A computer virus is a piece of software that can “infect” other programs by modifying them; the modification includes injecting the original program with a routine to make copies of the virus program, which can then go on to infect other programs. A computer virus carries in its instructional code the recipe for making perfect copies of itself. The typical virus becomes embedded in a program on a computer. Then, whenever the infected computer comes into contact with an uninfected piece of software, a fresh copy of the virus passes into the new program. Thus, the infection can be spread from computer to computer by unsuspecting users who either swap disks or send programs to one another over a network. In a network environment, the ability to access applications and system services on other computers provides a perfect culture for the spread of a virus.
A virus can do anything that other programs do. The difference is that a virus attaches itself to another program and executes secretly when the host program is run. Once a virus is executing, it can perform any function, such as erasing files and programs that is allowed by the privileges of the current user.
Three Parts of Computer Virus
1. Infection mechanism - The means by which a virus spreads, enabling it to replicate. The mechanism is also referred to as the infection vector.
2. Trigger - The event or condition that determines when the payload is activated or delivered.
3. Payload - What the virus does, besides spreading. The payload may involve damage or may involve benign but noticeable activity.
Four Phases of Computer Virus
Dormant phase: The virus is idle. The virus will eventually be activated by some event, such as a date, the presence of another program or file, or the capacity of the disk exceeding some limit. Not all viruses have this stage.
Propagation phase: The virus places a copy of itself into other programs or into certain system areas on the disk. The copy may not be identical to the propagating version; viruses often morph to evade detection. Each infected program will now contain a clone of the virus, which will itself enter a propagation phase.
Triggering phase: The virus is activated to perform the function for which it was intended. As with the dormant phase, the triggering phase can be caused by a variety of system events, including a count of the number of times that this copy of the virus has made copies of itself.
Execution phase: The function is performed. The function may be harmless, such as a message on the screen, or damaging, such as the destruction of programs and data files.
Common Types of Computer Viruses
Cybercriminals are getting better and better at stealing our confidential data and viruses that are being created are evolving rapidly. There are millions of viruses around the world, but here are some common types you should be aware of:
1. File-infecting Virus - A virus that attached itself to an executable program. It is also called a parasitic virus which typically infects files with .exe or .com extensions. Some file infectors can overwrite host files and others can damage your hard drive’s formatting.
2. Macro Virus - This type of virus is commonly found in programs such as Microsoft Word or Excel. These viruses are usually stored as part of a document and can spread when the files are transmitted to other computers, often through email attachments.
3. Browser Hijacker - This virus targets and alters your browser setting. It is often called a browser redirect virus because it redirects your browser to other malicious websites that you don’t have any intention of visiting. This virus can pose other threats such as changing the default home page of your browser.
4. Web Scripting Virus - A very sneaky virus that targets popular websites. What this virus does is overwrite code on a website and insert links that can install malicious software on your device. Web scripting viruses can steal your cookies and use the information to post on your behalf on the infected website.
5. Boot Sector Virus - These viruses are once common back when computers are booted from floppy disks. Today, these viruses are found distributed in forms of physical media such as external hard drives or USB. If the computer is infected with a boot sector virus, it automatically loads into the memory enabling control of your computer.
6. Polymorphic Virus - This virus has the capability to evade anti-virus programs since it can change codes every time an infected file is performed.
7. Resident Virus - A resident virus stores itself on your computer’s memory which allows it to infect files on your computer. This virus can interfere with your operating system leading to file and program corruption.
8. Multipartite Virus - A type of virus that is very infectious and can easily spread on your computer system. It can infect multiple parts of a system including memory, files, and boot sector which makes it difficult to contain.
Computer Virus classification by target
Boot sector infector: Infects a master boot record or boot record and spreads when a system is booted from the disk containing the virus.
File infector: Infects files that the operating system or shell consider to be executable.
Macro virus: Infects files with macrocode that is interpreted by an application.
Computer Virus classification by concealment strategy
Encrypted virus: A typical approach is as follows. A portion of the virus creates a random encryption key and encrypts the remainder of the virus. The key is stored with the virus. When an infected program is invoked, the virus uses the stored random key to decrypt the virus. When the virus replicates, a different random key is selected. Because the bulk of the virus is encrypted with a different key for each instance, there is no constant bit pattern to observe.
Stealth virus: A form of virus explicitly designed to hide itself from detection by antivirus software. Thus, the entire virus, not just a payload is hidden.
Polymorphic virus: A virus that mutates with every infection, making detection by the “signature” of the virus impossible.
Metamorphic virus: As with a polymorphic virus, a metamorphic virus mutates with every infection. The difference is that a metamorphic virus rewrites itself completely at each iteration, increasing the difficulty of detection. Metamorphic viruses may change their behavior as well as their appearance.