How Computer Viruses Work

Virus History

Ah, the floppy disk: When most people were using these to store and transport computer programs, viruses spread like wildfire.
Ah, the floppy disk: When most people were using these to store and transport computer programs, viruses spread like wildfire.

Traditional computer viruses were first widely seen in the late 1980s, and came about because of several factors. The first factor was the spread of personal computers (PCs). Prior to the 1980s, home computers were nearly non-existent. Real computers were rare, and were locked away for use by "experts." During the '80s, real computers started to spread to businesses and homes because of the popularity of the IBM PC (released in 1982) and the Apple Macintosh (released in 1984). By the late 1980s, PCs were in businesses, homes and college campuses.

The second factor was the use of computer bulletin boards. People could dial up a bulletin board with a modem and download programs of all types. Games were extremely popular, and so were simple word processors, spreadsheets and other productivity software. Bulletin boards led to the precursor of the virus known as the Trojan horse. A Trojan horse masquerades as a program with a cool-sounding name and description, enticing you to download it. When you run the program, however, it does something uncool, like erasing your hard drive. You think you're getting a neat game, but instead, you get a wiped-out system. Trojan horses only hit a small number of people because they're quickly discovered, and word of the danger spreads among users.

The third factor that led to the creation of viruses was the floppy disk. In the 1980s, programs were small, and you could fit the entire operating system, a few programs and some documents onto a floppy disk or two. Many computers did not have hard disks, so when you turned on your machine it would load the operating system and everything else from the floppy disk. Virus authors took advantage of this to create the first self-replicating programs.

Early viruses were pieces of code embedded in a larger, legitimate program, such as a game or word processor. When the user downloads and runs the legitimate program, the virus loads itself into memory --­ and looks around to see if it can find any other programs on the disk. If it can find one, it modifies the program to add the virus's code into that program. Then the virus launches the "real program." The user really has no way to know that the virus ever ran. Unfortunately, the virus has now reproduced itself, so two programs are infected. The next time the user launches either of those programs, they infect other programs, and the cycle continues.

If one of the infected programs is given to another person on a floppy disk, or if it is uploaded so other people can download it, then other programs get infected. This is how the virus spreads -- similar to the infection phase of a biological virus. But viruses wouldn't be so violently despised if all they did was replicate themselves. Most viruses also have a destructive attack phase where they do real damage. Some sort of trigger will activate the attack phase, and the virus will then do something -- anything from displaying a silly message on the screen to erasing all of your data. The trigger might be a specific date, a number of times the virus has been replicated or something similar.

In the next section, we will look at how viruses have evolved over the years.