Although almost everyone has heard of them, most of us may not know how computer viruses work. A computer virus is a piece of code, usually malicious, that attaches itself to legitimate programs, documents, or a computer boot sector in order to replicate and spread from system to system. People generally use the term ‘virus’ to refer to any kind of malicious software, but it actually is just one type of malware.
Viruses were first seen in the late 1980s during the rise in the adoption of personal computers (PCs) and since then, the world has seen the humble computer virus evolve from a silly prank into one of the most destructive forces in cyberspace. Computer viruses are of many kinds, serving different purposes and using different means of proliferation. But all of them share the same underlying concept – malicious code replicating itself to infect multiple computers causing varying degrees of damage.
Let’s discuss how exactly computer viruses work.
Types of computer viruses
Based on their attack target, medium of replication, or intent, computer viruses can be classified into the following major types:
- File infectors: These viruses attach themselves to executable programs like COM or EXE files. They can also infect SYS, OVL, or PRG files for which execution needs to be requested. The infected program, when loaded, ends up loading the virus as well. Some file infectors are spread via email attachments as well.
- Overwrite viruses: Some viruses are meant to trigger the destruction of specific files or entire disks. Once it has infected a device, the virus can start overwriting files with its own code, either to destroy the targeted files or program them to spread it to more programs and devices.
- Polymorphic viruses: These viruses can evade detection by antivirus programs by rewriting their underlying code. Even if antivirus programs identify its signature, polymorphic viruses can alter their code to make detection based on the same signature impossible in the future.
- Boot sector viruses: Some viruses target the system or the boot sector of various disk drives. They can infect the Master Boot Record (MBR) on hard disks or the OS boot sector on USB drives. An infected storage device can trigger loading the virus into the system on the next restart, inserting itself into the MBR along with the other code.
- Resident viruses: Resident viruses reside on the system memory or RAM of a device. Antivirus software usually don’t scan the memory and hence, resident viruses can remain undetected and cause havoc.
How does a computer virus spread?
The first step in the journey of a virus is the propagation stage wherein it infects the target system. There are multiple means of propagation that viruses can use to spread to devices. The most common method is when a user happens to access an executable file that is infected with the virus. The infected file can be downloaded from the internet, copied from a removable storage device, or downloaded from an email.
Some viruses can also begin propagation after a specific human trigger. They can then start attaching themselves to all the files on the system or infect all removable media or even attach themselves to all outgoing email messages.
There are viruses that can also spread between systems without ever needing to be present on a disk, residing entirely on the system memory. These viruses can evade detection, carry out their malicious objective, and disappear from the system without leaving a trace.
How does a computer virus attack?
The second and final step in the virus’s journey is the attack stage wherein it activates the exploit designed by its author. This step sees the virus carrying out the objective written in its malicious code. Based on the user privileges of the virus’s author and the techniques the virus uses to activate its code, the virus can take virtually any action on an infected system.
The virus will carry out its attack by violating one or more principles of cybersecurity: confidentiality, integrity, and availability.
Viruses can be programmed to steal confidential information from systems such as social security details, credit card information, important passwords, and more which can be transmitted back to the malicious agents or hackers for nefarious purposes.
They can also be coded to perform integrity attacks like deleting files and programs on the target system or making unauthorized changes to system files.
Lastly, viruses can be programmed to deprive you of access to your own files and data by encrypting them and demanding ransom for the decryption key. These are known as ransomware attacks.
Viruses can also connect a device to a botnet, essentially providing the attacker full access to it. The attacker can then use the system to perform Distributed Denial of Service (DDoS) attacks on websites or use it to mine cryptocurrency or simply perform unlawful activities from it, avoiding blame for the consequences.
Computer viruses don’t feature in headlines as often as they did in prior decades, thanks to advancements in operating systems and antivirus software. But they still pose a significant threat to data security, especially if people don’t observe basic cybersecurity etiquette. Now that you know how computer viruses work, you can be more mindful of your actions in cyberspace and hopefully stay away from harmful consequences.