By definition, a computer virus is any program that is created to cause damage to the targeted system. Just like the name implies, a computer virus resembles a biological virus in many ways. Different virii cause different symptoms to arise, but most do the following: infect the host, cause damage to all files it touches, replicates itself, and infects all other systems that come into contact with it.
A computer virus, like all other programs, is created by a programmer. Unfortunately, there are literally millions of places where a given system might "contract" a virus. Simply by visiting a website one could be downloaded. The common method is through file attachments in email. By opening or executing the attachment, the virus loads into memory and starts doing it's damage. Some email programs are even easier to take advantage of, a topic we will discuss a little later.
These virii come in various shapes and sizes, with varying levels of damage. (The following was taken in large part from the Norton Virus Encyclopedia) There are three main classifications of viruses, determined by it's method of infection:
- Program: Infects/attaches to executable files (files that have extension like COM, EXE, OVL, DRV, SYS, and BIN).
- Boot: Infects the Boot Record, Master Boot, FAT, and/or Partition Table.
- Multipartite: A combination of a program and a boot infector virus.
Each type of virus has one or more of these characteristics:
- Memory Resident
- Stays in memory and can easily replicate itself. This is the most common type of virus.
- Does it's damage ONLY while host program (the one it has infected & attached itself to) is open. This one isn't as common.
- Avoids detection by doing the following:
Full - redirects disk reads to avoid detection (keeps the drive from reading it's particular location on the hard disk).
Size - Disk directory data is altered hide the additional space taken up by the virus (rewrites the file's size so that it appears to be the same size as it was prior to infection).
- The virus converts itself into cryptic symbols. In order to launch (execute), however, it must decrypt (which is when it is normally detected by AntiVirus software).
- This type of virus has the ability to alter it's code from one infection to another. This is one of the largest challenges for AntiVirus detection programs.
- Triggered Event
- Like the name implies, this virus is triggered by an event, such as a date, keyboard stroke, a DOS function, deleting files... etc.
- In The Wild
- A virus that is "in the wild" is one that has caused infections outside a laboratory situation. In other words, it has not been found or properly categorized by AntiVirus developers, and its effects are unknown.
Links & References
I, love you Virus Exhibition
- The Little Black Book Of Computer Viruses
- Volume One: The Basic Technology.
- Artificial life and computer virus e-zine.