This is not the document you are looking for? Use the search form below to find more!
What is a Computer Virus?
3.00 (1 votes)
Document Description
A computer virus is a piece of executable code with the unique ability to replicate. Like bio-
logical viruses, computer viruses can spread quickly and are often difficult to eradicate. They
can attach themselves to just about any type of file and are spread as files are copied and sent
from individual to individual. Some computer viruses have a damage routine that can deliver
the virus payload. While payloads may only display messages or images, they can also destroy
files, reformat your hard drive, or cause other kinds of damage. If the virus doesn’t contain a
damage routine, it can still cause trouble by taking up storage space and memory, and down-
grading the overall performance of your comp
File Details- Added: February, 04th 2009
- Reads: 764
- Downloads: 52
- File size: 50.96kb
- Pages: 6
- content preview
- Username: rika
- Name: rika
- Documents: 1302
Embed Code:
Related Documents
what is a linear equation
by: mahesh4528, 3 pagesWhat is a linear equation: An equation is a condition on a variable. A variable takes on different values; its value is not fixed . Variables are denoted usually by letter of alphabets, such as x, y ...
What is a Linear Equation
by: kamlesh, 4 pagesWhat is a linear equation: An equation is a condition on a variable. A variable takes on different values; its value is not fixed . Variables are denoted usually by letter of alphabets, such as x, y ...
What Is A Number Line
by: storysubmission11, 11 pagesThe Number line is better understood as a two dimensional way of representing positive and negative digits in a particular interface in relation with each other. The positive integers are placed to ...
What Is A Linear Equation
by: ramsingh11, 7 pagesWhat is a linear equation :- An equation is a condition on a variable. A variable takes on different values; its value is not fixed. Variables are denoted usually by letter of alphabets, such as x, y ...
What is a Parallelogram
by: tutorvistateam_team, 4 pagesWhat is a Parallelogram? Let’s discuss an important math topic i.e. Parallelogram is a convex quadrilateral having two pairs of parallel sides. In the parallelogram, the opposite side or facing ...
What is a Quadrilateral
by: tutorvistateam_team, 4 pagesn the mathematics we are going to discuss What is a Quadrilateral. Quadrilateral having two dimensional closed shape which is having four straight. Any four sided shape is a quadrilateral, but the ...
What is a Dependent Variable
by: tutorvistateam_team, 4 pagesIn mathematics variable is a letter which represents an unknown number and variables play very important role in mathematics What is a Dependent Variable? and there are two types of variable ...
What Is A Independent Variable
by: tutorvistateam_team, 4 pagesIn today’s session we are going to learn about What is a Independent Variable. Now the question first comes is what a variable in mathematics is? So variable is basically a value which can be ...
What is a Line Segment
by: tutorciecleteam, 4 pagesWhat is a Line Segment What is a Line Segment? A Line segment in geometry is a line part which is bounded by two end points and its every point are in between those end points only. Examples of Line ...
What Is A Histogram
by: tutorvistateam_team, 4 pagesWhen we represent the data in the form of diagram and graphic presentation, it becomes easy for the analyst to interpret what all it contains and to come to various conclusions and decisions. There ...
Content Preview
WHITE PAPER
MARCH 1 , 2002
TREND MICRO, INC.
10101 N. DE ANZA BLVD.
CUPERTINO, CA 95014
T 800.228.5651 / 408.257. 1500
F 408.257.2003
WWW.TRENDMICRO.COM
What is a Computer Virus?
What You Need To Know To Protect
Your Network
TREND MICRO
WHAT IS A COMPUTER VIRUS?
2
WHITE PAPER
MARCH 1 , 2002
DEFINING A VIRUS
A computer virus is a piece of executable code with the unique ability to replicate. Like bio-
logical viruses, computer viruses can spread quickly and are often difficult to eradicate. They
can attach themselves to just about any type of file and are spread as files are copied and sent
from individual to individual. Some computer viruses have a damage routine that can deliver
the virus payload. While payloads may only display messages or images, they can also destroy
files, reformat your hard drive, or cause other kinds of damage. If the virus doesn’t contain a
damage routine, it can still cause trouble by taking up storage space and memory, and down-
grading the overall performance of your computer.
Virus attacks are becoming more common, more frequent, and more severe. The increase
in the number of virus incidents is attributed to recent rapid growth in the number of internal
networks and network connections, particularly relating to the Internet and intranets. The
more files that are shared by users, the greater the risk of users being infected by a virus. In
addition to the increase in the number of different ways a virus can get into an organization,
the growth in incident rates can also be attributed to new virus types, such as macro viruses
and PE types of viruses, which spread very quickly through shared documents and via
email/attachments. Based on the International Computer Security Association (ICSA) Labs
Sixth Annual Computer Virus Prevalence Survey, 87% of viruses were spread via Internet
email in 2000, compared to 56% in 1999.
