Today the term virus is often loosely used to refer to any type of malicious program, or is used to describe any ‘bad thing’ that a malicious program does to a host system. Strictly speaking, however, a virus is defined as program code that replicates.

Of course, this simple definition leaves plenty of scope for further sub-division. Sometimes viruses are further classified by the types of object they infect. For example, boot sector viruses, file viruses, macro viruses.

Or they may be classified by the method they use to select their host. ‘Indirect action file viruses’ load into memory and hook into the system such that they can infect files as they are accessed. Conversely, ‘direct action file viruses’ do not go memory resident, simply infecting a file (or files) when an infected program is run and then ‘going to sleep’ until the next time an infected file is run.

Another way of classifying viruses is by the techniques they use to infect. There are ‘appending viruses’ that add their code to the end of a host file, ‘prepending viruses’ that put their code at the start of a host file and overwriting viruses that replace the host file completely with their own code. By contrast, companion viruses and link viruses avoid adding code to a host file at all.

Then there are stealth viruses that manipulate the system to conceal changes they make and polymorphic viruses that encrypt their code to make it difficult to analyze and detect.

Of course, there are also viruses that fail to work: they either fail to infect or fail to spread. Such would-be viruses are sometimes referred to as ‘wanabees’.

Read more:

• About viruses