You Are Reading

Types of Viruses

Bootsector virus
Bootsector viruses are the classics under the viruses. A Bootsector virus settles itself onto a floppy's or hard disk Bootsector, a specific track on a disk where the operating system finds the information to start your machine's operating system or make itself known to you machine (ID). During the 80's a Bootsector virus was a real pest on Amiga and Commodore 64 computers. Easy to remove but a nuisance, and very virulent sometimes too. When a Bootsector virus had infected your disk the machine either froze or the floppy was no longer usable until you removed the virus. Sometimes even the spare Bootsector was overwritten and then your info could only be salvaged with the help of a recovery program,

Trojans
A Trojan is a piece of viral code that resides in memory but works only under specific circumstances. It is often spread riding piggy bag on other programs or just hidden in one. Like the first Trojan: PC-Write which was a popular share ware program. By examining the virus program file into "PC-Write" many users thought they were downloading the word processor, instead they downloaded the virus. Tricky.

Polymorphic viruses
A polymorphic virus is a virus that can change itself to elude detection. Or change its working. For example in stead of wiping your hard disk it locks your keyboard when specific keys are pressed in a particular sequence. Very hard to detect.

Binary viruses
A binary virus is a virus that needs a second component to become activated and do whatever it was designed to do. It is nearly impossible to detect un incomplete virus.

Macro viruses
A macro virus most often exposes itself in Microsoft Office documents like Excel and Word or Outlook and works its havoc. The code is easy to detect and to deactivate.

Standard Virus

As long as you can speak of a standard virus. Contemporary viruses are hybrids that even contain their own mail engine!

A standard virus resides in memory. Were its payload executes like a three stage rocket:
Staying in memory as a resident process
Detecting programs (executables) that are loaded into the computer's memory
Attaching itself into an available slot of that program, mostly at the end, that resides on hard disk or floppy. That medium should not be protected against writing. As far as is known there is no virus that breaks this hardware security, but one can never tell.

More advanced viruses are scoring your hard disk for other programs or executables and attach itself to any available one. Than look for other hard disks, inclusive network disks, and do the same thing over.

Even more advanced viruses try to attack domains of other users on the network by cracking the passwords and repeat the process

Some viruses are only specialized at cracking firewalls, deleting files, shut down virus protecting programs, sending hundreds of thousands of mails, steel addresses from your mailbox and send them to a secret recipient. Or burning out you display. But mind you not all viruses are malignant, none are
benevolent either be it only to take up CPU time and disk space.

Browser Hijacker
This type of virus, which can spread itself in numerous ways including voluntary download, effectively hijacks certain browser functions, usually in the form of re-directing the user automatically to particular sites. It’s usually assumed that this tactic is designed to increase revenue from web advertisements.

Direct Action Virus
This type of virus, unlike most, only comes into action when the file containing the virus is executed. The payload is delivered and then the virus essentially becomes dormant – it takes no other action unless an infected file is executed again.

Most viruses do not use the direct action method of reproduction simply because it is not prolific, but viruses of this type have done damage in the past. The Vienna virus, which briefly threatened computers in 1988, is one such example of a direct action virus.

File Infector Virus
Perhaps the most common type of virus, the file infector takes root in a host file and then begins its operation when the file is executed. The virus may completely overwrite the file that it infects, or may only replace parts of the file, or may not replace anything but instead re-write the file so that the virus is executed rather than the program the user intended.

Although called a “file virus” the definition doesn’t apply to all viruses in all files generally – for example, the macro virus below is not referred to by the file virus. Instead, the definition is usually meant to refer only to viruses which use an executable file format, such as .exe, as their host.

Macro Virus
A wide variety of programs, including productivity applications like Microsoft Excel, provide support for Macros – special actions programmed into the document using a specific macro programming language. Unfortunately, this makes it possible for a virus to be hidden inside a seemingly benign document.

Macro viruses very widely in terms of payload. The most well known macro virus is probably Melissa, a Word document supposedly containing the passwords to pornographic websites. The virus also exploited Word’s link to Microsoft Outlook in order to automatically emailcopies of itself.

