Computer virus
A computer virus refers to a malicious computer software program capable of replicating itself and then spreading from one computer to another and thus interferring with the normal operations of the machines. However, viruses do not always behave, replicate, or infect in similar ways. This is what brings about varied types of computer viruses and malware. In this respect, the impact of the computer virus ranges widely from a retarded system performance to deleting all files on the infected computer. As a matter of fact, the computer virus is indeed the most infamous type of malware that affect a computer system.
Types of Computer Virus
There exist different types of computer viruses which are categorized in respect of their origin, techniques or mechanisms of operations, types of files they often infect, their hiding location, the nature of damage they afflict on the computer systemm, the sort of operating system or platform they launch attack on, among other factors.
i. Boot Sector Virus: This is a computer virus with the ability to infect all forms of computer disks, hard disks being no exception. The boot sector is a portion in each disk that the computer operating systems set aside for the purpose of booting the computer. It contains a number of instructions that are person at every time that a computer system is either powered on or reset. In this respect, the boot sector virus is usually loaded first because the booting instructions are always processed before any other program is able to run. Boot sector virus were more common and problematic during the days when floppy disks were widely used. This was especially case because the boot sector of a floppy disk were designed to automatically read whenever the disk was inserted into the floppy drive of the computer. As such an infected floppy disk would pass on the virus when used on another program. Similary, a copy of the virus would be passed on any subsequent floppy disks that are inserted on the infected system. Common examples of boot sector virus include polyboot.B and AntiEXE. In order to avoid boot sector viruses, a computer user ought to make sure that floppy disks used are write-protected as well as take care not to start the computer while an strange floppy disk is inserted in disk drive.
Prevalence of computer viruses
ii. Parasitic viruses (also known as binary file infectors) – these types of computer viruses that usualy embed themselves in program files. This translates that the virus runs simultaneously with the program. Furthermore, while it is typical for other types of viruses to have been created so as it does not intefere with normal operations of the program, the parasitic viruses are acclaimed to have a tendency of loading a copy of themselves into the memory of the computer to the effect that they stay active long after the program has terminated. The virus thus monitors the system while active, searching for additional files to infect or perform other actions with utmost secrecy.
iii. Macro virus – This a type of computer virus with the expertise of taking advantage of programming languages that are in-built in majority of computer software packages. This virus infects files that have been created with such applications or programs that have macros such as word processing or spreadsheet file (Microsoft Word and Excel files respectively). Macro files have the advantage of being able to automate a number of operations to be performed singularly, saving the user the trouble of performing them one by one. In this respect, the macro viruses of these auto-execution potential of such applications by becoming active whenever the data file in which it is located is opened by a user. The virus, which is now expressed in a product’s macro language, is able to spread to other files and compromises the operation of the computer. In the recent past, macro viruses have established themselves as common computer viruses compared any other kind of viruses. Examples of macro viruses include Relax, Bablas, melissa.A, and 097M/Y2K.
Macros is today’s most common virus
iv. Stealth virus – this is a computer virus that tries to conceal its presence in such means as hiding the change in time and date as well as hiding an increase in the size of a file. In addition, others manage to prevent an antivirus software from effectively reading the section of file where the virus is located. Similarly, these viruses are also capable of encrptying the virus code with the help of a number of encryption mechanisms. They acquired their name from the stealth military technology.
v. Multipartite virus – this is a computer virus with the ability to infect both the application programs together with the boot sector. They also spread in as many ways possible and their actions often vary depending on the specific operating system in the infected computer as well as presence of particular files. Common examples of these viruses are Invader, Tequila, and Flip.
vi. Rootkit virus – this is a computer virus that is not detectable and which tries to afford a person the administrative rights of controlling a computer system. It gets its name from the linux administrator, root user. Typically, the rootkit virus is installed into the computer system by trojans and then disguise themselves as operating system files.
vii. Trojan Horses – this is a type of computer virus that disguises its real intention. This means that it takes the appearance of a program that has a vital and desired function. It may advertise its activities at launch, though the information is always not apparent to the computer user beforehand. It differs from other types of cpmputer viruses in the sense that it neither copies itself nor replicate. Nonetheless, it has the ability to cause serious damage or compromise the security of the computer system itself. Trojan horse are usually experienced as e-mail attachments with such intriguing or tempting names that attract the recipint to launch them. The malicious capability of a Trojan Horse may range from data destruction to providing a way for another strange computer to access the computer as it bypasses the normal set access controls. These viruses are named after a well-known hollow wooden horse that was used bu the Greek hero Ulysses to sneak his soldiers into one of the ancient cities by the name Troy.
viii. Polymorphic viruses – this is a computer virus that can be well described as a jack-of-all-trades. This is because it has the unique capability of mutating itself over a period of time or after ever execution. As it does this, it happens to change the code or digital signature used to give its payload. Alternatively, a polymorphic virus my be able to shield itself with the help of an encryption algorithm which automatically modifies itself when certain conditions are fulfilled. This renders the polymorphic virus difficult to detect using a less sophisticated antivirus software. However, they ar often detected by antivirus softwares using the particular code used. For example:
lots of encrypted code
…
Decryption_Code:
C = C + 1
A = Encrypted
Loop:
B = *A
C = 3214 * A
B = B XOR CryptoKey
*A = B
C = 1
C = A + B
A = A + 1
GOTO Loop IF NOT A = Decryption_Code
C = C^2
GOTO Encrypted
CryptoKey:
some_random_number
ix. Direct action virus – this is a computer virus that replicates and takes action when the file carrying it is executed. When a particular condition is fulfilled, the virus takes action and infects files located in the directory or the specific folder that it is in together with those directories specified by the AUTO-EXEC.BAT file path. Given that the batch file is found in the root directory of a computer hard disk, it tasked with performing specified operations when the system is booted. When the payload is delivered, the direct action virus then becomes dormant until an already infected file is opened another time. The Vienna virus is one of the most famous incidents where direct action viruses momentarily posed danger for computers in 1988.
x. Overwrite viruses – this is a virus that usually gets rid of information carried in the files it happens to infect. The one way to clean a file that has been infected with an overwrite virus is to delete the file altogether, meaning that the user loses the entire original content. Good examples of overwrite viruses are Trivial.88.D, Way, and Trj.Reboot.
xi. Companion Viruses – they are similar to direct action or resident types of computer viruses. Their name means that they accompany other files existing in the system once they find their way in. This means that a companion virus can lay in wait in the computer memory until that time that a program is executed (similar as resident virus), or swing to action instantly by making copies of itself (same as direct action virus). Examples of companion viruses would be Stator, Terrax.1069 and Asimov.1539.
xii. FAT Virus – This virus acts on the FAT section of the computer disk damaging vital information on it. FAT (File Allocation Table) is a section of a disk that is used to keep all the data abomut the location of files, available and unusable space, among other information. The FAT virus can be particularly dangerous as it hinders accesss to given parts of the disk where crucial files have been stored. As such the damage can easily result in loss of information such as individual files and entire directories.
xiii. Web Scripting Virus – most web pages have complex code that allow for creation of interesting and interactive information. For a user to display an online video in his browser would need execution of a unique code language which renders both the video itself as well as the player interface. This code is prone to malicious manipulation, which exposes a computere it to virus infection through a website.
xiv. Browser Hijacker – this a type of computer virus that often replicates itself in a host of ways such as voluntary download. It acts by hijacking certain browser functionalities especially in terms of re-directing the user to other undesired sites. Such viruses often have “search” option included in there descriptin. The most common example of a browser hijacker virus is the CoolWebSearch.
References:
