Computer Virus

views updated May 23 2018

Computer Virus

Resources

A computer virus is a program that is designed to reproduce itself in computer memory, to spread from computer to computer, and, sometimes, to damage data maliciously or at least cause a nuisance. Viruses are generally small programs. They may either stand-alone or be embedded in larger bodies of code. The term virus is applied to such code by analogy to biological viruses, microorganisms that force larger cells to manufacture new virus particles by inserting copies of their own genetic code into the larger cells DNA. Because DNA can be viewed as a data-storage mechanism, the parallel between biological and computer viruses is fairly close.

Many viruses exploit computer networks to spread from computer to computer to computer, sending themselves either as e-mail messages over the Internet or directly over high-speed data links. Programs that spread copies of themselves over network connections of any kind are termed worms, to distinguish them from programs that actively copy themselves only within the memory resources of a single computer. Some experts have sought to restrict the term virus to self-replicating code structures that embed themselves in larger programs and are executed only when a user runs the host program, and to restrict the term worm to stand-alone code that exploits network connections to spread (as opposed to, say, floppy disks or CD ROMs, which might spread a virus). However, virus terminology has shifted over the last decade, as computers that do not communicate over networks have become rare. So many worm/virus hybrids have appeared that any distinction between them is rapidly disappearing. In practice, any software that replicates itself may be termed a virus, and most viruses are designed to spread themselves over the Internet and are therefore worms.

A program that appears to perform a legitimate or harmless function, but is in fact designed to propagate a virus is often termed a Trojan Horse, after the hollow, apparently-harmless, giant wooden horse supposedly used by the ancient Greeks to sneak in inside the walls of Troy and overthrow that city from within. Another interesting subclass of viruses consists of chain letters that purport to warn the recipient of a frightening computer virus currently attacking the world. The letter urges its recipient to make copies and send them to friends and colleagues. Such hoax letters do not contain executable code, but do exploit computerized communications and legitimate concern over real, executable-code viruses to achieve self-replication, spread fear, and waste time. Chain letters have also been used as carriers for executable viruses, which are attached to the chain letter as a supposedly entertaining or harmless program (e.g., one that will draw a Christmas card on the screen).

The first wild computer viruses, that is, viruses not designed as computer-science experiments but spreading through computers in the real world, appeared in the early 1980s and were designed to afflict Apple II personal computers. In 1984, the science fiction book Necromancer, by William Gibson, appeared; this book romanticized the hacking of giant corporate computers by brilliant freelance rebels, and is thought by some experts to have increased interest among young programmers in writing real-world viruses. The first IBM PC computer viruses appeared in 1986, and by 1988 virus infestations on a global scale had become a regular event. An anti-virus infrastructure began to appear at that time, and anti-virus experts has carried on a sort of running battle with virus writers ever since. As anti-virus software increases in sophistication, however, so do viruses, which thrive on loopholes in software of ever-increasing complexity. For example, in 2003 a virus popularly dubbed SQL Slammer (because SQL Server 2000, targeted by the virus, is a large software package run by many businesses and governments) made headlines by suspending or drastically slowing Internet service for millions of users worldwide. In the United States alone, some 13, 000 automatic teller machines were shut down for most of a day.

All viruses cause some degree of harm by wasting resources, that is, filling a computers memory or, like SQL Slammer, clogging networks with copies of itself. These effects may cause data to be lost, but some viruses are designed specifically to delete files or issuing physically harmful series of instructions to hard drives. Such viruses are termed destructive. The number of destructive viruses has been rising for over a decade; in 1993 only about 10% of viruses were destructive, but by 2000 this number had risen to 35%

Because even nonmalicious or nondestructive viruses may clog networks, shut down businesses or websites, and cause other computational harm (with possible real-world consequences, in some cases), both the private sector and governments are increasingly dedicating resources to the prevention, detection, and defeat of viruses. Twenty to 30 new viruses are identified every day, and over 50, 000 viruses have been detected and named since the early 1980s, when computers first became integrated with the world economy in large numbers. Most viruses are written merely as egotistical pranks, but a successful virus can cause serious losses. The ILOVEYOU virus that afflicted computers globally in May, 2000 was a dramatic case that illustrated many of the properties of viruses and worms.

