computer virus

computer virus

WHAT IS  COMPUTER  VIRUS

 Let  us  start with what is a computer  virus , a computer virus is nothing  but  a small program written by  someone  to corrupt or damage the information stored in the computer system, and  to replicate itself from one computer system to another.

The term virus is used  for  this  type  of  program as the biological virus spread  disease from one  person  to another, these virus programs  also spread  from  one  computer to another.

 These viruses spread when  someone copies a virus infected program from one  computer and runs it on some  other computer. This  infects  the  new  computer system. Again, when  someone copies from  this  newly infected  system, the  virus will again spread and the   spreading of the  virus  continues.

 

A virus  cannot  spread  by using  any  data file such as text file, image  file, sound file etc.

A virus  needs  some  kind of  executable  program such as, .EXE, .COM, .SYS, Window macro etc. to become  active, infect a system and to spread.

Base  on its working principle and  the spreading method used, a virus can be divided into different types.

types of  computer  virus

worm

             worms were  one of the first computer viruses. A program written as worm virus normally do not do any destructive  work, a worm’s main work is to  replicate itself, i.e. to keep  on copying itself to new system, or in the network copying to new system , and keep spreading.

The original  worm programs were made as experiment programs in computer labs to test if  a program can be made to replicate itself.

Most of current viruses contain a worm program in them to manage the replication part of the virus.

To spread, these worms stay resident in the computer’s memory and keep a watch on disk access activates. Whenever a new disk is put in the drive and a disk access command such as dir is given, these programs immediately copy themselves to  some. Exe, .com etc. executable program on the new disk.

Later when this infected disk is taken on some other machine and infected program is executed, the  virus becomes active in the new computer’s memory, again waiting for some disk to copy itself.

These virus  also spread by  copying themselves to the boot sector of the floppy, after this when the infected floppy is used  to book on some machine these virus become active.

If the  machine,  where the virus becomes active contains a hard disk drive, then the virus also copies itself to the hard disk drive be writing itself to the MBR (master book record), DBR(dos book record) or  the executable programs on the  hard disk drive.

Trojan

 

              Trojan is a name given to those programs that appear as some useful utility, but they contain some hidden destructive parts. A virus that has infected  a useful .COM  or .EXE program makes that executable program a Trojan because the moment someone executes them, the virus will become active and starts doing its job.

For example, your word processing program WS.exe may become infected by some virus and when  you  are doing some typing work in the WS, the virus active in memory, may be destroying some data on your hard disk drive.

Therefore , hiding some destructive program in a legitimate appearing program is  called Trojan program. A pure Trojan virus does not replicate itself, but currently is called Trojan program. A pure Trojan virus does not replicate itself, but currently most of the virus contain a Trojan, as well as worm, so a useful looking itself, but currently most of the virus contain a Trojan as, well  as  worm, so a useful looking program can destroy the data as well as can replicate itself.

Bomb

             Another type of virus programs is known as bombs. These are programs that waits for some specific event to occur and when that particular event occurs the bomb becomes  active destroying or corrupting the information inside the computer.

The event  could  be anything by the programmer writing this type of programs. it could be a particular date, a particular day coming on some specific date such as Friday coming on 13th, it could be some event  such  as after virus had made 10 copies of itself it may format the hard disk drive, some programmer may write  a bomb program to delete the complete FAT table, if his name is removed from the payroll file.

A virus may contain bomb,  worm and the Trojan horse all the three parts, to effectively replicate and destroy data.

MBR (partition table) infector

             Other than their working method, a virus can also be classified based on the area infected by a virus. A MBR or  partition table infector viruses infects the master book record(MBR) of the hard disk drive, (floppy disk does not contain any MBR).

These viruses become active every time the machine is booted from the hard disk drive, because during booting, first thing the BIOS does is to execute the program located in the MBR.

Removing  a MBR virus is very, easy as one needs to just overwrite the infected MBR code with a good MBR code, taking care that partition table information is not overwritten and become corrupted.