[Reading Time – 6 minutes 8 seconds]
It’s hard to think about much else than the coronavirus right now. And maybe we shouldn’t. But we can think about how this virus is similar to another type of virus: namely, a computer malware virus.
The Word “Virus”
Our English word “virus” is based on a Latin word meaning a “slimy liquid, poison, or poisonous secretion.” In late Middle English it was used for the venom of a snake, and in medieval times it referred to the discharge from an ulcer or wound. The word then evolved from the discharge to the substances within the body that caused the infectious diseases that produced the discharge. In 1799 Edward Jenner published his discovery that the “cow-pox virus” could actually be used as a vaccine against smallpox.
As biological science continued to advance the word “virus” became even more specific when referring to tiny infectious agents–even smaller than bacteria–that replicate in living cells. This new field of “virology” exploded in the 1930s when electronic microscopes allowed scientists to see viruses for the very first time. Since then scientists have continued to identify and name new biological viruses. “Coronaviruses” were first widely reported in 1968 in the journal Nature. They are so named because the fringe around the virus (when seen through an electron microscope) resembles the corona of the sun.
A biological virus like COVID-19 is an agent that reproduces inside a cell. When a cell is infected by a virus, the virus takes over the operation of that cell, converting it into a virtual factory to make more copies of it. The cell is forced to produce thousands or hundreds of thousands of identical copies of the original virus very rapidly (the polio virus can make more than one million copies of itself inside one single infected human cell). Biologists often say that viruses exist only to make more viruses.
Today the world is wrestling with the disease caused by a virus. The International Committee on Taxonomy of Viruses has named the virus “SARS-CoV-2” for “severe acute respiratory syndrome coronavirus 2”. The World Health Organization calls the disease that results from the virus “COVID-19,” short for “coronavirus disease 2019.”
Now let’s pivot for a moment to computer viruses.
A computer virus is malicious computer code that, like its biological counterpart, reproduces itself on the same computer. Strictly speaking a computer virus replicates itself (or an evolved copy of itself) without any human intervention.
Computer Viruses: A Little History
Back in 1972 David Gerrold wrote a science-fiction novel with the title “When HARLIE Was One.” This imagined a computer “virus program” that replicated itself like biological viruses do. One of the first viruses found on a microcomputer was written for the Apple II in 1982. Rich Skrenta, a ninth-grade student in Pittsburgh, wrote “Elk Cloner,” which displayed his poem on the screen after every 50th use of the infected floppy disk. Unfortunately, the virus leaked out and found its way onto the computer used by Skrenta’s math teacher. Two years later the mathematician Dr. Frederick Cohen introduced the term “computer virus” based on a recommendation from his advisor, who came up with the name from reading Gerrold’s science fiction novel.
Almost all computer viruses “infect” by inserting themselves into a computer file, either an executable program file or a user-created data file. A virus that infects an executable program file is called a program virus. When the program is launched, the virus is activated. A virus can also be part of a data file. One of the most common is a macro virus (a macro is a series of instructions that can be grouped together as a single command, and often macros are used to automate a complex set of tasks or a repeated series of tasks). Once the document is opened, the macro instructions execute, whether those instructions are benign or a macro virus.
Early computer viruses attached or appended themselves to the end of the infected file. It then inserted at the beginning of the file a “jump” instruction that pointed to the end of the file, which is the beginning of the virus code. When the program was launched, the jump instruction redirected control to the virus. However, these types of viruses could be detected by virus scanners relatively easily. Most viruses today go to great lengths to avoid detection.
So much for what they are. How do we get rid of them? Let’s look at what’s being done with COVID-19 and interweave that with computer terminology and computer viruses.
How Do We Rid Ourselves of Viruses?
A basic challenge that confronts all attempts to destroy viruses (called “viral therapies”) is that most viruses have a handful of genes, and they rely on proteins in the cells they infect (called the “host cells”) to perform many of the functions needed to reproduce. So, that should be an easy fix, right? Let’s just kill all the host cells that are infected with a virus. But viral therapies that target host cell proteins will run the risk of killing uninfected cells and make matters worse. This would be like erasing all the files from your hard drive to wipe out the virus that has infected your computer. That would work, but the consequences would be not so great.
