How computer viruses work

Sergey Romanov
For over 10 years, Sergey Romanov has worked in the field of information technology and cybersecurity. He is an expert instructor on information security courses at GeekBrains. He graduated from the Kazan Aviation Institute with a degree in “Information Security.”

What is a Virus?
A virus is a self-replicating program that embeds itself into user applications without permission. You may have encountered them when downloading files from unverified internet sources. Such a virus can lock your computer and demand payment to decrypt your data.

Common Motivations for Virus Creation
Viruses are often created for profit-driven motives:

  • Financial gain
  • Password interception
  • Theft of payment information
  • Mischief
  • Undermining competitors
  • Gaining access for further infiltration into corporate networks

Targeted Viruses
To compete with rivals, hackers may develop viruses tailored for specific operating systems, software, or security tools. Some viruses can even bypass specific antivirus programs if the hacker knows which antivirus is being used. A well-known example of a targeted virus is Stuxnet, which disrupted Iran’s uranium-enrichment centrifuges.

Mass-Distributed Viruses
Hackers more commonly design viruses for broad distribution. These viruses aim to reproduce themselves, spreading further. One prominent type is ransomware, which blocks access to data (often by encrypting it) and demands a ransom.

Early Viruses
Among the first viruses was the harmless 1981 Apple II virus “Elk Cloner,” which spread through removable media and displayed a poem after every 50 system launches. The 1988 Morris Worm paralyzed over 6,000 computers, marking the beginning of modern cybersecurity. The DATACRIME virus of 1989 also catalyzed security advancements, leading to the creation of the first antivirus program, VIRSCAN.

Initially, most viruses were harmless jokes or poorly written programs. For example, the Morris Worm was designed to wander the network and overwrite older versions of itself, but an overly high refresh rate caused repeated infections, slowing computers down.

Modern Viruses
Along with ransomware, the following are widespread today:

  • Trojans (steal and destroy data without replicating)
  • Worms (spread through networks and collect information)
  • Backdoors (give the hacker access to the infected computer)
  • Botnets (lie dormant until activated for attacks)
  • Downloaders (install other malware on the device)
  • Spyware (steal user information, including passwords)

Is It Difficult to Create a Virus?
A virus can be written in nearly any programming language. The choice depends on the hacker’s skill and the intended distribution method. A virus might appear as a macro in a Word file or executable code in a browser, or be coded in low-level languages.

With abundant online resources and generative AI that can produce code, virus creation is accessible to nearly any programmer. However, simple viruses are easily detected by antivirus programs. Modern antivirus solutions use heuristic algorithms, blocking programs based on suspicious behavior.

It’s important to remember that creating, using, or distributing viruses carries criminal liability (Article 273 of the Criminal Code of the Russian Federation), punishable by up to seven years in prison.

How to Protect Yourself from Viruses
Unless you control a major corporation, government body, or possess valuable data, you are unlikely to be a targeted victim of hackers. However, you could still fall victim to mass infections aimed at encrypting or stealing data from as many computers as possible.

Hackers typically target widely-used operating systems, so popular platforms face higher risks: Android (71% of smartphones globally) and Windows (69% of PCs) are prime targets.

Using iOS or Linux/macOS doesn’t guarantee immunity. For example, the KeRanger ransomware in 2016 and VirusTotal in 2022 targeted macOS.

Basic Security Guidelines

  1. Avoid plugging unknown USB drives into your computer.
  2. Don’t visit dubious websites; trusted sites are often marked by a safety tag in search engines like Yandex.
  3. Only visit HTTPS-protected websites (indicated by a lock icon).
  4. Avoid installing programs from unknown sources or downloading torrents.
  5. Be wary of suspicious links, even from friends—they could be phishing links from hacked accounts.
  6. Don’t store passwords on your computer, even in hidden folders.
  7. Use reputable paid antivirus software like Kaspersky, Dr.Web, or ESET NOD.
  8. Use complex passwords with uppercase letters, numbers, and special characters.

For easier password creation, the British NCSC recommends combining three random words, like “coffeetrainfish.” Adding capitalization and symbols, like “C0ffeeTrainFi$h,” strengthens it further.

Leave a Comment