07:31 | 05/12/2021 Print
What Is Computer Virus? |
Computer viruses are similar to biological viruses, in that they can spread from one computer to another relatively quickly. Having an understanding of how they spread is one of the first steps to preventing you from having an infected device. Similarly, in the same way, that flu viruses cannot reproduce without a host cell, computer viruses cannot reproduce and spread without programmings such as a file or document.
To understand deeper about computer viruses and the method to prevent them, this article below will provide you with helpful information and tips necessary.
The first known computer virus was developed in 1971 by Robert Thomas, an engineer at BBN Technologies. Known as the Creeper virus, Thomas' experimental program infected mainframes on the Advanced Research Projects Agency Network (ARPANET), displaying the teletype message: "I'm the creeper: Catch me if you can."
The first computer virus to be discovered in the wild was Elk Cloner, which infected Apple II OSes through floppy disks and displayed a humorous message on infected computers. Elk Cloner, which was developed by 15-year-old Richard Skrenta in 1982, was designed as a prank, but it demonstrated how a potentially malicious program could be installed in an Apple computer's memory and prevent users from removing the program.
The term computer virus wasn't used until a year later. Fred Cohen, a graduate student at the University of Southern California (USC), wrote an academic paper titled "Computer Viruses -- Theory and Experiments" and credited his academic advisor and RSA Security co-founder Leonard Adleman with coining the term computer virus in 1983.
A computer virus is a malicious software program loaded onto a user’s computer without the user’s knowledge and performs malicious actions.
The term 'computer virus' was first formally defined by Fred Cohen in 1983. Computer viruses never occur naturally. They are always induced by people. Once created and released, however, their diffusion is not directly under human control. After entering a computer, a virus attaches itself to another program in such a way that execution of the host program triggers the action of the virus simultaneously. It can self-replicate, inserting itself onto other programs or files, infecting them in the process. Not all computer viruses are destructive though. However, most of them perform actions that are malicious in nature, such as destroying data. Some viruses wreak havoc as soon as their code is executed, while others lie dormant until a particular event (as programmed) gets initiated, that causes their code to run in the computer.
Viruses spread when the software or documents they get attached to are transferred from one computer to another using a network, a disk, file sharing methods, or through infected e-mail attachments. Some viruses use different stealth strategies to avoid their detection from anti-virus software.
For example, some can infect files without increasing their sizes, while others try to evade detection by killing the tasks associated with the antivirus software before they can be detected. Some old viruses make sure that the "last modified" date of a host file stays the same when they infect the file.
In 2013, the botnet virus Gameover ZueS was discovered to use peer-to-peer downloading sites to distribute ransomware and commit banking fraud. While tens of thousands of computer viruses still roam the internet, they have diversified their methods and are now joined by several malware variants like:
Worms - A worm is a type of virus that, unlike traditional viruses, usually does not require the action of a user to spread from device to device.
Trojans - As in the myth, a Trojan is a virus that hides within a legitimate-seeming program to spread itself across networks or devices.
Ransomware - Ransomware is a type of malware that encrypts a user’s files and demands a ransom for its return. Ransomware can be, but isn’t necessarily, spread through computer viruses.
File infectors. Some file infector viruses attach themselves to program files, usually selected COM or EXE files. Others can infect any program for which execution is requested, including SYS, OVL, PRG, and MNU files. When the infected program is loaded, the virus is loaded as well. Other file infector viruses arrive as wholly contained programs or scripts sent as an attachment to an email note.
Macro viruses. These viruses specifically target macro language commands in applications such as Microsoft Word and other programs. In Word, macros are saved sequences for commands or keystrokes that are embedded in the documents. Macro viruses, or scripting viruses, can add their malicious code to the legitimate macro sequences in a Word file. Microsoft disabled macros by default in more recent versions of Word; as a result, hackers have used social engineering schemes to convince targeted users to enable macros and launch the virus.
Overwrite viruses. Some viruses are designed specifically to destroy a file or application's data. After infecting a system, an overwrite virus begins overwriting files with its own code. These viruses can target specific files or applications or systematically overwrite all files on an infected device. An overwriting virus can install new code in files and applications that program them to spread the virus to additional files, applications, and systems.
