruses, and so are able to infect either files or boot sectors. These types of viruses can spread if a computer user boots from an infected diskette or accesses infected files.
Macro viruses[]
Other viruses infect programs that contain powerful macro languages (programming languages that let the user create new features and utilities). These viruses, called macro viruses, are written in macro languages and automatically execute when the legitimate program is opened.
Script viruses[]
Script viruses are written in script programming languages, such as VBScript (Visual Basic Script) and JavaScript. These script languages can be seen as a special kind of macro language and are even more powerful because most are closely related to the operating system environment. The 'ILOVEYOU' virus, which appeared in 2000 and infected an estimated 1 in 5 personal computers, is a famous example of a script virus.
Methods[]
The authors of viruses have several strategies to circumvent antivirus software and to propagate their creations more effectively. So-called polymorphic viruses make variations in the copies of themselves to elude detection by scanning software. A stealth virus hides from the operating system when the system checks the location where the virus resides, by forging results that would be expected from an uninfected system. A so-called fast-infector virus infects not only programs that are executed but also those that are merely accessed. As a result, running antiviral scanning software on a computer infected by such a virus can infect every program on the computer. A so-called slow-infector virus infects files only when the files are modified, so that it appears to checksumming software that the modification was legitimate. A so-called sparse-infector virus infects only on certain occasions—for example, it may infect every tenth program executed. This strategy makes it more difficult to detect the virus.
By using combinations of several virus-writing methods, virus authors can create more complex new viruses. Many virus authors also tend to use new technologies when they appear. The antivirus industry must move rapidly to change their antiviral software and eliminate the outbreak of such new viruses.
References[]