Internet Guide Logo

Computer virus

Introduction

A computer virus is a computer program that is a potent threat to computer security. A computer virus attaches itself to a "healthy" computer file (body cell), typically modifies the file, and then replicates itself by inserting a copy of itself into another computer file. Computer viruses infect a host without the permission of the host. Therefore, a computer virus is defined by it's distinctive trait of self-replication and doing so without a host's consent. The term 'computer virus' was coined by Frederick Cohen in 1983, when he described a self replicating computer program. Computer viruses should not be confused with the term "gone viral": which describes how news is spread online.

The most common symptoms that indicate a computer has been infected with a virus are:

1. Files and data are corrupted or deleted.
2. The computer takes longer to load programs/applications.
3. Images on the screen are distorted and unusual images and text appears.
4. Unusual noises come from a keyboard, hard disk.
5. Hard disk operates excessively or is inaccessible.
6. Disk space and filenames change for no reason.
7. System tools such as Scandisk return incorrect values.

With at least one thousand types of computer virus, there is no standard way in which a virus attacks a host. Some viruses will attack how a computer's CPU, others will effect a hard disk, and some viruses will attack a computers boot sector. Generally speaking, the motive and aim of a virus will facilitate one of the following:

1. Steal data, be it personal, research or governmental data.
2. Disrupt or destroy the performance of a computer system.
3. Remotely control a computer to spam or attack other computer systems.
4. Highlight a security flaw to software developers.
5. To promote an 'idea' by leaving a message or ongoing message.
6. To satisfy personal ambition or amusement.

A virus may be defined as malware, and may install the following: adware, dialer, spyware, trojan horse and worm.

Types of Virus

A program is defined as a virus by it's ability to replicate itself, but in order to replicate a virus must be able to execute itself and write itself to computer memory. In order to execute itself, a virus normally has to exploit vulnerabilities in software programs. A virus may try to circumvent security features by attaching itself to a legitimate executable file. Viruses are usually defined into one of these broad categories:

Virus types

Infection and Protection

Infection

How does a computer become infected with a virus? in the past the majority of computers were standalone computers which were not connected to a network (such as the Internet). Therefore, for the majority of computers, it was difficult for viruses to find a way to infect them. The first ever virus (Creeper) was spread across a computer network. In the past, viruses were mostly spread by removable media like floppy disk and CD's. Pirate software was stored on floppy disk and CD's: the ideal place to install a virus.

However, it is fair to say that during that era - 1970's and 1980's - virus creation was a "cottage industry" and a hobby of software writers. Only by the late 1980's and early 1990's did computer users slowly begin to use computers networks - like the Internet - on a daily basis. Computer networks provide far more opportunities for virus infection, and far more opportunities to steal important private information like financial details.

The popularity of the Internet, and the services provided by the Internet, has given virus writers many "vehicles" by which to spread their work. Email attachments are a common route by which a computer can become infected by a virus. The World Wide Web is another prominent Internet service where users can become infected with a virus: a growing number of websites have been unwittingly comprised, and viruses embedded into their content: for example, infected ActiveX elements.

It is difficult to classify how a virus infects a computer system: some viruses will infect executable files (.exe); some viruses will infect the hard disk boot sector; and other viruses will infect data files (wordprocessor files). Likewise, some viruses will reside in the memory (ram) of a computer system, whereas other viruses will only remain in the memory (ram) of a computer system until it has found a file to infect. Viruses also attempt to hide themselves from anti-virus detection, some basic stealth strategies are: not increasing the size of the file, and, ensuring the modification date of the file remains the same.

Protection

So, how does a user protect their computer system against a virus? the first step is to install an anti-virus program. When a virus attaches itself to a file or program, and modifies that file it leaves a signature. Anti-virus software scans each file to detect the signature of a virus; therefore, anti-virus software is good for detecting virus signature's it knows, but has no protection against viruses it does not know, or for new viruses. Therefore, it is important to install the latest update for an anti-virus program: so that it's database of virus signature's is as extensive as possible. To recap, a user should try to:

  1. Install anti-virus software to quarantine and remove any viruses.
  2. Keep anti-virus software up-to-date.
  3. Install a personal firewall.
  4. Use Windows / Apple / Linux updates. (patch security holes)
  5. Install the latest version of a web browser. (patch security holes)
  6. Keep any program which connects to the Internet up-to-date. (patch security holes)

How a user operates their computer will also dictate the likelihood of their computer being infected with a virus. If a user does not connect to computer networks - like the Internet - and only installs software from trusted software vendors: then the likelihood of being infected by a virus is virtually nonexistent. If a user only uses Internet services they have verified can be trusted, then the likelihood of downloading a file which contains a virus is low. However, if a user visits websites they have not verified are secure, they download files from unknown sources, and install questionable plugins and programs: then the likelihood of being infected by a virus are increased exponentially.

Viruses and Operating Systems

The vast majority of viruses tend to attack vulnerabilities in the Windows operating system: as it's the most widely used platform. The first virus which attacked the Windows operating system is believed to be WinVir (Windows 3.0). Security experts are usually in agreement that other operating systems - Unix, Linux and MacOS - are more secure than Windows and have a more robust and standarised environment. However, it may be the case that the vulnerabilities in these operating system have not been explored because virus writers are primarily focused on writing viruses to infect the Windows operating system.

Computer viruses have an extensive history, and it is believed that John von Neumann first outlined a theory for computer viruses in an article named "The theory of self-reproducing automata" in 1949. The first computer virus is believed to be Creeper, which was released in 1971. The Creeper virus infected ARPANET; which was one of the first computer networks to use packet switching and the first computer network to use TCP/IP. The technological underpinning of ARPANET is used on the Internet (TCP/IP). ARPANET was a computer network which connected nodes (computers) using a variety of operating systems. The Creeper virus tended to attack ARPANET nodes which used the TENEX, TOPS-20, TOPS-10, ITS and WAITS operating systems.

The Unix operating system was infected in 1988 by the first computer worm; a worm is similar to a virus. The Morris worm infected computers that ran the BSD UNIX operating system; Berkeley Software Distribution of Unix, also referred to as Berkeley Unix. During 1988, the Ping-Pong virus infected computers running the MS-DOS operating system, and the Festering Hate virus infected computers running the ProDOS operating system (Apple version of DOS). However, by the 1990's, and the release of Windows, the majority of viruses infected computers running Windows; one such example being the Happy99 virus.

In 2004, out of all the viruses identified by McAfee, only a handful targeted the Macintosh platform. However, there has been some notable viruses which have attacked the Macintosh platform, such as: INIT-29-B and Hypercard HC-9507. One of the first viruses to target an Apple operating system was Elk Cloner, which was created by Richard Skrenta in 1982. The most famous Apple Macintosh virus/worm is AutoStart - which originated in Asia in 1998. AutoStart was first identified on Hong Kong computer systems, and then spread across global computer systems. AutoStart used QuickTime's AutoStart function, and infected any PowerPC system that ran MacOS. The AutoStart virus added invisible files to every disk partition and also overwrote data files with random data. The fallout caused by the AutoStart virus led to John Norstad shutting down Disinfectant: a shareware program, which was a popular alternative to commercial anti-virus packages.

Therefore, while viruses tend to focus on security "holes" within the Windows operating system, it should not be assumed that other operating systems are immune to viruses.