The ILOVEYOU virus was so named because in its most common form (among some 14 variants) it spread by looking up address-book files on each computer it infected and sending an e-mail to all the addresses it found, including a copy of itself as an attachment named LOVE-LETTER-FOR-YOU.TXT.VBS. (VBS stands for Visual Basic Script, a type of file readable by World Wide Web browsers.) If a recipient of the e-mail opened the attachment, the ILOVEYOU virus code would run on their computer, raiding the recipients address book and sending out a fresh wave of e-mails to still other computers.

ILOVEYOU first appeared in Asia on May 4, 2000. Designed to run on PC-type desktop computers, it rapidly spread all over the world, infecting computers belonging to large corporations, media outlets, governments, banks, schools, and other groups. Many organizations were forced to take their networks off line, losing business or suspending services. The United States General Accounting Office later estimated that the losses inflicted by the ILOVEYOU virus may have totaled $10 billion worldwide. Monetary losses occurred because of lost productivity, diversion of staff to virus containment, lost business opportunities, loss of data, and loss of consumer confidence (with subsequent loss of business).

National security may also be threatened by computer viruses and similar software objects. Creating or sending a computer virus is often a crime. Because of the interstate nature of the Internet, computer virus crimes are investigated by special units and divisions of the Federal Bureau of Investigation.

An intriguing form of computer virus relies on human beings for propagation. These virusesto stretch the technical definition beyond its usual reachare chain letters that warn the recipient of a dangerous new computer virus that is supposedly infecting many computers, and urge the recipient to send a copy of the e-mail to everyone they know. Almost all alarming e-mails that ask the recipient to send copies to everyone they know are fraudulent; they themselves are the time-wasting virus they warn of.

See also Computer software.

Resources

BOOKS

Aycock, John. Computer Viruses and Malware. New York: Springer, 2006.

Szor, Peter. The Art of Computer Virus Research and Defense. Indianapolis, IN: Addison-Wesley Professional, 2005.

Tittel, Ed. Fighting Spyware, Viruses, and Malware. New York: John Wiley & Sons, 2004.

Zaytsev, Oleg. Rootkits, Spyware/Adware, Keyloggers and Backdoors: Detection and Neutralization. Wayne, PA: A-List Publishing, 2006.

Larry Gilman

Viruses

views updated May 23 2018

Viruses

Less than a generation ago, computer viruses were considered an urban myth. They were found more often in movies than on actual computer systems. Now, however, malicious software constitutes a material threat to businesses, government, and home computer users.

Currently, there are three categories of malicious software threats: viruses, worms, and Trojan horses. All of these threats are built from the same basic instructions and computer logic that make up application programs on one's computer such as word processors, games, or spreadsheets. Like traditional application programs, malicious software is written by people and must be intentionally designed and programmed to self-replicate or cause damage.

While almost all Trojan horses attempt to cause harm to the computer system, more than 70 percent of all computer viruses and worms are designed only to self-replicate. Those viruses, worms, and Trojan horses that do inflict intentional damage to computer systems are said to deliver a "payload." Common payloads include formatting a hard drive, deleting files, or gathering and sending passwords to an attacker. These threats typically have trigger criteria. They wait until the criteria are met before delivering the payload (for example, waiting until July 28 to reformat the hard drive).

The typical malicious software author is male between fourteen and twenty-five years of age (only a few female virus writers are known). These demographics are expected to change as organized crime, terrorist groups, and rogue organizations begin to target the Internet. In addition, many governments around the world are researching how to use malicious software for both offensive and defensive information warfare.

Viruses

A virus is a computer program that is designed to replicate itself from file to file (or disk to disk) on a single computer. Viruses spread quickly to many files within a computer, but they do not spread between computers unless people exchange infected files over a network or share an infected floppy diskette.

By 1990, there were roughly 50 known computer viruses. During the late 1990s, the number of viruses skyrocketed more than 48,000! Despite the many thousand virus strains that exist, very few viruses have found their way out of research labs to end-user computers. Based on industry statistics, of the more than 48,000 known computer viruses, only 200 to 300 are in general circulation at any one time.

Viruses are classified by the type of file or disk that the virus infects:

  • Boot viruses attach themselves to floppy diskettes and hard drives. When a user boots from an infected floppy diskette or hard drive, the virus is activated and the computer becomes infected. The virus spreads to other floppy diskettes as they are used on the system.
  • Application viruses spread from one application to another on the computer. Each time an infected application program is run, the virus takes control and spreads to other applications.
  • Macro viruses spread through documents, spreadsheets, and other data files that contain computer macros. A macro is a small, self-contained program that is embedded directly within a document or spreadsheet file. Typically, macros are used to automate simple computer tasks such as summing a set of numbers in a spreadsheet. Modern macros are powerful enough to copy themselves between documents or spreadsheets.
  • Script viruses infect other script files on the computer. Script viruses, which are written in high-level script languages such as Perl or Visual Basic, gain control when a user runs an infected script file.

