As discussed previously, viruses are “any type of software that replicates itself by attaching code to other programs or data.” More specifically, computer viruses (often just shortened to “virus” and commonly, though incorrectly, used to refer to any malware infection) are bits of computer code or programs that rapidly replicate when they are run. They do this in one of two ways: a) replicating themselves identically to create more copies which in turn replicate themselves ad infinitum; or b) or infecting other programs on your system – including your hard drive or even the firmware of your hardware (e.g., the software that runs your printer or home router). Note that they cannot infect data that they are not designed to interact with!

Once a system is infected, the malicious code performs whatever purpose it was programmed to do. This is most commonly some harmful function such as compromising personal information (often stored in internet browsers), using up valuable hard drive space or CPU processing power, destroying data and stored files, or delivering a secondary malware payload (often a key logger, some variety of spam, or ransomware). Viruses might lock you out of your system entirely or use your email service to spam your entire address book with copies of its code to further infect new systems. Viruses, like rootkits, are often the “point of the spear” when it comes to new varieties of malware infection. Because of this constant improvement in capabilities, viruses are often the first things computer security companies concern themselves with, and research continues to find a viral “panacea” capable of more effectively detecting new and emergent viruses.

In general, a virus has three components: a) how it infects other machines (its “vector”) and what method it uses to propagate; b) what causes it to activate (its “trigger”), which can be as simple as “clicking on this file”; and c) its function or purpose (its “payload”) on your machine. All viruses include a basic method of finding other machines or files as well so they can self-propagate.

Once activated, a virus has four basic stages:

  1. Inactivity or dormancy phase – the virus is waiting for a trigger to proceed to the next stage. This is usually the start of the actual infection, e.g., the virus first finds its way to your system.
  2. Infectious phase – the virus has been triggered and is now infecting your system. This is the beginning of the virus’s propagation onto your system.
  3. Active phase – the virus will begin to perform whatever function it was programmed to do. This phase usually results in the virus looking for new systems to infect and gearing up toward the final phase.
  4. Executive phase – the virus delivers its payload (see above).

Stay tuned to our next post where we discuss how to avoid viruses and protect your system from them.