Friday, 9 May 2014

Different types of viruses


Did uyou know?
In 2010, Stuxnet virus targeted Siemens Industrial Software and Equipment. There are allegations that this virus is a part of a U.S. and Israeli intelligence operation named "Operation Olympic Games" and it hit Iran's nuclear plant Natanz.

Computer virus is a harmful software program written intentionally to enter a computer without the user's permission or knowledge. It has the ability to replicate itself, thus continuing to spread. Some viruses do little but replicate, while others can cause severe harm or adversely affect the program and performance of the system. A virus should never be assumed harmless and left on a system.

There are different types of viruses which can be classified according to their origin, techniques, types of files they infect, where they hide, the kind of damage they cause, the type of operating system, or platform they attack. Let us have a look at few of them.

Memory Resident Virus

These viruses fix themselves in the computer memory and get activated whenever the OS runs and infects all the files that are then opened.
  • Hideout: This type of virus hides in the RAM and stays there even after the malicious code is executed. It gets control over the system memory and allocate memory blocks through which it runs its own code, and executes the code when any function is executed.
  • Target: It can corrupt files and programs that are opened, closed, copied, renamed, etc.
  • Examples: Randex, CMJ, Meve, and MrKlunky
  • Protection: Install an antivirus program.
Direct Action Viruses

The main purpose of this virus is to replicate and take action when it is executed. When a specific condition is met, the virus will go into action and infect files in the directory or folder that are specified in the AUTOEXEC.BAT file path. This batch file is always located in the root directory of the hard disk and carries out certain operations when the computer is booted.

FindFirst/FindNext technique is used where the code selects a few files as its victims. It also infects the external devices like pen drives or hard disks by copying itself on them.
  • Hideout: The viruses keep changing their location into new files whenever the code is executed, but are generally found in the hard disk's root directory.
  • Target: It can corrupt files. Basically, it is a file-infecter virus.
  • Examples: Vienna virus
  • Protection: Install an antivirus scanner. However, this type of virus has minimal effect on the computer's performance.
Overwrite Viruses

A virus of this kind is characterized by the fact that it deletes the information contained in the files that it infects, rendering them partially or totally useless once they have been infected.
  • Hideout: The virus replaces the file content. However, it does not change the file size.
  • Examples: Way, Trj.Reboot, Trivial.88.D
  • Protection: The only way to clean a file infected by an overwrite virus is to delete the file completely, thus losing the original content.
However, it is very easy to detect this type of virus, as the original program becomes useless.

Boot Sector Virus

This type of virus affects the boot sector of a hard disk. This is a crucial part of the disk, in which information of the disk itself is stored along with a program that makes it possible to boot (start) the computer from the disk. This type of virus is also called Master Boot Sector Virus or Master Boot Record Virus.
  • Hideout: It hides in the memory until DOS accesses the floppy disk, and whichever boot data is accessed, the virus infects it.
  • Examples: Polyboot.B, AntiEXE
  • Protection: The best way of avoiding boot sector viruses is to ensure that floppy disks are write-protected. Also, never start your computer with an unknown floppy disk in the disk drive.
Macro Virus

Macro viruses infect files that are created using certain applications or programs that contain macros, like .doc, .xls, .pps, .mdb, etc. These mini-programs make it possible to automate series of operations so that they are performed as a single action, thereby saving the user from having to carry them out one by one. These viruses automatically infect the file that contains macros, and also infects the templates and documents that the file contains. It is referred to as a type of e-mail virus.
  • Hideout: These hide in documents that are shared via e-mail or networks.
  • Examples: Relax, Melissa.A, Bablas, O97M/Y2K
  • Protection: The best protection technique is to avoid opening e-mails from unknown senders. Also, disabling macros can help to protect your useful data.
Directory Virus

