Computer Virus and its types

Computer Virus and its types

A computer virus is a computer program that can copy itself and infect a computer without permission or knowledge of the user. The term "virus" is also commonly used, albeit erroneously, to refer to many different types of malware and adware programs. The original virus may modify the copies, or the copies may modify themselves, as occurs in a metamorphic virus.

A virus can only spread from one computer to another when its host is taken to the uninfected computer, for instance by a user sending it over a network or the Internet, or by carrying it on a removable medium such as a floppy disk, CD, or USB drive.

Meanwhile viruses can spread to other computers by infecting files on a network file system or a file system that is accessed by another computer.

Viruses : -
A virus is a small piece of software that piggybacks on real programs. For example, a virus might attach itself to a program such as a spreadsheet program. Each time the spreadsheet program runs, the virus runs, too, and it has the chance to reproduce (by attaching to other programs) or wreak havoc.

E-mail viruses :-
An e-mail virus travels as an attachment to e-mail messages, and usually replicates itself by automatically mailing itself to dozens of people in the victim's e-mail address book. Some e-mail viruses don't even require a double-click -- they launch when you view the infected message in the preview pane of your e-mail software

Trojan horses :-
A Trojan horse is simply a computer program. The program claims to do one thing (it may claim to be a game) but instead does damage when you run it (it may erase your hard disk). Trojan horses have no way to replicate automatically.

Worms :-
A worm is a small piece of software that uses computer networks and security holes to replicate itself. A copy of the worm scans the network for another machine that has a specific security hole. It copies itself to the new machine using the security hole, and then starts replicating from there, as well.

What They Infect

Viruses can infect several files of the computer's operating and file system. These include:

* System Sectors
* Files
* Macros
* Companion Files
* Disk Clusters
* Batch Files
* Source Code

Evolution :

As virus creators became more sophisticated, they learned new tricks. One important trick was the ability to load viruses into memory so they could keep running in the background as long as the computer remained on. This gave viruses a much more effective way to replicate themselves. Another trick was the ability to infect the boot sector on floppy disks and hard disks. The boot sector is a small program that is the first part of the operating system that the computer loads. It contains a tiny program that tells the computer how to load the rest of the operating system. By putting its code in the boot sector, a virus can guarantee it is executed. It can load itself into memory immediately and run whenever the computer is on. Boot sector viruses can infect the boot sector of any floppy disk inserted in the machine, and on college campuses, where lots of people share machines, they could spread like wildfire.

How They Infect :
Viruses are sometimes also categorized by how they infect.

• Polymorphic Viruses
• Stealth Viruses
• Armored Viruses
• Multipartite Viruses
• NTFS ADS Viruses
• Mutated viruses
• Macro viruses

Polymorphic Viruses
To confound virus scanning programs, virus writers created polymorphic viruses. These viruses are more difficult to detect by scanning because each copy of the virus looks different than the other copies.

Quote:

---

imp :
Polymorphic viruses change with each infection. They do this in an attempt to defeat scanners.

---

Stealth Viruses

A stealth virus hides the modifications it makes. It does this by taking over the system functions which read files or system sectors and, when some other program requests information from portions of the disk the virus has changed, the virus reports back the correct (unchanged) information instead of what's really there (the virus). Of course, the virus must be resident in memory and active to do this.

Quote:

---

imp:
A stealth virus takes over portions of the system to effectively hide the virus from examination.

---

Armored Viruses

Armored is a class that overlaps other classes of viruses; maybe multiple times.Basically, an armored virus uses special "tricks" designed to foil anti-virus researchers.

Quote:

---

imp: An armored virus attempts to make disassembly difficult

---

Multipartite Virus

Some viruses can be all things to all machines. Depending on what needs to be infected, they can infect system sectors or they can infect files. These rather universal viruses are termed multipartite (multi-part).Sometimes the multipartite virus drops a system sector infector; other times a system sector infector might also infect files.

Quote:

---

imp: Multipartite viruses have dual capabilities and typically infect both system sectors and files.

---

NTFS ADS Viruses

The NT File System (NTFS) contains within it a system called Alternate Data Streams (ADS). This subsystem allows additional data to be linked to a file. The additional data, however, is not always apparent to the user. Windows Explorer and the DIRectory command do not show you the ADS; other file tools (e.g., COPY and MOVE) will recognize and process the attached ADS file
The ADS file is effectively hidden from view.

Quote:

---

imp: The NT File System allows alternate data streams to exist attached to files but invisible to some normal file-handling utilities.
Viruses can exploit the NTFS ADS system in a variety of ways.

---

Mutated viruses

In reality, most viruses are clones, or more precisely "mutated viruses" — viruses which have been rewritten by other users in order to change their behavior or signature.

The fact that multiple versions of the same virus (called variants) exist makes dection all the more difficult, as antivirus software publishers then have to add these new signatures to their databases.

Quote:

---

imp:Mutated viruses that have been rewritten

---

Macro viruses

With the increase in programs which use macros, Microsoft has developed a shared script language which can be inserted into most types of documents which can contain macros. It's called VBScript, a subset of Visual Basic. These viruses are currently able to infect macros in Microsoft Office documents, meaning that such a virus can be placed within an ordinary Word or Excel document and run a portion of code when the file is opened, so that the virus can both spread into files and access the operating system (generally Windows).

Quote:

---

imp:The frequent appearance of Visual Basic scripts sent by email as attachments (marked by their extension .VBS) with an email subject encouraging the recipient to open the poisoned gift.
Once opened by a Microsoft email client, this "gift" can access the entire address book and self-propagate over the network. This kind of virus is called a worm.

---

Other Threats

Viruses and worms get a lot of publicity, but they aren't the only threats to your computer's health. Malware is just another name for software that has an evil intent. Here are some common types of malware and what they might do to your infected computer:


malware:

Most personal computers are now connected to the Internet and to local area networks, facilitating the spread of malicious code. Today's viruses may also take advantage of network services such as the World Wide Web, e-mail, Instant Messaging and file sharing systems to spread, blurring the line between viruses and worms. Furthermore, some sources use an alternative terminology in which a virus is any form of self-replicating malware.
Malicious programs can be divided into the following groups: worms, viruses, Trojans, hacker utilities and other malware. All of these are designed to damage the infected machine or other networked machines.

Adware : They puts ads up on your screen.

Spyware :They collects personal information about you, like your passwords or other information you type into your computer.

Hijackers : They turn your machine into a zombie computer.

Dialers : They force your computer to make phone calls. For example, one might call toll 900-numbers and run up your phone bill.