|
|
| Previous | Table of Contents | Next |
A computer virus is an executable piece of code that, by definition, replicates and attaches itself to another item. In the DOS environment, a virus might use local PC files, networks, or floppy disks to replicate and spread itself.
A virus, by definition, replicates and attaches. Some viruses perform an activity in addition to replicating (known as a payload), such as displaying a message on a computer monitor, seeking out and deleting specific files, or formatting a hard drive. Some viral payloads do not occur until certain criteria (known as triggers), are met. A specific date, such as Friday the 13th, or the 57th file found whose name begins with the letter D, might act as triggers for the virus payload.
Most viruses are written in assembly language, a low-level language that is one step removed from machine language. A few viruses have been written in higher level languages, such as C or Pascal, but using such languages typically results in undesirably bulky viruses. Macro viruses, written to target data files with macro capabilities, are an exception to this pattern. (See the section “Macro Viruses” for more information.)
On a network, viruses can spread rapidly from one server to another, as well as to all work-stations connected to a network, infecting programs and leaving a path of destruction. The decreased productivity, corrupted files, and lost data that viral infections incur can stagger a company.
Until recently, the computing community was generally informed that computer viruses did not infect either computer hardware or data files. In both cases, exceptions now exist. Although rare, read/write memory, known as flash RAM, can become infected because, aside from a memory area in which ROM BIOS instructions are stored, little of flash RAM’s remaining memory is used, which allows a virus to load up its own code in this unused memory area.
In the case of data files, those with macro capabilities can become infected. (See “Data Files with Macro Capabilities” for more information about data files with macro capabilities.) No known cases exist of data files without macro capabilities serving as targets, or becoming infectious; the data in such a file can become corrupted from the action of a virus, but the virus can’t replicate using the data file.
Computer virus writers live throughout the world, although the majority of viruses originate in the United States, in former Soviet Union bloc countries, and elsewhere in Europe. Most virus writers are male, ranging from 13 to 25 years old. Many younger writers appear to be motivated by a desire to show off their programming abilities to impress peers. Older writers, particularly in countries where the supply of programmers exceeds the market demand, possibly are more motivated by boredom and a sense of disenfranchisement.
Many American and international computer bulletin boards, as well as Internet sites, are available for virus writers to use to fraternize and trade viral code. Writers commonly download the code, modify it, disassemble the viruses, and so forth. Multiple strains of viruses are created in this manner, making the work of the antivirus programmer all the more challenging.
Most viruses posted to computer bulletin boards and the Internet are not released into environments in which the majority of computer users might access them (an area commonly referred to as “in the wild”). In fact, most viruses are not destructive. The writer’s goal most often is to get his virus to replicate and attach itself to other executable items rather than destroy. Still, a sufficient number of destructive viruses exist in the wild to warrant the purchase and regular use of well-designed, comprehensive antivirus software.
This section describes PC hardware and software that are of most interest to computer viruses, and explains why they are targets. This includes a discussion of the following:
| Previous | Table of Contents | Next |