A typical computer virus works as follows: First, the user runs infected program A. Program A immediately executes its viral logic. The virus locates a new program, B, that it thinks it can infect. The virus checks to see if the program is already infected. If program B is already infected, the virus goes back to locate another program to infect. If it is not already infected, the virus appends a copy of its logic to the end of program B and changes program B such that it, too, will run the malicious logic. The virus then runs program A so the user does not suspect any malicious activities.

Viruses can be written in numerous computer programming languages including assembly language, scripting languages (such as Visual Basic or Perl), C, C, Java, and macro programming languages (such as Microsoft's VBA).

Worms

A worm is a computer program that exploits a computer network to copy itself from one computer to another. The worm infects as many machines as possible on the network, rather than spreading many copies of itself on a single computer, as a computer virus does. Usually, a worm infects (or causes its code to run on) a target system only once; after the initial infection, the worm attempts to spread to other machines on the network. Because computer worms do not rely on humans to copy them from computer to computer, they can spread much more rapidly than computer viruses.

The first computer worms were written at Xerox Palo Alto Research Center in 1982 to understand how self-replicating logic could be leveraged in a corporation. A bug, however, in the worm's logic caused computers on the Xerox network to crash. Xerox researchers had to build the world's first "antivirus" solution to remove the infections. In 1987 the "CHRISTMA EXEC" worm made millions of copies of itself in the IBM and BITNET e-mail systems. In 1988 the "Internet" worm spread itself to roughly 6,000 machines (10 percent of the Internet at the time).

More recently, worms such as Melissa, ExploreZip, and LoveLetter have captured the attention of the public and the media due to their vast ability to spread over the Internet. These worms, collectively, produced millions of copies of themselves, and caused millionssome say billionsof dollars of damage.

The typical computer worm works as follows: The user unknowingly runs a worm program. The worm accesses a "directory" source, such as an e-mail address list, to obtain a list of target computers on the network. The worm sends itself to each of the target computers. A user on a target computer receives a copy of the worm in e-mail, unknowingly runs the worm e-mail attachment, and starts the process over again.

Some worms, like the Internet worm of 1988, automatically connect to target computers and use a "back door" to install and run themselves on the target without human intervention. Like viruses, computer worms can be written in assembly language, scripting languages, macro languages, or in high level languages like C, C, or Java.

The Trojan Horse

Trojan horses are software programs that are designed to appear like normal computer programs, yet, when run, can cause some type of harm to the host computer. Most often, Trojan horses either steal information (such as passwords or files) from the computer or damage the contents of the computer (by deleting files). Because Trojan horses do not attempt to replicate themselves like viruses or worms, they are placed into their own class of computer threat. Like viruses and worms, Trojan horses can be written in virtually any computer language.

Detection Avoidance

Virus and worm authors have invented a number of techniques to avoid detection by antivirus software. Three of the more interesting techniques are the polymorphic virus, the retrovirus, and the stealth virus.

The term "polymorphic" means many-formed. Polymorphic viruses (or worms) mutate themselves each time they spread to a new file or disk. This behavior eliminates any consistent digital fingerprint and makes virus detection much more difficult. These digital pathogens avoid detection in the same way that HIV (human immunodeficiency virus) and other viruses evade the human immune system.

Computer retroviruses actively seek out and disable antivirus programs. The retrovirus deletes components of the antivirus program as an offensive attack to prevent detection.

Finally, stealth viruses inject themselves into the computer operating system and actively monitor requests to access infected files. The virus automatically disinfects infected files before they are accessed by other software on the computer, then reinfects them at a later time. This technique enables the viruses to sneak past antivirus software because every time the antivirus program attempts to scan an infected file, the virus disinfects the file first.

Legality of Virus Writing

While computer virus writing is not considered an illegal act in the United States, intentionally spreading malicious programs is a crime punishable by fine or imprisonment. Countries outside the United States are beginning to draft computer crime laws that are far stricter than those in the United States. For instance, Germany has laws restricting mass exchange of computer viruses for any reason and Finland has recently made writing a computer virus an illegal act.

