How Computer Viruses Function

Though it may sound strange, the computer virus is a kind of marvel of the Information Age. On one hand, viruses expose our vulnerabilities—when carefully crafted, they can wreak havoc, disrupting work and causing billions in damage. On the other hand, they reveal how advanced and connected humans have become.

Take the Mydoom worm, for instance, which infected around a quarter-million computers in just one day in January 2004. In March 1999, the Melissa virus was so powerful that it forced Microsoft and several other large corporations to shut down their email systems until the virus was contained. The ILOVEYOU virus in 2000 had a similarly disastrous impact. In January 2007, the Storm worm emerged, and by October, experts believed it had infected up to 50 million computers. Quite impressive, considering many viruses are quite simple in design.

News reports often mention various types of electronic infections. The most common ones include:

This article covers a range of viruses—everything from traditional ones to e-mail viruses and even threats that could target your mobile phone. You'll learn how they work and discover how to protect yourself from these digital dangers.

Virus Origins

Computer viruses earned their name because they share similarities with biological viruses. Just as a biological virus spreads from person to person, a computer virus moves from one machine to another.

A virus, unlike a living cell, cannot reproduce on its own. Instead, a biological virus injects its DNA into a cell. The viral DNA then uses the cell's machinery to make copies of itself. In some cases, the cell bursts from being overwhelmed with new viral particles, releasing them into the body. In other cases, the new virus particles detach from the cell one by one, leaving the cell alive.

Just like a biological virus needs a cell to hitch a ride on, a computer virus must attach itself to another program or document to get started. Once it's active, it can spread to other programs or files. While the comparison between computer and biological viruses isn't perfect, the similarities are enough for the name to stick.

Computer viruses are created by people. Someone has to write the code, test it to ensure it spreads effectively, and then release it into the wild. The person also designs the virus's attack phase, whether that’s just an annoying message or the destruction of a hard disk. But why do they do it?

There are at least four reasons. The first is rooted in the same psychology that drives vandals and arsonists. Why would someone break a car window, deface a building, or burn down a beautiful forest? For some, destruction itself can be a thrill. If these individuals are also skilled in computer programming, they might channel that energy into creating harmful viruses.

The second reason is the thrill of watching things get destroyed. Some people are drawn to things like explosions or car accidents. As a kid, there may have been someone in your neighborhood who learned to make gunpowder and kept making bigger bombs until either boredom or injury set in. Creating a virus is similar—it’s like building a virtual bomb inside a computer, and the more machines it infects, the more “fun” the explosion becomes.

The third reason has to do with bragging rights. It’s like climbing Mount Everest—the challenge is there, so someone has to conquer it. If you're the type of programmer who spots a security flaw, you might feel compelled to exploit it yourself before anyone else gets the chance.

Then, there's the cold, hard cash. Viruses can deceive you into buying counterfeit software, steal your private information to access your funds, or be sold in the digital underground. Powerful viruses are highly sought after—and can be very profitable tools.

Of course, many virus creators seem to overlook the fact that their creations cause genuine harm to real people. Wiping out someone's hard drive is real damage. Forcing a large corporation to spend thousands of hours recovering from a virus attack is real damage. Even a simple prank message is real damage because it wastes someone's time. This is why the legal system is steadily increasing penalties for those who develop viruses.

Virus History

Traditional computer viruses started to make their appearance in the late 1980s, emerging due to several factors. One key factor was the rise of personal computers (PCs). Before the 1980s, home computers were almost unheard of. True computers were rare and mostly restricted to "experts". In the 1980s, real computers became more common in both homes and businesses, thanks to the popularity of the IBM PC (released in 1982) and the Apple Macintosh (released in 1984). By the late '80s, PCs were widespread across workplaces, households, and universities.

