Computer Virus

A computer virus is a type of malicious software (malware) designed to infect computers,

typically by embedding its code into legitimate programs or files. It is a self-replicating program
that spreads by attaching itself to other executable files or documents. Once the infected program
is executed, the virus activates and can perform a wide range of harmful activities, such as
corrupting or deleting data, stealing sensitive information, disrupting system operations, or
facilitating unauthorized access to other devices on a network.

A key characteristic of a virus is its ability to replicate and spread to other devices. It often does
so without the knowledge or consent of the user, making it particularly dangerous. In some cases,
the virus may disguise itself as legitimate software or rely on social engineering techniques to
trick users into downloading or executing the infected file. Once the virus infiltrates a system, it
can modify other programs by injecting its code, effectively taking control of the affected device.

The damage caused by a computer virus can range from minor disruptions, such as slowing
down the system, to more severe consequences like data theft, system crashes, or even the
installation of additional malware. Viruses can spread through various methods, including
infected email attachments, downloads from untrusted websites, or via external storage devices
like USB drives.

In essence, a computer virus is a malicious entity that compromises the integrity and security of a
device, causing significant harm while evading detection by masquerading as legitimate
software.

Types of Computer Viruses

Computer viruses are malicious programs designed to disrupt, damage, or gain unauthorized
access to computer systems. They often replicate themselves and spread to other systems. Below
are the nine major categories of computer viruses, expanded with detailed explanations and
relevant examples.

1. Boot Sector Virus

A boot sector virus targets the master boot record (MBR) of a hard drive or removable storage
device. The MBR contains critical information that helps the computer locate and load the
operating system during the boot process. By infecting the boot sector, the virus gains control
over the system before the operating system loads, making it difficult to detect and remove.

How It Spreads:

 Infected removable media (e.g., USB drives, floppy disks)

 Booting from an infected device

Impact:

 Prevents the operating system from loading

 Can cause data loss or corruption

 Difficult to remove because it activates before the OS

Examples:

 Michelangelo Virus (1991): Activated on March 6th (Michelangelo's birthday) and

overwrote critical data on the hard drive.

 Stoned Virus (1987): Displayed the message "Your PC is now stoned!" and infected the
boot sector of floppy disks and hard drives.

2. Web Scripting Virus

Web scripting viruses exploit vulnerabilities in web browsers and web applications by injecting
malicious code (usually JavaScript) into web pages. When users visit an infected page, the script
executes in their browser, potentially stealing data, modifying web content, or redirecting to
malicious sites.

How It Spreads:

 Compromised websites

 Malicious advertisements (malvertising)

 Cross-site scripting (XSS) attacks

Impact:
  Theft of sensitive information (cookies, session tokens)

 Unauthorized actions on behalf of the user

 Spread of malware through drive-by downloads

Examples:

 Samy Worm (2005): A cross-site scripting worm that propagated on MySpace, adding
Samy Kamkar as a friend to infected profiles.

 BeEF (Browser Exploitation Framework): A tool used to demonstrate browser

vulnerabilities (used ethically for penetration testing).

3. Browser Hijacker

Browser hijackers modify web browser settings without user consent. They change the
homepage, default search engine, and new tab page, redirecting users to unwanted or malicious
websites. Often bundled with freeware or shareware, they generate revenue through increased
website traffic or by displaying ads.

How It Spreads

 Bundled with free software downloads

 Malicious browser extensions

 Phishing emails

Impact:

 Redirects to phishing or ad-laden websites

 Slows down browser performance

 Compromises user privacy by tracking browsing habits

Examples:

 CoolWebSearch: Redirected browsers to its own search engine and displayed unwanted
pop-up ads.
  Babylon Toolbar: Changed search settings and homepages to Babylon's own search
engine.

4. Resident Virus

Resident viruses load into a computer's memory and remain active even after the host application
is closed. They can infect other files and programs running on the system. Because they reside in
memory, they can evade detection and are challenging to remove.

How It Spreads:

 Infected executable files

 Email attachments

 Downloaded software from untrusted sources

Impact:

 Slows down system performance

 Corrupts or deletes files

 Opens backdoors for other malware

Examples:

 Randex: Allowed remote attackers to access and control infected systems.

