What is a Computer Virus Anyway?

Combating infections and removing viruses is now big business. Lesson one is 'knowing the enemy'.

THE ENEMY - Crackers and Hackers

Geeks make a distinction between crackers, who break into systems to do damage, and hackers who enjoy taking programs apart just to see how they tick. We'll stick with the more common, though less accurate, term of hacker. (The term 'hacker' originally meant 'someone who makes furniture' with an axe. Crude, but effective - like most computer viruses.)

Viruses are actually a particular type of computer 'malware' - a general term covering all types of malicious software. The most common types are viruses, worms and Trojan horses.

VIRUSES

A virus is usually hidden inside another program such as an installation program delivered via e-mail attachment. (Biological viruses require a host organism to live and reproduce, hence the name.) When the 'host' program is run, the virus program also runs. Once it's in memory the virus is able to do its dirty work, which usually includes infecting other programs.

After the infection stage of the virus, there's a destructive stage. The virus waits for a pre-determined trigger (such as a specific date or a certain number of times the virus has replicated itself) before delivering its 'payload'. Payloads range from simple messages to file deletion commands to destruction of the core operating system.

When first developed, computer viruses were commonly distributed on floppy disks. With the growth of the Internet downloaded files and e-mail are the preferred delivery mechanisms. E-mail can contain attachments which can be any kind of computer file. Any executable file can be infected with a virus, and shouldn't be run unless you're confident they're virus free.

WORMS

Worms are similar to viruses in that they're self-replicating. They reproduce themselves across networks without human assistance, such as e-mail sending. A worm, though, doesn't need another executable program to be distributed.

Worms usually affect networks more than individual computers on the network. Their self-replicating behavior can overload network resources, causing slowdowns in data transmission by consuming massive bandwidth normally used to forward normal traffic. Network systems that route Internet traffic are just specialized computer hardware and software. They, too, can be affected by malware.

Worms can also be designed to carry a payload, using a 'backdoor' installation program. A backdoor is a hidden access point to a computer that bypasses the normal login procedure. They're commonly used by spammers to distribute junk e-mail, for example.

TROJAN HORSES

Trojan horses are the third common type of malware. A 'trojan' is a program that pretends to do one thing but actually does something different. (The term comes from the story of the Greeks who built a large wooden horse in which to hide. Their enemies, the Trojans persuaded they'd receive a gift, took the horse inside their compound giving the Greeks easy access to wreak havoc.) Unlike viruses or worms, a Trojan doesn't replicate itself.

Trojans may be hidden in otherwise useful software. Once started they can do almost anything including erasing data, corrupting files, installing backdoors and logging keystrokes so that hackers can steal information such as credit card numbers and passwords.

FIGHTING MALWARE

Elsewhere in the series, we'll discuss what is and can be done to combat the spread of malware. In the interim, just remember not to be passive and expect the problem to be solved by others. Fighting viruses requires active participation from vendors, webmasters AND users.