Every day that passes we are more exposed to the threat posed by computer viruses , even more so when technology allows us to incorporate into our daily lives an endless number of devices such as cell phones, pen drives and many other digital equipment , which are capable of carrying, sometimes without realizing it for a long time, countless viruses that can seriously compromise the continuity of our work in any area in which we develop.
These computer viruses are not only a threat on a personal level, but sometimes the malware can even completely damage entire data structures of large organizations , such as hospitals, power plants, or any other installation essential for orderly operation. of a society, with the consequent damage to an entire community.
Introduction to computer viruses
With the advent of the Internet and real-time information age, the danger of these viruses multiplies, due to the fact that their transmission to any user who is not sufficiently protected against this digital threat is much easier.
It is a fact known to all that computer viruses are among us, almost every day we can see in the news that important computer networks of large companies have gone down or that a friend “had his machine filled with bugs.”
Many millions of dollars are lost annually in the repair or reconfiguration of equipment and computer structures compromised by the actions of these viruses, although perhaps the amounts invested in security aspects such as antivirus and consulting services in response to these attacks are higher.
The truth is that computer viruses are and will continue to be a major source of concern for the administrators of any information system that handles sensitive data of a company or organization. No less important is the loss of data and money that could be caused to any PC user in their home or office by the entry of a virus by any means.
Likewise, let us take into account the fundamental role that mobile devices play when spreading any type of virus. This transmission of viruses could completely destroy any important information that we have stored in the computer, from legal documents to our beloved photographic memories , which we may never be able to recover.
That is why it is necessary to be permanently protected from possible attacks by these malicious codes, which may not only be monitoring our activity or stealing personal information, but may also cause a series of damage to our computer equipment.
To learn more about the different types of viruses and what their actions are, we invite you to read the report entitled “Classification of computer viruses “.
Basic notions about computer viruses
There are a large number of viruses that differ in their composition, but above all in their way of acting within the computing environment, since some malicious codes are used to monitor user activity, others to steal sensitive information from them, and in the worst case to destroy the system and thus eliminate content from computers forever. In the next few lines we will bring you the basic notions about viruses, along with some details about when this dangerous trend originated in the computer world.
What is a virus?
Basically, a computer virus is a program that among its design characteristics has the ability to install itself in any computer system , obviously without the consent or permission of the user who owns that equipment. It has also been designed to be small, an aspect that is essential for this type of virus, since it helps PC viruses to spread more easily.
These small programs fulfill a specific function, which has been programmed by the author of the virus, and can perform tasks ranging from the simple observation and survey of our data, to the total destruction of a computer system, or even the disablement of some piece of hardware such as the motherboard BIOS.
A little history
According to computer security experts, the birth of computer viruses would have taken place in the famous technology laboratories of the Bell company, at the end of the sixties, although the term “virus” would not begin to be used until well into the 80s.
This first computer virus, developed as a pastime in the form of a game by four experts of the firm, whose names were Ken Thompson, Robert Morris, H. Douglas Mellory and Victor Vysottsky, consisted of trying to occupy memory space as quickly as possible RAM of the opposing device.
The first virus recognized as such, and in this case affecting an IBM 360 Series, was called “Creeper” and had the particularity of being able to display on the computer screen the now famous phrase: “I’m a creeper. .. catch me if you can! “
From its early appearance in 1972 until its massification in the mid-1980s, due in large part to the expansion of computing in almost all areas, viruses have accompanied us in the technological race, transforming and evolving with it.
You can find a review of the most prominent viruses in the special report entitled “The most famous computer viruses in history”.
How computer viruses attack. Infection methods
Viruses are becoming more and more sophisticated and nowadays it is enough to copy a file to infect the entire system . Viruses remain in the memory of the computer and begin to infect everything that passes through the computer.
Currently, and due to the vulnerability of computer systems to be permanently exposed by frequent use of the Internet, different types of viruses circulate that are modified and evolve in order to achieve their objectives.
What is the end of computer viruses? Harm the user, either by stealing sensitive information that belongs to them, or by putting the operation of their equipment at risk.
That is why there are an infinity of types of viruses , among which some of them stand out either because of their massive circulation or because of the damage they cause. Each of these viruses has been created based on operating under a certain methodology, to achieve the result expected by its creators.
In the following special report, we will tell you some details of the working method used by the best-known and most widespread computer viruses today, so that you can learn more about their operation, their mode of infection and their objectives, and of In this way, you will be better prepared for a possible infection of your PC.
As its name indicates, this class of virus has the peculiarity of being able to hide in sectors of the computer’s RAM memory and reside there, controlling any data input or output operation carried out by the operating system.
Its main mission is to infect all the files and programs that can be called for their execution , whether for their copying, deletion or any other operation that can be carried out with them.
While they remain hidden in the RAM of our computer, they lie dormant awaiting whatever event has been programmed by their developer to begin their attack.
This reaction can be triggered, for example, by having met a period of time on a scheduled date or time.
Direct-acting type virus
The fundamental characteristic that defines Direct Action type viruses is that they do not need to remain resident in the computer’s RAM memory, since their method of starting their attack is to wait for a certain condition to be met in order to activate and replicate and perform the task for which they were conceived.
In order to achieve its infection, this class of virus performs a search of all the existing files in its directory. They also have the peculiarity of searching in the directories that are listed in the PATH line of the system configuration .
This type of virus has the particularity that after a file infection, these files can be completely restored, returning to the state prior to their infection.
The virus of the type of overwriting have the ability to destroy all or part of the contents of a file infected by it, because when a file is infected by the virus, it writes data into it, leaving it totally or partially useless file.
