What is a computer virus? How they spread and 5 signs you've been infected
- 16 July, 2019 20:00
Computer virus definition
A computer virus is a form of malicious software that piggybacks onto legitimate application code in order to spread and reproduce itself.
Like other types of malware, a virus is deployed by attackers to damage or take control of a computer. Its name comes from the method by which it infects its targets. A biological virus like HIV or the flu cannot reproduce on its own; it needs to hijack a cell to do that work for it, wreaking havoc on the infected organism in the process. Similarly, a computer virus isn't itself a standalone program. It's a code snippet that inserts itself into some other application. When that application runs, it executes the virus code, with results that range from the irritating to the disastrous.
In everyday conversation and the popular press, people often use virus and malware interchangeably. But strictly speaking a virus is a specific type of malware that fits the definition above. The two other main types are Trojans, which masquerade as harmless applications to trick users into executing them, and worms, which can reproduce and spread independently of any other application. The distinguishing feature of a virus is that it needs to infect other programs to operate.
What do computer viruses do?
Imagine an application on your computer has been infected by a virus. (We'll discuss the various ways that might happen in a moment, but for now, let's just take infection as a given.) How does the virus do its dirty work? Bleeping Computer provides a good high-level overview of how the process works. The general course goes something like this: the infected application executes (usually at the request of the user), and the virus code is loaded into the CPU memory before any of the legitimate code executes.
At this point, the virus propagates itself by infecting other applications on the host computer, inserting its malicious code wherever it can. (A resident virus does this to programs as they open, whereas a non-resident virus can infect executable files even if they aren't running.) Boot sector viruses use a particularly pernicious technique at this stage: they place their code in the boot sector of the computer's system disk, ensuring that it will be executed even before the operating system fully loads, making it impossible to run the computer in a "clean" way.
Once the virus has its hooks into your computer, it can start executing its payload, which is the term for the part of the virus code that does the dirty work its creators built it for. These can include all sorts of nasty things: Viruses can scan your computer hard drive for banking credentials, log your keystrokes to steal passwords, turn your computer into a zombie that launches a DDoS attack against the hacker's enemies, or even encrypt your data and demand a bitcoin ransom to restore access. (Other types of malware can have similar payloads, of course: there are ransomware worms and DDoS Trojans and so forth.)
How do computer viruses spread?
In the early, pre-internet days, viruses often spread from computer to computer via infected floppy disks. The SCA virus, for instance, spread amongst Amiga users on disks with pirated software. It was mostly harmless, but at one point as many as 40% of Amiga users were infected.
Today, viruses spread via the internet. In most cases, applications that have been infected by virus code are transferred from computer to computer just like any other application. Because many viruses include a logic bomb — code that ensures that the virus's payload only executes at a specific time or under certain conditions — users or admins may be unaware that their applications are infected and will transfer or install them with impunity. Infected applications might be emailed (inadvertently or deliberately — some viruses actually hijack a computer's mail software to email out copies of themselves); they could also be downloaded from an infected code repository or compromised app store.
One thing you'll notice that all of these infection vectors have in common is that they require the victim to execute the infected application or code. Remember, a virus can only execute and reproduce if its host application is running! Still, with email such a common malware dispersal method, a question that causes many people anxiety is: Can I get a virus from opening an email? The answer is that you almost certainly can't simply by opening a message; you have to download and execute an attachment that's been infected with virus code. That's why most security pros are so insistent that you be very careful about executing email attachments, and why most email clients and webmail services include virus scanning features by default.
Types of computer virus
Symantec has a good breakdown on the various types of viruses you might encounter, categorized in different ways. We've already met resident and non-resident viruses, boot sector viruses, web scripting viruses, and so on. There are a couple other types you might want to be aware of:
- A macro virus infects macro applications embedded in Microsoft Office or PDF files. Many people who are careful about never opening strange applications forget that these sorts of documents can themselves contain executable code. Don't let your guard down!
- A polymorphic virus slightly changes its own source code each time it copies itself to avoid detection from antivirus software.
Keep in mind that these category schemes are based on different aspects of a virus's behavior, and so a virus can fall into more than one category. A resident virus could also be polymorphic, for instance.
Computer virus protection
Antivirus software is the most widely known product in the category of malware protection products. CSO has compiled a list of the top antivirus software for Windows, Android, Linux and macOS, though keep in mind that antivirus isn't a be-all end-all solution. When it comes to more advanced corporate networks, endpoint security offerings provide defense in depth against malware. They provide not only the signature-based malware detection that you expect from antivirus, but anti-spyware, personal firewall, application control and other styles of host intrusion prevention. Gartner offers a list of its top picks in this space, which include products from Cylance, CrowdStrike, and Carbon Black.
One thing to keep in mind about viruses is that they generally exploit vulnerabilities in your operating system or application code in order to infect your systems and operate freely; if there are no holes to exploit, you can avoid infection even if you execute virus code. To that end, you'll want to keep all your systems patched and updated, keeping an inventory of hardware so you know what you need to protect, and performing continuous vulnerability assessments on your infrastructure.
Computer virus symptoms
How can you tell if a virus has slipped past your defenses? With some exceptions, like ransomware, viruses are not keen to alert you that they've compromised your computer. Just as a biological virus wants to keep its host alive so it can continue to use it as a vehicle to reproduce and spread, so too does a computer virus attempt to do its damage in the background while your computer still limps along. But there are ways to tell that you've been infected. Norton has a good list; symptoms include:
- Unusually slow performance
- Frequent crashes
- Unknown or unfamiliar programs that start up when you turn on your computer
- Mass emails being sent from your email account
- Changes to your homepage or passwords
If you suspect your computer has been infected, a computer virus scan is in order. There are plenty of free services to start you on your exploration: The Safety Detective has a rundown of the best.
Computer virus removal
Once a virus is installed on your computer, the process of removing it is similar to that of removing any other kind of malware — but that isn't easy. CSO has information on how to remove or otherwise recover from rootkits, ransomware, and cryptojacking. We also have a guide to auditing your Windows registry to figure out how to move forward.
If you're looking for tools for cleansing your system, Tech Radar has a good roundup of free offerings, which contains some familiar names from the antivirus world along with newcomers like Malwarebytes. And it's a smart move is to always make backups of your files, so that if need be you can recover from a known safe state rather than attempting to extricate virus code from your boot record or pay a ransom to sketchy Eastern European gangsters.
Computer virus history
The first true computer virus was Elk Cloner, developed in 1982 by fifteen-year-old Richard Skrenta as a prank. Elk Cloner was an Apple II boot sector virus that could jump from floppy to floppy on computers that had two floppy drives (as many did). Every 50th time an infected game was started, it would display a poem announcing the infection.
Other major viruses in history include:
- Jerusalem: A DOS virus that lurked on computers, launched on any Friday the 13th, and deleted applications.
- Melissa: A mass-mailing macro virus that brought the underground virus scene to the mainstream in 1999. It earned its creator 20 months in prison.
But most of the big-name malware you've heard of in the 21st century has, strictly speaking, been worms or Trojans, not viruses. That doesn't mean viruses aren't out there, however — so be careful what code you execute.