What is a Virus !

 

Virus: A self-replicating piece of computer code that can partially or fully attach itself to files or applications, and can cause your computer to do something you don't want it to do. A computer virus, according to Webster's Collegiate Dictionary, is "a computer program usually hidden within another seemingly innocuous program that produces copies of itself and inserts them into other programs or files, and that usually performs a malicious action such as destroying data". Two categories of viruses, macro viruses and worms, are especially common today.

A virus is just a computer program. Like any other program, it contains instructions that tell your computer what to do. But unlike an application, a virus usually tells your computer to do something you don't want it to do, and it can usually spread itself to other files on your computer and other people's computers over a network or by E-Mail, sending a copy of if self to everyone in your address book.

Once you open an infected file or application, the malicious code copies itself into a file on your system, where it waits to deliver its payload whatever the programmer designed it to do to your system. A virus writer can set the payload to trigger immediately, at a preset future time or date, or upon the execution of a specific command, such as when you save or open a file. The Michelangelo virus, for example, was programmed to release its payload on March 6 of any year the artist's birthday.The payload was to fully erase your hard drive on that date. Simply deleting the e-mail after you open the attachment won't get rid of the virus, since it has already entered the machine. If you're lucky, a virus will execute only a benign "personality quirk," such as causing your computer to make seemingly random errors. But a virus can be very destructive; it could format your hard drive, overwrite your hard drive boot sector, or delete files and render your machine inoperable.

General virus types

While there are thousands of variations of viruses, most fall into one of the following six general categories, each of which works its magic slightly differently:

Boot Sector Virus: replaces or implants itself in the boot sector an area of the hard drive or any other disk accessed when you first turn on your computer. This kind of virus can prevent you from being able to boot from your hard disk. The boot sector contains code that tells the computer how to load the rest of the operating system. By putting its code in the boot sector, a virus can guarantee it gets executed. It can load itself into memory immediately, and it is able to run whenever the computer is on

File Virus: infects applications. These executables then spread the virus by infecting associated documents and other applications whenever they're opened or run.Infects other executable files. Some viruses become memory resident and infect other programs when they are run. Others actively seek out other files to infect.

Macro Virus: Written using a simplified macro programming language, these viruses affect Microsoft Office applications, such as Word and Excel, and account for about 75 percent of viruses out their. A document infected with a macro virus generally modifies a pre-existing, commonly used command (such as Save) to trigger its payload upon execution of that command.A macro virus is a virus that exists as a macro attached to a data file. In most respects, macro viruses are like all other viruses. The main difference is that they are attached to data files (i.e., documents) rather than executable programs. Many people do not think that viruses can reside on simple document files, but any application which supports document-bound macros that automatically execute is a potential haven for macro viruses. By the end of 2000, documents became more widely shared than diskettes, and document-based viruses were more prevalent than any other type of virus. It seems highly likely that this will be a continuing trend. One example of a macro virus is the Melissa virus. It is delivered via e-mail as a Word document attachment with the filename List.doc. The latest thing in the world of computer viruses is the e-mail, and the Melissa virus in March 1999 was the first to show how fast it could spread via E-Mail. Melissa spread in Microsoft Word documents sent via e-mail, and it worked like this: Someone created the virus as a Word document uploaded to an Internet newsgroup. Anyone who downloaded the document and opened it would trigger the virus. The virus would then send the document and therefore itself in an E-Mail message to the first 50 people in the person's address book. The E-Mail message contained a friendly note that included the person's name, so the recipient would open the document thinking it was harmless. The virus would then create 50 new messages from the recipient's machine. As a result, the Melissa virus was the fastest-spreading virus ever seen! it forced a number of large companies to shut down their e-mail systems.The Melissa virus took advantage of the programming language built into Microsoft Word called VBA, or Visual Basic for Applications. It is a complete programming language and it can be programmed to do things like modify files and send e-mail messages. It also has a useful but dangerous auto-execute feature. A programmer can insert a program into a document that runs instantly whenever the document is opened. This is how the Melissa virus was programmed. Anyone who opened a document infected with Melissa would immediately activate the virus. It would send the 50 e-mails, and then infect a central file called NORMAL.DOT so that any file saved later would also contain the virus! It created a huge mess.

Multipartite Virus: infects both files and the boot sector a double whammy that can reinfect your system dozens of times before it's caught.

Polymorphic Virus: changes code whenever it passes to another machine; in theory these viruses should be more difficult for antivirus scanners to detect, but in practice they're usually not that well written.

