HOW INFECTIONS OCCUR
Computer viruses activate when the instructions—or executable code—that run programs are opened. Once a virus is active, it may replicate by various means and tries to infect the computer’s files or the operating system. For example, it may copy parts of itself to floppy disks, to the computer’s hard drive, into legitimate computer programs, or it may attach itself to e-mail messages and spread across computer networks by infecting other shared drives. Infection is much more frequent in PCs than in professional mainframe systems because programs on PCs are exchanged primarily by means of floppy disks, e-mail, or over unregulated computer networks.
Viruses operate, replicate, and deliver their payloads only when they are run. Therefore, if a computer is simply attached to an infected computer network or downloading an infected program, it will not necessarily become infected. Typically a computer user is not likely to knowingly run potentially harmful computer code. However, viruses often trick the computer's operating system or the computer user into running the viral program.
Some viruses have the ability to attach themselves to otherwise legitimate programs. This attachment may occur when the legitimate program is created, opened, or modified. When that program is run, so is the virus. Viruses can also reside on portions of the hard disk or floppy disk that load and run the operating system when the computer is started, and such viruses thereby are run automatically. In computer networks, some viruses hide in the software that allows the user to log on (gain access to) the system.
With the widespread use of e-mail and the Internet, viruses can spread quickly. Viruses attached to e-mail messages can infect an entire local network in minutes.
TYPES OF VIRUSES
There are five categories of viruses: parasitic or file viruses, bootstrap sector, multi-partite, macro, and script viruses.
Parasitic or file viruses infect executable files or programs in the computer. These files are often identified by the extension .exe in the name of the computer file. File viruses leave the contents of the host program unchanged but attach to the host in such a way that the virus code is run first. These viruses can be either direct-action or resident. A direct-action virus selects one or more programs to infect each time it is executed. A resident virus hides in the computer's memory and infects a particular program when that program is executed.
Bootstrap-sector viruses reside on the first portion of the hard disk or floppy disk, known as the boot sector. These viruses replace either the programs that store information about the disk's contents or the programs that start the computer. Typically, these viruses spread by means of the physical exchange of floppy disks.
Multi-partite viruses combine the abilities of the parasitic and the bootstrap-sector viruses, and so are able to infect either files or boot sectors. These types of viruses can spread if a computer user boots from an infected diskette or accesses infected files.
Other viruses infect programs that contain powerful macro languages (programming languages that let the user create new features and utilities). These viruses, called macro viruses, are written in macro languages and automatically execute when the legitimate program is opened.
Script viruses are written in script programming languages, such as VBScript (Visual Basic Script) and JavaScript. These script languages can be seen as a special kind of macro language and are even more powerful because most are closely related to the operating system environment. The "ILOVEYOU" virus, which appeared in 2000 and infected an estimated 1 in 5 personal computers, is a famous example of a script virus.