Hardware Threats

Hardware is a common cause of data problems. Power can fail, electronics age, add-in boards can be installed wrong, you can mistype, there are accidents of all kinds, a repair technician can actually cause problems, and magnets you don’t know are there can damage disks.

Hardware problems are all too common. We all know that when a PC or disk gets old, it might start acting erratically and damage some data before it totally dies. Unfortunately, hardware errors frequently damage data on even young PCs and disks. Here are some examples.

Power Faults

Your PC is busy writing data to the disk and the lights go out! “Arghhhh!” Is everything OK? Maybe so, maybe not; it’s vital to know for sure if anything was damaged.

Other power problems of a similar nature would include brownouts, voltage spikes, and frequency shifts. All can cause data problems, particularly if they occur when data is being written to disk (data in memory generally does not get corrupted by power problems; it just gets erased if the problems are serious enough).

  • Brownout: Lower voltages at electrical outlets. Usually they are caused by an extraordinary drain on the power system. Frequently you will see a brownout during a heat wave when more people than normal have air conditioners on full. Sometimes these power shortages will be “rolling” across the area giving everyone a temporary brownout. Maybe you’ll get yours just as that important file is being written to disk.
  • Voltage Spikes: Temporary voltage increases are fairly common. Large motors or circuit breakers in industry can put them on the electrical line. Sudden losses (e.g., a driver hits a power pole) can causes spikes as the circuits balance. An appliance in your home can cause a spike, particularly with older wiring. Lightning can put large spikes on power lines. And, the list goes on. In addition to current backups and integrity information for your software and data files, including a hardware voltage spike protection device between the wall and your computer hardware (don’t forget the printer and monitor) can be very helpful.
  • Frequency Shifts: While infrequent, if the line frequency varies from the normal 60 Hertz (or 50 Hertz in some countries), the power supply on the computer can be affected and this, in turn, can reflect back into the computer causing data loss.

Solution: Consider a combined surge protector and uninterruptible power supply.


It’s not magic; as computers age they tend to fail more often. Electronic components are stressed over time as they heat up and cool down. Mechanical components simply wear out. Some of these failures will be dramatic; something will just stop working. Some, however, can be slow and not obvious. Regrettably, it’s not a question of “if”, but “when” in regard to equipment failure.

Solution: Keep an eye on the specials after three to five years.


You can have hardware problems on a perfectly healthy PC if you have devices installed that do not properly share interrupts. Sometimes problems are immediately obvious, other times they are subtle and depend upon certain events to happen at just the wrong time, then suddenly strange things happen! (Software can do this too!)

Solution: Make a really good backup before installing anything (hardware or software) so you can revert the system back to a stable state should something crop up.

Finger Faults

(Typos and “OOPS! I didn’t mean to do that!”)

These are an all too frequent cause of data corruption. This commonly happens when you are intending to delete or replace one file but actually get another. By using wild cards, you may experience a really “wild” time. “Hmmm I thought I deleted all the *.BAK files; but they’re still here; something was deleted; what was it? Or was I in the other directory?” Of course if you’re a programmer or if you use sophisticated tools like a sector editor, then your fingers can really get you into trouble!

Another finger fault problem arises with touchpads below the space bar on notebook computers. It’s very easy to brush the touchpad when you are typing away and suddenly find yourself entering characters in a screen location very different from where you were before you touched the pad.

Solution: Be careful and look up now and again to make certain your cursor is where you want it.

Malicious or Careless Damage

Someone may accidentally or deliberately delete or change a file on your PC when you’re not around. If you don’t keep your PC locked in a safe, then this is a risk. Who knows what was changed or deleted? Wouldn’t it be nice to know if anything changed over the weekend? Most of this type of damage is done unintentionally by someone you probably know. This person didn’t mean to cause trouble; they simply didn’t know what they were doing when they used your PC.

Solution: Never run the computer as an administrative user and have guest accounts available for others who use the computer. Keep up-to-date backups as well.

Typhoid Mary

One possible source for computer infections is the Customer Engineer (CE), or repairman. When a CE comes for a service call, they will almost always run a diagnostic program from diskette. It’s very easy for these diskettes to become infected and spread the infection to your computer. Sales representatives showing demonstrations via floppy disks are also possibly spreading viruses. Always check your system after other people have placed their floppy disk into it. (Better yet, if you can, check their disk with up-to-date anti-virus software before anything is run.)