Industry watchers expect a great deal of future legislation in this area as computer threats increasingly affect mainstream computer users.

see also Ethics; Hackers; Hacking; Programming; Security.

Carey Nachenberg

Bibliography

Atkins, Derek, et al. Internet Security, Professional Reference. Indianapolis, IN: New Riders Publishing, 1996.

Cohen, Frederick B. A Short Course on Computer Viruses, 2nd edition. New York: John Wiley & Sons, 1994.

Computer Virus

views updated Jun 11 2018

Computer Virus

LARRY GILMAN

A computer virus is a program or segment of executable computer code that is designed to reproduce itself in computer memory and, sometimes, to damage data. Viruses are generally short programs; they may either stand-alone or be embedded in larger bodies of code. The

term "virus" is applied to such code by analogy to biological viruses, microorganisms that force larger cells to manufacture new virus particles by inserting copies of their own genetic code into the larger cell's DNA. Because DNA can be viewed as a data-storage mechanism, the parallel between biological and computer viruses is remarkably exact.

Many viruses exploit computer networks to spread from computer to computer to computer, sending themselves either as e-mail messages over the Internet or directly over high-speed data links. Programs that spread copies of themselves over network connections of any kind are termed "worms," to distinguish them from programs that actively copy themselves only within the memory resources of a single computer. Some experts have sought to restrict the term "virus" to self-replicating code structures that embed themselves in larger programs and are executed only when a user runs the host program, and to restrict the term "worm" to stand-alone code that exploits network connections to spread (as opposed to, say, floppy disks or CD ROMs, which might spread a virus). However, virus terminology has shifted over the last decade, as computers that do not communicate over networks have become rare. So many worm/virus hybrids have appeared that any distinction between them is rapidly disappearing. In practice, any software that replicates itself may be termed a "virus," and most viruses are designed to spread themselves over the Internet and are therefore "worms."

A program that appears to perform a legitimate or harmless function, but is in fact designed to propagate a virus is often termed a Trojan Horse, after the hollow, apparently-harmless, giant wooden horse supposedly used by the ancient Greeks to sneak inside the walls of Troy and overthrow that city from within. Another interesting subclass of viruses consists of chain letters that purport to warn the recipient of a frightening computer virus currently attacking the world. The letter urges its recipient to make copies and send them to friends and colleagues. Such hoax letters do not contain executable code, but do exploit computerized communications and legitimate concern over real, executable-code viruses to achieve self-replication, spread fear, and waste time. Chain letters have also been used as carriers for executable viruses, which are attached to the chain letter as a supposedly entertaining or harmless program (e.g., one that will draw a Christmas card on the screen).

The first "wild" computer viruses, that is, viruses not designed as computer-science experiments but spreading through computers in the real world, appeared in the early 1980s and were designed to afflict Apple II personal computers. In 1984, the science fiction book Necromancer, by William Gibson, appeared; this book romanticized the hacking of giant corporate computers by brilliant freelance rebels, and is thought by some experts to have increased interest among young programmers in writing real-world viruses. The first IBM PC computer viruses appeared in 1986, and by 1988 virus infestations on a global scale had become a regular event. An anti-virus infrastructure began to appear at that time, and anti-virus experts have carried on a sort of running battle with virus writers ever since. As anti-virus software increases in sophistication, however, so do viruses, which thrive on loopholes in software of ever-increasing complexity. As recently as January 28, 2003, a virus dubbed "SQL Slammer" (SQL Server 2000, targeted by the virus, is a large software package run by many businesses and governments) made headlines by suspending or drastically slowing Internet service for millions of users worldwide. In the United States alone, some 13,000 automatic teller machines were shut down for most of a day.

All viruses cause some degree of harm by wasting resources, that is, filling a computer's memory or, like SQL Slammer, clogging networks with copies of itself. These effects may cause data to be lost, but some viruses are designed specifically to delete files or issue a physically harmful series of instructions to hard drives. Such viruses are termed destructive. The number of destructive viruses has been rising for over a decade; in 1993 only about 10% of viruses were destructive, but by 2000 this number had risen to 35 percent.

