|
|
|
|
|
|
What are the main types of viruses?
|
|
Viruses come in a variety of types. All viruses can be categorized by what they infect and how they infect.
|
|
Viruses can infect a number of different portions of the computer's operating and file system. These include:
System Sector Viruses infect executable code found in certain system areas on a disk. There are boot-sector viruses, which infect only the DOS boot sector, this kind of virus can prevent you from being able to boot your hard disk, and MBR viruses which infect the Master Boot Record on fixed disks and the DOS boot sector on diskettes. All common boot sector and MBR viruses are memory resident.
File Viruses infect applications. These viruses usually infect COM and/or EXE programs, though some can infect any program for which execution or interpretation is requested, such as SYS, OVL, OBJ, PRG, MNU and BAT files. File infectors can be either direct-action (non-resident) or resident. A direct-action virus selects one or more programs to infect each time a program infected by it is executed. A resident virus installs itself somewhere in memory (RAM) the first time an infected program is executed, and thereafter infects other programs when they are executed or when other conditions are fulfilled. Most viruses are resident.
Macro Virus a program or code segment written in the internal macro language of an application and attached to a document file (such as Word or Excel). Infect files you might think of as data files. But, because they contain macro programs they can be infected. When a document or template containing the macro virus is opened in the target application, the virus runs, does its damage and copies itself into other documents. Continual use of the program results in the spread of the virus. Some macros replicate, while others infect documents.
Companion Virus uses a feature of DOS that allows software programs with the same name, but with different extensions, to operate with different priorities. Instead of modifying an existing file, creates a new program which (unknown to the user) is executed instead of the intended program. On exit, the new program executes the original program so that things appear normal. Most companion viruses create a COM file which has a higher priority than an EXE file with the same name.
Cluster Virus modifies the directory table entries so the virus starts before any other program. The virus code only exists in one location, but running any program runs the virus as well. Because they modify the directory, cluster viruses may appear to infect every program on a disk.
Batch File Virus uses text batch files to infect.
Source Code Virus adds code to actual program source code.
Learn more...
|
|
|
|
Polymorphic Virus creates varied (though fully functional) copies of themselves as a way to avoid detection from anti-virus software.
Stealth Virus hides its presence by making an infected file not appear infected, but doesn't usually stand up to anti-virus software. Many stealth viruses intercept disk-access requests, so when an anti-virus application tries to read files or boot sectors to find the virus, the virus feeds the program a "clean" image of the requested item. Other viruses hide the actual size of an infected file and display the size of the file before infection.
Fast and Slow Infectors infect in a particular way to try to avoid specific anti-virus software. A fast infector infects any file accessed, not just run. A slow infector only infects files as they are being created or modified.
Sparse Infector this type of virus uses any one of a variety of techniques to minimize detection of its activity.
Armored Virus tries to prevent analysts from examining its code. The virus may use various methods to make tracing, disassembling and reverse engineering its code more difficult.
Multipartite Viruses may fall into more than one of the top classes. Depending on what needs to be infected, they can infect system sectors or they can infect files.
Cavity Virus overwrites a part of its host file without increasing the length of the file while also preserving the host's functionality.
Tunneling Virus tries to intercept the actions before the anti-virus software can detect the malicious code.
Camouflage Virus Viruses that attempted to appear as a benign program to scanners.
NTFS ADS Viruses are viruses that ride on the alternate data streams in the NT File System.
Learn more...
|
Question of the Day
• What kind of information about my computer can be collected by ISP and web sites I visit?
- IP address (Internet Protocol address) is your internet identification number. Everyone has an IP address to communicate on the Internet. Your computer's IP address is comparable to your home address or your Social Security number. If someone can match your IP address to your ISP's customer list, they can use the information to identify country, city, internet provider and even physical address. When you surf the web, your IP address is left in logs all around the Internet: in the logs at your ISP, at the routers of your requests and finally the destination of your request. Hackers and identity thieves can use this information to infiltrate your system and steal personal information, use it in a denial of service (DoS) attack,spy upon you or cause damage to your PC. It is possible to restrict accessing any information or provide customized content to specific IP.
- Information about your system. As web servers communicate with your computer, they can gather certain types of information about your system. For example, a web site can immediately determine what browser you use, certain system settings, and whether some types of software are installed. This includes browser plug-ins, media handlers, application programs, and your operating system. While most sites use information about OS and browser to provide a better surfing experience this information can also be used by hackers for virus attacks that use weaknesses in your system to get access to the content of your hard drive or RAM, steal personal information or cause damage to your computer.
- Referral information. When you click a hyperlink to jump to a new web site, your browser reveals the address of the referring site - that is, the site you jumped from. As you "hop" from one server to another, your activities can be tracked. Information about last visited web pages can be used to track your web usage and profile your browsing habits. Spammers can use this information to send you spam and junk e-mails.
- Cookies. As you surf the web, most web sites send cookies to your computer to track your Internet usage. Some cookies are "good" cookies, used for legitimate purposes, such as storing preferences, account information and remembering the choices you have made on the site. Some cookies are "bad" cookies. Bad cookies are used to track your browsing habits, purchase history, etc.
- Your e-mail address. Any web site can easily retrieve your e-mail address. In fact, if you find and examine the cookies on your system, you'll see that their file names commonly include your e-mail address, or at least your user name. This is one way marketers collect addresses for e-mail campaigns.
|
|
|
|
|
|