Solution: Insist on testing their disk before use or make certain they’ve used an up-to-date anti-virus before coming to your location.

Magnetic Zaps

Computer data is generally stored as a series of magnetic changes on disks. While hard disks are generally safe from most magnetic threats because they are encased within the computer compartment, floppy disks are highly vulnerable to magnets. The obvious threat would be to post a floppy disk to the refrigerator with a magnet; but there are many other, more subtle, threats.

Some of the more subtle sources of magnetism include:

  • Computer Monitor. Don’t put floppy disks anywhere near the monitor; it generates a magnetic field. (Generally applies to the older CRT displays.)
  • Telephone. When ringing, telephones (particularly older phones with a bell) generate a magnetic field.
  • Bottom Desk Drawer. While the desk drawer does not generate a magnetic field, the vacuum cleaner that the maintenance people slide under the desk to clean the floor does.
  • Bottom Bookcase Shelf and File Cabinet Drawer. Same comment as the desk drawer just above.
  • Pets. Pet fur generates a strong electrostatic charge which, if discharged through a disk, can affect files on the disk. Instead of “The dog ate my homework,” today it could just as easily be: “The cat sat on my homework.” (I once had a student where this exact problem happened; a cat sat on her floppy disk and static wiped out the data on the disk.)

Solution: Stay away from magnets or sources of static of all kinds when working with a computer.

Bottom line: There are tools to assist in recovery from disk problems, but how do you know all the data is OK? These tools do not always recover good copies of the original files. Active action on your part before disaster strikes is your best defense. It’s best to have a good, current backup and, for better protection, a complete up-to-date integrity-check map of everything on your disk.


  • There are many different kinds of hardware threats to your data. Some include:
    • Power faults
    • Age
    • Equipment incompatibilities
    • Typos
    • Accidental or deliberate damage
    • The Customer Engineer or friendly salesperson
    • Problems with magnets and/or sources of static electricity
  • Active action on your part can help you identify problems and, perhaps, head them off early.
Up Arrow Introduction to Viruses Up Arrow
Prior Page Next Page
Why do People Write Viruses Software Threats


While more in number, file infectors are not the most commonly found. They infect in a variety of ways and can be found in a large number of file types.

In terms of sheer number of viruses, these were the most numerous for some time. However, because of bugs in the virus code, they have not been the most widely spread.

The simplest file viruses work by locating a type of file they know how to infect (usually a file name ending in .COM or .EXE) and overwriting part of the program they are infecting. When this program is executed, the virus code executes and infects more files. These overwriting viruses do not tend to be very successful since the overwritten program rarely continues to function correctly and the virus is almost immediately discovered.

The more sophisticated file viruses save (rather than overwrite) the original instructions when they insert their code into the program. This allows them to execute the original program after the virus finishes so that everything appears normal.

Just as system sector viruses can remain resident in memory and use stealth techniques to hide their presence, file viruses can also hide this way. If you do a directory listing, you will not see any increase in the length of the file and if you attempt to read the file, the virus will intercept the request and return your original uninfected program to you.

Some file viruses (such as 4096) also infect overlay files as well as the more usual *.COM and *.EXE files. Overlay files have various extensions, but .OVR and .OVL are common (overlay files are almost never used today; they are something you found in the MS-DOS days). Files with the extension .DLL are also capable of being infected (but generally are not; typically they are only libraries of functions). Indeed, as operating systems become more advanced, typically more files become able to contain executable code and thus be vulnerable to infection. (See the file extension list for a more complete summary.)


  • File viruses number in the thousands, but are not the most widely found in the wild.
  • File viruses have a wide variety of infection techniques and infect a large number of file types.
Up Arrow What Viruses Infect Up Arrow
Prior Page Next Page
System Sectors Macros

Comments from Original Post:

Said this on 2010-08-21 At 05:22 am
I want to remove the virus from my computer

[Use one of the free anti-virus software solutions. –DaBoss]
Said this on 2010-12-30 At 10:14 am
In reply to #3
type me full information on computer viruses bcauz we r having a seminar.
pls fast!!!!!!!!!!!!!!

