How do viruses attack?

These computer viruses are not only a threat on a personal level, but sometimes the malware can even completely damage entire data structures of large organizations , such as hospitals, power plants, or any other installation essential for orderly operation. of a society, with the consequent damage to an entire community.

INTERESTING: Types of Antivirus

Introduction to computer viruses

With the advent of the Internet and real-time information age, the danger of these viruses multiplies, due to the fact that their transmission to any user who is not sufficiently protected against this digital threat is much easier. 

It is a fact known to all that computer viruses are among us, almost every day we can see in the news that important computer networks of large companies have gone down or that a friend  “had his machine filled with bugs.”

Many millions of dollars are lost annually in the repair or  reconfiguration of equipment and computer structures compromised by the actions of these viruses,  although perhaps the amounts invested in security aspects such as antivirus and consulting services in response to these attacks are higher.

The truth is that computer viruses are and will continue to be a major source of concern for the administrators of any information system  that handles sensitive data of a company or organization.  No less important is the loss of data and money that could be caused to any PC user in their home or office by  the entry of a virus by any means.

Likewise, let us take into account the fundamental role that mobile devices play when spreading any type of virus. This transmission of viruses could completely destroy any important information that we have stored in the computer,  from legal documents to our beloved photographic memories ,  which we may never be able to recover.

That is why it is necessary to be permanently protected from possible attacks by these malicious codes,  which may not only be monitoring our activity or stealing personal information,  but can also cause a series of damage to our computer equipment.

To learn more  about the different types of viruses and what are their ways of acting,  we invite you to read the report entitled “Classification of computer viruses “.

Basic notions about computer viruses How do viruses attack

There are a large number of viruses that differ by their composition, but above all by their way of acting within the computer environment, since some malicious codes are used to monitor the activity of users, others to steal sensitive information from them, and in the worst case to destroy the system and thus eliminate content from computers forever. In the next few lines  we will bring you the basic notions about viruses, along with some details about when this dangerous trend originated in the computer world.

What is a virus? 

Basically,  a computer virus is a program that among its design characteristics has the ability to be installed in any computer system , obviously without the consent or permission of the user who owns that equipment. It has also been designed to be small, an aspect that is essential for this type of virus, since it  helps PC viruses to spread more easily.

These small programs fulfill a specific function, which has been programmed by the author of the virus, and can perform tasks ranging from the simple observation and survey of our data, to the total destruction of a computer system, or even the disablement of some piece of hardware such as the motherboard BIOS.

A little history How do viruses attack

According to computer security experts,  the birth of computer viruses would have taken place in the famous technology laboratories of the Bell company,  at the end of the sixties, although the term “virus” would not begin to be used until well into the 80s.

This first computer virus,  developed as a pastime in the form of a game by four experts of the firm, whose names were Ken Thompson, Robert Morris, H. Douglas Mellory and Victor Vysottsky, consisted of trying to occupy memory space as quickly as possible RAM of the opposing device.

The first virus recognized as such, and in this case affecting an IBM 360 Series, was called “Creeper”  and had the particularity of being able to display the now famous phrase on the computer screen: “I’m a creeper. .. catch me if you can! “

From its early appearance in 1972 until its massification in the mid-1980s, due in large part to the expansion of computing in almost all areas,  viruses have accompanied us in the technological race, transforming and evolving with it.

How computer viruses attack. Infection methods

Viruses are becoming more and more sophisticated and today it is enough to copy a file to infect the entire system . Viruses remain in the memory of the computer and begin to infect everything that passes through the computer.

At present, and due to the vulnerability of computer systems to be permanently exposed by frequent use of the Internet, different types of viruses circulate that are modified and evolve in order to achieve their objectives.

What is the end of computer viruses?  Harm the user, either by stealing sensitive information that belongs to them, or by putting the operation of their equipment at risk.

That is why  there are an infinity of types of viruses , among which some of them stand out either because of their massive circulation or because of the damage they cause. Each of these viruses has been created based on operating under a certain methodology, to achieve the result expected by its creators.

In the following special report,  we will tell you some details of the working method used by the best-known and most widespread computer viruses today,  so that you can learn more about their operation, their mode of infection and their objectives, and of This way, you will be better prepared for a possible infection of your PC.

Resident-type virus  How do viruses attack

As its name indicates, this class of virus has  the particularity of being able to hide in sectors of the computer’s RAM memory and reside there, controlling any data input or output operation carried out by the operating system.

Its main mission is to  infect all files and programs that can be called for their execution , whether for copying, deleting or any other operation that can be performed with them.

While they remain hidden in the RAM of our computer, they  lie dormant awaiting any event that has been programmed by their developer to begin their attack.

This reaction can be triggered, for example, by having fulfilled a period of time on a scheduled date or time.

Direct-acting type virus

The fundamental characteristic that defines Direct Action type viruses is that they do not need to remain resident in the computer’s RAM memory, since  their method of starting their attack is to wait for a certain condition to be met in order to activate  and replicate and perform the task for which they were conceived.

In order to achieve its infection, this class of virus performs a search of all the existing files in its directory. They also have the peculiarity of searching in the directories that are listed in the PATH line   of the system configuration .

This type of virus has the peculiarity that after a file infection, these files can be completely restored, returning to the state prior to their infection.

Overwrite virus How do viruses attack

The virus of the type of overwriting have the ability to destroy all or part of the contents of a file infected by it, because when a file is infected by the virus, it writes data into it, leaving it totally or partially useless file.

A defining characteristic of this type of computer virus is that the files will not increase in size in the event of an infection, this is because the virus hides its code by replacing part of the code of the infected file.

