A Virus is a man-made program (small bits of programming code disguised as something else or buried in other codes) that causes an unexpected and usually undesirable event. A virus can replicate itself and is designed to automatically spread to other computer users. Viruses can be transmitted through email attachments, downloads or removable media such as CDs, DVDs, or USB drives. Depending on the maliciousness and skill of the virus creator, the damage caused by a virus will vary. Some viruses will spread its viral code into other programs, corrupt, modify or even erase files. Some viruses wreak their effect as soon as their code is executed while other viruses lie dormant until circumstances cause their code to be executed by the computer. Viruses are usually classified by various criteria to include origin, techniques, types of files they infect, where they hide, kind of damage they cause, etc.
Typically there are three functional parts to a virus: Replication by file infectors or boot sector (record) infectors, Concealment and a Bomb:
- Replication is where a virus reproduces or duplicates itself to insure it has a method of spreading. Replication occurs when the virus has been loaded into memory and has access to CPU cycles. File infection relies on the virus’s ability to attach itself to a file that provides access to CPU cycles. The most popular type of infection is a virus that infects or attaches itself to executable files with a .COM, .EXE, or .BAT file extension, which insures the virus is loaded into memory before the actual application when the file is executed. Companion virus works by insuring that its executable file is launched before the legitimate one is launched. When a file extension is not specified, DOS and Windows will first try to execute a file with a .COM extension, then an. EXE extension, and finally a .BAT extension. A file infector can also infect any program for which execution is requested, including .SYS, .OVL, .PRG, and .MNU files. When the program is loaded, the virus is loaded as well. Other file infector viruses arrive as wholly contained programs or scripts sent as an attachment to an e-mail note.
There are two methods of replication after file infection:
1. Resident virus – once loaded into memory, it waits for other programs to be executed and then infects them.
2. Non-resident virus – selects one or more executable files and directly infects them without waiting for them to be processed in memory.
Boot Sector Replication viruses infect the system area of the disk that is read when the disk is initially accessed or booted and rely on disk-to-disk contact to facilitate replication. Boot sector viruses attach to the DOS boot sector on diskettes or the Master Boot Record on hard disks where they find system instructions and move them to some other area of the disk. The virus is then free to place its own code in the boot record. When the system initializes, the virus loads into memory and points to the new location for the system instructions. This allows the system to boot in a normal fashion except the virus is now resident in memory. A boot sector virus does not require execution of a program for the infected disk to facilitate replication....accessing the disk is sufficient. Multi-partite viruses use both file and boot sector replication technologies.
To fully understand what a virus does, you need to understand there are many other types of malware and that they differ from each other.