TREND MICRO
WHAT IS A COMPUTER VIRUS?
3
WHITE PAPER
MARCH 1 , 2002
LIFE CYCLE OF A VIRUS
Virus outbreaks occur when a network becomes overwhelmed with computer viruses or virus-
carrying messages, causing server overload and expensive downtime. Computer viruses have
a life cycle that begins when they’re created and ends when they’re completely eradicated.
STAGE 1 : CREATION
Until a few years ago, creating a virus required knowledge of a computer programming lan-
guage. Today anyone with even a little programming knowledge can create a virus.
STAGE 2: REPLICATION
Viruses replicate by nature. A well-designed virus will replicate for a long time before it acti-
vates, which allows it plenty of time to spread.
STAGE 3: ACTIVATION
Viruses that have damage routines will activate when certain conditions are met, for example,
on a certain date or when a particular action is taken by the user. However, even viruses without
damage routines cause damage by occupying valuable storage space.
STAGE 4: DISCOVERY
When a virus is detected and isolated, it is sent to the International Computer Security
Association in Washington, D.C., to be documented and distributed to antivirus developers.
Discovery normally takes place at least a year before the virus might become a threat to the
computing community.
STAGE 5: ASSIMIL ATION
At this point, antivirus developers modify their software so that it can detect the new virus. This
can take anywhere from one day to six months, depending on the developer and the virus type.
STAGE 6: ERADICATION
If enough users install up-to-date virus protection software, any virus can be wiped out. So far
no viruses have disappeared completely, but some have long ceased to be a major threat.
TREND MICRO
WHAT IS A COMPUTER VIRUS?
4
WHITE PAPER
MARCH 1 , 2002
VIRUS T YPES
Malware is a general term used to refer to any unexpected or malicious programs or mobile
codes such as viruses, Trojan, worm, or Joke programs. Viruses and other malware are classi-
fied into various types depending on their file formats and infection routines.
ACTIVEX MALICIOUS CODE
An ActiveX control is a component object embedded in a web page which runs automatically
when the page is viewed. In many cases, the web browser can be configured so that these
ActiveX controls do not execute by changing the browser’s security settings to "high." However,
hackers, virus writers, and others who wish to cause mischief or worse may use ActiveX mali-
cious code as a vehicle to attack the system.
BOOT SECTOR VIRUSES
Boot sector viruses infect the boot sector or partition table of a disk. Computer systems are most
likely to be attacked by boot sector viruses when you boot the system with an infected disk from
the floppy drive – the boot attempt does not have to be successful for the virus to infect the hard
drive. Once the system is infected, the boot sector virus will attempt to infect every disk that is
accessed by that computer. In general, boot sector viruses can be successfully removed.
FILE-INFECTING VIRUSES
File-infecting viruses infect executable programs (generally, files that have extensions of .com
or .exe). Most such viruses simply try to replicate and spread by infecting other host programs—
but some inadvertently destroy the program they infect by overwriting some of the original code.
Some of these viruses are very destructive and attempt to format the hard drive at a predeter-
mined time or perform some other malicious action. In many cases, a file-infecting virus can be
successfully removed from the infected file. If the virus has overwritten part of the program’s
code, the original file will be unrecoverable.
JAVA MALICIOUS CODE
Java applets are small, portable Java programs embedded in HTML pages. They can run auto-
matically when the pages are viewed. However, hackers, virus writers, and others who wish to
cause mischief may use Java malicious code as a vehicle to attack the system.
TREND MICRO
WHAT IS A COMPUTER VIRUS?
5
WHITE PAPER
MARCH 1 , 2002
MACRO VIRUS
Macro viruses are viruses that use another application’s macro programming language to dis-
tribute themselves. Unlike other viruses, macro viruses do not infect programs or boot
sectors— although a few do drop programs on the user's hard drive.
PROOF-OF-CONCEPT
A proof-of-concept virus or Trojan indicates that something is new or that it has never seen
before. For example, VBS_Bubbleboy was a proof-of-concept worm, as it was the first email
worm to automatically execute without requiring a user to double-click on an attachment. Most
proof-of-concept viruses are never seen "in the wild." However, virus writers will often take the
idea (and code) from a proof-of-concept virus and implement it in future viruses.
SCRIPT VIRUSES
Script viruses are written in script programming languages, such as VBScript and JavaScript.
VBScript (Visual Basic Script) and JavaScript viruses make use of Microsoft's Windows Scripting
Host to activate themselves and infect other files. Since Windows Scripting Host is available on
Windows 98 and Windows 2000, the viruses can be activated simply by double-clicking the
*.vbs or *.js file from Windows Explorer.
TROJAN
A Trojan horse is a program that performs some unexpected or unauthorized, usually malicious,
actions such as displaying messages, erasing files or formatting a disk. A Trojan horse doesn’t
infect other host files, therefore cleaning is not necessary.