Because even nonmalicious or nondestructive viruses may clog networks, shut down businesses or Web sites, and cause other computational harm (with possible real-world consequences, in some cases), both the private sector and governments are increasingly dedicating resources to the prevention, detection, and defeat of viruses. Twenty to 30 new viruses are identified every day, and over 50,000 viruses have been detected and named since the early 1980s, when computers first became integrated with the world economy in large numbers. Most viruses are written merely as egotistical pranks, but a successful virus can cause serious losses. The ILOVEYOU virus that afflicted computers globally in May, 2000 is a dramatic recent case that illustrates many of the properties of viruses and worms.

The ILOVEYOU virus was so named because in its most common form (among some 14 variants) it spread by looking up address-book files on each computer it infected and sending an e-mail to all the addresses it found, including a copy of itself as an attachment named LOVE-LETTER-FOR-YOU.TXT.VBS. ("VBS" stands for Visual Basic Script, a type of file readable by World Wide Web browsers.) If a recipient of the e-mail opened the attachment, the ILOVEYOU virus code would run on their computer, raiding the recipient's address book and sending out a fresh wave of e-mails to still other computers.

ILOVEYOU first appeared in Asia on May 4, 2000. Designed to run on PC-type desktop computers, it rapidly spread all over the world, infecting computers belonging to large corporations, media outlets, governments, banks, schools, and other groups. Many organizations were forced to take their networks off line, losing business or suspending services. The United States General Accounting Office later estimated that the losses inflicted by the ILOVEYOU virus may have totaled $10 billion worldwide. Monetary losses occurred because of lost productivity, diversion of staff to virus containment, lost business opportunities, loss of data, and loss of consumer confidence (with subsequent loss of business).

National security may also be threatened by computer viruses and similar software objects. During the ILOVEYOU incident, the U.S. Department of Health and Human Services was disrupted for many hours. An official of the department stated that if a biological out-break had occurred simultaneously with this 'Love Bug' infestation, the health and stability of the nation would have been compromised with the lack of computer network communication. An official at the U.S. Department of Defense stated that so many personnel had to be shifted from their primary responsibilities to deal with ILOVEYOU that if the incident had continued much longer, reservists would have had to be called up. All this damage, and more, was accomplished by a virus not even especially designed to do so. Governments are, therefore, concerned that specially designed viruses and other forms of cyberattack may be used deliberately by hostile governments or terrorist groups to cripple the military or the economy. The U.S. National Security Agency has stated that at least 100 governments are developing viruses and other cyberweapons, as well as terrorist groups. To counter such threats, the U.S. government has established a National Infrastructure Protection Center in the Federal Bureau of Investigation. Its mission is to serve as the central federal point for coordinating information on threats to infrastructure, including threats (such as viruses) to computers and telecommunications networks.

FURTHER READING:

BOOKS:

Ferbrache, David. Pathology of Computer Viruses. Germany: Springer-Verlag, 1992.

Fites, Philip, Peter Johnston, and Martin Kratz. The Computer Virus Crisis. New York: Van Nostrand Reinhold 1992.

PERIODICALS:

"Virus Hits A.T.M.s and Computers Across Globe." New York Times. January 28, 2003.

ELECTRONIC:

Brock, Jack L. "'ILOVEYOU' Computer Virus Highlights Need for Improved Alert and Coordination Capabilities." United States General Accounting Office. Testimony before the Subcommittee on Financial Institutions, Committee on Banking, Housing and Urban Affairs, U.S. Senate. May 18, 2000. <nsi.org/library/virus/ai00181t.pdf> (Jan. 28, 2003).

SEE ALSO

Cyber Security

Computer Virus

views updated May 14 2018

Computer Virus

As with other computer-based applications, forensic science can be compromised by agents that alter or disable computers, such as computer viruses.

A computer virus is a program or segment of executable computer code that is designed to reproduce itself in computer memory and, sometimes, to damage data. Viruses are generally short programs; they may either stand alone or be embedded in larger bodies of code. The term virus is applied to such code by analogy to biological viruses, microorganisms that force larger cells to manufacture new virus particles by inserting copies of their own genetic code into the larger cell's DNA. Because DNA can be viewed as a data-storage mechanism, the parallel between biological and computer viruses is remarkably exact.

Many viruses exploit computer networks to spread from computer to computer, sending themselves either as e-mail messages over the Internet or directly over high-speed data links. Programs that spread copies of themselves over network connections of any kind are termed worms, to distinguish them from programs that actively copy themselves only within the memory resources of a single computer. So many worm/virus hybrids have appeared that any distinction between them is rapidly disappearing.

