ad info

 
CNN.com  technology > computing
    Editions | myCNN | Video | Audio | Headline News Brief | Feedback  

 

  Search
 
 

 
TECHNOLOGY
TOP STORIES

Consumer group: Online privacy protections fall short

Guide to a wired Super Bowl

Debate opens on making e-commerce law consistent

(MORE)

TOP STORIES

More than 11,000 killed in India quake

Mideast negotiators want to continue talks after Israeli elections

(MORE)

MARKETS
4:30pm ET, 4/16
144.70
8257.60
3.71
1394.72
10.90
879.91
 


WORLD

U.S.

POLITICS

LAW

ENTERTAINMENT

HEALTH

TRAVEL

FOOD

ARTS & STYLE



(MORE HEADLINES)
*
 
CNN Websites
Networks image


How a computer virus works

PC World

(IDG) -- Virus: A self-replicating piece of computer code that can partially or fully attach itself to files or applications, and can cause your computer to do something you don't want it to do.

Computer viruses are the "common cold" of modern technology. They can spread swiftly across open networks such as the Internet, causing billions of dollars worth of damage in a short amount of time. Five years ago, the chance you'd receive a virus over a 12-month period was about 1 in 1000; today, your chances have dropped to about 1 in 10. The vital statistics:

  MESSAGE BOARD
 
  • Viruses enter your system via e-mail, downloads, infected floppy disks, or (occasionally) hacking.


  • By definition, a virus must be able to self-replicate (make copies of itself) to spread.


  • Thousands of viruses exist, but few are found "in the wild" (roaming, unchecked, across networks) because most known viruses are laboratory-made, never released variations of common "wild" viruses.


  • Virus behavior can range from annoying to destructive, but even relatively benign viruses tend to be destructive due to bugs introduced by sloppy programming.


  • Antivirus software can detect nearly all types of known viruses, but it must be updated regularly to maintain effectiveness.

MORE COMPUTING INTELLIGENCE
IDG.net   IDG.net home page
  PC World home page
  Bulletproof PC protection
  Make your PC hacker-proof
  Personal firewalls keep intruders at bay
  Reviews & in-depth info at IDG.net
  E-Business World
  TechInformer
  Questions about computers? Let IDG.net's editors help you
  Subscribe to IDG.net's free daily newsletters
  Search IDG.net in 12 languages
  News Radio
  * Fusion audio primers
  * Computerworld Minute

A virus is just a computer program. Like any other program, it contains instructions that tell your computer what to do. But unlike an application, a virus usually tells your computer to do something you don't want it to do, and it can usually spread itself to other files on your computer -- and other people's computers.

If you're lucky, a virus will execute only a benign "personality quirk," such as causing your computer to make seemingly random bleeps. But a virus can be very destructive; it could format your hard drive, overwrite your hard drive boot sector, or delete files and render your machine inoperable.

How did I get this virus, anyway?

You get a virus when you copy infected files to your computer, then activate the code inside by running the infected application or opening an infected document. How you copy the infected files is irrelevant: Viruses don't care if you get them as an e-mail attachment, a download, or via a shared floppy disk, though e-mail attachments are the most prevalent -- and easiest -- mode of transport (see "Learning from the 'Love' bug," link below).

Once you open an infected file or application, the malicious code copies itself into a file on your system, where it waits to deliver its payload -- whatever the programmer designed it to do to your system. Simply deleting the e-mail after you open the attachment won't get rid of the virus, since it has already entered the machine.

A virus writer can set the payload to trigger immediately, at a preset future time or date, or upon the execution of a specific command, such as when you save or open a file. The Michelangelo virus, for example, was programmed to release its payload on March 6 of any year -- the artist's birthday.

General virus types

While there are thousands of variations of viruses, most fall into one of the following six general categories, each of which works its magic slightly differently:

Boot Sector Virus: replaces or implants itself in the boot sector---an area of the hard drive (or any other disk) accessed when you first turn on your computer. This kind of virus can prevent you from being able to boot your hard disk.

File Virus: infects applications. These executables then spread the virus by infecting associated documents and other applications whenever they're opened or run.

Macro Virus: Written using a simplified macro programming language, these viruses affect Microsoft Office applications, such as Word and Excel, and account for about 75 percent of viruses found in the wild. A document infected with a macro virus generally modifies a pre-existing, commonly used command (such as Save) to trigger its payload upon execution of that command.

Multipartite Virus: infects both files and the boot sector--a double whammy that can reinfect your system dozens of times before it's caught.

Polymorphic Virus: changes code whenever it passes to another machine; in theory these viruses should be more difficult for antivirus scanners to detect, but in practice they're usually not that well written.

Stealth Virus: hides its presence by making an infected file not appear infected, but doesn't usually stand up to antivirus software.