WORM
A computer worm is a self-contained program (or set of programs) that is able to spread func-
tional copies of itself or its segments to other computer systems. The propagation usually takes
place via network connections or email attachments.
TREND MICRO
WHAT IS A COMPUTER VIRUS?
6
WHITE PAPER
MARCH 1 , 2002
ABOUT TREND MICRO
Trend Micro provides centrally controlled server-based virus protection and content filtering
products and services. By protecting information that flows through Internet gateways, email
servers, and file servers, Trend Micro allows companies and service providers worldwide to stop
viruses and other malicious code from a central point before they ever reach the desktop.
Trend Micro’s corporate headquarters is located in Tokyo, Japan, with business units in North
and South America, Europe, Asia, and Australia. Trend Micro’s North American headquarters
is located in Cupertino, CA. Trend Micro’s products are sold directly and through a network of
corporate, value-added resellers and service providers. Evaluation copies of all of Trend Micro’s
products may be downloaded from its award-winning web site, http://www.antivirus.com/ or
http://www.trendmicro.com/.
©2002 by Trend Micro, Inc.
All rights reserved. No part of this publication may be reproduced, photocopied, stored on a retrieval system, or transmitted without the
prior written consent of the publisher. InterScan, eManager, Trend VCS, ScanMail, ServerProtect, OfficeScan, MacroTrap, Active Update,
and SmartScan are trademarks of Trend Micro, Inc., and registered in various jurisdictions worldwide. All other company and product
names are trademarks or registered trademarks of their respective owners.
MARCH 1 , 2002
TREND MICRO, INC.
10101 N. DE ANZA BLVD.
CUPERTINO, CA 95014
T 800.228.5651 / 408.257. 1500
F 408.257.2003
WWW.TRENDMICRO.COM
What is a Computer Virus?
What You Need To Know To Protect
Your Network
TREND MICRO
WHAT IS A COMPUTER VIRUS?
2
WHITE PAPER
MARCH 1 , 2002
DEFINING A VIRUS
A computer virus is a piece of executable code with the unique ability to replicate. Like bio-
logical viruses, computer viruses can spread quickly and are often difficult to eradicate. They
can attach themselves to just about any type of file and are spread as files are copied and sent
from individual to individual. Some computer viruses have a damage routine that can deliver
the virus payload. While payloads may only display messages or images, they can also destroy
files, reformat your hard drive, or cause other kinds of damage. If the virus doesn’t contain a
damage routine, it can still cause trouble by taking up storage space and memory, and down-
grading the overall performance of your computer.
Virus attacks are becoming more common, more frequent, and more severe. The increase
in the number of virus incidents is attributed to recent rapid growth in the number of internal
networks and network connections, particularly relating to the Internet and intranets. The
more files that are shared by users, the greater the risk of users being infected by a virus. In
addition to the increase in the number of different ways a virus can get into an organization,
the growth in incident rates can also be attributed to new virus types, such as macro viruses
and PE types of viruses, which spread very quickly through shared documents and via
email/attachments. Based on the International Computer Security Association (ICSA) Labs
Sixth Annual Computer Virus Prevalence Survey, 87% of viruses were spread via Internet
email in 2000, compared to 56% in 1999.
TREND MICRO
WHAT IS A COMPUTER VIRUS?
3
WHITE PAPER
MARCH 1 , 2002
LIFE CYCLE OF A VIRUS
Virus outbreaks occur when a network becomes overwhelmed with computer viruses or virus-
carrying messages, causing server overload and expensive downtime. Computer viruses have
a life cycle that begins when they’re created and ends when they’re completely eradicated.
STAGE 1 : CREATION
Until a few years ago, creating a virus required knowledge of a computer programming lan-
guage. Today anyone with even a little programming knowledge can create a virus.
STAGE 2: REPLICATION
Viruses replicate by nature. A well-designed virus will replicate for a long time before it acti-
vates, which allows it plenty of time to spread.
STAGE 3: ACTIVATION
Viruses that have damage routines will activate when certain conditions are met, for example,
on a certain date or when a particular action is taken by the user. However, even viruses without
damage routines cause damage by occupying valuable storage space.
STAGE 4: DISCOVERY
When a virus is detected and isolated, it is sent to the International Computer Security
Association in Washington, D.C., to be documented and distributed to antivirus developers.
Discovery normally takes place at least a year before the virus might become a threat to the
computing community.
STAGE 5: ASSIMIL ATION
At this point, antivirus developers modify their software so that it can detect the new virus. This
can take anywhere from one day to six months, depending on the developer and the virus type.
STAGE 6: ERADICATION
If enough users install up-to-date virus protection software, any virus can be wiped out. So far
no viruses have disappeared completely, but some have long ceased to be a major threat.
