What Is a Computer Virus?
A computer virus is a set of self-replicable instructions or program codes embedded in computer programs to adversely affect the computer use by damaging specific functions or data of the computer. Such malicious computer programs are known as computer viruses, or virus for short, due to the features they share with biological viruses. A computer virus has features of infectivity, parasitism, concealment, and latency. It spreads fast and has various attack methods. Typically, all viruses are destructive in some manner. For example, a virus may slow down the entire system by exhausting memory resources, or even causes information leak and system breakdowns, leading to an enormous loss.
Common Types and Attack Modes of Computer Viruses
Based on the transmission media, computer viruses can be classified into network virus, file infector virus, boot sector virus, and multipartite virus. Different types of viruses have different attack modes and will cause different degrees of damage. The following introduces these common computer viruses in detail.
Network Virus
A network virus spreads through the Internet, and destructs some network components.
The following are typical network viruses:
Ransomware is also called ransomware virus, which can spread by website attachments, portable storage devices like USB flash drives, and especially spam emails. A computer will be infected immediately when a user clicks emails containing ransomware. Ransomware encrypts the user's terminal or terminal data (for example, files, emails, database, and source codes) to block the user's normal access, forcing the user to pay a ransom to acquire the key for gaining access to the terminal or terminal data.
WannaCry is a typical example of ransomware. It attacks and invades user terminals by targeting protocol vulnerabilities of the Microsoft server message block (SMB). WannaCry encrypts important files on a user's terminal, and changes the encrypted file name suffix to .WNCRY to extort bitcoins. WannaCry attacked many information systems of universities as well as education and healthcare institutions around the world, posing severe security threats.
- Worms
Worms are self-replicating viruses, which mainly spread by seeking for system vulnerabilities (for example, Windows system vulnerabilities, network server vulnerabilities, and so on). Different from other viruses, worms have the ability to spread automatically without human intervention. They exploit vulnerabilities to initiate attacks on their own. Some typical symptoms of a worm virus include: slow computer performance, missing/modified files, and appearance of strange/unintended files or icons. Worms' spreading speed is faster than traditional viruses', because their attacks are not restricted by host programs and they can spread in different ways: vulnerabilities, network files, and emails.
Panda Burning Incense is a typical kind of worm virus. In 2006, the Panda Burning Incense virus broke out and infected millions of computers across China in only two months through web pages, USB flash drives, and network sharing. On an infected computer, the icons of executable files change to an image of a panda holding three sticks of incense — a traditional way of praying in China. Then, the computer would operate slowly, break down, or encounter blue screen errors.
File Infector Virus
A file infector virus spreads by infecting the file system in the operating system (for example, COM, EXE, DOC, and SYS). It is embedded in the source files of a computer. The virus spreads as soon as such a file is operated.
Macro virus is a typical type of file infector virus. A macro virus mainly spreads on Microsoft Office series software, targeting data files or template files (word processor files, data tables, and presentation files). If a Word document is infected by macro virus, the virus will spread when other users open the document. The save path of macro virus infected files cannot be changed by saving as files. Instead, they can only be saved as templates. The macro virus can spread on a large scale due to a large amount of data and template file users across a wide variety of platforms.
Boot Sector Virus
A boot sector virus is a type of virus that infects the boot sector of floppy disks or the Master Boot Record (MBR) of hard disks and infects the system during the boot process. When the system is loading or being started, the boot sector virus is loaded in the memory and infects other files.
The Bouncing Ball virus is a typical type of boot sector virus. Found in 1988, this virus spreads through floppy disks and displays its presence by moving the ball around on the screen, causing improper operation of the infected computer programs. The virus causes small destruction and spreads slowly.
Multipartite Virus
A multipartite virus is a fast-moving virus that uses file infectors or boot infectors to attack the boot sector and executable files simultaneously, thus causing more damage than any other kind of virus.
Features of Computer Viruses
Similar to a biological virus, a computer virus can complete self-replication and spread across computers, with the following features:
- Infectivity: Some computer viruses can replicate and proliferate their program codes and infect other computers through networks, wireless communication system, and portable storage devices like hard disks and USB flash drives. Other computers then become new infection sources and spread viruses at large scale in short time.
- Damage: A virus will damage computer resources after invasion. It may reduce the available disk space of the computer and slow the operation performance, or even cause disastrous consequences like data file loss and system breakdown.
- Parasitism: A virus is attached to the host program and is executed when the host program runs. In other situations, the virus will lay dormant on the host program without attacking.
- Concealment: A virus exists as a section of codes in programs or as a hidden file. It has strong concealment and is hard to discover, even by antivirus programs.
- Latency: Some viruses lie latent for a long time in the system before attacking. They initiate attacks when triggering conditions are met.
Features of computer viruses
Symptoms of Computer Virus Infection
If your computer has the following symptoms, it may be infected by a computer virus, requiring attention and timely handling:
- The operating system fails to start normally or operates slowly.
- The computer often breaks down or suddenly restarts.
- Disk space reduces sharply for no reason.
- A program reports error, cannot operate normally, or crashes.
- Files get lost or damaged, or new files appear unexpectedly.
- External devices are out of control, for example, the mouse moves automatically or the printer is abnormal.
- Characters or images appear on the computer screen or music is played inexplicably.
- The date, time, and other attributes of files change.
Countermeasures Against Computer Viruses
The key to defending against computer viruses is the system's defending capability and our security awareness. The following are suggestions on how to defend against computer viruses:
- Install legitimate operating systems and software, run antivirus software, and update the patches timely.
- Enhance security awareness. For example, do not open unknown emails or click unknown links while browsing webpages.
- Deploy functions on firewalls to detect viruses by matching virus signatures against the antivirus database, and to intervene or give warnings by blocking the virus infected files or generating alarms.
- Author: Jiao Cuicui
- Updated on: 2024-01-09
- Views: 1078
- Average rating:
