|
In this article:
- What is a computer virus
- History of computer viruses
- Types of Viruses
- How viruses evade detection
What is a computer virus?
A computer virus is a self-replicating computer program that spreads by inserting copies of itself into other executable code or documents. When a virus inserts itself into an existing computer or file, it is termed as an "infection", and the infected file, or executable code that is not part of the virus itself, is called a "host". Viruses are one of the several types of malicious software or malware that includes Trojan horses, worms etc. However, a virus, as a term, is often extended to refer to all of these types of malware.
The word virus is often thought to be the acronym of Vital Information Resources under Siege. However, this is not true because the term virus was invented way back for computer viruses. It was afterwards that this expansion was added later.
Computer viruses are harmful in the sense that they replicate themselves using up valuable computer resources. However, not all viruses are necessarily destructive.
Some famous examples of viruses are the Mydoom worm that infected a quarter-million computers in a single day in January of 2004, the Melissa viruses that started out In March of 1999 and propgated so fast that it forced Microsoft and a number of other very large companies to completely turn off their e-mail systems until the virus could be removed. Another example is the ILOVEYOU virus, in 2000 had a similar effect.
History of computer viruses
A program called "Elk Cloner" is considered to be the first computer virus to really spread outside a single computer. It was made in 1982 by Rich Skrenta and spread through floppy disks by attaching itself to the Apple DOS 3.3 operating system.
The first PC virus, however, was a boot sector virus called (c) Brain, created in 1986 by two Pakistani brothers, Basit and Amjad Farooq Alvi.
The major reason behind the spread of viruses was the floppy disks that were used readily to transfer data from one computer to another. As personal computers became more common in homes, the scene just became graver.
Types of Viruses
- Macro Viruses: Macro Viruses are found in applications that support macros that can be programmed. An example is that of Microsoft Office line of products such as Word and Excel.
- Worms: Worms tend to spread through emails. They usually send themselves to all addresses found in the address book of a computer user.
- Trojan Horses: Trojan Horses are programs that claim to be of some legitimate use but are actually meant to infect a computer and do something undesirable.
- Boot Sector Viruses: Boot Sector Viruses are viruses that infect a computer's startup program so that the virus becomes active as soon as the computer boots.
- Adware: These programs record a person’s online habits and then starts showing up pop-up ads repeatedly that are very annoying to the user.
- Spyware: These programs usually collect critical user information including passwords and often send them to the creator of the spyware or some other person as specified.
How viruses evade detection
Three techniques find widespread use in evading detection by anti-virus software. They have been discussed below:
- Stealth
Anti-virus software often send request to the Operating System to read a particular file for detecting if it is infected. By intercepting these requests mid-way, viruses fool the anti-virus software by showing it a legitimate and correct copy of the intended file to the anti-virus making it think that it is clean.
- Self-modification
Modern antivirus programs try to detect viruses by known patterns of a virus called its signature. A signature is a byte-pattern that is part of a certain virus or family of viruses. If such a pattern is found, the user is told about the infection. To evade this type of detection, a virus may employ a technique called self-modification under which the code of the virus is modified after each infection.
- Metamorphic code
Sometimes, a virus may completely rewrite itself for infecting a new file. This is called metamorphism whereby a metamorphic engine completely rewrites the code for the virus while retaining the intended destruction. Such viruses are quite complex and large in size.
|
