Synonyms: Computer virus, Malicious program, Classic virus
Today the term virus is often loosely used to refer to any type of malicious program, or is used to describe any ‘bad thing’ that a malicious program does to a host system. Strictly speaking, however, a virus is defined as program code that replicates.
Of course, this simple definition leaves plenty of scope for further sub-division. Sometimes viruses are further classified by the types of object they infect. For example, boot sector viruses, file viruses, macro viruses.
Or they may be classified by the method they use to select their host. ‘Indirect action file viruses’ load into memory and hook into the system such that they can infect files as they are accessed. Conversely, ‘direct action file viruses’ do not go memory resident, simply infecting a file (or files) when an infected program is run and then ‘going to sleep’ until the next time an infected file is run.
Another way of classifying viruses is by the techniques they use to infect. There are ‘appending viruses’ that add their code to the end of a host file, ‘prepending viruses’ that put their code at the start of a host file and overwriting viruses that replace the host file completely with their own code. By contrast, companion viruses and link viruses avoid adding code to a host file at all.
Then there are stealth viruses that manipulate the system to conceal changes they make and polymorphic viruses that encrypt their code to make it difficult to analyze and detect.
Of course, there are also viruses that fail to work: they either fail to infect or fail to spread. Such would-be viruses are sometimes referred to as ‘wanabees’.
The term variant refers to a modified version of an existing piece of malicious code. Virus writers are often quick to create new versions of a virus, worm or Trojan that has been ‘successful’, or if the source code for the malware has been published.
A VPN is used to provide remote users with secure access to the private network of a corporation or other organization, over the Internet (rather than using an expensive dedicated leased line). Privacy is maintained by implementing encryption and other security features, preventing unauthorized access to the private network.
Synonyms: Virus signature
Virus definitions (or signatures) contain a unique sequence of bytes used by an anti-virus program to identify each piece of malicious code. Signature analysis is one of the key methods used to find and remove malicious code.
However, as with a formal program, it’s also possible to use VBS to create malicious code. Since a script can be easily embedded in HTML, a virus author can embed a malicious script within an HTML e-mail: and when the user reads the e-mail, the script runs automatically.
VoIP is a technology that lets subscribers to the VoIP service make telephone calls using a computer network that supports IP [Internet Protocol]. VoIP converts the analog signal used in a converntional telephone, into a digital signal that can be carried over the Internet in packets (and converts it back again at the other end).
This means that users with a broadband Internet connection can replace their existing telephone connection with VoIP. Some VoIP services only allow telephone calls to people using the same service. Others allow calls to any number. Some VoIP services work just through the computer. Others require a special VoIP telephone or a VoIP adapter fitted to a conventional telephone.
A vulnerability is a bug or security flaw in an application or operating system that provides the potential for a hacker or virus writer to gain unauthorized access to, or use of, a user’s computer. The hacker does this by writing specific exploit code.
Once a vulnerability has been discovered (either by the developer of the software or someone else) the vendor of the application typically creates a ‘patch’ or ‘fix’ to block the security hole. As a result, vendors, security experts and virus writers are engaged in a never-ending race to find vulnerabilities first.
During recent years, the time-lag between the discovery of a vulnerability and the creation of exploit code that makes use of it has diminished. The worse-case scenario, of course, is a so-called ‘zero-day exploit’, where the exploit appears immediately after the vulnerability has been discovered. This leaves almost no time for a vendor to create a patch, or for IT administrators to implement other defensive measures.