This is one of the most harmful viruses circulating today. Unfortunately, one of the few ways that exist to eradicate the virus , the infected file is eliminated, with the consequent loss of the data written in it.

Boot type virus

As we all know, the boot sector or also known as MBR (Master Boot Record), is an area of ​​the hard disk where the operating system’s startup program resides . The kind of virus that attacks the boot sector will not infect files, but rather its main mission is to replicate itself on any other hard drive that is within reach.

It is a resident type virus, since when it is active in memory ,  one of the most important aspects at the time of determining its existence is the notorious decline in the figures that any count of the free memory of the system.

However,  the virus code does not incorporate any kind of harmful routine, except for its own replication.

Macro type virus

The main reason for creating these macro viruses is to be able to infect all those files that have the ability to run macros. These macros are small applications designed to facilitate the user’s task by automating certain complex operations that would otherwise be too tedious to carry out.

These micro-programs,  by containing executable code, are obviously also prone to containing viruses. The infection method used by viruses of this nature is simple. Once the file is loaded, these macros will be loaded into memory and the code will be executed, thereby causing the infection.

It should be noted that  most of these applications have built-in protection for macro viruses , although it is not always effective. Furthermore, the truth is that most of these viruses cannot attack all applications equally, because their code is written to attack a particular program.

The most important examples of this class of files are documents generated by Microsoft Word, whose extension is DOC, as well as Microsoft Excel files, whose spreadsheets have an XLS extension, Access files with an MDB extension, presentations Microsoft PowerPoint, and some files made by CorelDraw among others.

Link type virus How do viruses attack

The virus type link has the power to modify the specific address location of programs and files to start your infection, ie places where the operating system will search for these programs or files to run. The infection method used by this virus, as we mentioned, is to  alter the location of a certain program or file.

When the operating system or the user of the same need to execute this infected program or file,  what actually happens is the execution of the malicious code that carries the virus , thus causing the infection of any program with an EXE or COM extension. .

It should be noted that when a link-type virus infection occurs , it is practically impossible to locate the programs that have been replaced by their actions.

Encryption type virus

The developers of this peculiar class of viruses  use the encryption method by encryption to achieve the goal of not being discovered  by the scans carried out by antivirus applications.

Although it is not strictly a type of virus, it is a name given to a certain kind of technique used to hide them. This name can also be extended to viruses of other categories, such as polymorphic type viruses.

The virus encryption type,  have the ability to autoencriptarse, thus hiding the attempts by antivirus programs when performing their routines scan the system.

To fulfill the mission entrusted by its programmer,  the encryption virus will self-decrypt and once its task is finished it will return to its previous state , that is, it will encrypt itself.

In order to carry out their infection, encrypted viruses incorporate into their code the necessary algorithms for their encryption and decryption, because encryption is a technique that requires a key to encrypt and decrypt it, which is obviously not possessed by the user who has been infected.

It should be noted that  this class of virus can only be discovered by antivirus programs when they are running.

Polymorphic viruses How do viruses attack

The polymorphic virus, a very sophisticated technique that demands a lot of knowledge on the part of the developer,  are those viruses that have the ability to be encrypted in a different and variably with each new infection they do.

Its main characteristic is that  with each replication, they use different keys and encryption algorithms , so that the strings that make up their code, a kind of signature for antivirus systems, vary in such a way that they will never be able to match the existing signatures in the databases used by these antiviruses for their detection.

Due to the use of this complicated technique,  these viruses are capable of generating large numbers of copies of themselves, but never the same. 

Multipartite virus

We can consider, due to the studies and works carried out by computer experts around the world, that  this type of virus is currently one of the most harmful  that any user, both expert and novice, can find.

These viruses owe their dangerousness to the fact that they can carry out, through the joint use of different techniques and attack methods, multiple and varied infections. The main objective of its existence is the possibility of  destroying with its code all those files and executable programs that it has the possibility of infecting.

Among the preferred targets of this class of virus we can mention files, programs and applications, macros that incorporate office suites such as Microsoft Office, hard drives, removable storage units such as floppy disks, pen drives and memories of all kinds.

It should be noted that after an attack by a multipartite virus, the data contained in the infected items will be impossible to recover.

In addition to all these types of viruses,  there are currently others that, although they are not considered computer viruses,  the truth is that they act in a similar way to achieve similar results.

How viruses affect files

Viruses normally hide in executable files, such as EXE or COM, but they can do so in any file with data, the most common being SYS, .BIN, .PIF. They are also very frequent in office document files such as Microsoft Word or Microsoft Excel, which are used by millions of people and allow malicious code to be dragged when the document is opened. This causes the virus to immediately try to infect other files.

So that viruses can remain in our system without us noticing their presence, they usually modify the properties of the files where they are housed . The most common file properties that this type of virus modify to be able to camouflage itself in them are:

The virus increases the file size

When a virus infects a file, it usually needs to increase its size , however the most recent and sophisticated viruses manage to hide these properties from the operating system, making it go unnoticed.

The virus deletes the source

A virus that has access to the memory of a computer can erase the files that it used to infect the data, because then it passes into the memory, allowing it to infect all the files wherever it goes.

INTERESTING: Difference between software and hardware

The virus destroys and alters files

The virus can alter files, destroying information and making them unreadable to the operating system . It is one of the most common effects of personal data destruction viruses. It is common for EXE files to be modified into COM files to achieve separation from the original program with a greater degree of destruction.

Restart the computer

Another of the most frequent effects is affecting the proper functioning of the computer and the Operating System, preventing it from turning on, or achieving frequent restarting.

These are just some of the ways viruses attack files on computers,  but the effects depend only on the creativity of hackers.