Introduction to Viruses

Viruses are a cause of much confusion and a target of considerable misinformation even from some virus "experts." Let's define what we mean by virus:

A virus is a program that reproduces its own code by attaching itself to other executable files in such a way that the virus code is executed when the infected executable file is executed.

You could probably also say that the virus must do this without the permission or knowledge of the user, but that's not a vital distinction for purposes of our discussion here. We are using a broad definition of "executable file" and "attach" here.

An obvious example of an executable file would be a program (COM or EXE file) or an overlay or library file used by an EXE file. Less obvious, but just as critical, would be the macro portion of what you might generally consider to be a data file (e.g., a Microsoft Word document). It's important to also realize that the system sectors on either a hard or floppy disk contain executable code that can be infected--even those on a data disk. More recently, scripts written for Internet Web sites and/or included in E-mail can also be executed and infected.

To attach might mean physically adding to the end of a file, inserting into the middle of a file, or simply placing a pointer to a different location on the disk somewhere where the virus can find it.

Most viruses do their "job" by placing self-replicating code in other programs, so that when those other programs are executed, even more programs are "infected" with the self-replicating code. This self-replicating code, when triggered by some event, may do a potentially harmful act to your computer.

Another way of looking at viruses is to consider them to be programs written to create copies of themselves. These programs attach these copies onto host programs (infecting these programs). When one of these hosts is executed, the virus code (which was attached to the host) executes, and links copies of itself to even more hosts.

Similar to viruses, you can also find malicious code in Trojan Horses, worms, and logic bombs. Often the characteristics of both a virus and a worm can be found in the same beast; confusing the issue even further.

Before looking at specific virus types you might also want to consider the following general discussions:

• Virus Behavior. Infect, then attack; common behavior of most viruses.
• Number of Viruses. Lots and lots.
• Virus Names. It's not easy nor standardized.
• How Serious Are Viruses? Worms spreading due to user inattention are a serious threat.
• What About Good Viruses? The general consensus is that there are none.
• Why Do People Write Viruses? There are many reasons and currently one of them is money.
• Hardware Threats. Viruses are not the only things that can cause damage. Consider some hardware problems.
• Software Threats. Viruses are not the only things that can cause damage. Consider some software problems.
• Virus Droppers. Trojans that do nothing can actually be carriers for viruses and drop them onto your system.

Summary

• A virus is a program that reproduces its own code.
• Generally, the first thing a virus does is to reproduce (i.e., infect).
  • Viruses balance infection versus detection possibility.
  • Some viruses use a variety of techniques to hide themselves.
• On some defined trigger, some viruses will then activate.
  • Viruses need time to establish a beachhead, so even if they activate they often will wait before doing so.
  • Not all viruses activate, but all viruses steal system resources and often have bugs that might do destructive things.
• The categories of viruses are many and diverse. There have been many made and if you get one it should be taken seriously. Don't be fooled by claims of a good virus; there is no reason at the moment to create one.