[Sorry, I don’t do other people’s homework. –DaBoss]
Said this on 2011-01-27 At 06:11 am
In reply to #4
how to make antivirus software in vb.net pls tell that

[CKnow gives no programming advice about viruses or anti-virus software. Either would give clues on how to write a virus and there are enough of them out there already. –DaBoss]

System Sectors

System sectors (Master Boot Record and DOS Boot Record) are often targets for viruses. These boot viruses use all of the common viral techniques to infect and hide themselves. While mostly obtained from an infected disk left in the drive when the computer starts, they can also be “dropped” by some file infectors or Trojans.

System sectors are special areas on your disk containing programs that are executed when you boot (start) your PC. Every disk (even if it only contains data) has a system sector of some sort. Sectors are simply small areas on your disk that your hardware reads in single chunks. System sectors are invisible to normal programs but are vital for correct operation of your PC. In the early days, they were a common target for viruses; as floppy drives went out of fashion the instance of these diminished to almost zero and then about 2008 infection of the system sectors started to rise as a way to get rootkits running on a system.

There are two types of system sectors found on DOS/Windows PCs:

System sector viruses modify the program in either the DOS boot sector or the Master Boot Record. Since there isn’t much room in the system sector (only 512 bytes), these viruses usually have to hide their code somewhere else on the disk. These viruses sometimes cause problems when this spot already contains data that is then overwritten. To make themselves harder to find a system sector virus will sometimes find the “end” of the disk and write itself to the disk in an area beyond this with special routines to access that area to get its code back out.

Some viruses, such as the Pakistani Brain virus, mark the spot where they hide their code as bad. This is one reason to be suspicious if any utility suddenly reports additional bad sectors on your disk and you don’t know why (don’t panic, bad sectors occur frequently for a wide variety of reasons). These viruses usually go resident in memory on your PC, infect the hard disk, and infect any floppy disk that you access. Simply looking at the directory of a floppy disk may cause it to be infected if one of these viruses is active in memory. The more modern of these beasts exist as rootkits which can load either before, with, or as part of the operating system.

On Macintosh systems, some of these viruses even infected a diskette immediately upon inserting a diskette into the floppy drive. (PCs generally do not access a disk automatically as the Macintosh does.)

Since viruses are active in memory (resident), they can hide their presence. If Brain is active on your PC, and you use a sector editor to look at the boot sector of an infected diskette, the virus will intercept the attempt to read the infected boot sector and instead return a saved image of the original boot sector. You will see the normal boot sector instead of the infected version. Viruses that do this are known as stealth viruses.

In addition to infecting diskettes, some system sector viruses also spread by infecting files. Viruses of this type are called multipartite (multiple part) viruses. Since they can infect both files and system sectors they have more avenues to spread. (Note: Some file viruses also infect system sectors to complete the circle.)


  • System sectors (MBR and DBS) are often targets for viruses.
  • Even data disks can be infected by these viruses.
  • System sector viruses spread easily via floppy disk infections and, in some cases, by cross infecting files which then drop system sector viruses when run on clean computers.
Up Arrow What Viruses Infect Up Arrow
Prior Page Next Page
What Viruses Infect Files

Comments from Original Post:

Said this on 2009-09-16 At 08:12 am
I am dinesh
I want viruses problem solution

Said this on 2009-09-16 At 02:14 pm
In reply to #1
Best thing to do if you have a problem is to use anti-virus software to remove that problem. See the tutorial table of contents to the left for a link to a page listing vendors. Some have free removal tools and/or free software.
Said this on 2011-08-19 At 03:34 am
In reply to #1
So, You should wash your PC evry day…

[…with bleach! 🙂 –DaBoss]

What Viruses Infect

Viruses can infect a number of different portions of the computer’s operating and file system.

Viruses can infect a number of different portions of the computer’s operating and file system. These include:

That’s a summary, now see how each of these might work by continuing on in the tutorial.

Up Arrow Types of Viruses Up Arrow
Prior Page Next Page
Types of Viruses System Sectors

Comments from Original Post:

Said this on 2010-05-03 At 08:16 am
How to infect exe file with visual basic
[Please look elsewhere; CKnow does not provide information on how to write a virus. –DaBoss]

Types of Viruses

Viruses come in many types; written using many different infection strategies.

Computer viruses come in a variety of types. Breaking them into categories is not easy as many viruses have multiple characteristics and so would fall into multiple categories. We’re going to describe two different types of category systems: what they infect and how they infect. Because they are so common, we’re also going to include a category specific to worms.