Multipartite Virus
While some viruses are happy to spread via one method or deliver a single payload, Multipartite viruses want it all. A virus of this type may spread in multiple ways, and it may take different actions on an infected computer depending on variables, such as the operating system installed or the existence of certain files.

Resident Virus

This broad virus definition applies to any virus that inserts itself into a system’s memory. It then may take any number of actions and run independently of the file that was originally infected.

A resident virus can be compared to a direct payload virus, which does not insert itself into the system’s memory and therefore only takes action when an infected file is executed.
Web Scripting Virus

Many websites execute complex code in order to provide interesting content. Displaying online video in your browser, for example, requires the execution of a specific code language that provides both the video itself and the player interface.

Of course, this code can sometimes be exploited, making it possible for a virus to infect a computer or take actions on a computer through a website. Although malicious sites are sometimes created with purposely infected code, many such cases of virus exist because of code inserted into a site without the
webmaster’s knowledge.

Encrypted Viruses
This type of viruses consists of encrypted malicious code, decrypted module. The viruses use encrypted code technique which make antivirus softwarehardly to detect them. The antivirus program usually can detect this type of viruses when they try spread by decrypted themselves.


Companion Viruses
Companion viruses can be considered file infector viruses like resident or direct action types. They are known as companion viruses because once they get into the system they "accompany" the other files that already exist. In other words, in order to carry out their infection routines, companion viruses can wait in memory until a program is run (resident viruses) or act immediately by making copies of themselves (direct action viruses).
Some examples include: Stator, Asimov.1539, and Terrax.1069

Network Virus
Network viruses rapidly spread through a Local Network Area (LAN), and sometimes throughout the internet. Generally, network viruses multiply through shared resources, i.e., shared drives and folders. When the virus infects a computer, it searches through the network to attack its new potential prey. When the virus finishes infecting that computer, it moves on to the next and the cycle repeats itself.
The most dangerous network viruses are Nimda and SQLSlammer.

Nonresident Viruses
This type of viruses is similar to Resident Viruses by using replication of module. Besides that, Nonresident Viruses role as finder module which can infect to files when it found one (it will select one or more files to infect each time the module is executed).

Stealth Viruses
Stealth Viruses is some sort of viruses which try to trick anti-virus software by intercepting its requests to the operating system. It has ability to hide itself from some antivirus software programs. Therefore, some antivirus program cannot detect them.

Sparse Infectors
In order to spread widely, a virus must attempt to avoid detection. To minimize the probability of its being discovered a virus could use any number of different techniques. It might, for example, only infect every 20th time a file is executed; it might only infect files whose lengths are within narrowly defined ranges or whose names begin with letters in a certain range of the alphabet. There are many other possibilities.

Spacefiller (Cavity) Viruses
Many viruses take the easy way out when infecting files; they simply attach themselves to the end of the file and then change the start of the program so that it first points to the virus and then to the actual program code. Many viruses that do this also implement some stealth techniques so you don't see the increase in file length when the virus is active in memory.

A spacefiller (cavity) virus, on the other hand, attempts to be clever. Some program files, for a variety of reasons, have empty space inside of them. This empty space can be used to house virus code. A spacefiller virus attempts to install itself in this empty space while not damaging the actual program itself. An advantage of this is that the virus then does not increase the length of the program and can avoid the need for some stealth techniques. The Lehigh virus was an early example of a spacefiller virus.

FAT Virus
The file allocation table or FAT is the part of a disk used to connect information and is a vital part of the normal functioning of the computer.

This type of virus attack can be especially dangerous, by preventing access to certain sections of the disk where important files are stored. Damage caused can result in information losses from individual files or even entire directories.

Worms
A worm is technically not a virus, but a program very similar to a virus; it has the ability to self-replicate, and can lead to negative effects on your system and most importantly they are detected and eliminated by antiviruses.
Examples of worms include: PSWBugbear.B, Lovgate.F, Trile.C, Sobig.D, Mapson.

Logic Bombs

They are not considered viruses because they do not replicate. They are not even programs in their own right but rather camouflaged segments of other programs.

Their objective is to destroy data on the computer once certain conditions have been met. Logic bombs go undetected until launched, and the results can be destructive.

Comments for this entry

Leave your comment

 

Copyright 2011 All rights reserved