How does a Computer Virus Work
There are millions of viruses present these days, and new viruses
originating every day. It is awfully tricky to provide you with a
standard explanation of how viruses function, because they all have
differences in the manner they infect or the method they spread. Hence,
in this article, I have explained it bearing in mind few broad groups
that are usually used to illustrate different types of viruses.
File Viruses or Parasitic Viruses
File viruses are pieces of code that attach themselves to executable
files, driver files or compressed files, and they are triggered when the
host program is executed. Once the file virus or parasitic virus is
activated, it may spread by attaching to new programs in the system, and
also perform out the wicked actions it was programmed for. A large
number of file/parasitic viruses spread by loading themselves in the
system memory, and they start searching for additional programs located
on the drive. If it locates one, it transforms the program’s code so
that it encloses the virus code. Then it activates the virus’s code next
time it runs. It keeps doing this yet again until it crawls all over
the system, and probably to additional systems that share the infected
program.
Besides spreading themselves, these viruses also hold various types
of destructive elements that can be activated instantly or by a specific
‘trigger’. The triggers could possibly be specific dates, or the number
of times the virus has been replicated, or anything equally small.
Examples of file/parasitic viruses are Randex, Meve and MrKlunky.
Boot Sector Viruses
A boot sector
virus infects the boot sector of a hard drive, which is a very critical
component for the booting process. The boot sector is where all the
information concerning the drive is stored, along with a program that
makes it possible for the operating system to boot up. By introducing
the virus code into the boot sector, the virus ensures that it loads
into the system memory at each boot cycle.
A boot virus does not infect files; instead, it infects the drive on
which they are saved. Possibly this is the reason for their collapse. In
earlier days, when the programs were carried around in floppy disks,
the virus used to spread like a wild fire. However, with the upcoming of
CD drives and CD ROMs, it became impossible for the boot sector virus
to infect pre-written information on a CD, which in due course stopped
such viruses from spreading and infecting.
Although the boot sector viruses still survive in the computer world,
they are very rare compared to the new era’s malicious software. An
additional cause why boot sector viruses are not so common is that the
new age operating systems guard the boot sector, which makes it hard for
the virus to infect it.
Examples of boot sector viruses are Polyboot.B and AntiEXE.
Multipartite Viruses
Multipartite viruses are a mixture of boot sector viruses and file
viruses. These viruses enter the system through infected media and dwell
in the system memory. They then travel onto the boot sector of the hard
drive. From there, the multipartite virus infects the executable files
on the hard drive and spreads throughout the system.
There aren’t many multipartite viruses present these days, but in
their era, they were responsible for a number of vital troubles due to
their ability to combine different infection practices.
A significant example of a multipartite virus is Ywinz.
Macro Viruses
Macro viruses infect files that are formed using certain applications
or programs that include macros. Such applications comprises of
Microsoft Office documents such as Word documents, Excel spreadsheets,
PowerPoint presentations, Access databases and other related application
files such as Corel Draw, AmiPro, etc.
As macro viruses are programmed in the language of the application
and not in that of the operating system, they are recognized to be
platform-independent, i.e. they can spread across operating systems such
as Windows, Macintosh or any other systems, as long as they are running
the necessary application. With the ever rising abilities of macro
languages in applications, and the risk of hazardous infection spreading
over the networks, this macro virus has become a critical threat.
The earliest macro virus was programmed for Microsoft Word and was
exposed back in August 1995. At present, there are thousands of macro
viruses in existence.
Examples of macro viruses are Relax, Melissa.A and Bablas.
Network Viruses
A network virus is very much skilled in rapidly spreading across a
Local Area Network (LAN) or even over the internet. Generally, it
circulates through shared resources, such as shared drives and folders.
When it infects a fresh system, it hunts for possible victims by
scanning the network for other defenseless systems. When a defenseless
system is found, the network virus infects the additional systems and
thus spreads over the network.
Examples of some most dangerous viruses are Nimda and SQLStammer.
E-Mail Viruses
An e-mail virus can probably be a type of a macro virus that spreads
itself to all the contacts located in the host’s e-mail address book. If
any of the e-mail recipients open the attachment of the infected mail,
it spreads to the new host’s address book contacts, and then proceeds to
send itself to all those contacts as well. Nowadays, e-mail viruses can
infect hosts even if the infected e-mail is previewed in a mail client.
One of the most widespread and destructive e-mail viruses is the
ILOVEYOU virus.
There are many methods by which a virus can infect or stay inactive
on your computer. However, whether active or inactive, it’s dangerous to
let one free on your system, and should be dealt with instantaneously.
No comments:
Post a Comment