Viruses

SpOonWiZaRd's Avatar author of Viruses
This is an article on Viruses in Ethical hacking Tips.
Rated 5.00 By 1 users
I have decided to write an article just to cover the types of viruses and what they all do, in short. There are 8 types of viruses:
  1. Polymorphic Virus
  2. Stealth Virus
  3. Retrovirus
  4. Multipartite Virus
  5. Armored Virus
  6. Companion Virus
  7. Phage Virus
  8. Macro Virus
A virus is a piece of software designed to infect a computer system. The virus may do nothing more than reside on the computer. A virus may also damage the data on your hard disk, destroy your operating system, and possibly spread to other systems. Viruses get into your computer in one of 3 ways: on a contaminated floppy or CD-ROM, trough email, or as part of another program. Each type of virus has a different attack strategy and different consequences.

Polymorphic Viruses - Polymorphic viruses change form in order to avoid detection. These types of viruses attack your system, display a message on your computer, and delete files on your system. The virus will attempt to hide from your antivirus software. Frequently the virus will encrypt parts of itself to avoid detection. When that happens it's called mutation.

Stealth Virus - This type of virus attempts to avoid detection by masking itself from applications. It may attach itself to the boot sector of the hard drive. When a system utility or program runs, the stealth virus redirects commands around itself in order to avoid detection. An infected file may report a file size different from what is actually present in order to avoid detection. It may also move itself around your computer to different folders during a virus scan to avoid detection.

Retrovirus - This virus attacks or bypasses the antivirus software installed on your computer. You can consider a retrovirus to be a "anti-antivirus". It can directly attack your antivirus software and potentially destroy the virus definition database file. This loss of information will leave you with a false sense of security. This type of virus may also directly attack the antivirus to create bypasses for the virus.

Multipartite Virus - This virus attacks your system in multiple ways. It may attempt to infect your boot sector, infect all you executable files, and destroy your applications files. The hope her is that you wont be able to correct all the problems and will allow the infestation to continue. It attacks your boot sector, infects application files, and attacks your microsoft word documents.

Armored Virus - This virus makes itself difficult to detect or analyze. Armored viruses cover themselves with protective code that stop debuggers or disassemblers for examining critical elements of the virus. The virus may be written in such a way that some aspects of the programming act as a decoy to distract analysis while the actual code hides in other areas in the program. The more time it takes to de-construct the virus, the longer it will live. The longer it can live, the more time it has to replicate and spread to as many machines as possible.

Companion Virus - This virus attaches itself to legitimate programs and then creates a program with a different file extension. This file may reside on your systems temporary directory. When the user types the name of the legitimate program, the companion virus executes instead of the real program. This hides the virus from the user (effectively). Many of the viruses that are used to attack windows systems make changes to program pointers in the registry so that they point to the infected program. The infected program will perform it's dirty deed and then start the real program.

Phage Virus - This virus modifies and alters other programs and databases. The virus infects all of these files. The only way to remove this type of virus is to reinstall the programs that are infected. If you miss even a single incident of this virus on the victim system, the process will start again and infect the system once more.

Macro Virus - This virus exploits the enhancements made to many application programs. Programs such as word and excel allow programmers to expand the capability of the application. Word, for example, supports a mini - BASIC programming language that allows files to be manipulated automatically. These programs in the document are called macros. For example, a macro can tell your word processor to spell-check your document when it opens. Macro viruses can infect all the documents on you system and spread to other systems using mail or other methods.

Then there is other types of threats like worms, trojan horses, and logic bombs. I will cover these briefly in order to make the difference between these and viruses clear.

Worms - A worm is different from a virus in that it can reproduce itself, it's self-contained, and it doesn't need a host application to be transported. It is possible for a worm to contain or deliver a virus to a target system. (WORM - Write Once Read Many)

Trojan Horses - This is a program that enters a system or network in disguise of another program. The trojan may create a back door or replace a valid program during installation. They can be used to compromised the security of your system and can be there for years before detection. A port scan may reveal a trojan horse on your system as it creates a back door (a open port that you don't know about).

Logic Bombs - These are snippets of code that execute when a certain predefined event occurs. A bomb may send a note to an attacker when a user is logged on to the internet and is using a word processor. This message informs the attacker that the user is ready for an attack.

I hope that this article provided you with enough information about viruses, I will write another article soon on how to prevent these viruses and other attacks.
0
Izaan's Avatar, Join Date: Oct 2007
Skilled contributor
Very interesting and waiting for your other one
0
coderzone's Avatar, Join Date: Jul 2004
Team Leader
Quote:
Originally Posted by Izaan
Very interesting and waiting for your other one
Ditto.
0
Safari's Avatar, Join Date: Oct 2007
Ambitious contributor
Very good. Keep them coming.
0
Muaz's Avatar, Join Date: Nov 2007
Newbie Member
Hi, This post of mine is very knowledgable and may enhance the information of the viewers , however I would like some specific information for myself. If someone can help me then please send me a private message. Best Regards,
0
shabbir's Avatar, Join Date: Jul 2004
Go4Expert Founder
I have reported the article for Nominate your favorite article of the month for November 2007. Add your nominations as well.
0
SpOonWiZaRd's Avatar, Join Date: May 2007
Know what you can do.
Quote:
Originally Posted by Izaan
Very interesting and waiting for your other one
Done, I have written them...
0
shabbir's Avatar, Join Date: Jul 2004
Go4Expert Founder
Vote for the article for Article of the month for November 2007
0
Izaan's Avatar, Join Date: Oct 2007
Skilled contributor
Voted.
0
ghostomni's Avatar, Join Date: Jul 2007
Go4Expert Member
thanks buddy you provide such a usefull information