Presently there are no known drugs to combat the coronavirus. There are a number of different viral therapy experiments underway to deal with COVID-19.
- Some experimental drugs try to stop the coronavirus from reproducing within the cell.
- Other experimental drugs (called protease inhibitors) try to inhibit a cut-and-paste feature of COVID-19 in the host cell.
- After replication in the host cell, COVID-19 cannot continue an infection until it is “packaged” into a mature virus and gets exported out of the host cell. But it’s hard to block the packaging function.
- Another experiment is trying to target the shell of the new mature virus particle, but this involves copying purifying plasma from people who have fought off a coronavirus infection and pasting it into a newly infected patient. This is based on the assumption that the plasma contains antibodies that can neutralize the virus and giving this plasma to sick people can temporarily help their immune system clear the virus and give them sufficient time to develop their own antibodies.
- The final step in the virus’ life cycle is infecting a new cell. In the case of coronavirus, something manufactured by the host cell cuts a protein in the virus cell, and once cut, it triggers a merger between the membrane in the virus’ outside coating and the host cell. Some viral therapies are looking at neutralize the chemical balance of the virus so it can’t cut and merge. This is a viral therapy that is often referenced in the news media. One experiment uses chloroquine, the antimalarial drug. Chloroquine can cross membranes and so can enter the sac containing the virus. Once there, it can neutralize the pH.
By the way, the clinical research group hVIVO in London is offering $4,480 for volunteers willing to be infected with tamer relatives of the coronavirus in order to find a viral therapy. So far over 20,000 people have volunteered.
What “Viral Therapies” Exist for Computer Malware Viruses?
Antivirus (AV) software can examine a computer for any infections as well as monitor computer activity and scan new documents that might contain a virus (this scanning is typically performed when files are opened, created, or closed). If a virus is detected, options generally include cleaning the file of the virus, quarantining the infected file, or deleting the file. Log files created by AV products can also provide beneficial information regarding attacks. Many AV products use signature-based monitoring, also called static analysis. The AV software scans files by attempting to match known virus patterns against potentially infected files (called string scanning). Other variations include wildcard scanning (a wildcard is allowed to skip bytes or ranges of bytes instead of looking for an exact match) and mismatch scanning (mismatches allow a set number of bytes in the string to be any value regardless of their position in the string).
Most client AV software contains a virus scanning engine and a database of known virus signatures, which are created by extracting a sequence of bytes—a string—found in the virus that then serves as a virus’s unique signature. The weakness of signature-based monitoring is that the AV vendor must constantly be searching for new viruses, extracting virus signatures, and distributing those updated databases to all users. Any out-of-date signature database could result in an infection.
Heuristic Monitoring
A newer approach to AV is dynamic analysis heuristic monitoring, which uses a variety of techniques to spot the characteristics of a virus instead of attempting to make matches. The difference between static analysis and dynamic analysis detection is similar to how airport security personnel in some nations screen for terrorists. A known terrorist attempting to go through security can be identified by comparing his face against photographs of known terrorists (static analysis). But what about a new terrorist for whom there is no photograph? Security personnel can look at the person’s characteristics—holding a one-way ticket, not checking any luggage, showing extreme nervousness—as possible indicators that the individual may need to be questioned (dynamic analysis).
One AV heuristic monitoring technique used is code emulation in which a virtual environment is created that simulates the CPU and memory of the computer. Any questionable program code is executed in the virtual environment (no actual virus code is executed by the real CPU) to determine if it is a virus.
Is your head spinning? Mine is. Although nobody would ever say that a computer virus is as bad as COVID-19, there are many similarities as to how sophisticated these two types of viruses are today. But let’s hope that a COVID-19 vaccine for it can be found soon.
IT, Networking and Cyber Security Instructors—take a deep dive into the Live Virtual Machine Labs in MindTap by watching the recording of our recent webinar: Just in Time Training for Live Virtual Machine Labs.