A program that appears to perform a legitimate or harmless function, but is in fact designed to propagate a virus is often termed a Trojan Horse, after the hollow, apparently-harmless, giant wooden horse that was supposedly used by the ancient Greeks to sneak in inside the walls of Troy and overthrow the city from within. Chain letters have also been used as carriers for executable viruses, which are attached to the chain letter as a supposedly entertaining or harmless program (e.g., one that will draw a Christmas card on the screen).

The first wild computer viruses, that is, viruses not designed as computer-science experiments but spreading through computers in the real world, appeared in the early 1980s and were designed to afflict Apple II personal computers. In 1984 the science fiction book Necromancer by William Gibson appeared; this book romanticized the hacking of giant corporate computers by brilliant freelance rebels, and is thought by some experts to have increased interest among young programmers in writing real-world viruses. The first IBM PC computer viruses appeared in 1986, and by 1988 virus infestations on a global scale had become a regular event. An anti-virus infrastructure began to appear at that time, and anti-virus experts have carried on a sort of running battle with virus writers ever since. As anti-virus software increases in sophistication, however, so do viruses, which thrive on loopholes in software of ever-increasing complexity. As recently as January 25, 2003, a virus dubbed SQL Slammer (SQL Server 2000, targeted by the virus, is a large software package run by many businesses and governments) made headlines by suspending or drastically slowing Internet service for millions of users worldwide. In the United States alone, this caused some 13,000 automatic teller machines to shut down for most of a day.

All viruses cause some degree of harm by wasting resources, that is, filling a computer's memory or, like SQL Slammer, clogging networks with copies of itself. These effects may cause data to be lost, but some viruses are designed specifically to delete files or issue a physically harmful series of instructions to hard drives. Such viruses are termed destructive. The number of destructive viruses has been rising for over a decade; in 1993 only about 10 percent of viruses were destructive, but by 2000 this number had risen to 35 percent.

Because even non-malicious or non-destructive viruses may clog networks, shut down businesses or websites, and cause other computational harm (with possible real-world consequences, in some cases), both the private sector and governments are increasingly dedicating resources to the prevention, detection, and defeat of viruses.

The first virus designed to be mass propagated, and perhaps the most famous virus to date, is a virus dubbed Melissa. The virus' creator, David Smith, initially unleashed the virus as part of an attachment in a file posted to a pornographic news group. The popularity of the group ensured a swift spread. For his dubious efforts, Smith was ultimately sentenced to 20 months in federal prison and fined $5,000.

Another infamous virus is the Michelangelo virus. Having infected a computer's hard drive, the viral program can wipe out information on the drive. The viral destruction is triggered by a certain date (March 6, presumably the birthdate of the Italian Renaissance artist and inventor Michelangelo Buonarroti). While some viruses are rather innocuous, the Michelangelo virus is malicious. Fortunately, the threat posed by this virus has passed.

An exhaustive list of current viral threats is essentially impossible. Twenty to 30 new viruses are identified every day, and over 50,000 viruses have been detected and named since the early 1980s, when computers first became integrated with the world economy in large numbers.

Most viruses are written merely as egotistical pranks, but a successful virus can cause serious losses. The ILOVEYOU virus that afflicted computers globally in May 2000 is a dramatic recent case that illustrates many of the properties of viruses and worms.

The ILOVEYOU virus was so named because in its most common form (among some 14 variants) it spread by looking up address-book files on each computer it infected and sending an e-mail to all the addresses it found, including a copy of itself as an attachment named LOVE-LETTER-FOR-YOU.TXT.VBS. ("VBS" stands for Visual Basic Script, a type of file readable by World Wide Web browsers.) If a recipient of the e-mail opened the attachment, the ILOVEYOU virus code would run on their computer, raiding the recipient's address book and sending out a fresh wave of e-mails to still other computers.

The ILOVEYOU virus first appeared in Asia on May 4, 2000. Designed to run on PC-type desktop computers, it rapidly spread all over the world, infecting computers belonging to large corporations, media outlets, governments, banks, schools, and other groups. Many organizations were forced to take their networks off line, losing business or suspending services. The United States General Accounting Office later estimated that the losses inflicted by the ILOVEYOU virus may have totaled $10 billion worldwide. Monetary losses occurred because of lost productivity, diversion of staff to virus containment, lost business opportunities, loss of data, and loss of consumer confidence (with subsequent loss of business).