Directory viruses (also called Cluster Virus/File System Virus) infect the directory of your computer by changing the path that indicates the location of a file. When you execute a program file with an extension .EXE or .COM that has been infected by a virus, you are unknowingly running the virus program, while the original file and program is previously moved by the virus. Once infected, it becomes impossible to locate the original files.
  • Hideout: It is usually located in only one location of the disk, but infects the entire program in the directory.
  • Examples: Dir-2 virus
  • Protection: All you can do is, reinstall all the files from the backup that are infected after formatting the disk.
Polymorphic Virus

Polymorphic viruses encrypt or encode themselves in a different way (using different algorithms and encryption keys) every time they infect a system. This makes it impossible for antivirus software to find them using string or signature searches (because they are different in each encryption). The virus then goes on to create a large number of copies.
  • Examples: Elkern, Marburg, Satan Bug and Tuareg
  • Protection: Install a high-end antivirus as the normal ones are incapable of detecting this type of virus.
Companion Viruses

Companion viruses can be considered as a type of file infector virus, like resident or direct action types. They are known as companion viruses because once they get into the system they 'accompany' the other files that already exist. In other words, to carry out their infection routines, companion viruses can wait in memory until a program is run (resident virus), or act immediately by making copies of themselves (direct action virus).
  • Hideout: These generally use the same filename and create a different extension of it. For example: If there is a file "Me.exe", the virus creates another file named "Me.com" and hides in the new file. When the system calls the filename "Me", the ".com" file gets executed (as ".com" has higher priority than ".exe"), thus infecting the system.
  • Examples: Stator, Asimov.1539 and Terrax.1069
  • Protection: Install an antivirus scanner and also download Firewall.
FAT Virus

The file allocation table (FAT) is the part of a disk used to store all the information about the location of files, available space, unusable space, etc.
  • Hideout: FAT virus attacks the FAT section and may damage crucial information. It can be especially dangerous as it prevents access to certain sections of the disk where important files are stored. Damage caused can result in loss of information from individual files or even entire directories.
  • Examples: Link Virus
  • Protection: Before the virus attacks all the files on the computer, locate all the files that are actually needed on the hard drive, and then delete the ones that are not needed. They may be files created by viruses.
Multipartite Virus

These viruses spread in multiple ways possible. It may vary in its action depending upon the operating system installed and the presence of certain files.
  • Hideout: In the initial phase, these viruses tend to hide in the memory as the resident viruses do; then they infect the hard disk.
  • Examples: Invader, Flip and Tequila
  • Protection: You need to clean the boot sector and also the disk to get rid of the virus, and then reload all the data in it. However, ensure that the data is clean.
Web Scripting Virus

Many web pages include complex codes in order to create an interesting and interactive content. This code is often exploited to bring about certain undesirable actions.
  • Hideout: The main sources of web scripting viruses are the web browsers or infected web pages.
  • Examples: JS.Fortnight is a virus that spreads through malicious e-mails.
  • Protection: Install the microsoft tool application that is a default feature in Windows 2000, Windows 7 and Vista. Scan the computer with this application.
Worms

A worm is a program very similar to a virus; it has the ability to self-replicate and can lead to negative effects on your system. But they can be detected and eliminated by an antivirus software.
  • Hideout: These generally spread through e-mails and networks. They do not infect files or damage them, but they replicate so fast that the entire network may collapse.
  • Examples: PSWBugbear.B, Lovgate.F, Trile.C, Sobig.D, Mapson
  • Protection: Install an updated version of antivirus.
Trojans

Another unsavory breed of malicious code are Trojans or Trojan horses, which unlike viruses, do not reproduce by infecting other files, nor do they self-replicate like worms. In fact, it is a program which disguises itself as a useful program or application.

Beware of the fact that these viruses copy files in your computer (when their carrier program is executed) that can damage your data, and even delete it. The attacker can also program the trojans in such a manner that the information in your computer is accessible to them.

Logic Bombs

They are not considered viruses because they do not replicate. They are not even programs in their own right, but rather camouflaged segments of other programs. They are only executed when a certain predefined condition is met. Their objective is to destroy data on the computer once certain conditions have been met. Logic bombs go undetected until launched, the results can be destructive, and your entire data can be deleted.

No comments:

Post a Comment