Where do viruses hide?

 

It is important to know where viruses can hide. The first thing that must be clear is that in order to carry out its infection or totally or partially damage computer data, a virus must be executed. However, there is an increasing number of viruses (which are usually transmitted by e-mail), that can infect without needing to be executed. For example, there are viruses that propagate in an e-mail message and carry out their infection by simply displaying them in the pre-view pane (if this option is enabled in the e-mail program). In general, viruses hide in strategic places that allow them to spread their infection:

 

·      Executable files: Viruses insert themselves in executable files in order to be able to control the computer.

·      Documents with macros: Traditionally, non-executable files could not contain viruses or at least there was no point in them containing viruses since a virus in a non-executable file cannot carry out its actions. However, due to the latest technical advances, certain programs such as the Microsoft Office suite have included macros in non-executable files such as documents or spreadsheets. A macro is a set of instructions that can be executed by a certain program. In other words, a Microsoft Word document can contain a set of instructions that Word will run. This has widened the possibility for viruses to infect files, which, despite being non-executable, can contain macros.

·      Files attached to e-mail messages and the body of e-mail messages without attached files: Any type of file (executable or non-executable) can be attached to or included in an e-mail message. All e-mail messages and their attachments are usually stored in a single file. As the structure of this file is not standard and is not necessarily known, an antivirus could treat the message database in the same way as any other file and fail to detect a virus in it. A message could also be infected although it does not contain any attachments. This feature is used by certain types of viruses. The infection is carried out when the message is viewed in the preview pane as the virus is included in the text and not in a file.

·      Boot sector: The boot sector of a floppy disk or of a hard disk contains important information on the type of disk. This section also stores a program that is run when a computer is booted from a disk. Given that the program stored in the boot sector is able to run itself, it is also susceptible to being infected by a virus. A virus in the boot sector is also run if the computer is booted from a floppy disk, whether it is a boot disk or not.

·      Java Applets: Before, Internet pages or websites (HTML pages) could only contain text or graphics. However, due to the need to be able to create more complicated Web pages, this has changed. Today, Web pages can also contain small programs called Java applets. When an Internet browser downloads a Web page that contains these small programs, it executes them, in a similar way to a document that contains a macro. For this reason, Java applets are also susceptible to containing viruses. When they are downloaded to your computer they are scanned by the automatic file protection.

·      ActiveX Controls: ActiveX controls have the same function as Java applets. For this reason and given that they are also executable, they can also be infected by viruses. When they are downloaded to your computer they are scanned by the automatic file protection.

 

Platinum Internet Security can scan any of the areas mentioned above for viruses, offering the highest levels of protection.

 

For more information about viruses, consult the Virus Encyclopedia, on the Panda Software website.