A computer virus is a program that is designed to damage your computer, programs, and files. Like a virus in a living thing, a computer virus can spread if it is not removed. Some viruses are more dangerous than others. One of the most common places for a computer virus to appear is on a file found on the Internet or attached to an E-mail. For example, you may have a virus that just pops a message box on your screen, and then the virus is disabled, or you can have a virus that deletes half of your hard drive.
Computer viruses didn’t really exist until the mid 1980s. The first computer viruses were created in university labs to demonstrate how much of a threat the vicious code could be.
There are many kind of viruses that exist today. Some of the most common of Computer Viruses are: File Viruses, Boot Sector/Partition Viruses, Multi-Partite Viruses, Trojan Horses, File Overwriters, Polymorphic viruses, and Stealth Viruses.
A File Virus is the most common kind of virus. These kinds of viruses usually infect .EXE and .COM files, which are the main component of a program or application. A file virus can insert its own code into part of the file, so that when the infected program file is run, the virus is executed first.
Most file viruses are memory resident. Because of this, they can easily attach themselves to other programs that are being run and start to infect that file. A simple virus will overwrite and destroy a host file, immediately letting the user know that there is a problem because the software will not run. Because these viruses are immediately sensed by the computer, they have a less chance to spread. More complex written viruses will cause more damage, spread easier, and are harder to be detected.
Boot sector viruses infect hard drives and floppy disks by putting itself on the boot sector of the disk, which has the code that is run at boot up. Booting up from an infected floppy, allows the virus to jump from the floppy to the hard drive. These viruses are loaded first, and gain control of the system before MS-DOS could be loaded. Since the virus is run before the operating system, it is not MS-DOS-specific and can infect any PC operating system.
These viruses stay in the RAM and infects every disk that is read by the computer until the computer is rebooted. After reboot the virus is removed from memory.
Multi-Partite Viruses are the worse of both file and boot sector viruses. They can infect the host software components. These viruses spread like a file virus, but still insert itself into a boot sector or partition table. Because of this, they are difficult to remove. An example of this type of virus is the Tequila virus.
Trojan Horses are the worst kind of viruses that exist. They contain malicious code that is meant to damage your computer. Unlike other viruses, this virus does not replicate itself. This virus waits until the trigger event. When the trigger event occurs, a message is displayed or files are damaged. Because of the nature of these viruses, there are some researchers that do not classify Trojan Horses as viruses.
File Overwriters are viruses that link themselves to a program, leaving the original code intact and adding themselves over and over to as many files as possible. These viruses are made simply to keep copying itself. While, this virus is copying itself it is taking up more disk space and slowing down performance. Since these viruses often have flaws in them, they can inadvertently damage or destroy data. The worst kind of file overwriters, wait until the trigger event, then start to destroy files.
Most of the viruses that exist today are Polymorphic. Recently a Mutation Engine was released. This software ensures that polymorphic viruses will only proliferate over the next few years. Like the human AIDS virus, polymorphic viruses grows fast to escape detection by anti-virus programs. Special encrypted code within this virus allows the virus to hide from detection.
There are a limited number of kinds of polymorphic viruses. Because of this, they are easier to notice. An example of this would be the Whale Virus , which has 32 different forms.
Stealth viruses are similar to a stealth aircraft. Like a stealth aircraft, they make themselves invisible to be detected. The virus hides itself into the file and makes it look like the program is running normal. This is a memory-resident virus.
Because there are so many different virus types, I have just listed the most common ones.
If you are trying to search for a Virus Name, you should know the Virus Naming Conventions. The Prefix denotes the platform on which the virus replicates or the type of virus. DOS viruses usually do not contain a Prefix. The name is the family name of the virus. The Suffix may not always exist. Suffixes distinguish between variants of the same family and is usually a number denoting the size of the virus or a letter. These are formatted as Prefix.Name.Suffix. For example, WM.Cap.A. The following are prefixes to some popular viruses types:
WM: Word Macro virus that replicate under Word 6.0 and Word 95(7.0). They may also replicate under Word 97. These are not native to Word 97.
W97M: Word97 Macro viruses. These are native to Word 97 and work only in Word 97.
XM: Excel Macro viruses that are native to Excel 5.0 and Excel 95.
X97M: Excel macro virus that are native to Excel 97.
XF: Excel Formula Viruses that are using old Excel 4.0 sheets within newer Excel documents.
AM: Access Macro viruses that are native to Access 95.
A97M: Access Macro viruses that replicate in Access 97.
W95: Windows 95 viruses that infect files under
Windows 95 systems. These viruses also will work in Windows 98.
Win: Windows 3.x viruses infect files under Windows 3.x systems.
W32: 32-bit Windows viruses that can infect under all
32-bit Windows platforms.
HLLC: High Level Language Companion virus. These are usually DOS viruses that create an additional file to spread.
HLLP: High Level Language Parasitic virus. These are usually DOS virus that attach themselves to host files.
HLLO: High Level Language Overwriting virus. These are usually DOS viruses that overwrite the host file with viral code.
Trojan: These files are not viruses, but Trojan Horses. Trojan Horses are files that masquerade as helpful programs, but turn out to malicious code. Trojan Horses do not replicate.
Just recently there was a huge Virus spread. This virus was the fastest virus spread ever. The virus was a Microsoft Word 97 macro virus. The virus was named ?Melissa.?
The Melissa virus spread so fast that causes servers to melt down.
This virus came as an E-mail attachment with the subject line ?Here is the document you asked for.? The document attached was the virus, which looks for an Outlook or Outlook Express address on your computer and sends a copy of the E-mail to everyone on the mailing list.
If the user was using Microsoft word at the same time as the date is, for example, 3:27 on March 27, the following text would be inserted into the document, ?Twenty-two points plus triple word score plus 50 points for using all my letters. Game’s over, I’m outta here.?
There have been reports of variations of this virus starting to appear.
There many of viruses discovered each day. There are some that only exist in the minds of the public and press. These are called ?Virus Hoaxes.? These types of viruses do not really exist. They are used to scare people. If you are warned about one of these viruses, please ignore it because passing along the word, will only make somebody want to create that virus.
Macintosh viruses also exist. These viruses affect executable files, system files, applications, control panels, and HyperCard stacks.
Most Macintosh viruses are memory-resident. Many of the Mac viruses are simply designed to copy itself over and over again and take up space, not to damage data, although there are some that do damage data. The most common Macintosh virus is the nVir virus. This virus makes Macintosh computers beep unexpectedly.
One good thing about Macintosh viruses is that, Macintosh viruses cannot infect PC computers, and PC viruses cannot infect Macintosh computers.
It is dangerous when making predictions about the future. Unless you can see into the future, it is not wise to try to see what would happen. Because of this, someone can make a broad judgment of future virus development.
Academic Computing and Communications Center. Mac Viruses.
Craig Menefee, Newsbytes. ?Fastest Virus Spread Ever? Computer Currents, March 30, 1999.
Dr. Soloman’s. The Future Impact of Viruses.
Symantec AntiVirus Research Center. Computer Viruses ? An Executive Brief.
Symantec AntiVirus Research Center. Virus Hoaxes.
Symantec AntiVirus Research Center. Virus Naming Conventions.