What program code are computer viruses

CISO

A computer virus is malware that uses legitimate applications to spread and reproduce. Attackers use viruses to impair the functioning of computers or to gain control over them.

Definition: computer virus

The name comes from the method by which the malware infects the computer. A biological virus (for example a flu virus) cannot reproduce on its own, but needs a host cell, on whose metabolism it is dependent. A computer virus is not a stand-alone program either. It's a snippet of code that infiltrates another application. When this application is started, it executes the virus code, which does what the attacker wants.

"Virus" and "malware" are often used interchangeably. Strictly speaking, a virus is a special type of malware. The distinguishing feature is that viruses have to infect other programs in order to function. The other two main types are Trojans and worms. Trojans disguise themselves as harmless applications, but perform another, mostly harmful function in the background without the knowledge of the user. Worms can reproduce and spread themselves independently of other uses.

What do computer viruses do?

If an application is infected on a computer (more on this later), the attack generally follows the following pattern:

  1. The infected application is executed, usually by the user.

  2. The virus code is loaded into CPU memory before any legitimate code is executed.

  3. At this point, the virus multiplies by infecting other applications on the host computer and injecting malicious code wherever it can.

Different types of virus reproduce differently. A resident virus only infects programs when they are opened. A non-resident virus can infect executables even when they are not running. A Boot sector virus places its code in the boot sector of the computer's system hard drive. This means that it will run before the operating system is fully loaded, making it impossible to use the computer in a "healthy" way.

As soon as a virus infects the computer, it starts executing its "payload". This refers to the part of the virus code that does what the attacker programmed the virus to do. Among other things, it can:

  • scan the computer's hard drive for login information;

  • Record keystrokes to steal passwords ("keylogger");

  • Integrate the computer into a botnet in order to attack certain targets in the context of DDoS attacks and paralyze them through overload;

  • Encrypt data and demand a ransom.

Some of these effects are similar to other types of malware such as ransomware worms or DDoS Trojans.

How does a computer virus spread?

In the pre-Internet era, viruses spread from computer to computer via infected floppy disks. The SCA virus attacked Amiga users, for example, when they used certain floppy disks with pirated software. Even if it was largely harmless, around 40 percent of all Amiga users were infected at the height of the epidemic.

Viruses spread over the Internet today. In most cases, infected applications are transferred from one computer to another in the same way as "healthy" ones. They are accidentally or intentionally sent by email or passed on via removable media such as USB sticks. Some viruses even take control of your computer's mail software and send copies of themselves. They can also be downloaded from infected code repositories or compromised app stores.

Many viruses contain so-called logic bombs. In these cases, the viruses only start their harmful craft under certain conditions, for example when a date has been reached or specific circumstances arise. As a result, users or administrators are often unaware that the applications they distribute and install are infected.

E-mail is still the most widely used means of communication in private and everyday work. So a particularly large number of viruses use this channel. Can you catch a virus by opening an email? Almost all virus infection scenarios have in common that the victim must actively execute the malicious code or the infected application. An infected attachment always needs to be downloaded and executed or a link must be clicked. This is why most email clients and webmail services have a virus scanner as standard. In addition, all security awareness measures emphasize from the start that users should look very carefully to see which attachments they are executing and which are not.

One particularly insidious way that a virus can infect a computer is through infected code that runs as JavaScript in a web browser. Such viruses are called Web scripting viruses. In addition, security gaps in locally installed programs can be exploited in order to infect them. Some email clients execute HTML and JavaScript code that is embedded in email. If such emails are opened, there is always a certain risk of infection. Similar to malicious attachments, however, most email clients and webmail services have built-in security features that prevent this from happening.

What types of computer viruses are there?

Security provider Symantec has created a useful overview of the various virus types. In addition to the ones mentioned resident, non-resident, Boot sector- and Web scripting viruses there are other common variants:

  • A Macro virus infects macro applications embedded in Microsoft Office or PDF files. It activates as soon as an infected document is opened.

  • A polymorphic virus changes its own source code every time it copies itself. This is to prevent the virus from being detected by anti-virus programs.

These categories describe different types of virus behavior. Some pests fall into several of these categories. For example, a resident virus can spread polymorphically.

What protection against computer viruses is there?

The US portal CSO has lists of the most important Antivirus software compiled for Windows, Android, Linux and macOS. Most of them are signature-based and check all files and programs for the code of known malware.

Bid in complex corporate networks Solutions forEndpoint security protection. In addition to targeting malicious code signatures, they also provide anti-spyware, personal firewall, application control, and other types of intrusion prevention functions. Gartner analysts have compiled a list of what they consider to be the best endpoint security platforms.

Who his applications and Keeps systems up to date and applies all patches, has already done a lot for basic security. Such systems generally have fewer vulnerabilities and even if virus code is executed, infection does not have to occur. It is also important to have a current one Inventory of the hardware used to know what to cover. The infrastructure should be ongoing Vulnerability analyzes be subjected.

What are the symptoms of an infection?

In addition to exceptions such as ransomware, viruses usually do not want to be detected after they have attacked a computer. They try to fulfill their purpose continuously while the computer continues to work. Still, there are symptoms that indicate an infection:

  • continually slow performance;

  • frequent Crashes;

  • unknown or unfamiliar programs start as soon as the computer is turned on;

  • Bulk emails are sent from your own e-mail account;

  • frequent Pop-up windowthat refer to unknown web pages or advertise program downloads;

  • Changes on the company homepage or by passwords.

If such symptoms accumulate, it is important to have one Virus scan perform. There are numerous free online services for this, Safety Detective has verified the seven best and classified their functions according to their advantages and disadvantages.

How can I remove a computer virus?

To get rid of a virus, Kaspersky provides general step-by-step instructions. If the malware cannot be removed by antivirus tools, the computer must manually cleaned up become.

  1. Make sure anti-virus tools and malware scanners are up to date.

  2. Disconnect the computer from the Internet and restart it in Safe Mode to prevent the malware from downloading more malicious files.

  3. In Safe Mode, delete the temporary files to speed up the scans and remove any malware in these files.

  4. After cleaning the hard drive, run a scan. Since there is no internet connection, the scan only covers the malware detected by the last scanner update. Therefore, the operating system and all software must also be up to date.

  5. If the scan finds an infected file, it is usually deleted or quarantined. This is followed by a restart of the computer in normal mode. However, Kaspersky recommends another scan to ensure that all malware has been completely removed.

  6. If the computer continues to show symptoms of an infection, the most important files must be saved on an external storage device (external hard drive, cloud). Windows must then be reinstalled.

Is theVirus removedthe following measures must be taken:

  1. Change all passwords.

  2. Make sure that the operating system, programs and browser are running the latest version.

  3. Check that the strongest security settings are enabled in the browser.

CSO offers a number of additional instructions for removing rootkits, ransomware, or cryptojacking viruses and for finding malware via the Windows registry. As a general precaution, it is advisable to create regular file backups. In this way, in the event of an infection, a safe status can be restored without having to go through the long cleaning process.