Tuesday, July 26, 2016
Common Types of Computer Virus
- Trojan Horses
Trojan Horses are computer viruses that hide inside non-executable files such as compresses or documented files and executable files and try to avoid detection by anti-virus programs. Trojan horses usually appear to be useful computer files/programs such as a computer game or data library.
- Worms
A worm is a program very similar to a virus; It has the ability to self-replicate and can lead to negative effects on your system and most importantly they are detected and eliminated by anti viruses.
Worms are technically not viruses, though the difference is quite subtle and the media often confuses them.
Worms live only to spread themselves through a network though – they will automatically transfer themselves to other computers. Because they are transferred automatically and not by the actions on human, they spread much faster than viruses.
- Logic Bombs
They are not considered viruses because they do not replicate. They are not even programs in their own right but rather camouflages segments of other programs.
Their objective is to destroy data on the computer once certain conditions have been met. Logic bombs go undetected until launched, and the results can be destructive.
- Stealth Viruses
A stealth virus hides the modifications made to files and boot records by modifying and forging the results of calls to functions, therefore programs believe they are reading the original file and not the modified file. A good anti-virus software will probably detect a stealth virus due to the fact that a stealth virus attempts to hide itself in memory when an anti-virus software is launched.
- Slow Viruses
A Slow virus is a difficult virus to detect due to the fact it only modifies and infects files when they have been modified or copied. Therefore the original file will not be infected by the actual copied file. A good way to protect yourself against slow viruses is by using an integrity checker or shell.
- Retro Viruses
A Retro virus attacks the anti-virus software designed to delete it. The retro virus usually attempts to attack the anti-virus data files such as the virus signature store which disables the ability of the anti-virus software to detect and delete viruses. Otherwise the retro virus attempts to alter the operation of the anti-virus software.
- Multipartite Viruses
A Multipartite virus attempts to attack and infect both the boo sector and executable files at the same time.
- Armored Viruses
An armored virus attempts to protect itself from anti-virus software by trying to make anti-virus software believe it is located somewhere else. Therefore the Armored virus has made itself more difficult to trace, disassemble and understand.
- Companion Viruses
A Companion virus creates a companion file for each executable file the virus infects. Therefore a companion virus may save itself as scandisk.com and every time a user executes scandisk.exe, the computer will load scandisk.com and therefore infect the system.
- Phage Viruses
A Phage virus is a very destructive virus that re-writes an executable program with its own code, rather than just attaching itself to a file. Therefore a Phage virus will usually attempt to delete or destroy every program it infects.
- Revisiting Viruses
A revisiting virus is a worm virus and attempts to copy itself within the computer’s memory and then copy itself to another linked computer using TCP/IP protocols. The Morris Worm virus in the late 1980’s was the first major threat to hit the internet.
- Resident Virus
This type of virus is a permanent which dwells in the RAM memory. From there it can overcome and interrupt all of the operations executed by the system; corrupting files and programs that are opened, closed, copied, renamed etc.
- Direct Action Viruses
The main purpose of this virus is to replicate and take action when it is executed. When a specific condition is met, the virus will go into action and infect files in the directory or folder that it is in and in directories that are specified in the AUTOEXEC>BAT file PATH. This batch file is always located in the root directory of the hard disk and carries out certain operations when the computer is booted.
- Overwrite Viruses
Virus of this kind is characterized by the fact the it deletes the information contained in the files that it infects, rendering them partially or totally useless once they have been infected.
The only way to clean a file infected by an overwrite virus is to delete the file completely, thus losing the original content.
- Boot Virus
This type of virus affects the boot sector of a floppy or hard disk. This is a crucial part of a disk, in which information on the disk itself is stored together with a program that makes it possible to boot (start) the computer from the disk.
The best wat if avoiding boot viruses is to ensure that floppy disks are write-protected and never start your computer with an unknown floppy disk in the disk drive.
- Macro Virus
Macro viruses infect files that are created using certain applications or programs that contain macros. These mini-programs make it possible to automate series of operations so that they are performed as a single action, thereby saving the user from having to carry them out one by one.
- Directory Virus
Directory viruses change the paths that indicate the location of a file. By executing a program (file with the extension.EXE or .COM) which has been infected by a virus, you are unknowingly running the virus program, while the original file and program have been previously moved by the virus.
Once infected it becomes impossible to locate the original files.
- Polymorphic Virus
Polymorphic viruses encrypt or encode themselves in a different way (using different algorithms and encryption keys) every time they infect a system, this makes it impossible for anti-viruses to find them using string or signature searches (because they are different in each encryption) and also enables them to create a large number of copies of themselves.
- Files Infectors
This type of virus infects programs or executable files (files with an .EXE or .COM extension). When one of these programs is run, directly or indirectly, the virus is activated, producing the damaging effects it is programmed to carry out. The majority of existing viruses belong to this category and can be classified depending on the actions that they carry out.
- Companion Viruses
Companion viruses can be considered file infector viruses like resident or direct action types. They are known as companion viruses because once they get into the system they “accompany” the other files that already exist. In other words, In order to carry out their infection routines, companion viruses can wait in memory until a program is run (resident viruses) or act immediately by making copies of themselves (direct action viruses).
- FAT Virus
The file allocation table or FAT is the part of a disk used to connect information and is a vital part of the normal functioning of the computer. This type of virus attack can be especially dangerous, by preventing access to certain sections of the disk where important files are stored. Damage caused can result in information losses from individual files or even entire directories.
Subscribe to:
Comments (Atom)