The second factor was the advent of computer bulletin boards. People could connect to a bulletin board via a modem and download all sorts of programs. Games were especially popular, but so were word processors, spreadsheets, and other productivity tools. Bulletin boards were a precursor to the Trojan horse virus. A Trojan horse pretends to be an exciting program, tricking you into downloading it. However, when you run the program, it might erase your hard drive instead of delivering the game you expected. These Trojan horses only affected a small group of users because they were usually discovered quickly, and the word would spread among users.

The third factor behind the emergence of viruses was the floppy disk. In the 1980s, programs were small enough to fit an entire operating system, a few programs, and some documents onto a floppy disk or two. Since many computers didn’t have hard disks, the machine would boot from the floppy disk, loading everything from there. Virus creators took advantage of this, crafting the first self-replicating programs that spread across floppy disks.

Early viruses were pieces of code hidden within larger, legitimate programs like games or word processors. When a user downloaded and ran the program, the virus would load itself into memory and search for other programs on the disk. If it found one, it would modify it by adding the virus code. Afterward, the virus would allow the "real program" to run. The user wouldn't realize the virus had activated, but now the virus had duplicated itself. Each time the user opened one of those infected programs, the virus would spread further, creating a never-ending cycle of infection.

If one of the infected programs is shared with someone else via a floppy disk or uploaded for others to download, it continues to spread. This is how viruses replicate, much like the infection process in biological viruses. However, viruses wouldn't be as widely despised if all they did was replicate. Most viruses also feature a destructive attack phase. Once triggered, the virus will perform some harmful action, ranging from displaying a silly message to erasing all of the user's data. The trigger could be a specific date, the number of replications, or some other factor.

In the following section, we'll explore the ways in which viruses have evolved over time.

Virus Evolution

Over the years, virus creators have added more sophisticated techniques to their arsenal. One of these is the ability to load viruses directly into memory, allowing them to run continuously as long as the computer remains on. This enables viruses to replicate more efficiently. Another innovation is the ability to infect the boot sector of floppy disks and hard drives. The boot sector is a small program that loads the operating system when the computer starts. By placing its code there, a virus can ensure it gets executed every time the system boots, automatically loading into memory and running while the computer is on. Boot sector viruses are particularly dangerous because they can infect any floppy disk inserted into the machine. On college campuses or other places where people frequently share computers, they can spread rapidly.

Today, both executable and boot sector viruses are not as much of a threat as they once were. This decline is largely due to the size of modern programs. Most software today comes on compact discs (CDs), which are read-only and cannot be altered. This makes it highly unlikely for a virus to infect a CD, unless it was deliberately included during production. People no longer exchange programs on floppy disks like they did in the 1980s, when floppies filled with software were traded like collectible items. Additionally, boot sector viruses have become less of a concern due to operating system features that now protect the boot sector.

While infection by boot sector and executable viruses is still possible, it is far less likely than it used to be. It's similar to what biologists might call a "shrinking habitat." The conditions that allowed these viruses to thrive in the 1980s—small programs, floppy disks, and weak operating systems—have mostly disappeared. Today, large executable files, unmodifiable CDs, and stronger operating system protections have drastically reduced the risk of these types of infections.

E-mail viruses are likely the ones you recognize most easily. We will delve into them further in the next section.

E-mail Viruses

Virus creators adjusted to the evolving tech landscape by developing the e-mail virus. A notable example is the Melissa virus from March 1999, which gained attention due to its aggressive nature. Melissa spread through Microsoft Word documents attached to e-mails, and it functioned in the following manner:

The virus was embedded in a Word document and uploaded to an Internet newsgroup. Anyone who downloaded and opened the document would activate the virus. It would then send the document, along with itself, in an e-mail to the first 50 people in the user's address book. The e-mail featured a friendly note with the sender's name, which made the recipient more likely to open it. Once the document was opened, the virus would generate 50 new messages from the infected machine. This rapid propagation made Melissa the fastest-spreading virus of its time, prompting several major companies to shut down their e-mail systems to curb its spread.