 CMJ Virus: Infected .COM and .EXE files, spreading whenever these files were
accessed.

5. Direct Action Virus

Direct action viruses, also known as non-resident viruses, act immediately upon execution. They
infect files in specific directories or types and then stop functioning unless the infected files are
executed again. They do not remain in the system's memory after execution.

How It Spreads:

 Executing an infected file

  Infected removable media

Impact:

 Corrupts or deletes files in the same directory

 Limited to specific file types

 Easier to detect and remove compared to resident viruses

Examples:

 Vienna Virus (1987): Infected .COM files and sometimes corrupted them, leading to
program malfunctions.

 Cascade Virus: Caused characters to fall and pile up at the bottom of the screen, while
infecting executable files.

6. Polymorphic Virus

Polymorphic viruses can change their underlying code each time they infect a new system or file,
without altering their basic functionalities. This mutation makes them difficult for antivirus
programs to detect using signature-based methods.

How It Spreads:

 Infected files and programs

 Email attachments

 Network sharing

Impact:

 Bypasses traditional antivirus detection

 Causes data corruption

 Can open backdoors for additional malware

Examples:
  Storm Worm (2007): Spread via email attachments, changing its code to avoid
detection.

 VirLock: Combined ransomware with polymorphic virus characteristics, encrypting files

and changing its code with each infection.

7. File Infector Virus

File infector viruses attach themselves to executable files like .EXE and .COM files. When the
infected file is run, the virus activates, potentially spreading to other executable files and
performing malicious activities.

How It Spreads:

 Executing infected programs

 Downloading software from untrusted sources

 Email attachments

Impact:

 Corrupts or deletes files

 May render programs unusable

 Can spread rapidly across systems and networks

Examples:

 Jerusalem Virus (1987): Deleted programs on every Friday the 13th and slowed down
system performance.

 Cascade Virus: Not only a direct action virus but also a file infector that targeted
executable files.

8. Multipartite Virus

Multipartite viruses infect multiple parts of a system simultaneously, such as the boot sector and
executable files. This dual infection method makes them versatile and challenging to eradicate,
as removing them from one area might not eliminate them entirely.
How It Spreads:

 Infected boot sectors

 Infected executable files

 Removable media

Impact:

 Persistent reinfection if not completely removed

 Data corruption across multiple system areas

 Can bypass certain security measures

Examples:

 One_Half Virus: Encrypted hard drive sectors and decrypted them on the fly, infecting
both boot sectors and files.

 Junkie Virus: Infected both .EXE files and the boot sector, making removal difficult.

9. Macro Virus

Macro viruses are written in the macro programming languages of applications like Microsoft
Word or Excel. They embed malicious code within documents and spreadsheets. When the
document is opened, the macro runs automatically, executing the virus.

How It Spreads:

 Infected email attachments

 Downloaded documents

 Shared files over networks

Impact:

 Corrupts or deletes data in documents

 Sends infected documents to contacts

  Alters or replaces macro commands

Examples:

 Melissa Virus (1999): Spread via email by sending itself to the top 50 contacts in the
user's Outlook address book.

 Concept Virus (1995): One of the first widely spread macro viruses, it demonstrated the
potential for macros to carry malware.

Causes of Computer Viruses

Computer viruses are standard programs; instead of offering useful resources, these programs
can damage your device. Computer viruses are typically crafted by hackers with various
intentions, like stealing sensitive data to causing chaos in systems. Some hackers create these
malicious programs for fun or as a challenge, while others have more sinister motives like
financial gain or cyber warfare.

Hackers may exploit weak points in an operating system or app to acquire unapproved access
and power over a user’s machine to achieve their goals.

 Ego-driven: Some virus authors seek fame within the hacker community by creating
destructive or widespread viruses that garner media attention.

 Cybercrime: Hackers often use computer viruses as tools for ransomware attacks,
identity theft, and other forms of online fraud.

 Sabotage: In some cases, disgruntled employees create computer viruses to intentionally

damage their employer’s infrastructure.

