What is a computer virus?

(To Alessandro Rugolo)
Someone argues that when it comes to disclosure in the cyber sector, everything is fine to get the message across of the dangers we face today. With "everything is fine", however, the incompetence of the writer is often justified, often attributing the blame to the reader's ignorance.

I don't think so.

So here, after last month's piece with which I tried to explain in a simple but correct way the meaning of DDoS (read article "DDoS and viruses"), I am going to explain what a computer virus

I am sure that many know what we are talking about, so they may find the article too simple or trivial, but I am equally sure that many will benefit from it or, I hope, to turn it over to some friend or young person who is approaching the matter and may therefore find it useful.

Let's start with the basics: the definition!

Sounds simple, doesn't it? It should be enough to open the browser and find a good vocabulary or encyclopedia that can provide us with what we asked for. Yet this is not the case. Anyone who has used the internet, perhaps for work, knows that the problem is not not finding things but on the contrary, finding too many. Then it is necessary to learn to do targeted searches and to use reference sites of which we can have the reasonable certainty that they are reliable.

As I have said on other occasions, one of the sources that has always given me satisfaction is the NIST website (National Institute of Standards and Technologies of the Department of Commerce of the United States of America).

Naturally, NIST too, producing legislation for different purposes, often uses definitions with different levels of detail. So it can be found that a virus is simply "A program that replicates itself by attaching to other programs or files, where it hides until activated"1or, with a greater level of detail: "A hidden, self-replicating section of computer software, usually malicious logic, that propagates by infecting (ie, inserting a copy of itself into and becoming part of) another program. A virus cannot run by itself; it requires that its host program be run to make the virus active "2

If you are curious, at the end of the article I have inserted a link to the NIST page where all the virus definitions are listed.

For the purpose I set out with this article, the second definition is the one I will consider.

Therefore, a virus is a piece of software generally malevolent, able to replicate, that attaches or replaces to a software that hosts it and that activates it upon its execution

Some History

I am convinced that the definition alone is not enough to understand what a virus is, so I think it is always interesting to read some articles on the history of computer viruses.

I'll point out two of them. The first article is published on the Kaspersky website with the title of "A brief history of Computer Viruses & what the future holds". We thus discover that viruses have a father who is certainly known to all those who have studied computer science like me. It is John von Neumann who in 1966 published a text in which he discussed the possibility for an artificial organism (such as a piece of code) to reproduce and be potentially harmful like a biological virus. A few years later a young man named Bob Thomas created a program called Creeper, with the aim of verifying the theory of the possibility of self-replication of a computer code. Creeper it was not malicious and did not spread by infecting a host program, so on closer inspection it is not really a virus but another category of code that is called Worm and which at the moment is not the object of our attention. In any case, there are many to consider Creeper like the first virus.

In 1974 it was developed Rabbit (Also known as wabbit), a malicious program capable of self-replicating and absorbing the infected computer's resources, slowing it down and causing it to crash. The first IBM computer virus was called "Brain". It was developed in 1986 (thirty-six years ago!) And acted by infecting the boot sector of floppy disks thus facilitating contagion with the exchange of floppies between users.

The second article is instead entitled "A short history of computer viruses"and it is interesting to note that, among other things, it talks about the first malware capable of spreading very quickly on the internet, known as the Morris worm. Again I must say that in fact it was a worm which in a matter of hours infected about 15.000 computers.

Another fairly well-known virus is "Melissa". It is a virus released in 1999 that spread through the use of a word attachment sent by email with outlook. Once active, it would take the first fifty addresses of the victim's address book and send them the infected word document.

I think it is appropriate to summarize the essential things to remember:

- first of all, very often there is confusion between virus e worm, which are often united even if technically they are two different things. THE virus, which, as mentioned, infect a file that hosts them, are transmitted when the file that hosts them is exchanged or sent, perhaps via email, whatsapp or other. THE worm they spread without the need for a host file;

- viruses are generally malicious.

That said, a simple caveat: always pay attention to the files you receive and if you are not expecting anything do not open the attached documents!!!

The history of viruses is much broader than what is written in these few lines and is, in my opinion, very interesting but I leave the burden to you to deepen.

What awaits us in the future

No doubt nothing good. The number of viruses or others malicious software categories it is soaring and it is often not easy to even categorize threats. The job market requires more and more cyber security experts but schools are unable to cover the needs. In many countries, the work of a cybersecurity expert is often underpaid and, worse, completely misunderstood. This causes many problems in small and medium-sized companies but also in the entire public administration. It should be remembered that when we speak of virus we are referring not only to those of personal computers but also to other types of devices, from smatphones to IoT (networked devices such as surveillance cameras ...) and to the whole world of industrial devices, home automation and shortly human interfaces - machine implanted directly on humans.

Finally, the best investment that can be made is in people. Every trained IT technician, every trained and educated employee can make the difference between a successful and a failed attack. The culture of cyber security and basic training is of fundamental importance to prevent damage that is often irreparable, and the cost is certainly lower than the damage caused by a cyber incident. 

Let's try to remember it in time, instead of crying over it when it's too late!

PS I thank all the friends of SICYNT extension for suggestions and reviews.

1NIST SP 800-28 rev 2. Trad: A program that replicates itself by attaching itself to other programs or files, which it uses to hide itself until activated.

2NIST SP 800-82 rev 2. Trad: A hidden, self-replicating, generally malicious section of software that propagates by infection (for example by inserting a copy of itself and thus becoming part) of another program. A virus cannot run itself, it requires the host program to run to be activated.

To learn more:

viruses - Glossary | CSRC (nist.gov)

A Brief History of Computer Viruses & What the Future Holds (kaspersky.com)

A short history of computer viruses (sentrian.com.au)

The very first viruses: Creeper, Wabbit and Brain. (infocarnivore.com)

Virus: W32 / Melissa Description | F-Secure Labs

rheinmetal defense