Polymorphic viruses. A polymorphic virus is a type of malware that has the ability to change or apply updates to its underlying code without changing its basic functions or features. This process helps a virus evade detection from many antimalware and threat detection products that rely on identifying signatures of malware; once a polymorphic virus's signature is identified by a security product, the virus can then alter itself so it will no longer be detected using that signature.
Resident viruses. This type of virus embeds itself in the memory of a system. The original virus program isn't needed to infect new files or applications. Even if the original virus is deleted, the version stored in memory can be activated when the operating system (OS) loads a specific application or service. Resident viruses are problematic because they can evade antivirus and antimalware software by hiding in the system's random access memory (RAM).
Rootkit viruses. A rootkit virus is a type of malware that installs an unauthorized rootkit on an infected system, giving attackers full control of the system with the ability to fundamentally modify or disable functions and programs. Rootkit viruses were designed to bypass antivirus software, which typically scanned only applications and files. More recent versions of major antivirus and antimalware programs include rootkit scanning to identify and mitigate these types of viruses.
System or boot sector viruses. These viruses infect executable code found in certain system areas on a disk. They attach to the disk OS (DOS) boot sector on diskettes and USB thumb drives or the master boot record (MBR) on hard disks. In a typical attack scenario, the victim receives a storage device that contains a boot disk virus. When the victim's OS is running, files on the external storage device can infect the system; rebooting the system will trigger the boot disk virus. An infected storage device connected to a computer can modify or even replace the existing boot code on the infected system so that, when the system is booted next, the virus will be loaded and run immediately as part of the MBR. Boot viruses are less common now as today's devices rely less on physical storage media.
Photo: KnowInsiders |
A worm is a computer program that has the ability to copy itself from machine to machine. Worms use up computer processing time and network bandwidth when they replicate and often carry payloads that do considerable damage. A worm called Code Red made huge headlines in 2001. Experts predicted that this worm could clog the Internet so effectively that things would completely grind to a halt.
A worm usually exploits some sort of security hole in a piece of software or the operating system. For example, the Slammer worm (which caused mayhem in January 2003) exploited a hole in Microsoft's SQL server. The wired magazine took a fascinating look inside Slammer's tiny (376 bytes) program.
Worms normally move around and infect other machines through computer networks. Using a network, a worm can expand from a single copy incredibly quickly. The Code Red worm replicated itself more than 250,000 times in approximately nine hours on July 19, 2001 [Source: Rhodes].
The Code Red worm slowed down Internet traffic when it began to replicate itself, but not nearly as badly as predicted. Each copy of the worm scanned the Internet for Windows NT or Windows 2000 servers that did not have the Microsoft security patch installed. Each time it found an unsecured server, the worm copied itself to that server. The new copy is then scanned for other servers to infect. Depending on the number of unsecured servers, a worm could conceivably create hundreds of thousands of copies.
The Code Red worm had instructions to do three things:
Upon successful infection, Code Red would wait for the appointed hour and connect to the www.whitehouse.gov domain. This attack would consist of the infected systems simultaneously sending 100 connections to port 80 of www.whitehouse.gov (198.137.240.91).
The U.S. government changed the IP address of www.whitehouse.gov to circumvent that particular threat from the worm and issued a general warning about the worm, advising users of Windows NT or Windows 2000 Web servers to make sure they installed the security patch.
A worm called Storm, which showed up in 2007, immediately started making a name for itself. Storm used social engineering techniques to trick users into loading the worm on their computers. And boy, was it effective -- experts believe between 1 million and 50 million computers have been infected [source: Schneier]. Anti-virus makers adapted to Storm and learned to detect the virus even as it went through many forms, but it was easily one of the most successful viruses in Internet history and could someday rear its head again. At one point, the Storm worm was believed to be responsible for 20 percent of the Internet's spam mail [source: Kaplan].
When the worm is launched, it opens a back door into the computer, adds the infected machine to a botnet, and installs code that hides. Botnets are small peer-to-peer groups, rather than a larger, more easily identified network. Experts think the people controlling Storm rent out their micro-botnets to deliver spam or adware, or for denial-of-service attacks on Web sites.
Viruses of all kinds were a major threat in the early years of the Internet's growth. They're still out there, but since the mid-2000s anti-virus software has gotten better and Web browsers and operating systems have become more secure. Will the big threat of the 2010s be levied against smartphones rather than PCs?
