Home  >Administration  >Information Systems  >Articles  >Viruses

Computer Viruses

Any unprotected computer system can fall victim to viruses, which can cause serious damage in a short time. The results of a virus can range from merely annoying to disastrous, and the loss of software and data can be time-consuming and expensive. With corporations increasingly using computers for enterprise-wide, business-critical computing, the costs of virus-induced downtime are growing along with the threat of viruses.

What is a computer virus?
It is a program designed to replicate and spread while the user is oblivious to its existence. Computer viruses spread by attaching themselves to other programs (e.g., word processor files) or to a disk's boot sector. When an infected file is executed, or when the computer is started from an infected disk, the virus is also executed. A virus often lurks in computer memory waiting to infect the next activated program or the next accessed disk. Viruses can rename system files so they cannot be accessed and make systems unbootable.

How does a virus infect your system?
Viruses can spread by almost any means two computers share information. The old-fashioned way, through an infected disk, is the most common. Most often, diskettes brought to the office from home are responsible for introducing a virus into a corporate network-computing environment. Most at-risk servers on a network have software that detects incoming viruses, but infections do occur in networked environments, making the rapid spread of a virus a serious risk. With networking, enterprise computing, and inter-organizational communications on the increase, infection during telecommunications and networking is on the rise. You can acquire viruses while downloading software from the Internet or from an electronic bulletin board service. Viruses can also replicate themselves via e-mail attachments.

How do you know if your system is infected with a virus?
The most common viruses are without any symptoms, so anti-virus software is necessary to identify infections. However, many viruses are flawed and provide tip-offs to their infection. Below is a list of indicators that your computer may be infected. These symptoms can be the result of a problem other than a virus.

Changes in the length of programs.
Changes in the file date or time stamp.
Longer program load times.
Slower system operation.
Reduced memory or disk space.
Bad sectors on your floppy.
Unusual error messages.
Unusual screen activity.
Failed program execution.
Failed system boot-up when booting or accidentally booting from the A: drive.
Unexpected writes to a drive.

Virus protection software, such as VirusScan, is your first line of defense against viruses. Make sure the data the software uses to locate viruses is updated regularly. Viruses proliferate and spread only as long as they exist undetected. The opportunities for infection are increasing with the Internet's growth, and there will be more damaging viruses. Windows-specific viruses have already appeared.

In response to the explosion of virus types and transmission opportunities, virus protection must expand to meet these challenges, too. Knowing where a virus can come from, how it spreads, and the symptoms can help you contain the effects of a virus within an organization.

With such a large variety of new viruses, you'll want to keep up-to-date on the latest bug buzzwords. Here are some of the major virus categories and a few other terms you'll need to know.

• Executable file virus. This virus attaches itself to an executable file, such as an .EXE or .COM file, and runs whenever the executable file is run. Our example above fits this description; it infected a .COM file.
• Boot sector virus. This virus infects the boot sector of a disk, where it is executed whenever the disk is used to boot from. If you boot from an infected floppy, the virus infects the hard drive's boot sector. Every floppy that you put into your infected machine will also pick up the virus. Boot sector viruses are particularly dangerous, since they run every time the computer is turned on.
• Trojan horse. This virus masquerades as something desirable when its real aim is destruction. That cool game your brother-in-law gave you on a floppy might actually be a Trojan Horse virus. When you play the game you are also infecting all your boot sectors. It's just another reason to avoid your brother-in-law.
• Polymorphic virus. This virus changes on the fly—making it difficult to detect. A polymorphic virus has a unique sequence of bytes in its code, known as its "signature."
• Stealth virus. Stealth viruses escape normal antivirus detection efforts because they contain a unique code. The stealth is a type of polymorphic virus. For example, a boot sector virus may copy the original boot sector to somewhere else on the hard disk, then wait for attempts by other programs to look at the actual boot sector. If the virus detects such an attempt by, say, an antivirus program, it intercepts the attempt and redirects the antivirus program to the original boot sector sitting out on the hard disk. The antivirus program then reports that all is well with the boot sector, and the virus goes undetected.
• Trigger event. Some viruses do their dirty work immediately upon execution. More commonly, though, the virus lies in wait, biding its time until some event chosen by its author causes it to "wake up" and deliver its "payload." It may be a date, or a time. It may be a certain number of boot ups, or a certain number of times a command is executed.
• Payload. Just like in missiles, the virus payload is whatever damage the virus ultimately delivers. It may be fairly innocuous, like a message appearing on your screen. It may be annoying, like letters falling to the bottom of the screen. Or, it may be horribly destructive, like deleting every file it can find on both your computer and the network.

Last modified: June 01, 2007
Yannis Grammatis