What is a computer virus?
A computer virus is malicious software that spreads independently by embedding itself into other programs and files. Similar to biological viruses, computer viruses “infect” the system, multiply, and can cause various types of damage: from minor malfunctions to complete data destruction.
History of origin
The history of computer viruses begins long before the emergence of personal computers. The first theoretical foundations of self-replicating programs were laid in the 1940s by mathematician John von Neumann.
Key development milestones:
- 1971 – creation of the first experimental self-replicating program Creeper
- 1981 – appearance of the first virus for personal computers Elk Cloner
- 1986 – first network virus Brain
- 2000 – ILOVEYOU virus epidemic that caused over $10 billion in damages
- 2017 – large-scale WannaCry virus attack that affected hundreds of thousands of computers worldwide
Virus Classification
By environment:
Let’s examine each definition in detail:
1. File viruses – infect executable files
File viruses are one of the most common types of viruses that target executable files, meaning files that can be run on a computer (usually programs with extensions like .exe, .com, .bat, etc.). When a user runs an infected file, the virus activates and can perform various harmful actions, such as:
Copy itself to other files or folders on the computer.
Cause system malfunctions.
Destroy or steal data.
Slow down computer performance.
Install other malicious programs.
File viruses can be very dangerous as they activate when infected programs are run and can often spread through other storage media, such as USB drives or network connections.
2. Boot viruses – affect the disk boot sector
Boot viruses infect the disk boot sector or MBR (Master Boot Record) – a special area of the hard drive responsible for loading the operating system. This sector is crucial for starting the computer, and if infected, the virus can manifest even before the operating system loads. The consequences of infection can be very serious, including:
Destruction or damage to the boot sector.
Preventing operating system loading.
Virus launch before operating system startup, making it harder to detect.
The virus can automatically transfer itself to other computers through network or external media.
Such viruses are often very persistent because they can be processed before the operating system starts, making them difficult to detect and remove.
3. Macro viruses – written in macro languages
Macro viruses are a type of virus that infects documents containing macros, which are special programs for automating certain operations in applications such as Microsoft Word, Excel, or other office programs. Macros are usually written in programming languages specific to programs, such as VBA (Visual Basic for Applications). Macro viruses can:
Perform harmful actions, such as deleting or stealing files.
Spread through infected documents sent as email attachments.
Intercept user-input data or infect other documents.
Since macros can perform automatic actions in applications, macro viruses are used for infection without user interaction, provided they open the infected file and allow macro execution.
4. Network viruses – spread through computer networks
Network viruses can spread through computer networks such as local area networks (LAN), the Internet, or other types of connections. They can be transmitted through pre-configured services or vulnerabilities in operating systems, software, or network protocols. Network virus spread can occur in the following ways:
Infecting computers without direct physical access to them (through the network).
Exploiting vulnerabilities in software or network protocols (for example, through unhandled ports or weak passwords).
Automatic copying to other computers on the network or through the Internet.
Such viruses can lead to global infections, infecting tens, hundreds, or even thousands of computers within an organization or worldwide, often using technologies such as virus worms or Trojan programs.
Thus, each of these virus types has its own characteristics in infection and spread methods, but they are all capable of causing serious damage to systems and data.
By infection method:
- Resident – constantly present in memory
- Non-resident – active only when running infected files
By algorithm:
Let’s examine different types of viruses based on their operating algorithm:
1. Parasitic viruses
Parasitic viruses are viruses that attach themselves to executable files or programs, thus “parasitizing” on them. They can add their code to normal programs or files without changing their main function, but while performing their malicious actions. Here are some characteristics:
Spread occurs through running infected files or programs.
The virus can distort program code, causing program malfunctions.
Sometimes the virus can add its instructions to the beginning or end of an executable file.
Along with running the program, the user also runs the virus embedded in the file.
Such a virus can be transmitted along with other files or programs, infecting them and spreading to new computers when these files are copied or transmitted through network or other media.
2. Worm viruses
Worm viruses (or simply worms) are a type of virus that actively spreads through computer networks without needing to be embedded in other programs or files. They are capable of independent spread and infection of other computers, usually through:
Vulnerabilities in network protocols or software.
Email, where the worm can spread as an attachment or through the infected user’s address book.
Using the network to automatically transfer copies of itself to other devices.
Main characteristics of worms:
They are malicious programs by themselves, not requiring external files or programs.
Worms can cause network overload, slowing down or blocking network operation due to excessive traffic.
They can perform malicious actions such as data theft or installation of other types of malware.
3. Trojan viruses
Trojan viruses (or simply Trojans) are a type of virus that disguises itself as safe or useful software to trick users into downloading and installing them. They are named after the Trojan Horse because, like in the legend, they appear harmless but can actually contain a serious threat. Trojans can:
Collect confidential information such as passwords or banking data.
Install additional malware such as spyware or remote access software.
Allow attackers to gain control over the infected machine.
A Trojan virus often disguises itself as a harmless file or program, such as games, updates, or system optimization utilities.
4. Polymorphic viruses
Polymorphic viruses are viruses that have the ability to change their code each time they run or spread while maintaining their basic functionality. Such viruses can change their external form, making them harder to detect by traditional antivirus programs that work with virus signatures. Main characteristics:
The virus changes its code using various encryption methods or inserting random code parts to confuse antivirus systems.
Spread through infection of files or programs with dynamic changes.
Polymorphism helps the virus bypass detection methods based on signatures or specific pattern detection.
This feature makes polymorphic viruses difficult to identify since each new “appearance” can look unique.
5. Stealth viruses
Stealth viruses are viruses that use various techniques to hide their existence from antivirus programs and users. Their main methods:
Masking technique: the virus can modify or hide its actions to avoid detection during scanning.
System request interception: stealth virus can intercept operating system requests and pose as other safe processes.
Encryption: the virus can encrypt its data or code parts so they won’t be detected during standard scanning.
Memory masking: the virus might not write to disk but only operate in RAM, making it difficult to detect.
This type of virus actively interacts with the operating system and tries to avoid real-time detection, making it very dangerous and difficult to detect.
Methods of fighting viruses
Preventive measures:
Regular updates of operating system and software
Using reliable antivirus software
Caution when opening emails and downloading files
Creating backups of important data
Using complex passwords and changing them regularly
Active protection methods:
Installing and regularly updating antivirus programs
Using firewall
Scanning system for malware
Cleaning system from detected threats
What to do if infected:
Disconnect computer from network
Boot system in safe mode
Perform complete antivirus scan
Remove detected threats
Check integrity of important data
Change all passwords after system cleaning
Conclusion – Computer viruses continue to evolve along with technology development, creating new challenges for users and cybersecurity specialists. The best protection is a combination of technical means and cautious user behavior. Regular updates of knowledge about current threats and protection methods will help keep your data safe.
