Continue to Site

How Computer Viruses Work

Computer viruses are called viruses because they share some of the traits of biological viruses. A computer virus passes from computer to computer like a biological virus passes from person to person.A biological virus is a fragment of DNA inside a protective jacket. Unlike a cell, a virus has no way to do anything or to reproduce by itself.

By Marshall Brain March 11, 2002

Computer viruses are called viruses because they share some of the traits of biological viruses. A computer virus passes from computer to computer like a biological virus passes from person to person.

A biological virus is a fragment of DNA inside a protective jacket. Unlike a cell, a virus has no way to do anything or to reproduce by itself. Instead, a biological virus must inject its DNA into a cell. The viral DNA then uses the cell’s existing machinery to reproduce itself.

A computer virus must piggyback on top of some other program or document to get executed. Once it is running, it is able to infect other programs or documents. The analogy between computer and biological viruses is a stretch. But there are enough similarities that the name sticks.

The “Melissa” virus, which became a worldwide phenomenon in March 1999, was so powerful that it forced Microsoft and a number of other large companies to completely turn off their e-mail systems until the virus could be contained. The “ILOVEYOU” virus in 2000 had a similarly devastating effect.

The most common forms of electronic infection are:

  • Virus —A small piece of software that piggy-backs on real programs. For example, a virus might attach itself to a program like a spreadsheet. Each time the program runs, the virus runs too. It has the chance to reproduce by attaching to other programs or wreak havoc.

  • E-mail virus —Moves around in e-mail messages. It usually replicates by automatically mailing itself to dozens of people in the victim’s e-mail address book.

  • Worm —A small piece of software that uses computer networks and security holes to replicate itself. A copy of the worm scans a network for another machine that has a specific security hole. It copies itself to the new machine using the security hole, then starts replicating from there as well.

    • Using a network, a worm can expand from a single copy incredibly quickly. For example, the Code Red worm replicated itself over 250,000 times in approximately nine hours on July 19, 2001.

      Worms devour computer time and network bandwidth when they are replicating, and they often have some sort of evil intent. The Code Red worm slowed down internet traffic when it began to replicate itself. Each copy of the worm scans the internet for Windows NT or Windows 2000 servers that do not have the security patch installed. Each time it finds an unsecured server, the worm copies itself to that server. The new copy then scans for other servers to infect. Depending on the number of unsecured servers, a worm could conceivably create hundreds of thousands of copies.

    • Trojan Horse —A normal computer program that claims to do one thing, for example, a game, but instead does damage such as erasing your hard disk when you run it. Trojan horses have no way to replicate automatically.

      • Protecting your computer

        If you are worried about traditional (as opposed to e-mail) viruses, you should be running a secure operating system like UNIX or Windows NT. Their security features keep viruses (and unwanted human visitors) away from your hard disk. If you are using an unsecured operating system, using virus protection software is a nice safeguard.

        By avoiding programs from unknown sources such as the internet, you eliminate almost all of the risk from traditional viruses. Instead, use commercial software purchased on CDs. You should disable floppy disk booting. Most computers now allow you to do this. It eliminates the risk of a boot sector virus coming from a floppy disk accidentally left in the drive.

        You should make sure that macro virus protection is enabled in all Microsoft applications. And you should never run macros in a document unless you know what they do. To enable macro virus protection, open the Options dialog from the Tools menu in Microsoft Word and ensure that macro virus protection is enabled.

        In the case of the ILOVEYOU e-mail virus, the only defense is personal discipline. You should never double-click on an attachment that contains an executable that arrives as an e-mail attachment. Attachments that come in as Word files (.DOC), spreadsheets (.XLS), images (.GIF and .JPG), etc. are data files and they can usually do no damage (noting the macro virus problem above in Word and Excel documents). A file with an extension like EXE, COM, or VBS is an executable. An executable can do any sort of damage it wants. Once you run it, you have given it permission to do anything on your machine. The only defense is to never run executables that arrive via e-mail.