When Was The First Computer Invented and Who Invented? The computer is a modern device and popular nowadays! But, have you ever thought about when was the first computer invented and who invented it. |
What are the differences between Virus vs. malware?The terms “virus” and “malware” are often used interchangeably, but they’re not the same thing. While a computer virus is a type of malware, not all malware are computer viruses. The easiest way to differentiate computer viruses from other forms of malware is to think about viruses in biological terms. Take the flu virus, for example. The flu requires some kind of interaction between two people—like a handshake, a kiss, or touching something an infected person touched. Once the flu virus gets inside a person’s system it attaches to healthy human cells, using those cells to create more viral cells. A computer virus works in much the same way:
It’s that second virus trait that tends to confuse people. Viruses can’t spread without some sort of action from a user, like opening up an infected Word document. Worms, on the other hand, are able to spread across systems and networks on their own, making them much more prevalent and dangerous. Famously, the 2017 WannaCry ransomware worm spread around the world, took down thousands of Windows systems, and raked in an appreciable amount of untraceable Bitcoin ransom payments for the alleged North Korean attackers. Computer viruses don’t typically capture headlines like that—at least not anymore. They are still a harmful type of malware, but they are not the only type of threat out there today, on your computer or mobile device. |
Once a virus has successfully attached to a program, file, or document, the virus will lie dormant until circumstances cause the computer or device to execute its code. In order for a virus to infect your computer, you have to run the infected program, which in turn causes the virus code to be executed.
This means that a virus can remain dormant on your computer, without showing major signs or symptoms. However, once the virus infects your computer, the virus can infect other computers on the same network. Stealing passwords or data, logging keystrokes, corrupting files, spamming your email contacts, and even taking over your machine are just some of the devastating and irritating things a virus can do.
While some viruses can be playful in intent and effect, others can have profound and damaging effects. This includes erasing data or causing permanent damage to your hard disk. Worse yet, some viruses are designed with financial gains in mind.
Photo: allbusiness |
The distinguishing characteristic of a virus is it spreads from system to system after a user takes some action that either intentionally or accidentally facilitates that spread. This spread is known as virus propagation, and there are many different techniques viruses can use to propagate between systems. The simplest example occurs when a virus is contained within an executable file that a user downloads from the internet receives in an email message or copies from a removable storage device. As soon as the user executes that file, the virus springs into action, running malicious code that infects the user's system.
Other viruses can spread through more complex mechanisms. In those cases, a virus running on an infected system may take action to begin its own propagation. For example, a virus might copy itself to all removable media installed on a system, attach itself to email messages sent to a user's contacts or copy itself to shared file servers. In those cases, the lines become blurred between viruses, which require human assistance to spread, and worms, which spread on their own by exploiting vulnerabilities. The key difference is the virus will always require a human to take any action that enables that final step in the propagation process, while a worm does not require this human assistance.
Viruses can also spread between systems without ever writing data to disk, making them more difficult to detect with virus protection and virus removal mechanisms. These files viruses are often launched when a user visits an infected website and then run completely within the target system's memory, carrying out their malicious payload and then disappearing without a trace.
A computer virus attack can produce a variety of symptoms. Here are some of them:
You can take two approaches to remove a computer virus. One is the manual do-it-yourself approach. The other is by enlisting the help of a reputable antivirus program.
Want to do it yourself? There can be a lot of variables when it comes to removing a computer virus. This process usually begins by doing a web search. You may be asked to perform a long list of steps. You’ll need time and probably some expertise to complete the process.
If you prefer a simpler approach, you can usually remove a computer virus by using an antivirus software program. For instance, Norton AntiVirus Basic can remove many infections that are on your computer. The product can also help protect you from future threats.
Separately, Norton also offers a free, three-step virus clean-up plan. Here’s how it works.
Photo: goodhousekeeping |
Viruses are a fact of life when operating a computer. Like it or not, you must be on guard against them at all times.
Managing security risk and compliance in a challenging landscape
How key technology partners grow with your organization
While there may not be a single foolproof way to safeguard your machine against all possible viruses, there are a few things you can do to keep the odds in your favor.