What They Infect

Viruses can infect a number of different portions of the computer’s operating and file system. These include:

How They Infect

Viruses are sometimes also categorized by how they infect. These categorizations often overlap the categories above and may even be included in the description (e.g., polymorphic file virus). These categories include:

Blended Threats

And, as you might expect, not all malware operates according to a single rule. Combinations like a Trojan with embedded virus and many other combinations exist. Plus, a single virus may have multiple attack vectors. The categories above are more for understanding a technique than to say these are the single techniques used or even the only techniques used.

Now either click on the virus topic you are interested in or read about each in sequence…

Up Arrow VTutor Home Page Up Arrow
Prior Page Next Page
Virus Droppers What Viruses Infect

Comments from Original Post:

Said this on 2009-06-16 At 11:23 pm
how many type of viruses
Said this on 2009-06-17 At 04:54 pm
In reply to #1
Hard to say exactly as most beasts today are combinations. Above you see 27 different categories. Somebody else might develop a different category set just as valid.
Said this on 2010-01-06 At 04:13 am
In reply to #1
THERE ARE 8125 TYPES OF VIRUSES [OK. List them! — DaBoss :-)]
Said this on 2010-01-19 At 03:23 am
In reply to #1
It is very hard to tell because as time goes on they still produce then and their antiviruses
so I can’t give the number please there are many upcomming
Said this on 2010-03-14 At 03:15 am
In reply to #1
…the types of computer viruses is over 10 million virus that i have been seen,,,

Said this on 2010-11-28 At 02:10 am
In reply to #15
How did you know that there’s 10 million virus? 😉
Said this on 2011-07-30 At 10:50 pm
In reply to #15
oh….are you sure?
Said this on 2010-04-14 At 03:13 am
In reply to #1
how many types of virus
[Read the tutorial. –DaBoss]
Said this on 2010-04-14 At 03:17 am
In reply to #1
how can we install the the second antivirus in the pc whn other anti virus already instaled
[In general, you should not attempt to install two anti-virus programs on the same PC. They will often interact with each other and protection can be lost. –DaBoss]
Said this on 2010-06-08 At 09:51 pm
In reply to #1
Till now it cannot be counted crore’s of virus but each day more than 50000 virus are released

Said this on 2009-07-08 At 06:48 am
i’m itersted in making a virus .can u teach me how i will make a virus
Said this on 2009-07-08 At 11:17 am
In reply to #5
Let’s see …. No.

mohd shariq asrar
Said this on 2009-07-22 At 10:41 pm
i want to how many type of “VIRUS” ?
AND we read it easily
Said this on 2009-07-22 At 10:44 pm
In reply to #7
See comment #3 above.

Said this on 2009-08-19 At 06:13 am
can you put the picture of virus ?
Said this on 2009-08-19 At 12:35 pm
In reply to #9
Picture? No. Some computer viruses do nothing that can be observed; others will have screen displays and the like. But, there is no general picture specific to all viruses.

Said this on 2009-11-16 At 11:34 am
Can one avoid virus in his computer even if he does not use antivirus? [Edited by DaBoss to convert the all-caps to non-shouting lower case.]
Said this on 2009-11-16 At 09:41 pm
In reply to #11
You can if you are very careful. It’s a chore however and limits you ability to just explore.

With a Windows machine you’d need to make absolutely certain you keep up with all operating system and program security updates (but with zero-day attacks that’s not a certainty). You’d want to not click on any links in any E-mails, even if you know the sender (malware can easily forge an E-mail header to look genuine). You’d want to run only programs you trust and obtained legally (e.g., NO copied software and only software from known-good vendors). And, limit your time on the Internet to only what’s absolutely necessary. Keep the computer disconnected from the net if not actually using the net.

An easier method would also be to set up a virtual machine and install your known-good operating system and programs into the virtual machine. Then save that system state so you have an always-good, known configuration. Now, do your work in that virtual machine and when done and when you’ve moved any created data files out of the virtual machine to a safe place you can close down the virtual machine and anything and everything on it would disappear. The next day you start over again with a new copy of the original virtual machine. If you do this then you can be a bit more bold in what you do because you know that whatever got onto your computer will be gone when you close the virtual machine. Again, not perfect but not bad as an approach.

Of course, you could also just use a low-infection operating system and do everything on a Linux box. Very few active Linux beasts out there as most malware is directed at Windows machines.