Stealth Virus: hides its presence by making an infected file not appear infected, but doesn't usually stand up to antivirus software.

All malicious codes aren't viruses

A common misconception is that other kinds of electronic nasties, such as worms and Trojan horse applications, are viruses. They aren't. Worms, Trojan horses, are in a broader category analysts call "malicious code."

A worm program replicates itself and slithers through network connections to infect any machine on the network and replicate within it, eating up storage space and slowing down the computer. But worms don't alter or delete files.Worms are very similar to viruses in that they are computer programs that replicate functional copies of themselves usually to other computer systems via network connections and often, but not always, contain some functionality that will interfere with the normal use of a computer or a program. The difference is that unlike viruses, worms exist as separate entities; they do not attach themselves to other files or programs. Because of their similarity to viruses, worms are often also referred to as viruses. A well-known example of a worm is the ILOVEYOU worm, which invaded millions of computers through e-mail in 2000.

A Trojan horse doesn't replicate itself, but it is a malicious program disguised as something benign such as a screen saver. When loaded onto your machine, a Trojan horse can capture information from your system such as user names and passwords.credit card numbers and other inportant data or could allow a malicious hacker to remotely control your computer.Named after the wooden horse the Greeks used to infiltrate Troy, a Trojan horse is a program that does something undocumented which the programmer intended, but that the user would not approve of if he or she knew about it. According to some experts, a virus is a particular case of a Trojan horse, namely one which is able to spread to other programs i.e., it turns them into Trojans too. According to others, a virus that does not do any deliberate damage other than merely replicating is not a Trojan. Finally, despite the definitions, many experts use the term "Trojan" to refer only to a non-replicating malicious program. An example of a Trojan horse is W32.DIDer. This has been found on the computers of users who have downloaded the popular file-sharing program Grokster. A parasitic program written intentionally to enter a computer without the user's permission or knowledge. The word parasitic is used because a virus attaches to files or boot sectors and replicates itself, thus continuing to spread. Though some viruses do little but replicate, others can cause serious damage or affect program and system performance. A virus should never be assumed harmless and left on a system.

Antivirus

Virus experts have recorded more than 40,000 viruses and their variant strains over the years, While most viruses are just annoying time-wasters, the ones that do deliver a destructive payload are a real threat.

Viruses have been around since the early 1960s,since the earliest computers existed, though until the 1980s they were largely laboratory specimens, created by researchers and released in a controlled environment to examine their effect.

When viruses first appeared in the wild in the 1980s, they spread slowly and passed via the floppy disks traded by people and shared between computers. But widely available Internet and e-mail access hastened their spread. significantly increased the odds that the average computer user would confront a virus because they spread so rapidly. E-mail viruses today account for about 81 percent of virus infections and can infect thousands of machines in a matter of minutes.

Practice safe computing

  • The best way to protect yourself from viruses is to avoid opening unexpected e-mail attachments and downloads from unreliable sources. Resist the urge to double-click everything in your mailbox. If you get a file attachment and you aren't expecting one, e-mail the person who sent it to you before you open the attachment. Ask them if they meant to send you the file, what it is, and what it should do.

  • For added safety, you need to install reliable antivirus scanning software and download updates regularly. Major antivirus software vendors, including Symantec, Network Associates, Computer Associates, and Trend Micro, provide regular updates.

  • Regular updates are essential. Researchers at Computer Economics estimate that 30 percent of small businesses are vulnerable to viruses either because they don't keep their virus-scanning software updated or because they don't install it correctly.

  • If you simply avoid programs from unknown sources like the Internet, and instead stick with commercial software purchased on CDs, you eliminate almost all of the risk from traditional viruses. In addition, you should disable floppy disk booting most computers now allow you to do this, and that will eliminate the risk of a boot sector virus coming in from a floppy disk accidentally left in the drive.

  • You should make sure that Macro Virus Protection is enabled in all Microsoft applications, and you should Never run macros in a document unless you know what they do. There is seldom a good reason to add macros to a document, so avoiding all macros is a great policy.




    Open the Options dialog from the Tools menu in Microsoft Word and make sure that Macro Virus Protection is enabled, as shown.

  • You should never double-click on an attachment that contains an executable that arrives as an e-mail attachment. Attachments that come in as Word files .DOC, spread sheets .XLS, can contain a macro virus be aware. A file with an extension like EXE, COM or VBS is an executable, and an executable can do all sort of damage. Once you run it, you have given it permission to do anything on your machine. The only defense is to never run executables that arrive via e-mail.

    By following those simple steps, you can protect yourself.




    Back to the Top


    HOME