No announcement yet.

Malware - Kinds of viruses

  • Filter
  • Time
  • Show
Clear All
new posts

  • Malware - Kinds of viruses

    Modern viruses comes in many different flavors...

    System or boot sector virus
    This kind of virus is designed to place itself into the master boot record (MBR) of the target system. Once this takes place, the system boot sequence is effectively altered, meaning the virus or other code can be loaded before the system itself. Post-infection symptoms such as startup issues, problems with retrieving data, computer performance instability, and the inability to locate hard drives are all issues that may arise from this kind of virus.

    Macro virus
    This kind of virus takes advantage of embedded languages such as Visual Basic for Applications (VBA). In applications such as Microsoft Word or Excel, these macro languages are designed to automate functions and create new processes. The problem with these languages is that they lend themselves very effectively to abuse. They can easily be embedded into templates and regular documents. Once a macro is fun on a target system, it can do all sorts of things, such as change a system configuration to decrease the overall security or read a user's address book and e-mail itself to others. Today it is common for a macro virus to download and execute even more code.

    Cluster virus
    Cluster viruses alter the file-allocation tables on a storage device, causing file entries to point to the virus instead of the real file. In practice, this means that when a user runs a given application, the virus runs before the system executes the actual file.

    Stealth or tunneling virus
    This variant is designed to employ various mechanisms to evade detection software. Stealth viruses employ unique techniques including intercepting calls from the operating system and returning bogus or invalid responses that are designed to mislead or evade.

    Encryption virus
    Encryption viruses can scramble themselves to avoid detection. This virus changes its program code, making it nearly impossible to detect using normal means. It uses an encryption algorithm to encrypt and decrypt the virus multiple times as it replicates and infects. Each time the infection process occurs, a new encryption sequence takes place with different settings, making it difficult for antivirus software to detect the virus.

    Cavity or file-overwriting virus
    This kind of virus hides in a host file without changing the host file's appearance, so detection becomes difficult. Many viruses that do this also implement stealth techniques, so you don't see the increase in file size when the virus code is active in memory.

    Sparse-infector virus
    This kind of virus avoids detection by carrying out infections only sporadically, such as on one particular day or date. A virus may even be set up to infect only files of a certain size or type or that start with a certain letter.

    Companion or camouflage virus
    A companion or camouflage virus compromises a feature of operating systems that enables software with the same name but with different extensions to operate with different priorities. For example, you may have program.exe on your computer, and the virus creates a file called When the computer executes program.exe, the virus runs before program.exe is executed. In many cases, the real program runs, so users believe the system is operating as expected and is unaware of the virus running.

    Logic bomb
    A logic bomb is designed to lie in wait until a predetermined event or action occurs. When this happens, the bomb or payload executes and carries out its intended action. Logic bombs have been notoriously difficult to detect because they do not look harmful until they are activated - and by then, it is too late. Logic bombs are often divided into two parts: the payload and the trigger.

    File or multipartite virus
    This kind of virus infect the target system i multiple ways using multiple attack vectors; hence the term multipartite. Targets include the boot sector and executable files on the local hard drive. What makes such viruses dangerous and powerful is that to stop them, you must remove all parts of the virus. If any part of the virus is not eradicated form the infected system, it can reinfect the system.

    Shell virus
    Shell viruses are another type of virus where the software infects the target application and alters it. The virus makes the infected program into a subroutine that runs after the virus itself is executed.

    Cryptoviruses search for files or certain types of data on the target system and then encrypt it. The victim is then instructed to contact the virus creator via special means and pay a specified ransom for the encryption key needed to decrypt the encrypted files. This kind of virus is also called ramsomware because of the nature of the intent and function.

    A hoax is not a true virus in nature but can be just as powerful and devastating as a virus. Hoaxes are designed to make the user take action even though no infection or threat exists.
    Certified Security Geek