What is a Virus?

What is a Virus? GcR9yXv

A virus is a computer program that initiates an action on a computer without the user’s consent. There have been tens of thousands of viruses circulating around the Internet, and hundreds more are created and released every year. In addition, writers often modify existing viruses to perform tasks different than the original author assigned to the virus. This can also involve improving the original virus’s functionality and ability.

In general, computer viruses replicate and spread from one system to another. Many viruses merely replicate and clog e-mail systems. Some computer viruses have what is called a malicious payload, which is code that can execute commands on computers such as deleting or corrupting files or disabling computer security software. In addition, some computer viruses can attach themselves to another block of code to facilitate propagation. Viruses generally have the following components:

  • A replication mechanism that allows reproduction and enables the virus to move from one computer to other computers

  • A trigger that is designed to execute the replication mechanism or the task of the virus

  • A task or group of tasks that execute on a computer to destroy or alter files, change computer settings or configurations, or otherwise hinder or impede the operations of a computer or networking device

These three components can take on a wide variety of forms and behaviors. Replication mechanisms can vary considerably, and the virus can be designed to execute an endless combination and variety of tasks. Some popular types of viruses include the following:

  • A boot sector virus is a type of virus that infects the boot sector of floppy disks or the Master Boot Record (MBR) of hard disks (some infect the boot sector of the hard disk instead of the MBR). A Master Boot Record (MBR) is the first sector of a data storage device that has been partitioned. The infected code runs when the system is booted from an infected disk, but once loaded it will infect other floppy disks when accessed in the infected computer. Today, there are programs known as ‘bootkits’ that write their code to the MBR as a means of loading early in the boot process and then concealing the actions of malware running under Windows. However, they are not designed to infect removable media.

  • File-deleting viruses have the tasks of deleting specifically named files such as those that execute basic instructions or enable computers to launch applications. Other file-deleting viruses are designed to delete certain types of files such as word processing documents, spreadsheets, or graphic files.


  • File-infecting viruses often attach themselves to executable files with the extension .com, .exe, .dll, .ovr, or .ovl. Thus, when the file is run, the virus spreads by attaching itself to the executable files. These viruses are similar to appender viruses that insert a copy of their code at the end of a file. Content-embedded viruses are file-infecting viruses that reside in or are attached to graphic files, html pages, video files, or sound files.

  • Macro viruses can spread through macro instructions found in office applications such as Microsoft Word or Excel spreadsheets. These macros are usually stored as part of the document or spreadsheet and can travel to other systems if those files are attached to an e-mail message, placed on a removal disk, or copied onto a file server for other people to access.

  • Mass mailers work within the e-mail programs on a computer and generally replicate by e-mailing themselves to the addresses stored in the address book of the e-mail program. There is a difference in threat level between mass mailers and slow mailers. Both may use the same method of replication, but a mass mailer is usually considered more of a threat because of its replication speed and the extent that it can clog up e-mail servers and overwhelm computer users by drowning their email boxes with excessive messages. In addition, a medium- or highlevel threat mass mailer will also attempt to drown those people for which there is an e-mail address in an infected individual’s e-mail address book.

  • Multiple-characteristic viruses can have a combination of the virus types described here as well as an ever-growing combination of traits, capabilities, and tasks.

  • Polymorphic viruses can change their appearance every time they infect a different system. They often successfully hide from the virus protection software.

  • Stealth viruses hide from operating system or virus protection software. These viruses can make changes to file sizes or directory structure. Stealth viruses are similar in nature to antiheuristic viruses that malicious code writers design to elude the heuristic detection capabilities of virus protection software. Heuristics for malicious code detectors are rule based, which means that even if the malicious code has not been seen before, it is not possible to detect every variant of existing viruses.

  • Socially engineered e-mail message subject lines can be used to prompt computer users to open and thus execute a virus that can have any of the characteristics described here as well as an ever-growing combination of traits, capabilities, and tasks.

  • Virus hoaxes are e-mail messages that provide false warnings about a computer virus. They are often forwarded to distribution lists and typically request that the recipients forward them on to other computer users as a service.




Did you find this tutorial helpful? Don’t forget to share your views with us.
A GeekPolice Security Tutorial