A defining characteristic of this type of computer virus is that the files will not increase in size in the event of an infection, this is because the virus hides its code by replacing part of the code of the infected file.
This is one of the most harmful viruses circulating today. Unfortunately, one of the few ways that exist to eradicate the virus , the infected file is eliminated, with the consequent loss of the data written in it.
Boot type virus
As we all know, the boot sector or also known as MBR (Master Boot Record), is an area of the hard disk where the operating system’s startup program resides . The kind of virus that attacks the boot sector will not infect files, but rather its main mission is to replicate itself on any other hard drive that is within reach.
It is a resident type virus, since when it is active in memory , one of the most important aspects at the time of determining its existence is the notorious decline in the figures that any count of the free memory of the system.
However, the virus code does not incorporate any kind of harmful routine, except its own replication.
Macro type virus
The main reason for the creation of these macro viruses is to be able to infect all those files that have the possibility of executing macros. These macros are small applications designed to facilitate the user’s task by automating certain complex operations that would otherwise be too tedious to carry out.
These micro-programs, by containing executable code, are obviously also prone to containing viruses. The infection method used by viruses of this nature is simple. Once the file is loaded, these macros will be loaded into memory and the code will be executed, thereby causing the infection.
It should be noted that most of these applications have built-in protection for macro viruses , although it is not always effective. Furthermore, the truth is that most of these viruses cannot attack all applications equally, because their code is written to attack a particular program.
The most important examples of this class of files are documents generated by Microsoft Word, whose extension is DOC, as well as Microsoft Excel files, whose spreadsheets have an XLS extension, Access files with an MDB extension, presentations Microsoft PowerPoint, and some files made by CorelDraw among others.
Link type virus
The virus type link has the power to modify the specific address location of programs and files to start your infection, ie places where the operating system will search for these programs or files to run. The infection method used by this virus, as we mentioned, is to alter the location of a certain program or file.
When the operating system or the user of the same need to execute this infected program or file, what actually happens is the execution of the malicious code that carries the virus , thus causing the infection of any program with an EXE or COM extension. .
It should be noted that when a link-type virus infection occurs , it is practically impossible to locate the programs that have been replaced by their actions.
Encryption type virus
The developers of this peculiar class of viruses use the encryption method by encryption to achieve the goal of not being discovered by the scans carried out by antivirus applications.
Although it is not strictly a type of virus, it is a name given to a certain kind of technique used to hide them. This name can also be extended to viruses of other categories, such as polymorphic type viruses.
The virus encryption type, have the ability to autoencriptarse, thus hiding the attempts by antivirus programs when performing their routines scan the system.
To fulfill the mission entrusted by its programmer, the encryption virus will self-decrypt and once its task is completed it will return to its previous state , that is, it will encrypt itself.
In order to carry out their infection, encrypted viruses incorporate into their code the necessary algorithms for their encryption and decryption, because encryption is a technique that requires a key to encrypt and decrypt it, which is obviously not possessed by the user who has been infected.
It should be noted that this class of virus can only be discovered by antivirus programs when they are running.
The polymorphic virus, a very sophisticated technique that demands a lot of knowledge on the part of the developer, are those viruses that have the ability to be encrypted in a different and variably with each new infection they do.
Its main characteristic is that with each replication, they use different encryption keys and algorithms , so that the strings that make up their code, a kind of signature for antivirus systems, vary in such a way that they will never be able to match the existing signatures in the databases used by these antiviruses for their detection.
Due to the use of this complicated technique, these viruses are capable of generating large numbers of copies of themselves, but never the same.
We can consider, due to the studies and works carried out by computer experts around the world, that this type of virus is currently one of the most harmful that any user, both expert and novice, can find.
These viruses owe their danger to the fact that they can carry out, through the joint use of different techniques and attack methods, multiple and varied infections. The main objective of its existence is the possibility of destroying with its code all those files and executable programs that it has the possibility of infecting.
Among the preferred targets of this class of virus we can mention files, programs and applications, macros that incorporate office suites such as Microsoft Office, hard drives, removable storage units such as floppy disks, pen drives and memories of all kinds.
It should be noted that after an attack by a multipartite virus, the data contained in the infected items will be impossible to recover.
In addition to all these types of viruses, there are currently others that, although they are not considered computer viruses, the truth is that they act in a similar way to achieve similar results.
How viruses affect files
Viruses normally hide in executable files, such as EXE or COM, but they can do so in any file that contains data, the most common being SYS, .BIN, .PIF. They are also very frequent in office document files such as Microsoft Word or Microsoft Excel, which are used by millions of people and allow malicious code to be dragged when the document is opened. This causes the virus to immediately try to infect other files.
So that viruses can remain in our system without us noticing their presence, they usually modify the properties of the files where they are housed . The most common file properties that this type of virus modify to be able to camouflage itself in them are:
The virus increases the file size
When a virus infects a file, it usually needs to increase its size , however the most recent and sophisticated viruses manage to hide these properties from the operating system, making it go unnoticed.
The virus deletes the source
A virus that has access to the memory of a computer can erase the files that it used to infect the data, because then it passes into the memory, allowing it to infect all the files wherever it goes.
The virus destroys and alters files
The virus can alter files, destroying information and making them unreadable to the operating system . It is one of the most common effects of personal data destruction viruses. It is common for EXE files to be modified into COM files to achieve separation from the original program with a greater degree of destruction.
Restart the computer
Another of the most frequent effects is affecting the proper functioning of the computer and the Operating System, preventing it from turning on, or achieving frequent reboots.
These are just some of the ways viruses attack files on computers, but the effects depend only on the creativity of hackers.