 Cyber espionage: State-sponsored hackers may develop advanced persistent threats

(APTs) using custom-made malware designed for long-term infiltration into targeted
networks.

For a threat actor to execute a virus on your machine, you must initiate execution. Sometimes, an
attacker can execute malicious code through your browser or remotely from another network
computer. Modern browsers have defenses against local machine code execution, but third-party
software installed on the browser could have vulnerabilities that allow viruses to run locally.
The delivery of a computer virus can happen in several ways. One common method is via
a phishing email. Another technique is hosting malware on a server that promises to provide a
legitimate program. It can be delivered using macros or by injecting malicious code into
legitimate software files.

Computer Worm

A computer worm is a type of malware designed to replicate itself to spread to other computers.
Unlike computer viruses, worms do not require a host program to spread and self-replicate.
Instead, they often use a computer network to spread themselves, relying on security failures on
the target computer to access it.

Once a worm infects a computer, it uses that device as a host to scan and infect other computers.
When these new worm-infested computers are compromised, the worm continues to scan and
infect other computers using these computers as hosts. Worms operate by consuming heavy
memory and bandwidth loads, resulting in overloaded servers, systems, and networks.

Computer Viruses vs. Malware

While overlapping in intention and meaning, malware and viruses are two distinct terms that are
often used interchangeably.

Malware is a general term for any type of malicious software, while a virus is a specific type of
malware that self-replicates by inserting its code into other programs. While viruses are a type of
malware, not all malware is a virus.

Malware can take many forms, including viruses, worms, trojans, spyware, adware, and
ransomware, and it can be distributed through infected websites, flash drives, emails, and other
means. A virus requires a host program to run and attaches itself to legitimate files and programs.
It causes a host of malicious effects, such as deleting or encrypting files, modifying applications,
or disabling system functions.

Signs of Computer Virus

Malware authors write code that is undetectable until the payload is delivered. However, like any
software program, bugs could present issues while the virus runs. Signs that you have a computer
virus include:
  Popup windows, including ads (adware) or links to malicious websites.

 Your web browser home page changes, and you did not change it.

 Outbound emails to your contact list or people on your contact list alert you to strange
messages sent by your account.

 The computer crashes often, runs out of memory with few active programs or displays
the blue screen of death in Windows.

 Slow computer performance even when running few programs or the computer was
recently booted.

 Unknown programs start when the computer boots or when you open specific programs.

 Passwords change without your knowledge or your interaction on the account.

 Frequent error messages arise with basic functions like opening or using programs.

How to Remove a Computer Virus

Removing a computer virus can be a challenging task, but there are several steps you can take to
get rid of it. Common steps to remove a computer virus include:

1. Download and install antivirus software: Assuming you don’t already have antivirus
software installed, download and install a real-time and on-demand solution, if possible.
A real-time malware scanner scans for viruses in the background while you use the
computer. You must start the on-demand scanner whenever you want to scan your
device.

2. Disconnect from the internet: Some computer viruses use the internet connection to
spread, so it’s best to disconnect from the internet when removing a virus from your PC
to prevent further damage.

3. Delete any temporary files: Depending on the type of virus, deleting temporary files can
also delete the virus, as some viruses are designed to initiate when your computer boots
up.
 4. Reboot your computer into safe mode: To help mitigate damages to your computer
while you remove a virus, reboot your device in ‘Safe Mode.’ This will inhibit the virus
from running and allow you to remove it more effectively.

5. Run a virus scan: Run a full scan using your antivirus software, opting for the most
thorough or complete scanning option available. If possible, cover all your hard drive
letters during the scan.

6. Delete or quarantine the virus: Once the virus is detected, your antivirus software will
give you the option to delete or quarantine the virus. Quarantining the virus will isolate it
from the rest of your computer to prevent it from causing further damage.

7. Reboot your computer: Assuming you’ve effectively removed the virus, your computer
can be rebooted. Simply turn on the device as you would do so normally without
initiating the “Safe Mode” option.