Said this on 2010-07-14 At 05:31 am
pls. keep me login in to the driverguide.com

[CKnow has no association with them. Please contact them directly for help. –DaBoss]

shahab khan
Said this on 2010-09-26 At 04:51 am
what is the name of anti virus which delete and scan these all types of virus .can some one tell me this anti virus name .i want to install this anti virus which delete and scan all virus.

[Please see this page…
…for a list of anti-virus software makers. –DaBoss]

Said this on 2010-10-10 At 03:14 pm
How many types of virus & latest which virus attacked in orkut?
Said this on 2010-10-10 At 03:35 pm
In reply to #22
Orkut was attacked the end of September 2010 by the Bom Sabado malware. Appropriate since that means Good Saturday in Portuguese and the virus attacked on a Saturday.

Said this on 2010-11-09 At 03:27 am
can you briefly explain about the types of viruses.

[It might help to read the article and those following it. –DaBoss]

Sand michal
Said this on 2011-03-12 At 04:39 am
how many types of danger virus & how to create them .
Said this on 2011-04-14 At 03:54 am
Please many types of viruses, and how does it differ and understand the hardwares and it configuration.

[Please read the tutorial. –DaBoss]

Said this on 2011-06-02 At 06:02 am
Of course, you could also just use a low-infection operating system and do everything on a Linux box. Then save that system state so you have an always-good, known configuration. Now, do your work in that virtual machine and when done and when you’ve moved any created data files out of the virtual machine to a safe place you can close down the virtual machine and anything and everything on it would disappear

[And, of course, you could also use a VM in Windows to do the very same thing. –DaBoss]

Virus Droppers

A dropper is a program that, when run will attempt to install a regular virus onto your hard disk.

Normally, you obtain a virus by either attempting to boot from an infected floppy disk, by running an infected file, or by loading an infected document with viral macro commands in it. There is another way you can pick up a virus: by encountering a virus dropper. These are rare, but now and again someone will attempt to be clever and try to program one.

Basically, a dropper is just what the name implies: a program designed to run and install (or “drop”) a virus onto your system. The program itself is not infected nor is it a virus because it does not replicate. So, technically, a dropper should be considered a Trojan. Often, because the virus is hidden in the program code, a scanner will not detect the danger until after the virus is dropped onto your system. (It’s technically possible to write a virus that also drops other viruses, and several have been tried. Most are very buggy, however.)

It’s a technical point, but there is a class of dropper that only infects the computer’s memory, not the disk. These are given the name injector by some virus researchers.

A dropper is a program (malware component) that has been designed to “install” some sort of malware (virus, backdoor, etc) to a target system. The malware code can be contained within the dropper (single-stage) in such a way as to avoid detection by virus scanners or the dropper may download the malware to the target machine once activated (two stage).

There are two major types of droppers, those that do not require user interaction which perform through the exploitation of a system by some vulnerability and those that require user interaction by convincing the user that it is some legitimate or benign program. A dropper which installs a malware program to memory only is sometimes called an injector.


  • A Trojan program that installs a virus onto your system is called a dropper.
  • Fortunately, because of technical difficulties, droppers are hard to program and therefore rare.

That’s the end of the introduction. Now for the detail

Up Arrow Software Threats Up Arrow
Prior Page Next Page
Worms Types of Viruses

Comments from Original Post:

Said this on 2011-05-31 At 09:27 am
how do i fix this dropper virus instaler?? thanks

[Anti-virus software. If you know the name of the beast, check AV sites as they might have a standalone cleaner. –DaBoss]


Like the horse, a Trojan program is a delivery vehicle; a program that does something undocumented and often malicious.

These malicious programs are named after the Trojan horse, which delivered soldiers into the city of Troy.

Trojan Horse

Like the horse, a Trojan program is a delivery vehicle; a program that does something undocumented which the programmer intended, but that the user would not approve of if s/he knew about it. The Trojan program appears to be a useful program of some type, but when a certain event occurs, it does something nasty and often destructive to the system.

Most of the “classic” Trojan programs were delivered to users on disks which advertised themselves as something useful. As an example, a disk that was supposed to contain Aids information was once distributed. Unfortunately, when a program on the disk was run the user’s hard disk was encrypted and rendered useless. Many newer Trojan programs make their way to you as E-mail attachments with the text in the E-mail program enticing you to run the attachment.