National security may also be threatened by computer viruses and similar software objects. During the ILOVEYOU incident, the U.S. Department of Health and Human Services was disrupted for many hours. An official of the department stated that if a biological outbreak had occurred simultaneously with this "Love Bug" infestation, the health and stability of the Nation would have been compromised with the lack of computer network communication.

The U.S. National Security Agency has stated that at least 100 governments are developing viruses and other cyberweapons, as well as terrorist groups. To counter such threats, the U.S. government has established a National Infrastructure Protection Center in the Federal Bureau of Investigation to coordinate information on threats to infrastructure, including threats (such as viruses) to computers and telecommunications networks.

see also Computer hackers; Computer hardware security; Computer keystroke recorder; Computer modeling; Computer software security.

Computer Virus

views updated May 18 2018

Computer virus

A computer virus is a program or segment of executable computer code that is designed to reproduce itself in computer memory and, sometimes, to damage data. Viruses are generally short programs; they may either stand-alone or be embedded in larger bodies of code. The term "virus" is applied to such code by analogy to biological viruses, microorganisms that force larger cells to manufacture new virus particles by inserting copies of their own genetic code into the larger cell's DNA. Because DNA can be viewed as a data-storage mechanism, the parallel between biological and computer viruses is remarkably exact.

Many viruses exploit computer networks to spread from computer to computer to computer, sending themselves either as e-mail messages over the Internet or directly over high-speed data links. Programs that spread copies of themselves over network connections of any kind are termed "worms," to distinguish them from programs that actively copy themselves only within the memory resources of a single computer. Some experts have sought to restrict the term "virus" to self-replicating code structures that embed themselves in larger programs and are executed only when a user runs the host program, and to restrict the term "worm" to stand-alone code that exploits network connections to spread (as opposed to, say, floppy disks or CD ROMs, which might spread a virus). However, virus terminology has shifted over the last decade, as computers that do not communicate over networks have become rare. So many worm/virus hybrids have appeared that any distinction between them is rapidly disappearing. In practice, any software that replicates itself may be termed a "virus," and most viruses are designed to spread themselves over the Internet and are therefore "worms."

A program that appears to perform a legitimate or harmless function, but is in fact designed to propagate a virus is often termed a Trojan Horse, after the hollow, apparently-harmless, giant wooden horse supposedly used by the ancient Greeks to sneak in inside the walls of Troy and overthrow that city from within. Another interesting subclass of viruses consists of chain letters that purport to warn the recipient of a frightening computer virus currently attacking the world. The letter urges its recipient to make copies and send them to friends and colleagues. Such hoax letters do not contain executable code, but do exploit computerized communications and legitimate concern over real, executable-code viruses to achieve self-replication, spread fear, and waste time. Chain letters have also been used as carriers for executable viruses, which are attached to the chain letter as a supposedly entertaining or harmless program (e.g., one that will draw a Christmas card on the screen).

The first "wild" computer viruses, that is, viruses not designed as computer-science experiments but spreading through computers in the real world, appeared in the early 1980s and were designed to afflict Apple II personal computers. In 1984, the science fiction book Necromancer, by William Gibson, appeared; this book romanticized the hacking of giant corporate computers by brilliant freelance rebels, and is thought by some experts to have increased interest among young programmers in writing real-world viruses. The first IBM PC computer viruses appeared in 1986, and by 1988 virus infestations on a global scale had become a regular event. An anti-virus infrastructure began to appear at that time, and anti-virus experts has carried on a sort of running battle with virus writers ever since. As anti-virus software increases in sophistication, however, so do viruses, which thrive on loopholes in software of ever-increasing complexity. As recently as January 28, 2003, a virus dubbed "SQL Slammer" (SQL Server 2000, targeted by the virus, is a large software package run by many businesses and governments) made headlines by suspending or drastically slowing Internet service for millions of users worldwide. In the United States alone, some 13,000 automatic teller machines were shut down for most of a day.

All viruses cause some degree of harm by wasting resources, that is, filling a computer's memory or, like SQL Slammer, clogging networks with copies of itself. These effects may cause data to be lost, but some viruses are designed specifically to delete files or issuing physically harmful series of instructions to hard drives. Such viruses are termed destructive. The number of destructive viruses has been rising for over a decade; in 1993 only about 10% of viruses were destructive, but by 2000 this number had risen to 35%.