8. Update your browser and operating system: To complete the virus removal process,
update your operating system and web browser to the latest version possible. Browser
and OS Updates often contain fixes for particular vulnerabilities and exploits.

Given the general nature of this process, the outcome may vary from virus to virus and device to
device. If you are unsure if you’ve effectively removed a virus from your computer, contact an
IT or computer professional for assistance.

How to Prevent Computer Viruses

Computer viruses can damage your PC, send sensitive data to attackers, and cause downtime
until the system is repaired. You can avoid becoming the next computer virus victim by
following a few best practices:

 Install antivirus software: Antivirus should run on any device connected to the network.
It’s your first defense against viruses. Antivirus software stops malware executables from
running on your local device.

 Don’t open executable email attachments: Many malware attacks

including ransomware start with a malicious email attachment. Executable attachments
 should never be opened, and users should avoid running macros programmed into files
such as Microsoft Word or Excel.

 Keep your operating system updated: Developers for all major operating systems
release patches to remediate common bugs and security vulnerabilities. Always keep your
operating system updated and stop using end-of-life versions (e.g., Windows 7 or
Windows XP).

 Avoid questionable websites: Older browsers are vulnerable to exploits used when just
browsing a website. You should always keep your browser updated with the latest
patches and avoid these sites to prevent drive-by downloads or redirecting you to sites
that host malware.

 Don’t use pirated software: Free pirated software might be tempting, but it’s often
packaged with malware. Download vendor software only from the official source and
avoid using software pirated and shared software.

 Use strong passwords: Make sure your passwords are highly secure and difficult to
guess. Avoid using the same password across multiple accounts and change them
regularly to mitigate vulnerabilities and prevent hackers from stealing them.

 Remain vigilant: Always be cautious when downloading files or software from the
internet or opening suspicious email attachments. Turn off file sharing and never share
access to your computer with someone you don’t know. Also, avoid keeping sensitive or
private information stored on your computer

Conclusion

Computer viruses remain a significant threat to digital systems, with their ability to self-replicate,
spread, and execute malicious actions. These viruses come in various forms, each posing unique
risks, such as boot sector viruses, web scripting viruses, and polymorphic viruses. The damage
caused by viruses can range from data loss and system disruptions to unauthorized access and
identity theft. The rise of sophisticated types of viruses, like file infectors and multipartite
viruses, has further complicated detection and removal efforts. However, with the advent of
advanced antivirus software, combined with safe browsing practices, regular updates, and
vigilance, it is possible to minimize the risk of infection. As hackers continually develop more
complex viruses, staying informed and proactive in virus prevention is essential for safeguarding
computer systems.

REFERENCES

1. Piqueira, J. R. C., de Vasconcelos, A. A., Gabriel, C. E. C. J., & Araujo, V. O. (2008).

Dynamic models for computer viruses. Computers & Security, 27(7-8), 355–359.
https://doi.org/10.1016/j.cose.2008.07.006
2. Solomon, A. (2011, June 14). All about viruses. VX Heavens. Archived from the original on
January 17, 2012. Retrieved July 17, 2014, from https://vxheavens.com
3. Aycock, J. (2006). Computer viruses and malware. Springer. https://doi.org/10.1007/978-0-
387-30236-2
4. Yeo, S.-S. (Ed.). (2012). Computer science and its applications: CSA 2012, Jeju, Korea, 22-
25.11.2012. Springer. https://doi.org/10.1007/978-94-007-5699-1
5. Yu, W., Zhang, N., Fu, X., & Zhao, W. (2010). Self-disciplinary worms and
countermeasures: Modeling and analysis. IEEE Transactions on Parallel and Distributed
Systems, 21(10), 1501–1514. https://doi.org/10.1109/tpds.2009.161
6. Filiol, E. (2005). Computer viruses: From theory to applications. Springer.
https://doi.org/10.1007/978-2-287-23939-7
7. Harley, D., Slade, R., & Gattiker, U. E. (2001). Viruses revealed. McGraw-Hill.
8. Ludwig, M. A. (1996). The little black book of computer viruses: Volume 1, The basic
technologies (2nd ed.). American Eagle Publications.