The ILOVEYOU virus, which emerged on May 4, 2000, was even simpler. It consisted of a small piece of code attached to an e-mail. By double-clicking the attachment, users unknowingly activated the virus, which then sent copies of itself to everyone in the victim's address book. Simultaneously, it began corrupting files on the infected machine. This virus was incredibly basic, more resembling a Trojan horse distributed through e-mail rather than a traditional virus.

The Melissa virus exploited the programming language integrated into Microsoft Word, known as VBA (Visual Basic for Applications). This full-featured programming language enables users to write programs that can manipulate files and send e-mails. A key feature of VBA is its auto-execute function, which allows a program to run automatically as soon as the document is opened. This is how the Melissa virus was able to execute; anyone who opened an infected document would instantly trigger the virus. It would then send out 50 e-mails and infect a key file, NORMAL.DOT, so that future documents would carry the virus, creating widespread chaos.

Microsoft applications have built-in Macro Virus Protection to defend against this type of virus. When activated (which is the default setting), it disables the auto-execute function. If a document tries to run viral code, a warning dialog appears. However, many users are unaware of what macros or macro viruses are, and they often ignore the warning, allowing the virus to execute. Even worse, some users disable the protection feature altogether, enabling viruses like Melissa to spread despite the protective measures.

The ILOVEYOU virus was entirely reliant on human action. When someone double-clicked the attachment, the virus would run and begin its destructive work. The human tendency to click on attachments without suspicion fueled this virus’s success. Similar exploits have also spread via instant messaging platforms like AIM and Windows Live Messenger. Hijacked accounts would send virus-laden links to their contacts, and anyone who clicked on the link and installed the malicious program would have their own account compromised, inadvertently sending the same harmful link to their own friends.

Having discussed e-mail viruses, it's now time to shift focus to worms.

Worms

A worm is a type of computer program that has the ability to spread itself across different systems. As they replicate, worms consume processing power and network bandwidth, and they often carry harmful payloads that can cause significant damage. One such worm, Code Red, made major headlines in 2001, with experts predicting it would slow down the entire Internet to the point of near-collapse.

Typically, worms exploit vulnerabilities in software or operating systems. For example, the Slammer worm (which wreaked havoc in January 2003) took advantage of a flaw in Microsoft's SQL server. Wired magazine offered an intriguing look into the small but destructive 376-byte program that caused chaos.

Worms typically spread by using computer networks to infect other machines. Once on a network, a worm can replicate itself at an exponential rate. For instance, the Code Red worm managed to produce over 250,000 copies in just nine hours on July 19, 2001 [Source: Rhodes].

While the Code Red worm did slow down Internet traffic as it replicated, it didn’t cause as much disruption as initially feared. Each copy of the worm searched the Internet for unsecured Windows NT or Windows 2000 servers lacking the required Microsoft security patch. When it found such servers, it copied itself onto them, creating a new wave of replication. With enough vulnerable servers, a worm could potentially generate hundreds of thousands of copies.

The Code Red worm was programmed with three primary objectives:

After successfully infecting a system, Code Red would wait until the scheduled time and attempt to connect to the www.whitehouse.gov domain. The attack would involve infected systems simultaneously sending 100 connections to port 80 of the White House site (198.137.240.91).

In response, the U.S. government changed the IP address of www.whitehouse.gov to counter the worm's attack. Additionally, they issued a public warning, advising users of Windows NT or Windows 2000 web servers to ensure they had installed the necessary security patch.

In 2007, a new worm called Storm made a significant impact. Using social engineering tactics, Storm tricked users into unknowingly installing the worm on their computers. It quickly became one of the most successful malware strains in history, with estimates suggesting that it infected anywhere from 1 million to 50 million computers [source: Schneier]. Anti-virus companies adapted, learning to detect the worm even as it morphed, but Storm's success was undeniable. At its peak, it was believed to be responsible for 20 percent of all the spam emails circulating on the Internet [source: Kaplan].

When the worm is executed, it opens a back door into the infected system, adds the machine to a botnet, and installs hidden code. Botnets consist of smaller peer-to-peer networks, making them harder to detect compared to larger ones. Experts speculate that the controllers of Storm rent out these micro-botnets to send spam, adware, or launch denial-of-service attacks on websites.