Notable examples of early computer viruses include the following:
How do viruses attack Windows, Mac, Android, and iOS?Many computer viruses target systems running Microsoft Windows. Macs, on the other hand, have enjoyed a reputation as virus-proof super-machines, but in Apple's own admission, Macs do get malware. There are more Windows users in the world than Mac users and cyber criminals simply choose to write viruses for the operating system (OS) with the largest amount of potential victims. Today, the "computer" in our pockets may be the one we use most often: our smartphones. Android and iOS are susceptible to various forms of malware, too. Fortunately, most cybersecurity companies like Malwarebytes offer protection for Windows, Mac, Android, and iOS today. |
The worst computer virus outbreak in history, Mydoom caused estimated damage of $38 billion in 2004, but its inflation-adjusted cost is actually $52.2 billion. Also known as Novarg, this malware is technically a “worm,” spread by mass emailing. At one point, the Mydoom virus was responsible for 25% of all emails sent.
My Doom hit the malware world in 2004 and spread exponentially through email with random addresses of senders and subject lines. Infecting somewhere around two million PCs, My Doom smashed the cyber world by instigating a tremendous denial of service attack. It transmitted itself via email in a specially deceitful way that a receiver would first consider a bounced error message that read “Mail Transaction Failed.” However, as soon as the receiver clicked upon the message, the attachment executed and the worm transmitted to email addresses found in the user’s address book.
The 2003 Sobig computer virus is actually another worm. It is second only to the Mydoom virus in its scope. The $30 billion figure is a worldwide total, including Canada, the U.K., the U.S., mainland Europe, and Asia. Several versions of the worm were released in quick succession, named Sobig.A through Sobig.F, with Sobig.F being the most damaging.
This cybercriminal program masqueraded as legitimate computer software attached to emails. It disrupted ticketing at Air Canada and interfered with countless other businesses. Despite its widespread damage, the creator of the successful bug was never caught.
Klez is a close third on the list of the worst computer viruses ever created. With nearly $20 billion in estimated damages, it infected about 7.2% of all computers in 2001, or 7 million PCs. The Klez worm sent fake emails, spoofed recognized senders and, among other things, attempted to deactivate other viruses.
As with other viruses and worms, Klez was released in several variants. It infected files, copied itself, and spread throughout each victim’s network. It hung around for years, with each version more destructive than the last.
Perhaps the most virulent computer virus ever created, the ILOVEYOU virus managed to wreck PCs all across the world. Infecting almost 10% of the world’s PCs connected to the Internet, the virus caused a total damage of around $10 billion. The virus apparently got transmitted via email with a subject line “ILOVEYOU,” which is a radical human emotion that no one can ignore.
The 2017 WannaCry computer virus is ransomware, a virus that takes over your computer (or cloud files) and holds them hostage. The WannaCry ransomware ripped through computers in 150 countries, causing massive productivity losses as businesses, hospitals, and government organizations that didn’t pay were forced to rebuild systems from scratch.
The malware raged like wildfire through 200,000 computers worldwide. It stopped when a 22-year-old security researcher in the U.K. found a way to turn it off.
The Zeus computer virus is an online theft tool that hit the web in 2007. A whitepaper by Unisys three years later estimated that it was behind 44% of all banking malware attacks. By then, it had breached 88% of all Fortune 500 companies, 2,500 organizations total, and 76,000 computers in 196 countries.
The Zeus botnet was a group of programs that worked together to take over machines for a remote “bot master.” It originated in Eastern Europe and was used to transfer money to secret bank accounts. More than 100 members of the crime ring behind the virus, mostly in the U.S., were arrested in 2010. It’s not as prominent today, but some of the virus’ source code lives on in newer botnet viruses and worms.
Zeus caused documented damage of $100 million. But the real cost in terms of lost productivity, removal, and undocumented theft is undoubtedly much higher. A $3 billion estimate, adjusted for inflation, puts this virus at a cost of $3.7 billion in today’s dollars.
Melissa became the breaking news on March 26, 1999, after hitting the new age of emailing. Built by David L, Melissa was spread in the form of an email attachment by the name “list.doc.” When a person clicked upon the attachment, the virus would find the Microsoft Outlook address book and email itself to the first 50 contacts on the list having a message “Here is that document you asked for…donot show anyone else.” Later on, FBI arrested David L and slapped him with a fine of $5000 for creating the wildest virus of its time.
First observed in 2001, the Code Red computer virus was yet another worm that penetrated 975,000 hosts.