There have been many Trojan programs and new ones crop up every day. It’s important to know and trust the source of any program you receive because most anti-virus programs can’t detect new Trojans. These programs, while potentially destructive, still use common DOS/Windows commands and any attempt to trigger an alert on these commands would result in massive false alarms.

Most anti-virus programs today include Trojans as soon as they are circulating as Trojans make up much of the malware in 2005/2006; but it may still be too late for you as it takes some time to update their databases. Trojans are, however, simple to avoid if you don’t succumb to the lures of the E-mails that send them to you.

Just to give you some examples of what sort of thing to watch out for, here are some Trojan examples, some historical and some recent. Brief descriptions are given here with more detail is available in the link.

  • ANSI BombWeb Popup. (rare today). This sort of Trojan used the ANSI.SYS driver in DOS to remap various display and keyboard functions.
  • Windows Help MacrosWeb Popup. (rare but demonstrated). The Windows HLP help file format allowed macros to be attached to help files. The macros could contain malicious code.
  • Social Engineering Messages. A wide variety of Trojans use social engineering to attempt to get you to run the malware associated with the message.
  • Double File ExtensionsWeb Popup. Windows generally comes with the display of common file extensions turned off by default. Files of the form README.TXT.EXE would show up as README.TXT but if you clicked on the file it would run as a program.
  • Screen Savers. Windows screen savers are basically executable code and malicious software in one can run in the background during the display.
  • Road AppleWeb Popup. A Trojan may be given a name the curious would naturally be interested in and then left where the curious can find it.
  • Physical MediaWeb Popup. A Trojan could be widely distributed using physical media sent to many around the world. The subject would have to be compelling (an AIDS Trojan distributed via CD is one example that has happened).
  • And, many more. See WikipediaWeb Link for more examples.

Some researchers consider a virus a particular case of a Trojan horse; others believe that if a virus does not do any deliberate damage it cannot be classed as a Trojan. In common use, most people (including Computer Knowledge) use Trojan to refer to a non-replicating malicious program.


  • A Trojan is a delivery vehicle.
  • The Trojan can carry a malicious payload or drop other malicious software onto your system.
  • Trojans often are delivered using social engineering methods.
Up Arrow Software Threats Up Arrow
Prior Page Next Page
Logic Bombs Worms

Comments from Original Post:

Said this on 2009-08-08 At 07:36 am
my wife loves to open emails with attachments. just because it comes from someone she knows i tell her they could be dangerous
Said this on 2009-08-08 At 11:35 am
In reply to #1
Not all attachments are bad but opening them without some indication of what’s in them can be dangerous. Have her try to set up some key word(s) with her friends who send attachments. If the message contains the key word(s) then it’s more likely to have been sent by a human and not a bot. No key word(s)? Use great caution. And, of course, keep the anti-malware software on the computer up to date.


A worm is a self-reproducing program that does not infect other programs as a virus will.

A worm is a self-reproducing program that does not infect other programs as a virus will, but instead creates copies of itself, and these create even more copies.

Worms are usually seen on networks and on multi-processing operating systems, where the worm will create copies of itself that are also executed. Each new copy will create more copies quickly clogging the system. Keep in mind, however, that most PCs are connected to a network (the Internet) and so are targets for worms.

The so-called ARPANET/INTERNET “virus” was actually a worm. It created copies of itself through the network, eventually bringing the network to its knees. It did not infect other programs as a virus would, but simply kept creating copies of itself that would then execute and try to spread to other machines.

Some newer macro viruses also send their infected documents over the Internet to others who then infect their systems and spread the virus further. Some have classed these as worms. However, because these programs require a host in order to spread (even though they send themselves and the host over a network) Computer Knowledge (and most anti-virus researchers) puts these beasts into the virus category. But, you can see where distinctions between categories can get blurred.

The newer script worms don’t help clarify the classification issue. Many of these are sent as a VisualBasic Script (VBS) file attached to an E-mail message. If you click on the attachment to open it the script runs and will often send the script to addresses in your E-mail address book; thus spreading itself. Technically, these would be worms but are often called viruses.

Bottom line: Don’t really try to make a firm distinction between a worm and a virus. You’ll just get frustrated. Call it a virus and be done with it but understand, deep down, that it just might be a worm.


  • A worm is a self-reproducing program.
  • They usually spread via networks but remembers most PCs are connected to a network (the Internet).
Up Arrow Software Threats Up Arrow
Prior Page Next Page
Trojans Virus Droppers

Why Do People Write Viruses?

