Computer Virus - Part 1/3

1. A computer virus is a program that can make copies of itself. Most computer viruses do nothing more than this and are more of an annoyance than a danger. Some computer viruses may also harm data and programs stored on a computer.

2. A Virus is a small, executable program (Macros can be considered as executable) with the ability to replicate itself by adding its code to that of a host program and/or the system area of a hard or floppy disk. The user is generally unaware of the actions of a virus as it replicates and usually only becomes aware of its presence when the virus 'activates', which it does according to a given set of conditions and at which time it is often too late. However, once the user knows what signs to look for, it can be very obvious when viral activity occurs. Every virus has its own personality. Viruses differ in many ways, each having its own unique properties that make it different. Here are some ways that viruses differ from each other: -

a) Size . A virus can be as small as 66 bytes or less, or as large as 4096 bytes or more. Compared to most computer programs a virus must be very small.

b) Method of infection. A virus can infect the host program in
different ways. Below are three methods commonly used. They are by no means the only ways, but they are the most common. It is possible for a virus to use one or more of these methods:-

i) Overwriting. When a virus infects using this method, it will simply write a copy of itself over the beginning of the host program. This is a very simple method and is used by more primitive viruses. An infected file has been destroyed and must be restored from a backup disk. Overwriting tends to make the user suspicious because the host program no longer functions. This method of infection causes no change in the size of an infected program.

ii) Appending . This method is a bit more complex. The virus appends itself onto the end of the host program and also edits the beginning of the program. When the user runs the infected program it will jump to the end of the program where the virus is located, perform the functions of the virus, then return and continue to run the host program. To the user, the program is functioning normally. This method of infection causes infected programs to increase in size. Some appending viruses are unable to tell whether or not they have already infected a program and will continue to infect the program hundreds of times, causing it to grow considerably in size.

iii) Disk infectors . Other viruses will infect the boot record or partition table. This is an executable area of the disk that is automatically run every time you boot up from the disk. This means that as soon as the computer boots up, the virus is in memory.