How Do Viruses Spread?

 

In the early days of home computers most viruses were spread through floppy disks.  Usually the virus was found attached to a game or application and was download from a Bulletin Board Service or office network.  The program was then spread slowly from computer to computer via floppy or uploaded to another bulletin board service.  These types of viruses are called File Viruses.  They usually infect .exe and .com files which are the main executable files which make your programs run.  A file virus inserts its code into these .exe and .com files and start spreading as soon as you run the program.  Most file viruses are memory resident, meaning they stay active as long as the computer is left on, and each time you start another program it becomes infected as well.  Restarting the computer will usually stop the infection but will not fix files that are already corrupted, and running a previously infected program will start the whole process over again.  In the simplest file viruses the virus code will overwrite the program or applications .exe files causing the program not to run.  More complex file viruses can cause more damage, spread easier and can be a lot harder to detect.

 

As technology progressed so did virus writers and new methods of infecting computers were developed.  Virus writers discovered that by writing their virus to the boot sector of a floppy disk or hard drive, they could guarantee that the virus code would be executed.  The boot sector is the very first section of data on your drive and the part that tells your computer how to boot properly.  Since they are written to the boot sector, these types of viruses take control before the operating system even starts.  Since the code in Boot Sector viruses are not platform specific they can infect any PC operating system.  Once booted these viruses stay in ram and can infect any writable media read by the computer.

 

Further advances in computer power and the increase in average program size have caused file and boot sector viruses to loose a lot of their edge.  Though it is still possible to find them it is quite uncommon.  Most of the reason for this is that a majority of software is now sold on compact disk.  Store bought compact disks cannot be modified making viral infection outside the manufacturing plant impossible.  Boot sector viruses have also declined because most operating systems including Mac OS, Windows and Linux have built in boot sector protection.

 

The most common form of virus today is the e-mail virus.  An email virus spreads through an attachment on an email.  In 1999 a virus was created called Melissa that spread like wildfire and wreaked havoc on many of the worlds businesses as well as home users.  Initially the virus was posted as a word document on an internet newsgroup.  Anyone who downloaded the document and opened it infected their computer.  The virus itself would then send the document to anyone listed in the persons address book, after spreading it would then infect an important file called normal.dot so that any other files saved also contain the virus.  Since the email appeared to come from friends, relatives or co-workers, most people would open the document assuming it was harmless.  Once the email was opened, the virus then spread itself from the new infected computers address book and the process repeated itself.  Melissa was one of the fastest spreading and most damaging viruses ever created; in fact many companies had to temporarily shut down their mail servers to deal with the problem.  Melissa took advantage of a programming language built into Microsoft Office called Visual Basic for Applications.  It is a fairly complex language that can be programmed to modify files, and send email messages.  Melissa’s attack was created by taking advantage of a feature called auto-execute which would automatically run a VBA script when the user opened the email.  Since Melissa Microsoft applications such as Outlook and Outlook express have a feature called Macro Virus Protection.  By default the protection is turned on, causing a box to pop up on the screen asking fro permission to run the code.  Unfortunately most people either don’t know, don’t care or don’t pay attention to the warnings and the code is executed anyway.

 

The next big virus was the ILOVEYOU virus.  It appeared in 2000 and required a bit more human interaction but still spread rapidly.  It contained its payload in the form of an attachment.  When people received the email and double clicked the attachment the code would execute.  It spread via the infected computes address book much like Melissa and then started corrupting files on the user’s computer.  The unique problem with ILOVEYOU was that it was almost completely human powered.   The virus activated only when a person clicked on the attached program.  Unfortunately it seems more people did click and didn’t.