There are many reasons why people write viruses, from simple boredom to criminal activity for making money.

Back in the dim mists of time, most virus writers were people who just wanted to test the system and push the envelope. They delighted in finding a way to insert their code into places where others might not find it and held contests of sorts to see who could do what the fastest during various conferences.

Another common reason for writing viruses was to “punish” users for some perceived infraction. The Brain virus, for example, was said to have been written to punish users of illegal copies of software (software pirates). Users could become legitimate by contacting Brain Computer Services for help.

The early virus writer Dark Avenger, in an interview with Sarah GordonWeb Link, put it this way:

The innocent users would be much less affected if they bought all the software they used (and from an authorized dealer) and if they used it in the way they are allowed to by the license agreement. If somebody instead of working plays pirated computer games all day long, then it’s quite likely that at some point they will get a virus. … Besides, viruses would spread much less if the ‘innocent users’ did not steal software, and if they worked a bit more at the workplace, instead of playing games.

With the advent of virus writing kits more people entered into the picture. These were largely the bored who had too much time on their hands and decided to spend it making and distributing viruses just for the heck of it. Many of these people could not actually program one if they had to; they just used the kits and put in different parameters and then sent whatever came out on their way in the hope of getting their name (“handle” actually — a person’s true name on a virus caused them great problems) mentioned somewhere.

This sort of activity expanded as the virus and worm and Trojan world expanded and script worms became common. Indeed, the term “script kiddieWeb Popup” was more or less coined during this time to indicate someone who would just take an existing script worm, modify a small part of it, and then release that as a “new” worm.

As spyware and adware started to appear motives started to change. Money started to enter into the picture.

First came botnets; networks of worms/viruses or Trojans designed to sit on a system and wait for a central command to do something, maybe crash the system(s) they were installed on. Then, the botnets evolved; or, at least, their purpose evolved. The botnet creators realized that they could use the botnets to make the infected computers send out spam. Since spammers would pay to send out spam money started to enter into the equation. The botnets were sending out messages based on the infected users computers’ stored address lists so the spammers had an automatic source of valid E-mail addresses and a possible way to get through blacklists because they could put the infected user’s return address on the E-mail and the receiver might very well have that user whitelisted. So, the spammer got what they wanted and the botnet creators started to get paid.

Once money came into the game, however, so did crime. Trojans were developed to quickly infect users and then sent out in the spam so the new users would not only get spam but if they responded they would be infected by the Trojan as well. Scripts and Windows/Internet Explorer holes made this form of malware even easier to send to and infect others who might not have updated their computer system recently. The use of social engineering to make these message appear “real” increased so the clickthroughs increased.

The malware sent evolved as well. Newer malware tended toward collecting information from systems instead of crashing them or destroying data. This stolen data became even more valuable to criminals than just the fact that spam was getting through. Identity theft based on the stolen information increased as the attacks became more targeted.

Some of this malware is designed to target specific banks in specific countries and is quite professional looking. And, it’s not limited to crimes of identity theft for banking purposes; some malware targets the massively multiplayer on-line games. Why target games? Because once you steal someone’s credentials in such a game you can pretend to be that person and sell virtual items to other players. The games have become so popular that virtual items are going for large prices (a virtual space station went for $100,000 if you can believe that). Of course, the person doing the buying is getting scammed and the person who’s credentials have been stolen gets the blame. The criminal, meanwhile, walks with the money.

Rootkit installation to do the data collection is one of the newer threats and promises to increase the revenue of the criminal groups behind some of the latest attacks.

Peer-to-peer networking is also a target as that allows massive data to be moved. Criminals need to do that efficiently and anonymously and that’s exactly what P2P networks do.