Viruses were a significant concern during the early days of the Internet's expansion. While they still exist today, advances in anti-virus software since the mid-2000s, along with more secure web browsers and operating systems, have mitigated much of the threat. Could the primary danger of the 2010s shift from PCs to smartphones?

Viruses In the 2000s and Beyond

New viruses continue to emerge, but it's uncommon for a worm or exploit to make the same significant impact that Storm did. The 10 Worst Computer Viruses of All Time wreaked havoc at the turn of the century and into the early 2000s. During that time, computers were prime targets: Anti-virus software was costly and unreliable, Microsoft's Internet Explorer was highly vulnerable, and most PC users were unaware of how quickly viruses could spread online. In recent years, viruses have had less of an impact for various reasons.

People are becoming more knowledgeable about viruses. Free anti-virus programs are easy to find and download. Microsoft suggests using its own Security Essentials, while companies like AVG and Avast offer free alternatives. In general, computer software is now designed with the Internet in mind, making it less vulnerable to viruses. For example, compare today's Chrome and Firefox browsers to the problematic Internet Explorer 6, which was patched for over ten years after its 2001 release. Viruses still exist, however—take the 2009 worm Downadup, which infected millions of computers in a matter of days. We’ve simply become better at managing them.

There are more viruses now than ever before for anti-virus software to track. These programs will automatically update themselves on a regular basis—often daily—to protect against the latest virus variations circulating the Internet. For instance, you can look at Avast's Virus Update History to see how many Trojans, worms, and other malicious code types are being added to their database daily.

With the rise of smartphones and tablets, it's now easier than ever to browse the Internet without risking a virus. Why? Because viruses are typically tailored to specific platforms. A virus meant to attack Windows won't work on Apple's Mac operating system, as the coding behind these systems is completely different. The same applies to mobile operating systems like Android and iOS, which are also coded differently than PC systems. Viruses designed to damage your computer can't affect mobile devices.

However, mobile devices aren’t entirely immune. There are viruses designed to steal personal information from Android phones. Because Apple's iOS is a closed-source platform, unlike the open-source Android, it's harder to target with viruses. Also, Windows is still a more attractive target. While mobile viruses are likely to grow as smartphone usage increases, as of 2011, they remain a minor concern.

Next, we’ll explore how to patch your PC and other measures you can take to safeguard your computer.

How to Safeguard Your Computer from Viruses

Protecting yourself from viruses can be done with just a few easy steps:

If you are genuinely concerned about traditional viruses (as opposed to e-mail viruses), it's a good idea to use a more secure operating system like Linux, or, to a lesser degree, Apple's Mac OS X. Viruses are rare on these systems because they make up such a small portion of the market, which results in far fewer viruses targeting them compared to the Windows operating system. While Apple’s OS X has had its fair share of viruses, the majority of viruses are still mainly an issue for Windows users.

If you're on an unsecured operating system, installing antivirus software is a wise step to protect yourself. There are many free antivirus programs available online to help keep you safe.

By simply avoiding software from unknown sources (such as the Internet), and sticking to commercial software bought on CDs, you can eliminate almost all the risk associated with traditional viruses.

Make sure Macro Virus Protection is activated in all Microsoft applications, and NEVER run macros in any document unless you fully understand their function. There's rarely any valid reason to include macros in a document, so avoiding them altogether is a smart policy.

Never double-click an email attachment containing an executable. Attachments like Word documents (.DOC), spreadsheets (.XLS), or image files (.GIF) are data files and can't cause harm (with the exception of the macro virus issue in Word and Excel files mentioned earlier). However, viruses can also be hidden in .JPG image file attachments. Files with extensions such as EXE, COM, or VBS are executable files, and these can cause any kind of damage. Running such a file gives it unrestricted access to your machine. The best protection is simple: never run executables received via email.

By following these straightforward steps, you can keep your system free from viruses.