Because even nonmalicious or nondestructive viruses may clog networks, shut down businesses or websites, and cause other computational harm (with possible real-world consequences, in some cases), both the private sector and governments are increasingly dedicating resources to the prevention, detection, and defeat of viruses. Twenty to 30 new viruses are identified every day, and over 50,000 viruses have been detected and named since the early 1980s, when computers first became integrated with the world economy in large numbers. Most viruses are written merely as egotistical pranks, but a successful virus can cause serious losses. The ILOVEYOU virus that afflicted computers globally in May of 2000 is a dramatic recent case that illustrates many of the properties of viruses and worms.

The ILOVEYOU virus was so named because in its most common form (among some 14 variants) it spread by looking up address-book files on each computer it infected and sending an e-mail to all the addresses it found, including a copy of itself as an attachment named LOVE-LETTER-FOR-YOU.TXT.VBS. ("VBS" stands for Visual Basic Script, a type of file readable by World Wide Web browsers.) If a recipient of the e-mail opened the attachment, the ILOVEYOU virus code would run on their computer, raiding the recipient's address book and sending out a fresh wave of e-mails to still other computers.

ILOVEYOU first appeared in Asia on May 4, 2000. Designed to run on PC-type desktop computers, it rapidly spread all over the world, infecting computers belonging to large corporations, media outlets, governments, banks, schools, and other groups. Many organizations were forced to take their networks off line, losing business or suspending services. The United States General Accounting Office later estimated that the losses inflicted by the ILOVEYOU virus may have totaled $10 billion worldwide. Monetary losses occurred because of lost productivity, diversion of staff to virus containment, lost business opportunities, loss of data, and loss of consumer confidence (with subsequent loss of business).

National security may also be threatened by computer viruses and similar software objects. Creating or sending a computer virus is often a crime. Because of the interstate nature of the Internet, computer virus crimes are investigated by special units and divisions of the Federal Bureau of Investigation.

See also Computer software.


Resources

books

fites, philip, peter johnston, and martin kratz. the computer virus crisis. new york: van nostrand reinhold, 1992.


periodicals

"virus hits a.t.m.s and computers across globe." new york times, january 28, 2003.


other

brock, jack l. "'iloveyou' computer virus highlights need for improved alert and coordination capabilities." united states general accounting office. testimony before the subcommittee on financial institutions, committee on banking, housing and urban affairs, u.s. senate. may 18, 2000. [cited january 28, 2003]. <nsi.org/library/virus/ai00181t.pdf>


Larry Gilman

virus

views updated May 29 2018

virus Program code written to replicate by attaching copies of itself to other objects within the system, and normally also having a detrimental effect. This may range from generation of irritating messages, through denial of service, to corruption or complete destruction of data. A program virus will seek out and copy itself into other program files whenever a previously infected program is run. A boot sector virus copies itself into that sector of a disk and spreads whenever a system is boot loaded from an infected disk. Viruses are spread when infected programs or disks are transferred to previously clean systems. See also logic bomb, Trojan horse, worm.

virus detection

views updated May 14 2018

virus detection The systematic pursuit of viruses. Techniques of virus detection may be either specific, checking for a set of known viruses, or generic, exploiting characteristics common to all viruses and aimed at detecting both known and previously unknown viruses. Techniques may be further classified into dynamic procedures, in which a permanently resident program is constantly checking the running system for viruses, or static procedures, which are invoked at regular intervals, typically daily, to detect viruses introduced since their last activation. See immunization, inoculation, signature scanning.

Viruses and Worms

views updated Jun 08 2018

VIRUSES AND WORMS

The term "virus" is often used generically to identify any harmful migrating computer program. However, more strictly defined, a "worm" is a program that travels from one computer to another, usually over a network, but does not attach itself to the operating system of the computer it "infects." It replicates itself until the host computer runs out of memory or disk space. A "Trojan horse" is a piece of computer software that acts like it has a benign purpose, but is actually performing an ulterior malicious command, such as erasing files. A "virus" insidiously attaches itself to the operating system of any computer it enters and can infect any other computer that uses files from the infected computer.

computer virus

views updated Jun 08 2018

computer virus Part of a computer program designed to disrupt the operation of a computer, such as the irretrievable loss or alteration of data. Viruses in widely circulated free software may infect computers worldwide. A virus may remain undetected for months and then suddenly activate.

computer virus

views updated May 09 2018

com·put·er vi·rus • n. see virus.

About this article

computer virus

All Sources -
Updated Aug 13 2018 About encyclopedia.com content Print Topic

NEARBY TERMS

computer virus