  • The first malware came from people who basically wanted to push the envelope with the system at hand.
  • Later malware came from so-called script kiddies who took advantage of other people’s work in order to flood cyberspace with their creations.
  • Botnets were created and their potential to raise money brought other elements into the malware game.
  • Eventually, criminal groups started to generate the malware in order to make more money for their activities and can be expected to continue for the purpose of moving information.
Up Arrow Introduction to Viruses Up Arrow
Prior Page Next Page
Are There Good Viruses? Hardware Threats

Comments from Original Post:

David Siefker
Said this on 2010-12-17 At 12:50 pm
Like everyone else I have been a victum of computer viruses at one time or another. They are annoing in the least and destructive at it’s worst. I personally would like 10 minutes alone in a locked room with any one who writes computer viruses for what ever purposes. I have often said there should be a special place in Hell for people who write computer viruses. Harse I know but I have no love for these personality types who get thier kicks hurting other people and their businesses.
Said this on 2011-05-05 At 11:50 pm
In reply to #1
10 minutes is not enough! With all of the s*** we have today kids can’t think of something better to do? What a bunch of COWARDS. Hey nerds…come out to the real world of work, raising kids. war, and just plain reading the news. If you didn’t get enough Zoloft, try working out. What a terrible life a person must live that they enjoy creating tech. issues for other people. What happens when me, my child, or someone els tries to put in an honest days work? I am coming after you! Not as an individual, but as a law. I am sorry for the war comment earlier. This would be offensive to real soldiers who actually have pride and power to defend the people who hide behind tactics that hurt other Americans. Why would anyone write a virus? Last time I checked you can play football, eat good food, work on the computer, read books, be nice to others, and make friends. I am searching for the person that says “I write computer Virus’ because it makes me feel good because my momma couldn’t”.
Said this on 2011-01-06 At 09:27 am
Sometimes I am thinking, if there is no viruses. How antivirus programs owners will have money? 🙂

[Like all of us when a job goes away, we find another job. With the programming talent AV companies should have no trouble figuring out another product to develop/support. –DaBoss]
Said this on 2011-01-29 At 08:44 pm
It’s a shame that the people writing these viruses don’t use there intelligence to help improve the quality of the internet rather then attempt to ruin it for everyone else. What a waste of talent.

Software Threats

Software interactions are a significant source of problems; but these are inadvertent. Software attacks are deliberate and can also be significant.

Software threats can be general problems or an attack by one or more types of malicious programs.

Software Problems

This category accounts for more damage to programs and data than any other. We’re talking about non-malicious software problems here, not viruses. Software conflicts, by themselves, are much more likely threats to your PC than virus attacks (unless you do something like click on a link you should not have or install unknown/cracked software).

We run our PCs today in a complex environment. There are many resident programs (e.g., anti-virus, video drivers) running simultaneously with various versions of Windows, DOS, BIOS, and device drivers. All these programs execute at the same time, share data, and are vulnerable to unforeseen interactions between each other. Naturally, this means that there may be some subtle bugs waiting to “byte” us. Any time a program goes haywire, there’s the risk it may damage information on disk.

There’s the further problem that not all programs do what we hope they will. If you have just undeleted a file, you don’t really know if all the correct clusters were placed back in the right order. When SCANDISK or CHKDSK “fixes” your disk for you, you have no way of knowing exactly what files it changed to do its job. It becomes even more complex if you use other utilities to do similar tasks.

Software problems happen and can be very serious if you have not taken appropriate action in advance of the problem.

Software Attacks

These are programs written deliberately to vandalize someone’s computer or to use that computer in an unauthorized way. There are many forms of malicious software; sometimes the media refers to all malicious software as viruses. This is not correct and it’s important to understand the distinction between the various types as it has some bearing on how you react to the attack. The discussions that follow attempt to make clear distinctions between malicious software types. Realize that often a malicious program may have characteristics of more than one of these types (e.g., a virus that attacks files but also spreads itself across a network). Don’t get wrapped up in the semantics, just try to understand the major differences.

In addition to viruses, the main thrust of this tutorial, there are:

  • Logic Bombs. Just like a real bomb, a logic bomb will lie dormant until triggered by some event.
  • Trojans. These are named after the Trojan horse, which delivered Greek soldiers into the city of Troy.
  • Worms. A worm is a self-reproducing program that does not infect other programs as a virus will, but instead creates copies of itself, that create even more copies.

Finally, a type of malicious software that could be classified under Trojan but we’ve put on a page of its own as a special case:

  • Virus Droppers. A dropper is a program that, when run will attempt to install a regular virus onto your hard disk.


  • Non-malicious software problems can be a significant source of problems and one should always know their computer’s exact configuration to be prepared.
  • Malicious software falls into several general categories:
    • Logic bombs
    • Trojans
    • Worms
    • Viruses
Up Arrow Introduction to Viruses Up Arrow
Prior Page Next Page
Hardware Threats Logic Bombs