Virus Information






	What Is a Computer Virus? A computer virus is a program – a piece of executable code – that has the unique ability to replicate. Like biological viruses, computer viruses can spread quickly and are often difficult to eradicate. They can attach themselves to just about any type of file and are spread as files that are copied and sent from individual to individual. Besides replication, some computer viruses have something else in common: a damage routine that can deliver the virus payload. While payloads may only display messages or images, they can also destroy files, reformat your hard drive, or cause other kinds of damage. If the virus doesn’t contain a damage routine, it can still cause trouble by taking up storage space and memory, and downgrading the overall performance of your computer. Several years ago most viruses spread primarily via floppy disk, but the Internet has introduced new virus distribution mechanisms. With email now used as an important business communication tool, viruses are spreading faster than ever. Viruses attached to email messages can infect an entire enterprise in a matter of minutes, costing companies millions of dollars annually in productivity loss and clean-up expenses. Viruses won’t go away any time soon. More than 10,000 have been identified, and 200 new ones are created every month, according to the International Computer Security Association. With numbers like those, it’s safe to say that most organizations will deal regularly with virus outbreaks. No one who uses computers is immune from viruses. Life Cycle of a Virus Computer viruses have a life cycle that starts when they’re created and ends when they’re completely eradicated. The following outline describes each stage. Creation Until a few years ago, creating a virus required knowledge of a computer programming language. Today anyone with even a little programming knowledge can create a virus. Usually, though, viruses are created by misguided individuals who wish to cause widespread, random damage to computers. Replication Viruses replicate by nature. A well-designed virus will replicate for a long time before it activates, which allows it plenty of time to spread. Activation Viruses that have damage routines will activate when certain conditions are met, for example, on a certain date or when a particular action is taken by the user. Viruses without damage routines don’t activate, instead causing damage by stealing storage space. Discovery This phase doesn’t always come after activation, but it usually does. When a virus is detected and isolated, it is sent to the International Computer Security Association in Washington, D.C., to be documented and distributed to antivirus developers. Discovery normally takes place at least a year before the virus might have become a threat to the computing community. Assimilation At this point, antivirus developers modify their software so that it can detect the new virus. This can take anywhere from one day to six months, depending on the developer and the virus type. Eradication If enough users install up-to-date virus protection software, any virus can be wiped out. So far no viruses have disappeared completely, but some have long ceased to be a major threat. Virus Types The majority of viruses fall into four main classes: Boot sector File infector Multi-partite Macro viruses Boot Sector Viruses Until the mid-1990s, boot sector viruses were the most prevalent virus type, spreading primarily in the 16-bit DOS world via floppy disk. Boot sector viruses infect the boot sector on a floppy disk and spread to a user’s hard disk, and can also infect the master boot record (MBR) on a user’s hard drive. Once the MBR or boot sector on the hard drive is infected, the virus attempts to infect the boot sector of every floppy disk that is inserted into the computer and accessed. Boot sector viruses work like this: by hiding on the first sector of a disk, the virus is loaded into memory before the system files are loaded. This allows it to gain complete control of DOS interrupts so that it can spread and cause damage. These viruses often replace the original contents of the MBR or DOS boot sector with their own contents and move the sector to another area on the disk. Cleaning up a boot sector virus can be performed by booting the machine from an uninfected floppy system disk rather than from the hard drive, or by finding the original boot sector and replacing it in the correct location on the disk. File Infecting Viruses File infectors, also known as parasitic viruses, operate in memory and usually infect executable files with the following extensions: .COM, .EXE, .DRV, .DLL, .BIN, .OVL, *.SYS. They activate every time the infected file is executed by copying themselves into other executable files and can remain in memory long after the virus has activated. Thousands of different file infecting viruses exist, but similar to boot sector viruses, the vast majority operate in a DOS 16-bit environment. Some, however, have successfully infected the Microsoft Windows, IBM OS/2, and Apple Computer Macintosh environments.