Search This Blog

Monday, March 31, 2008

DifferentTypes of Computer Viruses

There are Different Types of Computer Viruses could beclassified in (origin, techniques, types of files they infect, where they hide,the kind of damage they cause, the type of operating system or platform theyattack) etc. Let us have a look at them…


Computer Virus is a kind of malicious software writtenintentionally to enter a computer without the user's permission orknowledge, with an ability to replicate itself, thus continuing to spread. Someviruses do little but replicate others can cause severe harm or adverselyeffect program and performance of the system. A virus should never be assumedharmless and left on a system. Most common types of viruses are mentionedbelow:

Resident Viruses
This type of virus is a permanent which dwells in the RAM memory. From there itcan overcome and interrupt all of the operations executed by the system:corrupting files and programs that are opened, closed, copied, renamed etc.

Examples include: Randex, CMJ, Meve, and MrKlunky.

Direct Action Viruses
The main purpose of this virus is to replicate and take action when it isexecuted. When a specific condition is met, the virus will go into action andinfect files in the directory or folder that it is in and in directories thatare specified in the AUTOEXEC.BAT file PATH. This batch file is always locatedin the root directory of the hard disk and carries out certain operations whenthe computer is booted.

Overwrite Viruses
Virus of this kind is characterized by the fact that it deletes the informationcontained in the files that it infects, rendering them partially or totallyuseless once they have been infected.

The only way to clean a file infected by an overwrite virus is to delete thefile completely, thus losing the original content.

Examples of this virus include: Way, Trj.Reboot, Trivial.88.D.

Boot Virus
This type of virus affects the boot sector of a floppy or hard disk. This is acrucial part of a disk, in which information on the disk itself is storedtogether with a program that makes it possible to boot (start) the computerfrom the disk.
Boot Sector Viruses are an older type of virus and not so common. They used toinfect a computer's startup program so that the virus would become active assoon as the computer started up.


The best way of avoiding boot viruses is to ensure that floppy disks arewrite-protected and never start your computer with an unknown floppy disk inthe disk drive.

Examples of boot viruses include: Polyboot.B, AntiEXE.

Macro Virus
Macro viruses infect files that are created using certain applications orprograms that contain macros. These mini-programs make it possible to automateseries of operations so that they are performed as a single action, therebysaving the user from having to carry them out one by one.

Macro Viruses use commands (macros) embedded in othersoftware to infect and spread to other files viewed by that software. E.g. Wordand Excel have macros and macro viruses can spread by exploiting thesecommands.


Examples of macro viruses: Relax, Melissa.A, Bablas, O97M/Y2K.

Directory Virus
Directory viruses change the paths that indicate the location of a file. By executinga program (file with the extension .EXE or .COM) which has been infected by avirus, you are unknowingly running the virus program, while the original fileand program have been previously moved by the virus.

Once infected it becomes impossible to locate the original files.

Polymorphic Virus
Polymorphic viruses encrypt or encode themselves in a different way (usingdifferent algorithms and encryption keys) every time they infect a system.

This makes it impossible for anti-viruses to find them using string orsignature searches (because they are different in each encryption) and alsoenables them to create a large number of copies of themselves.

Examples include: Elkern, Marburg,Satan Bug, and Tuareg.

File Infectors / File Viruses

This type of virus infects programs or executable files(files with an .EXE or .COM extension). When one of these programs is run,directly or indirectly, the virus is activated, producing the damaging effectsit is programmed to carry out. The majority of existing viruses belong to thiscategory, and can be classified depending on the actions that they carry out.

File viruses attach themselves to other software. When thesoftware is run, the virus first loads itself into memory so that in canfurther infect other files or begin damaging the computer.


Companion Viruses

Companion viruses can be considered file infector viruseslike resident or direct action types. They are known as companion virusesbecause once they get into the system they "accompany" the otherfiles that already exist. In other words, in order to carry out their infectionroutines, companion viruses can wait in memory until a program is run (residentviruses) or act immediately by making copies of themselves (direct actionviruses).

Some examples include: Stator, Asimov.1539, and Terrax.1069

FAT Virus
The file allocation table or FAT is the part of a disk used to connectinformation and is a vital part of the normal functioning of the computer.
This type of virus attack can be especially dangerous, by preventing access tocertain sections of the disk where important files are stored. Damage causedcan result in information losses from individual files or even entiredirectories.

Worms
A worm is a program very similar to a virus; it has the ability toself-replicate, and can lead to negative effects on your system and mostimportantly they are detected and eliminated by antiviruses.
Worms duplicate themselves and use communications such as email to spread. Theycan look at your email address book and send themselves to users in youraddress book.
Examples of worms include: PSWBugbear.B, Lovgate.F, Trile.C, Sobig.D, Mapson.

Trojans or Trojan Horses
Another unsavory breed of malicious code are Trojans or Trojan horses, whichunlike viruses do not reproduce by infecting other files, nor do theyself-replicate like worms.
Trojan Horses are programs that claim to perform a particular function but infact do something different. E.g. they could infect your computer with a virusor erase your files.

Backdoor Trojans: Backdoor Trojans are programs thatallow other computer users to remotely control your computer via a local areanetwork or the Internet.

Logic Bombs

They are not considered viruses because they do notreplicate. They are not even programs in their own right but rather camouflagedsegments of other programs.

Their objective is to destroy data on the computer once certain conditions havebeen met. Logic bombs go undetected until launched, and the results can bedestructive

Adware: Is to internet browsing as spam isto email Adware can profile your online surfing and online shopping habits andor placing annoying pop-up adverts, installing additional IE menu helper bars.Often Adware revolves around targeted advertising based upon the web sites youfrequent and you may not even be aware that the pop-ups are not coming from theactual web site visited itself but from the Adware software running locally onyour machine. Quite often these applications are installed by stealth or bydeliberately misleading users to install software that is not required.

Spyware: Is potentially a higher threatthan Adware as it often collects user details, such as software installed andoften sensitive information such as passwords and even credit card detailswhich are then sent to via the internet to a central collection point. Spywareis often installed covertly or by accident via pop-up windows with active-xcontrols which report that they are doing something benign whilst secretlyinstalling this malicious software.

Malware is software that damages yoursystem, causes instability, or exhibits antisocial behavior such as changingsettings or interfering with a computer's registry and security settings.Typical examples include computer viruses or worms.

Page Hijackers: Are applications that redirectlinks to specific web pages, such as a request to go to a search engine forexample, and instead redirect the web browser to a designated address, relatedto the initial link but often containing advertising or adware. Whilst not ashigh a threat as Spyware, it is often a sign that your computer has somespyware or adware components installed on it which will undermine its operation.

S

No comments: