Go4Expert

Go4Expert (http://www.go4expert.com/)
-   Ethical hacking Tips (http://www.go4expert.com/articles/ethical-hacking-tutorials/)
-   -   Types of Viruses (http://www.go4expert.com/articles/types-of-viruses-t1784/)

Andrew 2Nov2006 10:50

Types of Viruses
 

Introduction



There are thousands of viruses, and new ones are discovered every day. It is difficult to come up with a generic explanation of how viruses work, since they all have variations in the way they infect or the way they spread. So instead, we'll take some broad categories that are commonly used to describe various types of virus.

File Viruses (Parasitic Viruses)



File viruses are pieces of code that attach themselves to executable files, driver files or compressed files, and are activated when the host program is run. After activation, the virus may spread itself by attaching itself to other programs in the system, and also carry out the malevolent activity it was programmed for. Most file viruses spread by loading themselves in system memory and looking for any other programs located on the drive. If it finds one, it modifies the program's code so that it contains and activates the virus the next time it's run. It keeps doing this over and over until it spreads across the system, and possibly to other systems that the infected program may be shared with. Besides spreading themselves, these viruses also carry some type of destructive constituent that can be activated immediately or by a particular 'trigger'. The trigger could be a specific date, or the number of times the virus has been replicated, or anything equally trivial. Some examples of file viruses are Randex, Meve and MrKlunky.

Boot Sector Viruses



A boot sector virus affects the boot sector of a hard disk, which is a very crucial part. The boot sector is where all information about the drive is stored, along with a program that makes it possible for the operating system to boot up. By inserting its code into the boot sector, a virus guarantees that it loads into memory during every boot sequence.

A boot virus does not affect files; instead, it affects the disks that contain them. Perhaps this is the reason for their downfall. During the days when programs were carried around on floppies, the boot sector viruses used to spread like wildfire. However, with the CD-ROM revolution, it became impossible to infect pre-written data on a CD, which eventually stopped such viruses from spreading. Though boot viruses still exist, they are rare compared to new age malicious software. Another reason why they're not so prevalent is that operating systems today protect the boot sector, which makes it difficult for them to thrive. Examples of boot viruses are Polyboot.B and AntiEXE.

Multipartite Viruses



Multipartite viruses are a combination of boot sector viruses and file viruses. These viruses come in through infected media and reside in memory. They then move on to the boot sector of the hard drive. From there, the virus infects executable files on the hard drive and spreads across the system. There aren't too many multipartite viruses in existence today, but in their heyday, they accounted for some major problems due to their capacity to combine different infection techniques. A significantly famous multipartite virus is Ywinz.

Macro Viruses



Macro viruses infect files that are created using certain applications or programs that contain macros. These include Microsoft Office documents such as Word documents, Excel spreadsheets, PowerPoint presentations, Access databases, and other similar application files such as Corel Draw, AmiPro, etc. Since macro viruses are written in the language of the application, and not in that of the operating system, they are known to be platform-independent they can spread between Windows, Mac, and any other system, so long as they're running the required application. With the ever-increasing capabilities of macro languages in applications, and the possibility of infections spreading over networks, these viruses are major threats.

The first macro virus was written for Microsoft Word and was discovered back in August 1995. Today, there are thousands of macro viruses in existence-some examples are Relax, Melissa.A and Bablas.

Network Viruses



This kind of virus is proficient in quickly spreading across a Local Area Network (LAN) or even over the Internet. Usually, it propagates through shared resources, such as shared drives and folders. Once it infects a new system, it searches for potential targets by searching the network for other vulnerable systems. Once a new vulnerable system is found, the network virus infects the other system, and thus spreads over the network. Some of the most notorious network viruses are Nimda and SQLSlammer.

E-mail Viruses



An e-mail virus could be a form of a macro virus that spreads itself to all the contacts located in the host's email address book. If any of the e-mail recipients open the attachment of the infected mail, it spreads to the new host's address book contacts, and then proceeds to send itself to all those contacts as well. These days, e-mail viruses can infect hosts even if the infected e-mail is previewed in a mail client. One of the most common and destructive e-mail viruses is the ILOVEYOU virus.

There are many ways in which a virus can infect or stay dormant on your PC. However, whether active or dormant, it's dangerous to let one loose on your system, and should be dealt with immediately.

tailhook123 31May2007 02:27

Re: Types of Viruses
 
The e-mail viruses you talk about are actually worms.

The difference is that a worm is self-encapsulated. A VB Script which passes itself via email for instace. A virus is a program which attaches itself to another program such that when its run.. the virus gets run followed by the original code.

so if I have a program

<START> <PROGRAM> <END>

a virus will plant itself like this:

<START><VIRUS><PROGRAM><END>

and be designed to be transparent such that it doesn't reveal itself to the user. The VIRUS itself is usually broken up into:

<<REPLICATE> <DETONATOR> <PAYLOAD>>

It'll first attempt to replicate itself once when the program is run.. then it will check if the detonator conditions have been met... and if so it will run the Payload(i.e. mess your system up). If not, it'll return control back to the original program at its entry point.

SpOonWiZaRd 6Jun2007 15:21

Re: Types of Viruses
 
Cool...

But isnt a WORM (Write Once Read Many) also a type of virus that spread accross a network?

Astalavista! :D

tailhook123 6Jun2007 20:34

Re: Types of Viruses
 
Quote:

Originally Posted by SpOonWiZaRd
Cool...

But isnt a WORM (Write Once Read Many) also a type of virus that spread accross a network?

Astalavista! :D

A Computer Worm has nothing to do with the acronym you posted above. Not sure where you got that but it has no relevance.

The only thing a worm and a virus have in common is that they replicate. The difference is that a worm replicates itself across a network to do its damage while a virus works within a file system.

SpOonWiZaRd 7Jun2007 16:41

Re: Types of Viruses
 
Hi

Thanx for the information...

I got that acronym when I did my A+ International, N+ international, Inet+ International, Server+ International, MCSE International, Security+ and ICDL... LPIC (Linux Professional Intitute Certification) did not state that and MCDST aswell did not state that, CCNA also did not state that acronym and nor did SQL Server or ICDL...

Just wanted to tell you that I got That WORM (Write Once Read Many) from those qualifications...

Astalavista! :D


All times are GMT +5.5. The time now is 05:26.