All malicious codes aren't viruses

A common misconception is that other kinds of electronic nasties, such as worms and Trojan horse applications, are viruses. They aren't. Worms, Trojan horses, and viruses are in a broader category analysts call "malicious code."

A worm program replicates itself and slithers through network connections to infect any machine on the network and replicate within it, eating up storage space and slowing down the computer. But worms don't alter or delete files.

A Trojan horse doesn't replicate itself, but it is a malicious program disguised as something benign such as a screen saver. When loaded onto your machine, a Trojan horse can capture information from your system -- such as user names and passwords--or could allow a malicious hacker to remotely control your computer.

Antivirus software answers the siren call

Virus experts have recorded more than 40,000 viruses and their variant strains over the years, though only about 200 of those viruses are actively spreading in the wild. While most viruses are just annoying time-wasters, the ones that do deliver a destructive payload are a real threat.

Viruses have been around since the early 1960s, almost since the earliest computers existed, though until the 1980s they were largely laboratory specimens, created by researchers and released in a controlled environment to examine their effect.

When viruses first appeared in the wild in the 1980s, they spread slowly and passed via the "sneaker net": floppy disks traded by people and shared between computers. But widely available Internet and e-mail access hastened their spread.

Two years ago, the advent of viruses that spread via e-mail (see "Melissa-like virus lurks" and "Love Letter's legacy," links below) significantly increased the odds that the average computer user would confront a virus because they spread so rapidly. E-mail viruses today account for about 81 percent of virus infections and can infect thousands of machines in a matter of minutes.

Practice safe computing

The best way to protect yourself from viruses is to avoid opening unexpected e-mail attachments and downloads from unreliable sources. Resist the urge to double-click everything in your mailbox. If you get a file attachment and you aren't expecting one, e-mail the person who sent it to you before you open the attachment. Ask them if they meant to send you the file, what it is, and what it should do.

For added safety, you need to install reliable antivirus scanning software (see "Bulletproof PC protection," link below) and download updates regularly. Major antivirus software vendors, including Symantec, Network Associates, Computer Associates, and Trend Micro, provide regular updates. (Computer Associates' InoculateIT is also free.) Some of the vendors also offer a service that will automatically retrieve updates for you from the company's Web site.

Regular updates are essential. Researchers at Computer Economics estimate that 30 percent of small businesses are vulnerable to viruses either because they don't keep their virus-scanning software updated or because they don't install it correctly.

How antivirus software works

Scanning software looks for a virus in one of two ways. If it's a known virus (one that has already been detected in the wild and has an antidote written for it) the software will look for the virus's signature -- a unique string of bytes that identifies the virus like a fingerprint -- and will zap it from your system. Most scanning software will catch not only an initial virus but many of its variants as well, since the signature code usually remains intact.

In the case of new viruses for which no antidote has been created, scanning software employs heuristics that look for unusual viruslike activity on your system. If the program sees any funny business, it quarantines the questionable program and broadcasts a warning to you about what the program may be trying to do (such as modify your Windows Registry). If you and the software think the program may be a virus, you can send the quarantined file to the antivirus vendor, where researchers examine it, determine its signature, name and catalog it, and release its antidote. It's now a known virus.

If the virus never appears again -- which often happens when the virus is too poorly written to spread -- then vendors categorize the virus as dormant. But viruses are like earthquakes: The initial outbreak is usually followed by aftershocks. Variants (copycat viruses that emerge in droves after the initial outbreak) make up the bulk of known viruses.

Within a few hours of when the LoveLetter virus first appeared in the United States, a variant -- VeryFunnyJoke -- had already appeared, followed by more than 30 others during the next two months. And not all variants stem from mysterious writers. More than a few companies have been infected by variants created by a curious employee who fiddled with a virus he or she received, created a new strain of it, and unleashed it onto the company's system--sometimes accidentally, sometimes not.

Additional antivirus resources




RELATED STORIES:
Virus protection coming for wireless users
October 19, 2000
Anti-virus vendors focus on wireless devices
September 27, 2000
Worms can be more problematic than viruses
September 26, 2000
Experts wonder what makes new computer virus tick
September 24, 2000
Can viruses be used for good instead of evil?
September 15, 2000

RELATED IDG.net STORIES:
Learning from the 'Love' bug
(PC World)
Melissa-like virus lurks
(PC World)
Love Letter's legacy
(PC World)
Bulletproof PC protection
(PC World)
First Palm virus found, but risk said to be low
(Computerworld)
Make your PC hacker-proof
(PC World)
Personal firewalls keep intruders at bay
(PC World)
Palm-virus prevention in the works
(IDG.net)

RELATED SITES:
Symantec AntiVirus Research Center
McAfee Virus Information Library
Computer Associates Antivirus
Trend Micro Antivirus

Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.

 Search   

Back to the top   © 2001 Cable News Network. All Rights Reserved.
Terms under which this service is provided to you.
Read our privacy guidelines.