What Is A Virus?
A computer virus is a program, script, or macrodesigned to cause damage, steal personal information, modify data, send e-mail, display messages, or some combination of these actions.
When the virus is executed, it spreads by copying itself into or over data files, programs, or boot sector of a computer's hard drive, or potentially anything else writable. To help spread an infection, the virus writers use detailed knowledge of security vulnerabilities, zero days, or social engineering to gain access to a host's computer.
How to protect your computer from a virus
You can protect your computer from viruses by installing an antivirus protection program. Once installed on a computer an antivirus monitors, detects, and cleans any computer viruses by looking for virus signatures.
What can a virus do to a computer?
What a virus does to a computer once it has infected the computer depends on the type of virus. Typically most computer viruses will delete data, overwrite information, display messages, and add itself to other files on the computer. Almost all computer viruses only damage the data contained on the computer and do not physically harm the computer or its hardware. More sophisticated viruses like Stuxnet can cause physical damage
Types of viruses
File infectors. Some file infector viruses attach themselves to program files, usually selected .com or .exe files. Some can infect any program for which execution is requested, including .sys, .ovl, .prg, and .mnu files. When the program is loaded, the virus is loaded as well. Other file infector viruses arrive as wholly contained programs or scripts sent as an attachment to an email note.
Macro viruses. These viruses specifically target macro language commands in applications like Microsoft Word and other programs. In Word, macros are saved sequences for commands or keystrokes that are embedded in the documents. Macro viruses can add their malicious code to the legitimate macro sequences in a Word file. Microsoft disabled macros by default in more recent versions of Word; as a result, hackers have used social engineering schemes to convince targeted users to enable macros and launch the virus. As macro viruses have seen a resurgence in recent years, Microsoft added a new feature in Office 2016 that allows security managers to selectively enable macro use for trusted workflows only, as well as block macros across an organization.
Overwrite viruses. Some viruses are designed specifically to destroy a file or application's data. After infecting a system, an overwrite virus begins overwriting files with its own code. These viruses can target specific files or applications or systematically overwrite all files on an infected device. An overwrite virus can install new code in files and applications that programs them to spread the virus to additional files, applications and systems.
Polymorphic viruses. A polymorphic virus is a type of malware that has the ability to change or mutate its underlying code without changing its basic functions or features. This process helps a virus evade detection from many antimalware and threat detection products that rely on identifying signatures of malware; once a polymorphic virus' signature is identified by a security product, the virus can then alter itself so that it will no longer be detected using that signature.
Resident viruses. This type of virus embeds itself in the memory of a system. The original virus program isn't needed to infect new files or applications; even if the original virus is deleted, the version stored in memory can be activated when the operating system loads a specific application or function. Resident viruses are problematic because they can evade antivirus and antimalware software by hiding in the system's RAM.
Rootkit viruses. A rootkit virus is a type of malware that installs an unauthorized rootkit on an infected system, giving attackers full control of the system with the ability to fundamentally modify or disable functions and programs. Rootkit viruses were designed to bypass antivirus software, which typically scanned only applications and files. More recent versions of major antivirus and antimalware programs include rootkit scanning to identify and mitigate these types of viruses.
System or boot-record infectors. These viruses infect executable code found in certain system areas on a disk. They attach to the DOS bootsector on diskettes and USB thumb drives or the Master Boot Record on hard disks. In a typical attack scenario, the victim receives storage device that contains a boot disk virus. When the victim's operating system is running, files on the external storage device can infect the system; rebooting the system will trigger the boot disk virus. An infected storage device connected to a computer can modify or even replace the existing boot code on the infected system so that when the system is booted next, the virus will be loaded and run immediately as part of the master boot record. Boot viruses are less common now as today's devices rely less on physical storage media.
What was the first computer virus ever created?
The first computer virus known as the Elk Cloner was written by Rich Skrenta in 1982who was a 15-year old high school student at the time. The Elk Cloner virus spread to other computers by monitoring the floppy drive and copying itself to any floppy diskette that was inserted into the computer. Once a floppy was infected it would infect all other computers that used the disk was. A computer that was infected would display a short poem on every 50th boot.
No comments:
Write comments