Computer Virus

Computer viruses have the “virus” name because they resemble illnesses in the way they infect a system. Doctors can usually diagnose a virus based on symptoms exhibited by the body. IT professionals can do the same with computers. Typical signs of computer virus infections include:

Ongoing crashes and blue screen errors
Slow performance
Missing files
Low storage
Unexpected behavior
Constant browser pop-ups
Unidentifiable programs
Increased network activity
Disabled security software

Computer Virus Definition

A computer virus is an ill-natured software application or authored code that can attach itself to other programs, self-replicate, and spread itself onto other devices. When executed, a virus modifies other computer programs by inserting its code into them. If the virus’s replication is successful, the affected device is considered “infected” with a computer virus.

The malicious activity carried out by the virus’s code can damage the local file system, steal data, interrupt services, download additional malware, or any other actions the malware author coded into the program. Many viruses pretend to be legitimate programs to trick users into executing them on their devices, delivering the computer virus payload.

Parts of Virus

A computer virus generally contains three parts:

Infection mechanism (which finds and infects new files.)
The payload (which is the malicious code to execute) and
The trigger (which determines when to activate the payload.)

Phase of Virus

Virus phases is the life cycle of the computer virus, described by using an analogy to biology. This life cycle can be divided into four phases:

Dormant phase : The virus program is idle during this stage. The virus program has managed to access the target user’s computer or software, but during this stage, the virus does not take any action.
Propagation phase : The virus starts propagating, which is multiplying and replicating itself. The virus places a copy of itself into other programs or into certain system areas on the disk. Each infected program will now contain a clone of the virus, which will itself enter a propagation phase.
Triggering phase : A dormant virus moves into this phase when it is activated, and will now perform the function for which it was intended. The triggering phase can be caused by a variety of system events, including a count of the number of times that this copy of the virus has made copies of itself.
Execution phase : This is the actual work of the virus, where the “payload” will be released. It can be destructive such as deleting files on disk, crashing the system, or corrupting files or relatively harmless such as popping up humorous or political messages on screen.

Types of Computer Viruses

1. File Virus :

This type of virus infects the system by appending itself to the end of a file. It changes the start of a program so that the control jumps to its code. After the execution of its code, the control returns back to the main program. Its execution is not even noticed. It is also called a Parasitic virus because it leaves no file intact but also leaves the host functional.

2. Boot sector Virus :

It is a type of virus that infects the boot sector of floppy disks or the Master Boot Record (MBR) of hard disks. The Boot sector comprises all the files which are required to start the Operating system of the computer. The virus either overwrites the existing program or copies itself to another part of the disk.

3. Macro Virus :

A virus written in the same macro language as used in the software program and infects the computer if a word processor file is opened. Mainly the source of such viruses is via emails.

4. Memory Resident Virus :

A virus which saves itself in the memory of the computer and then infects other files and programs when its originating program is no longer working. This virus can easily infect other files because it is hidden in the memory and is hard to be removed from the system.

5. FAT Virus :

The File Allocation Table is the part of the disk used to store all information about the location of files, available space , unusable space etc. This virus affects the FAT section and may damage crucial information.

6. Multipartite Virus :

A virus which can attack both, the boot sector and the executable files of an already infected computer is called a multipartite virus. If a multipartite virus attacks your system, you are at risk of cyber threat.

7. Polymorphic Virus :

Spread through spam and infected websites, the polymorphic virus are file infectors which are complex and are tough to detect. They create a modified or morphed version of the existing program and infect the system and retain the original code.

8. Encrypted Virus :

In order to avoid detection by antivirus, this type of virus exists in encrypted form. It carries a decryption algorithm along with it. So the virus first decrypts and then executes.

9. Stealth Virus :

It is a very tricky virus as it changes the code that can be used to detect it. Hence, the detection of viruses becomes very difficult. For example, it can change the read system call such that whenever the user asks to read a code modified by a virus, the original form of code is shown rather than infected code.

10. Tunneling Virus :

This virus attempts to bypass detection by antivirus scanner by installing itself in the interrupt handler chain. Interception programs, which remain in the background of an operating system and catch viruses, become disabled during the course of a tunneling virus. Similar viruses install themselves in device drivers.

11. Multipartite Virus :

12. Armored Virus :

An armored virus is coded to make it difficult for antivirus to unravel and understand. It uses a variety of techniques to do so like fooling antivirus to believe that it lies somewhere else than its real location or using compression to complicate its code.

13. Browser Hijacker :

As the name suggests this virus is coded to target the user’s browser and can alter the browser settings. It is also called the browser redirect virus because it redirects your browser to other malicious sites that can harm your computer system.

14. Direct Action Virus :

When a virus attaches itself directly to a .exe or .com file and enters the device while its execution is called a Direct Action Virus. If it gets installed in the memory, it keeps itself hidden. It is also known as Non-Resident Virus.

15. Companion Virus :

This kind of virus usually use the similar file name and create a different extension of it. For example, if there’s a file “Hello.exe”, the virus will create another file named “Hello.com” and will hide in the new file.

Replication Strategies of the Virus :

A computer virus performs two basic functions: it copies itself from machine to machine (self- reproducing), and it executes the instructions the perpetrator has planned.

A computer virus exhibits three characteristics: a replication mechanism, an activation mechanism, and an objective. The replication mechanism searches for other programs to infect, if it finds any, it inserts the hidden instructions in the program then it modifies the execution sequence of the program’s instructions such that the hidden code will be executed whenever the program is invoked. The activation mechanism checks for the occurrence of some event. When the event occurs, the computer virus executes its objective.