What are Viruses?


Frequently Asked Questions

What are viruses?
Viruses are malicious programs which when executed on a computer produce an undesired effect. While this effect may not be noticeable, often viruses delete or corrupt files and incorporate means to spread themselves. Commonly, viruses are spread through email and instant messaging clients.

How are viruses contracted?
Viruses can be acquired from many pieces of software, but most commonly they are contracted from infected email messages or by instant message clients. Viruses will most often be "attached" to emails that are received in an inbox. They can come either in the form of a spam or from someone who’s computer is infected with a virus. Once a message containing a virus is opened, it depends on the virus as to how it infects a computer.

As for contracting viruses through instant message clients, the methods of contraction vary widely. Usually, viruses are contracted by executing a file downloaded from another Instant Messenger user, but it is becoming more and more common for viruses to spread interactively while chatting with someone.

How can I get rid of viruses?
The first line of defense against a virus is a virus scanning program which is operational and updated regularly. Two of the most common virus scanning programs are Norton Antivirus and McAfee Virus scan. These programs scan all the files on a computer regularly. They also scan files downloaded onto a computer.

NOTE: A number of Antivirus programs are available for download for free for students, faculty and staff on TigerWare.

Types of Viruses

Macro viruses: A macro is a piece of code that can be embedded in a data file. Some word processors (e.g., Microsoft Word) and spreadsheet programs (e.g., Microsoft Excel) allow you to attach macros to the documents they create. In this way, documents can control and customize the behavior of the programs that created them, or even extend the capabilities of the program. For example, a macro attached to a Microsoft Word document might be executed every time you save the document and cause its text to be run through an external spell-checking program.

A macro virus is a virus that exists as a macro attached to a data file. In most respects, macro viruses are like all other viruses. The main difference is that they are attached to data files (e.g.., documents) rather than executable programs. Many people do not think that viruses can reside on simple document files, but any application that supports document-bound macros that automatically execute is a potential haven for macro viruses. By the end of the last century, documents became more widely shared than diskettes, and document-based viruses were more prevalent than any other type of virus. It seems highly likely that this will be a continuing trend.

Stealth viruses: A stealth virus is one that, while active, hides the modifications it has made to files or boot records. It usually achieves this by monitoring the system functions used to read files or sectors from storage media and forging the results of calls to such functions. This means that programs that try to read infected files or sectors see the original, uninfected form instead of the actual, infected form. Thus the virus's modifications may go undetected by antivirus programs. However, in order to do this, the virus must be resident in memory when the antivirus program is executed, and the antivirus program may be able to detect its presence.

Polymorphic viruses: A polymorphic virus is one that produces varied but operational copies of itself. This strategy assumes that virus scanners will not be able to detect all instances of the virus. One method of evading scan-string driven virus detectors is self-encryption with a variable key. More sophisticated polymorphic viruses vary the sequences of instructions in their variants by interspersing the decryption instructions with "noise" instructions (e.g., a No Operation instruction, or an instruction to load a currently unused register with an arbitrary value), by interchanging mutually independent instructions, or even by using various instruction sequences with identical net effects (e.g., Subtract A from A, and Move 0 to A). A simple-minded, scan-string based virus scanner would not be able to reliably identify all variants of this sort of virus; in this case, a sophisticated scanning engine has to be constructed after thorough research into the particular virus.

Boot sector viruses: Boot sector viruses infect or substitute their own code for either the DOS boot sector or the Master Boot Record (MBR) of a PC. The MBR is a small program that runs every time the computer starts up. It controls the boot sequence and determines which partition the computer boots from. The MBR generally resides on the first sector of the hard disk. Since the MBR executes every time a computer is started, a boot sector virus is extremely dangerous. Once the boot code on the drive is infected, the virus will be loaded into memory on every startup. From memory, the boot virus can spread to every disk that the system reads. Boot sector viruses are typically difficult to remove, as most antivirus programs cannot clean the MBR while Windows is running. In most cases, it takes bootable antivirus disks to properly remove a boot sector virus.

Worms: Worms are very similar to viruses in that they are computer programs that replicate functional copies of themselves (usually to other computer systems via network connections) and often, but not always, contain some functionality that will interfere with the normal use of a computer or a program. The difference is that unlike viruses, worms exist as separate entities; they do not attach themselves to other files or programs. Because of their similarity to viruses, worms are often also referred to as viruses.

Trojan horses: Named after the wooden horse the Greeks used to infiltrate Troy, a Trojan horse is a program that does something undocumented which the programmer intended, but that the user would not approve of if he or she knew about it. According to some people, a virus is a particular case of a Trojan horse, namely one which is able to spread to other programs (i.e., it turns them into Trojans too). According to others, a virus that does not do any deliberate damage (other than merely replicating) is not a Trojan. Finally, despite the definitions, many people use the term "Trojan" to refer only to a non-replicating malicious program.

Referenced by: Indiana University Information Technology Services

9/12/2017 10:18:44 AM