Tuesday, November 22, 2005


A virus is actually a small, self-replicating program. This means that the virus copies itself by infecting other programs and modifying their structures or even replacing the programs altogether. Viruses typically run behind the scenes, so victims don’t often witness the actions of viruses.
The possible damage virus’s cause includes corrupting programs, deleting files, altering system settings, or reformatting hard drives. Not all viruses cause such physical damage; some viruses simply display or sound a message indicating their presence on systems to spook users.
Today’s most common virus is the macro virus. When Microsoft included Visual Basic with its Microsoft Office suite several years ago, virus writers began using the utility’s power and flexibility to create macro viruses. Macros are collections of instructions used to execute tasks automatically within a program (such as Microsoft Word or Excel), but when virus writers created macros with malicious intent, they found out that they could use macro viruses to wreak serious havoc on one or many computers.
The most infamous macro virus, Melissa, propagated via an email message with a Word document attached to it. When opened, the document ran the macro, which lowered macro security settings on the computer (if necessary), and then emailed an infected Word document to the first 50 entries in every Microsoft Outlook MAPI (Messaging Application Programming Interface) address book accessible by the user executing the macro. Melissa also infected Word’s Normal.dot template file and displayed a Scrabble reference in the present Word document if the current minutes of the hour matched the day of the month.
Another common virus type is the file infector virus, which attacks program files (often ending in the extensions of .COM or .EXE) by overwriting portions of the file. Then, when an infected program runs, the virus places itself in the computer’s memory and proceeds to infect any non-infected programs that run thereafter. The potential for serious computer damage caused by file infector viruses is great because users often run several programs during a typical computing session.
The CIH virus, also known as Chernobyl (due to some variants of the virus executing only on April 26, the anniversary of the nuclear disaster), is a particularly nasty example of the damage file infector viruses can cause. When the CIH virus infects a computer, it can erase the entire hard drive and even overwrite the computer’s BIOS (Basic Input/Output System), which could require users to purchase a new BIOS chip for the computer’s motherboard.
The third major virus type infects the area of hard drives or floppy diskettes that contains boot information. These boot sector viruses activate when users start their computers and remain in the memory. Although most boot sector viruses are for DOS, some of the viruses target other PC OSes (operating systems).
Michelangelo is a boot sector virus that generated a worldwide scare in January 1992 after it shipped on hundreds of new PCs and diskettes by mistake. The virus, set to activate on March 6 of each year (the birthday of Renaissance painter Michelangelo), overwrites vital system data on an unprotected computer and causes it to stop running.


Post a Comment

<< Home