TREND MICRO
WHAT IS A COMPUTER VIRUS?
4
WHITE PAPER
MARCH 1 , 2002
VIRUS T YPES
Malware is a general term used to refer to any unexpected or malicious programs or mobile
codes such as viruses, Trojan, worm, or Joke programs. Viruses and other malware are classi-
fied into various types depending on their file formats and infection routines.
ACTIVEX MALICIOUS CODE
An ActiveX control is a component object embedded in a web page which runs automatically
when the page is viewed. In many cases, the web browser can be configured so that these
ActiveX controls do not execute by changing the browser’s security settings to "high." However,
hackers, virus writers, and others who wish to cause mischief or worse may use ActiveX mali-
cious code as a vehicle to attack the system.
BOOT SECTOR VIRUSES
Boot sector viruses infect the boot sector or partition table of a disk. Computer systems are most
likely to be attacked by boot sector viruses when you boot the system with an infected disk from
the floppy drive – the boot attempt does not have to be successful for the virus to infect the hard
drive. Once the system is infected, the boot sector virus will attempt to infect every disk that is
accessed by that computer. In general, boot sector viruses can be successfully removed.
FILE-INFECTING VIRUSES
File-infecting viruses infect executable programs (generally, files that have extensions of .com
or .exe). Most such viruses simply try to replicate and spread by infecting other host programs—
but some inadvertently destroy the program they infect by overwriting some of the original code.
Some of these viruses are very destructive and attempt to format the hard drive at a predeter-
mined time or perform some other malicious action. In many cases, a file-infecting virus can be
successfully removed from the infected file. If the virus has overwritten part of the program’s
code, the original file will be unrecoverable.
JAVA MALICIOUS CODE
Java applets are small, portable Java programs embedded in HTML pages. They can run auto-
matically when the pages are viewed. However, hackers, virus writers, and others who wish to
cause mischief may use Java malicious code as a vehicle to attack the system.
TREND MICRO
WHAT IS A COMPUTER VIRUS?
5
WHITE PAPER
MARCH 1 , 2002
MACRO VIRUS
Macro viruses are viruses that use another application’s macro programming language to dis-
tribute themselves. Unlike other viruses, macro viruses do not infect programs or boot
sectors— although a few do drop programs on the user's hard drive.
PROOF-OF-CONCEPT
A proof-of-concept virus or Trojan indicates that something is new or that it has never seen
before. For example, VBS_Bubbleboy was a proof-of-concept worm, as it was the first email
worm to automatically execute without requiring a user to double-click on an attachment. Most
proof-of-concept viruses are never seen "in the wild." However, virus writers will often take the
idea (and code) from a proof-of-concept virus and implement it in future viruses.
SCRIPT VIRUSES
Script viruses are written in script programming languages, such as VBScript and JavaScript.
VBScript (Visual Basic Script) and JavaScript viruses make use of Microsoft's Windows Scripting
Host to activate themselves and infect other files. Since Windows Scripting Host is available on
Windows 98 and Windows 2000, the viruses can be activated simply by double-clicking the
*.vbs or *.js file from Windows Explorer.
TROJAN
A Trojan horse is a program that performs some unexpected or unauthorized, usually malicious,
actions such as displaying messages, erasing files or formatting a disk. A Trojan horse doesn’t
infect other host files, therefore cleaning is not necessary.
WORM
A computer worm is a self-contained program (or set of programs) that is able to spread func-
tional copies of itself or its segments to other computer systems. The propagation usually takes
place via network connections or email attachments.
TREND MICRO
WHAT IS A COMPUTER VIRUS?
6
WHITE PAPER
MARCH 1 , 2002
ABOUT TREND MICRO
Trend Micro provides centrally controlled server-based virus protection and content filtering
products and services. By protecting information that flows through Internet gateways, email
servers, and file servers, Trend Micro allows companies and service providers worldwide to stop
viruses and other malicious code from a central point before they ever reach the desktop.
Trend Micro’s corporate headquarters is located in Tokyo, Japan, with business units in North
and South America, Europe, Asia, and Australia. Trend Micro’s North American headquarters
is located in Cupertino, CA. Trend Micro’s products are sold directly and through a network of
corporate, value-added resellers and service providers. Evaluation copies of all of Trend Micro’s
products may be downloaded from its award-winning web site, http://www.antivirus.com/ or
http://www.trendmicro.com/.
©2002 by Trend Micro, Inc.
All rights reserved. No part of this publication may be reproduced, photocopied, stored on a retrieval system, or transmitted without the
prior written consent of the publisher. InterScan, eManager, Trend VCS, ScanMail, ServerProtect, OfficeScan, MacroTrap, Active Update,
and SmartScan are trademarks of Trend Micro, Inc., and registered in various jurisdictions worldwide. All other company and product
names are trademarks or registered trademarks of their respective owners.
Add New Comment