Home Security How does a Computer Virus Work

How does a Computer Virus Work

There are millions of viruses present these days, and new viruses originating every day. It is awfully tricky to provide you with a standard explanation of how viruses function, because they all have differences in the manner they infect or the method they spread. Hence, in this article, I have explained it bearing in mind few broad groups that are usually used to illustrate different types of viruses.

File Viruses or Parasitic Viruses

File viruses are pieces of code that attach themselves to executable files, driver files or compressed files, and they are triggered when the host program is executed. Once the file virus or parasitic virus is activated, it may spread by attaching to new programs in the system, and also perform out the wicked actions it was programmed for. A large number of file/parasitic viruses spread by loading themselves in the system memory, and they start searching for additional programs located on the drive. If it locates one, it transforms the program’s code so that it encloses the virus code. Then it activates the virus’s code next time it runs. It keeps doing this yet again until it crawls all over the system, and probably to additional systems that share the infected program.

Besides spreading themselves, these viruses also hold various types of destructive elements that can be activated instantly or by a specific ‘trigger’. The triggers could possibly be specific dates, or the number of times the virus has been replicated, or anything equally small.

Examples of file/parasitic viruses are Randex, Meve and MrKlunky.

Boot Sector Viruses

A boot sector virus infects the boot sector of a hard drive, which is a very critical component for the booting process. The boot sector is where all the information concerning the drive is stored, along with a program that makes it possible for the operating system to boot up. By introducing the virus code into the boot sector, the virus ensures that it loads into the system memory at each boot cycle.

A boot virus does not infect files; instead, it infects the drive on which they are saved. Possibly this is the reason for their collapse. In earlier days, when the programs were carried around in floppy disks, the virus used to spread like a wild fire. However, with the upcoming of CD drives and CD ROMs, it became impossible for the boot sector virus to infect pre-written information on a CD, which in due course stopped such viruses from spreading and infecting.

Although the boot sector viruses still survive in the computer world, they are very rare compared to the new era’s malicious software. An additional cause why boot sector viruses are not so common is that the new age operating systems guard the boot sector, which makes it hard for the virus to infect it.

Examples of boot sector viruses are Polyboot.B and AntiEXE.

Multipartite Viruses

Multipartite viruses are a mixture of boot sector viruses and file viruses. These viruses enter the system through infected media and dwell in the system memory. They then travel onto the boot sector of the hard drive. From there, the multipartite virus infects the executable files on the hard drive and spreads throughout the system.

There aren’t many multipartite viruses present these days, but in their era, they were responsible for a number of vital troubles due to their ability to combine different infection practices.

A significant example of a multipartite virus is Ywinz.

More on Multipartite Viruses

Macro Viruses

Macro viruses infect files that are formed using certain applications or programs that include macros. Such applications comprises of Microsoft Office documents such as Word documents, Excel spreadsheets, PowerPoint presentations, Access databases and other related application files such as Corel Draw, AmiPro, etc.

As macro viruses are programmed in the language of the application and not in that of the operating system, they are recognized to be platform-independent, i.e. they can spread across operating systems such as Windows, Macintosh or any other systems, as long as they are running the necessary application. With the ever rising abilities of macro languages in applications, and the risk of hazardous infection spreading over the networks, this macro virus has become a critical threat.

The earliest macro virus was programmed for Microsoft Word and was exposed back in August 1995. At present, there are thousands of macro viruses in existence.

Examples of macro viruses are Relax, Melissa.A and Bablas.

Macro Virus

Macro Virus

More on Macro Viruses

Network Viruses

A network virus is very much skilled in rapidly spreading across a Local Area Network (LAN) or even over the internet. Generally, it circulates through shared resources, such as shared drives and folders. When it infects a fresh system, it hunts for possible victims by scanning the network for other defenseless systems. When a defenseless system is found, the network virus infects the additional systems and thus spreads over the network.

Examples of some most dangerous viruses are Nimda and SQLStammer.

E-Mail Viruses

An e-mail virus can probably be a type of a macro virus that spreads itself to all the contacts located in the host’s e-mail address book. If any of the e-mail recipients open the attachment of the infected mail, it spreads to the new host’s address book contacts, and then proceeds to send itself to all those contacts as well. Nowadays, e-mail viruses can infect hosts even if the infected e-mail is previewed in a mail client. One of the most widespread and destructive e-mail viruses is the ILOVEYOU virus.

There are many methods by which a virus can infect or stay inactive on your computer. However, whether active or inactive, it’s dangerous to let one free on your system, and should be dealt with instantaneously.

By admin in Security with no comments on .

This guide has neighbours too! Do not forget to ring their doorbells.
« What are the other Malicious Software
Computer Virus »