Computer Viruses Explained

It happens at least once a week: a client, friend, or relative calls me in a panic and proceeds to explain, often in colorful terms, that their computer is acting strangely and they’re afraid that they’ve caught a virus. I listen calmly, then make a trip to their home or business to diagnose the problem for myself. In my experience one, maybe two of these calls out of ten actually result in the discovery of a real virus. Admittedly that’s only part of the story, so before you start thinking that viruses aren’t a threat to your PC, let me explain.

The Definition of a Virus

One of the reasons that I don’t find as many viruses today as I did several years ago is because, in the classic definition of a viruses, there just aren’t as many to be found. According to Wikipedia,

A virus is a computer program that can copy itself and infect a computer without permission or knowledge of the user. However, the term “virus” is commonly used, albeit erroneously, to refer to many different types of malware programs.

In order to be classified as a virus, a program must copy itself and do it without the permission or knowledge of the user. But today the bad people that want to infect your computer with malicious software just don’t have to be that tricky. In their rush to chat, browse the Internet, or maybe even get some work accomplished, far too many people will simply click “Accept,” “OK,” or “Install” to anything which their computer prompts them to install. Software that infects your computer in this manner is often called malware or spyware rather than a virus because, technically, it did warn you before infecting your computer. Simply slowing down and reading the prompts that your computer displays is a strong first line of defense against this type of infection.
[ad name=”content-ad”]

How A Virus Spreads

The path that a virus travels to infect a computer is called an attack vector. A virus always attacks by attaching itself to another program or file on the target machine. Many years ago a virus could only spread by embedding itself in an executable file, for example files with the extensions EXE, COM, or DLL, but this is no longer the case. Today files that most users consider “documents” rather than “programs” can contain a virus too. For example almost any Microsoft Office document (Word, Excel, Access, PowerPoint, et cetera) can contain a virus due to the fact that small programs, called macros, can be embedded into the documents to add interactivity and new features. But Microsoft isn’t the only guilty party: Adobe PDF documents (documents opened with Acrobat), ZIP files, and many others can be infected as well. As a rule of thumb you should treat all files from literally any source as though they could be infected by scanning them for viruses before you attempt to open them. This includes files loaded from a floppy disk, files downloaded from the Internet, files loaded from a CD-ROM, and especially files received via e-mail. Often a virus received via email will automatically send itself to your e-mail contacts once opened, so neglecting to scan these files puts others, possibly business contacts that you don’t want to anger, in danger of being infected.

There are two other types of programs related to viruses that you should know about. A worm only differs from a virus by it’s vector of attack. While a virus generally exploits the “human element” of the equation by hiding in a seemingly innocent file, a worm needs no one to open it to attack. A worm will attack it’s target and replicate itself with no human interaction by exploiting holes in a computer system. Worms are another reason that it’s critical to use a personal firewall and keep your software updated to ensure that as many of these holes are closed as possible.
[ad name=”content-ad”]
Another relative of the virus is the trojan. Not surprisingly, a trojan a seemingly innocent computer program that does something other than what it appears to be doing. Trojans are not always intentionally malicious; for example many free programs are available on the Internet that perform some useful function such as displaying the weather on your desktop. At the same time, however, these programs often send information about you and your internet usage back to their developers. Another common use of a trojan is to slip a “back door” into a target machine, which can be used by the trojan’s author to remotely manipulate the machine. To avoid being infected with Trojans, always know what you are installing before you install software, and consider the fact that, if something sounds too good to be true, it probably is. That message goes double for those folks who like to install free puppy screen savers. You know who you are!

How A Virus Behaves

People are apt to blame their computer problems on viruses for two reasons:

  • Inept, or lazy computer “professionals”
  • Viruses have no “standard” behavior

It’s an industry secret, but when your computer goes to a technician and comes back wiped out, he’s apt to blame the loss of data on a virus whether or not that’s actually the case. Sometimes it can be almost impossible to locate the cause of strange behaviors; and other times, even when the actual cause is found, the explanation is simply too entrenched in technical jargon to force on an end user. In other words, a virus is often a convenient cop-out from providing a lengthy, complicated and ultimately pointless explanation.

The part of a virus that actually causes harm to your computer or replicates the virus to other files is called the payload, and the payload can, in theory, be literally any executable code that can run on your computer. The virus could copy itself to random locations in memory, causing running programs to crash. It could overwrite the boot sector of your hard drive (the information at the beginning of a hard drive that tells your computer how to load your operating system). It could copy itself to other files, making the files unreadable when you open them later. It can cause a memory leak: a state in which a program requests memory from the computer system and never returns it to be used by other programs. It can copy itself at such a rapid rate that it consumes all of the free space on your hard drive. Or, it can display a smiley face on your screen and then delete itself. As I said: the payload can be anything, from harmless to funny to mass destruction.

Summary

When I began writing this article I was tempted to name it “Viruses Explained (And Why You Probably Don’t have One”, because of how rare it’s becoming to actually find a virus “in the wild.” Believe me: it’s not the case that evil people have stopped writing evil programs. Instead, I believe those individuals with the talent to create a virus have turned their attention to more profitable endeavors, such as spyware and spamming. But viruses are still a danger. Keep your software updated, especially your antivirus (you do have an antivirus program running, don’t you?) and your operating system. Keep your firewall running and locked down. And for your own benefit, Click with caution. I guarantee you can live a long and happy life without downloading that free screen saver. But then again, your local technician can live a long, happy, as well as profitable existence if you do.

3 replies
  1. phantom says:

    hi i’m 16 years old and i’m intreasted in how viruses work i know what i’m asking is kinda crazy but plz consider it…could u send me a virsus source code that was written in c and explain to me how it works ^_^? i would really be gratefull hey if i was gonna send it to people i wouldn’t be asking u huh? i just wana learn how they work hehe plz consider it

  2. Brian Reich says:

    @phantom,

    In reply to your request for virus code, I’ll tell you I’ve never written a virus, nor do have I ever had any desire to do so. I have no interest in writing code that causes harm to other people’s property. Having said that, viruses do contain some really interesting code, so if you really want to study them you can find virus code simply by going to Google and typing in “example virus code.” This should provide you with links to C, Assembly, and VBS code for some of history’s most popular computer viruses.

    But if you can’t figure how to find example code on the Internet, I’m fairly confidant that you won’t be able to decipher the code if I point you in the right direction :)

Comments are closed.