Taking advantage of the Microsoft Internet Information Server’s flaw, Code Red spread on the network servers in 2001. Here is an amusing fact about this dangerous virus—it didn’t need you to open an email attachment or execute a file; it just required an active Internet connection with which it ruined the Web page that you opened by displaying a text “Hacked by Chinese!”
It’s no surprise that this virus devastated nearly $2.6 billion dollars by hitting almost one million PCs. And in less than a week’s time, the virus brought down over 400,000 servers that included the White House Web server as well.
The SQL Slammer worm cost an estimated $750 million across 200,000 computer users in 2003. This computer virus randomly selected IP addresses, exploiting vulnerabilities and sending itself on to other machines. It used these victim machines to launch a DDoS attack on several internet hosts, significantly slowing internet traffic.
The Slammer worm hit banks in the U.S. and Canada especially hard, taking ATMs offline in many locations. Customers of Toronto’s Imperial Bank of Commerce found themselves unable to access funds. The attack reared its ugly head again in 2016, launching from IP addresses in Ukraine, China, and Mexico.
Thankfully, ransomware attacks like the 2013 CryptoLocker virus have dipped since their 2017 peak. This malware attacked upwards of 250,000 machines by encrypting their files. It displayed a red ransom note informing users that “your important files encryption produced on this computer.” A payment window accompanied the note.
The virus’ creators used a worm called the Gameover Zeus botnet to make and send copies of the CryptoLocker virus. According to a report by security firm Sophos, the average ransomware attack costs a business $133,000. If we estimate that CryptoLocker hit 5,000 companies, that would put its total cost at $665 million.
Sasser was a Windows worm that was discovered in 2004. Apparently, it wouldslow down and crash the PC, making it even hard to reset without cutting the power. And its effects were surprisingly troublesome as well, with millions of PCs being infected and crucial, significant infrastructure affected. The worm played on a buffer overflow susceptibility in Local Security Authority Subsystem Service (LSASS) that monitors the safety policy of local accounts causing crashes to the PC. The devastating effects of the virus were massive resulting in over a million infections. This included critical infrastructures, such as new agencies, hospitals, airlines, and public transportation.
Other notable virusesWith a million new malware programs popping up every 3 years, we may miss the forest for a few outstanding trees. Here are just a few more viruses that have wreaked havoc over the years: Mimail: This worm tried to harvest data from infected machines to launch a string of DDoS attacks, but was relatively easy to remove. Yaha: Yet another worm with several variants, thought to be the result of a cyber-war between Pakistan and India. Swen: Written in C++, the Swen computer worm disguised itself to look like a 2003 OS update. Its financial cost has been pegged at $10.4 billion, but not reliably. Storm Worm: This worm showed up in 2007 and attacked millions of computers with an email about approaching bad weather. Tanatos/Bugbear: A 2002 keylogger virus that targeted financial institutions and spread to 150 countries. Sircam: A computer worm from 2001 that used counterfeit emails with the subject line, “I send you this file in order to have your advice.” Explorezip: This worm used fake emails to spread to every machine on thousands of local networks. Melissa: The most dangerous computer virus in 1999, Melissa sent copies of itself that looked like NSFW pics. The U.S. FBI estimated cleanup and repair costs at $80 million. Flashback: A Mac-only virus, Flashback infected over 600,000 Macs in 2012 and even infected Apple’s home base in Cupertino, Calif. In 2020, there’s now more malware on Macs than on PCs. Conficker: This 2009 virus still infects many legacy systems and could do significant damage if it ever activates. Stuxnet: This worm is reported to have destroyed Iranian nuclear centrifuges by sending damaging instructions. |
How To Make Your Computer Faster With the Simpliest Ways? There are several reasons that make all computers will experience slower speeds at some point. Here are the causes and solutions you need to know ... |
What Is Cloud Computing And How Does It Work? What is cloud computing and how is it important? Whether you’re looking to become a cloud engineer or you’re a manager wanting to gain more ... |
How To Reset Your Computer With The Simpliest Ways? Before selling your computer, the first thing to remember is to factory reset it. Check out easy ways to reset your computer. |
Laelia Yang
Article URL: https://knowinsiders.com/what-are-computer-viruses-and-how-do-they-spread-33450.html
All rights reserved by KnowInsider