A virus is a small computer program found within the body of another program which, when run, loads itself into the memory and carries out the instructions programmed by its author. The definition of a virus may be:
« Any computer program which can infect another computer program
by seriously changing it, and which can reproduce itself.
The real name for viruses is self-propagating code, but by analogy with the field of medicine, the name "virus" has ben given to them.
Memory-resident viruses (also called TSR for Terminate and Stay Resident) load in the computer's RAM in order to infect executable files opened by the user. Non-resident viruses, once run, infect programs found on the hard drive.
The effects of a virus may range from simply displaying a ping-pong ball ricocheting across the screen to wiping out data, which is the most destructive kind of virus there is. As there is a broad range of viruses with widely varied effects, viruses are not classified based on what kind of damage they do, but on how they spread and infect computers.
For this reason, there are different types of viruses:
A new phenomenon has appeared in the past few years, that of hoaxes, i.e. notices received by e-mail (for example a report on the appearance of a new destructive virus or a chance to win a free mobile phone) along with a note telling the recipient to forward the message to everyone he or she knows. The purpose of this is to clog network traffic and spread misinformation.
A antivirus program is software which can detect the presence of a virus on a computer and, to the best of its abilities, remove the virus. Eradicating a virus is the term used for cleaning out a computer.
There are several methods of eradication:
Viruses reproduce by infecting "host applications," meaning that they copy a portion of executable code into an existing program. So to ensure that they work as planned, viruses are programmed to not infect the same file multiple times. To do so, they include a series of bytes in the infected application, to check if has already been infected: This is called a virus signature.
Antivirus programs rely on this signature, which is unique to each virus, in order to detect them. This method is called signature scanning, the oldest method used by antivirus software.
This method is only reliable if the antivirus program's virus database is up-to-date and includes signatures for all known viruses. However, this method cannot detect viruses which have not been archived by the publishers of the antivirus software. What's more, virus programmers have often given them camouflage features, making their signature hard to detect, if not undetectable: These are "polymorphic viruses".
Some antivirus programs use an integrity checker to tell if the folders have been changed. The integrity checker builds a database containing information on the executable files on the system (date modified, file size, and possibly a checksum) That way, when an executable file's characteristics change, the antivirus program warns the machine's user.
The heuristic method involves analysing the behavior of applications in order to detect actvity similar to that of a known virus. This kind of antivirus program can therefore detect viruses even when the antivirus database has not been updated. On the other hand, they are prone to triggering false alarms.
In reality, most viruses are clones, or more precisely "mutated viruses" — viruses which have been rewritten by other users in order to change their behavior or signature.
The fact that multiple versions of the same virus (called variants) exist makes dection all the more difficult, as antivirus software publishers then have to add these new signatures to their databases.
Since antivirus programs mainly detect viruses using their signature (the series of bits which identifies it), certain virus creators have thought to give them the ability to automatically change their appearance, like a chameleon, by giving the virus a signature encrypt-decrypt function, so that only the virus can recognise its own signature. This kind of virus is called a "polymorphic virus" (from the Greek for "which can take multiple forms").
A "boot sector virus" (or boot virus) is a virus when can infect the boot sector of a hard drive (MBR, the master boot record). This sector is an area on the hard drive stores the operating system processes which are run when the computer starts up.
With the increase in programs which use macros, Microsoft has developed a shared script language which can be inserted into most types of documents which can contain macros. It's called VBScript, a subset of Visual Basic. These viruses are currently able to infect macros in Microsoft Office documents, meaning that such a virus can be placed within an ordinary Word or Excel document and run a portion of code when the file is opened, so that the virus can both spread into files and access the operating system (generally Windows).
With more and more applications supporting Visual Basic, any one of them can potentially fall prey to a VBScript-based virus.
The dawn of the third millennium has been marked by the frequent appearance of Visual Basic scripts sent by email as attachments (marked by their extension .VBS) with an email subject encouraging the recipient to open the poisoned gift.
Once opened by a Microsoft email client, this "gift" can access the entire address book and self-propagate over the network. This kind of virus is called a worm.