Understanding Computer Viruses

The industry defines a computer virus as a program that spreads by inserting itself into executable code, documents, or programs, and then self-replicates to other documents, users, or computers when the compromised file is shared. We refer to a computer with a virus as infected, and we try to inoculate the computer against future infections. Viruses are usually malicious and sometimes harbor backdoors or Trojans.

Viruses were extremely prevalent in the earlier days of personal computing and they had a devastating effect on computers. Viruses come in all shapes and sizes, as well as varying strengths of maliciousness. Some of the methods viruses used to execute included time bombs that would go off at a predetermined time, and logic bombs that a user triggered by completing some predefined action on the computer.

Another very nasty virus included the stealth boot virus, which attacked the boot sector of the host computer or floppy disk. This virus would not allow the computer to boot, and it required considerable work to remove. This type of virus was more common due to the lack of networks available. Most files were moved from computer to computer via floppy disks. Once the infected floppy was inserted into the receiving computer, the virus code executed, infecting the new computer.

Viruses are terrible in the sense that they can replicate themselves at an inexhaustible rate. Luckily, because more people use virus protection, they are not as widespread as before. However, now that we have the ability to transmit data at gigabit speeds and process data in the gigahertz range, viruses pose an even greater threat than previously known. This brings us to the subject of worms.

Computer worms have taken on the traditional bogeyman role of the computer virus, though viruses continue to present a real threat. A worm is defined as a piece of software using a computer network to copy itself and generate new hosts by compromising security flaws in applications or the host operating system. Once a worm makes it onto a network, it begins to scan for other computers with a similar or identical flaw used to infect the first host. The more hosts the worm can find to replicate itself, the greater the impact it has on the host computer and network. Some worms have generated so much traffic that they have literally brought the Internet to its knees.

The first worm was created at the Xerox PARC laboratory in Palo Alto, California. One of the computer scientists at the lab created a worm to use on the different host computers in the facility to process data for a centralized program. This was in the early days of the PC. Before this, all users connected to a CPU. To garner the processing power of the individual PCs in the facility as a single unit, the scientist broke his data into chunks for each PC to process. Once the PCs finished their work, they transmitted the results back to the controlling node. At one point, the worm began using more and more resources of the host's computers, until it failed to give the user computer availability. This required the creator to find a way to disarm the worm, which in turn gave the user use of the infected computer and the network it flooded with traffic. Although this worm had no malicious intent against the host computer, some of the more recent incarnations of this type of program have caused considerable damage to entire networks. Some worms have rendered entire networks unusable for days, weeks, and even months, due to their inherent capability to replicate themselves.

The most recent embodiment in the computer virus family comes in the form of email viruses. Recent years have given us some particularly nasty specimens, including (but not limited to) the ILOVEYOU, MELISSA, and, of course, Mydoom viruses. Each of these email viruses had a devastating effect on computers, causing many providers to turn off their email computers to prevent the virus from taking over and spreading.

Most email viruses use the address book of the user executing an email program to spread themselves to other users, who in turn execute the program, allowing their address books to be manipulated by the virus and spread even farther.

Almost all viruses execute with the use of another program, replicate themselves, and continue their path of destruction. Some replace executable files on the computer they infect, which the operating system executes, releasing the virus to spread to other computers. All types of computers are susceptible to viruses. Additionally, all operating systems have vulnerabilities allowing the execution of virus-ridden code, so no one vendor offers a completely safe product.

Although some viruses try to inundate a network to eliminate its use, others are malicious and want to destroy data on a computer. Viruses can be embedded in all types of files, including video, audio, document, and image files. Some of the newer viruses are embedded into JPEG images for execution. This is especially dangerous because the browser has the intrinsic capability to execute and display images. Browsers make up the largest group of applications in use on computers today. With this fact evident, the propagation of viruses could become even greater in the future than in the past.

As with malware, viruses that take the place of programs used by the operating system may cause instability of the host computer. This can cause crashes, hangs, and intermittent lock-ups. Trojans fall into this category as well, but they work slightly differently than viruses. Trojans follow true to their name. Trojans are also referred to as Trojan horses, relating to the famous story told by Homer in The Iliad of the great battle between the Greeks and the Trojans over Princess Helen. To get a Trojan on your computer, you must invite the program onto your computer. Usually you do this by loading a utility or other program that has a purported valid use on the computer. Unbeknownst to you, the program includes a Trojan, which gives an external user the ability to use the computer remotely. The remote user can then cause great harm to the data on the computer or expose its use for personal gain.

The Trojan may lie dormant on the computer until you open the program, and then it may require the use of a specific program to open a predefined network port. Once you meet the criteria for the Trojan to work, it allows a remote user to manipulate the infected computer for his purposes. These purposes usually fall in line with malicious uses including profiteering, denial-of-service attacks, distributed denial-of-service attacks, key logging, and identity theft.

As you can see, the lines between malware and viruses are very blurry in terms of the devastation they can wreak on a computer. The difference lies in the way the program comes to reside on the infected host computer. Malware makes its way onto the computer without your knowledge and allows remote control of the computer. Malware does not necessarily replicate itself to gain the use of other computers. Viruses always replicate themselves. Sometimes viruses employ the same method of installation on the infected host computer, but they always replicate themselves to other computers. They act in very much the same way as a virus acts in the human body, which is how they received their name. The good news is that since the popularity of the Internet, many viruses have been permanently eradicated from the industry, due to the capability to transfer code to eliminate the viruses from infected computers.

Was this article helpful?

0 0
Digital Cancers

Digital Cancers

Get All The Support And Guidance You Need To Be A Success At Protecting Your PC. This Book Is One Of The Most Valuable Resources In The World When It Comes To The Damaging Facts About Computer Viruses.

Get My Free Ebook

Post a comment