What is a virus

A computer virus is defined as a software which has two main characteristics:

  • It executes itself. For that, it can attach itself to other programs or hide in code that is run automatically when you open certain types of files.
  • It replicates itself. This is done by attaching to other programs found in the computer or by overwriting them. The virus spreads itself through floppy disks and any other form of data exchange, not only on your workstation, but through your whole network. It is then activated along with the infected part.

Taking into account the target of infection, viruses can be classified in several categories. It is not necessary for a virus to have only one target for infection. Viruses having multiple targets are named multipartite.
 

 

Parasitic viruses

Parasitic viruses affect executable files. When the infected file is executed, the virus is launched too. They may be:

  • Memory-resident viruses, which can control the whole system and infect it at any time
  • Non-resident viruses, which are activated only when the host-program is started

Because these viruses infect executable files, they could spread through any data storage or transfer media: floppies, CDs, modems, networks. The virus spreads when the host file is executed.
 

 

Boot viruses

Boot viruses infect the system area of the disks - boot record on floppy disks and hard disks. The only way of replication for these viruses is booting from the infected disk. Accessing or copying information from the infected disks are not dangerous operations as long as the system is not started from the infected disk.

Boot viruses always reside in memory. While most of them were written for DOS, they do not take into account the operating systems, so, in fact, this type of virus represents a threat for all PCs
 

 

Master boot record viruses

Master boot record viruses are memory resident as the boot viruses are, but are located in master boot record. These viruses will keep a clear copy of the master boot record, but in a different location.
 

 

Macro viruses

Macro viruses are placed inside one or more of the macros that can be found in a Microsoft Office document and they use the powerful features of Visual Basic for Applications, which was created to allow users to automate certain tasks.
 

 

Link viruses

Link viruses do not affect the executable files, but the directory structure, redirecting the directory entry of an infected file to the area where the virus is located. After launching, the virus can load the executable file, reading the right directory entry of that file.
 

 

Companion viruses

Companion viruses create a new executable file with the same name, but with a .COM extension. The Windows operating system first launches a .COM file when encounters two executable files, with the same name, but with different extensions (.COM and .EXE).
 

 

Stealth viruses

Stealth viruses are always memory-resident and try to trick the computer system by hiding their presence. They multiply and behave in order to take over program data and contents without the user’s or AV program’s knowledge. When the OS (for example by DIR command) tries to establish the size of an infected program, the stealth virus subtracts a part of that data, equal to the size of its virus code, and changes it for the correct part. Therefore, if the program is only read (by a virus scanner) and not run, the virus code is hidden and cannot be detected.
 

 

Encrypted viruses

Encrypted viruses use a technique of changing their own virus code so that the antivirus programs cannot see them. The virus converts itself into encrypted, unreadable signs that the antivirus program cannot recognize. However, in order to spread, they need to decrypt themselves and they can be then detected.
 

 

Specific viruses

  • ActiveX viruses are meant to infect Microsoft products. They use a program code from the server and spreads on the local workstation. These viruses are focused only on Microsoft Windows operating systems and they use Microsoft Internet Explorer to spread.
  • VB Script viruses use Visual Basic for getting a code from the Web server and spreading on local workstations. It is enough to access a homepage on the Internet to infect your computer. Anyway, they still need Microsoft Internet Explorer.
  • Java viruses: compared to Java Applets, which are used mainly for animation and control, the Java programs can perform dangerous operations regarding security (as writing on the hard-disk). The viruses attacking through applets have been confronted already, but the second type still means trouble.



Virus Science

Previous article
What is Malware

Next article
What is a Trojan