Computer viruses

What Are Computer Viruses?

Computer viruses are malicious programs that replicate by inserting copies of their code into other programs, files, or the boot sectors of storage media, spreading to new hosts when infected material is executed or accessed. The term was formally defined by Fred Cohen in 1983, following laboratory experiments on a Digital Equipment Corporation VAX system in which he demonstrated self-replicating code as a computer security threat. Unlike some other categories of malware, a virus by definition requires a host file or program to carry and propagate it; the virus code executes when the infected host is run, at which point it seeks new files or media to infect.

Computer viruses represent a sub-category of the broader class of malicious software documented in NIST Special Publication 800-83, which provides guidance on malware incident prevention and handling for enterprises. SP 800-83 distinguishes viruses from worms, Trojan horses, spyware, and other malware types based on replication mechanism and behavior, though modern malware often combines characteristics from multiple categories in what are called blended attacks.

Virus Structure and Propagation

A computer virus typically contains three functional components: an infection mechanism, a trigger, and a payload. The infection mechanism identifies target files or storage locations and inserts the viral code, extending the virus's reach with each execution. The trigger is the condition, often a date, a counter reaching a threshold, or a specific user action, that activates the payload. The payload is the damaging or disruptive action the virus performs: deleting files, encrypting data, displaying messages, or opening a network connection. Early viruses targeting IBM-compatible PCs, including the Brain virus first observed in 1986, spread via infected floppy disk boot sectors. Later variants used macro languages embedded in document formats such as Microsoft Word to propagate through email attachments, broadening attack surfaces substantially.

Computer worms are a closely related but distinct category of self-replicating malware. Unlike viruses, worms do not require a host file; they are self-contained programs that propagate across networks by exploiting software vulnerabilities, open network shares, or email systems, without user interaction. The Morris Worm of 1988, which exploited vulnerabilities in Unix sendmail and fingerd, is among the first documented instances of a worm causing widespread disruption on interconnected networks. The NIST Computer Security Resource Center glossary defines worms as self-replicating, self-contained programs that typically execute without user intervention, contrasting them with viruses that depend on a host. Contemporary malware frequently blends worm-style network propagation with virus-style file infection and additional components such as rootkits or botnet command-and-control functionality.

Detection and Anti-virus Defenses

Anti-virus software detects and removes malicious programs using several complementary techniques. Signature-based detection compares file contents against a database of known malware patterns; it is effective for recognized threats but cannot detect novel variants. Heuristic analysis examines program behavior or structure for characteristics associated with malware even when no exact signature matches. Behavioral detection monitors running processes for suspicious activity such as attempts to modify executable files or disable security software. Because virus authors routinely modify code to evade signature matching, anti-virus products depend on frequent definition updates. Endpoint detection and response (EDR) platforms extend these capabilities with continuous telemetry collection and automated response actions. The IEEE Transactions on Information Forensics and Security publishes research on malware analysis, detection algorithms, and defense mechanisms.

Applications

Computer viruses and the defenses against them have implications across a wide range of fields, including:

  • Enterprise cybersecurity, where virus detection and endpoint protection are baseline security controls
  • Computer crime investigation and digital forensics, examining infected systems for evidence
  • Critical infrastructure protection, addressing malware threats to industrial control and SCADA systems
  • Software supply chain security, detecting malicious code inserted into development tools or repositories
  • Consumer device security, protecting personal computers and mobile devices from self-replicating threats
Loading…