:: Virusfixer.co.uk - rid your machine and systems of Viruses

Virus Definitions - here are a few of the most common viruses that are likely to affect your system

The Classic Virus - The definition of a virus is simply a self replicating program that can "infect" other computer programs. A virus's ability to replicate itself and spread to other computers often relies on its ability to stay undetected. The more malicious and destructive it is, the more attention it draws to itself, and the more likely it is to be discovered and eradicated. Successful viruses try to stay undetected and replicate themselves as much as possible before actually delivering their final payload. Newer forms of malware that spread rapidly via e-mail and the internet may be configured to disable its host system immediately to prevent the user from warning the people on their contact list not to open the e-mail that triggered their infection.

Boot Sector Virus - These were common in the mid 1990's when floppy disks were the primary method for sharing files. A boot sector virus infects the master boot record (MBR) of a floppy disk, and then spreads to a users hard drive whenever the floppy disk is accessed, or if the system is booted from the infected disk. Once the users hard drive is infected, the virus will infect every floppy disk that is inserted into the PC and continue spreading itself until it is discovered.

Companion (Spawning) Viruses - Companion viruses take advantage of a quirk in MS DOS based operating systems, and use malicious files with .COM extension, instead of actually infecting .EXE or executable files. When you type in a command by referencing its filename without specifying the extension, the operating system "fills in" the extension for you and executes any .COM file before using it's equivalent .EXE file. A companion viruses creates copies of itself using the names of real .EXE files found on the PC (for example PROGRAM.EXE), and renames the infected file PROGRAM.COM. This tactic has also been used to create other forms of non-viral (non replicating) malware.

File Infecting/Parasitic Viruses - These viruses infect programs files such as those with .EXE, .SYS, .PRG, .BAT, and other extensions. Virus writers may insert code at either the beginning or the end of a program so that it is launched whenever the program is executed, or simply overwrite code in an executable to avoid changing the size of the original file and hopefully escape detection.

Macro and scripting viruses - Macro Viruses exploit the scripting functionality that Microsoft built into its Office productivity suite, including the popular Outlook mail program. Macros are small scripts imbedded into Word or Excel that allow routine tasks to be automated. Once an infected file is launched, the macro replicates itself to all similar documents and spreads rapidly through the network. Variants have been known to infect the document templates used to create new documents, or make subtle (and hard to detect) changes in spreadsheets and other data fields. Although the vast majority of macro viruses are written for Microsoft Office, a few "proof of concept" viruses have also been written for AutoCAD and Corel Office Suites. Scripting Viruses use the same programming languages that are seen in Macro Viruses (Visual Basic for Applications, JavaScript), however they are not embedded into a file and may be used as Trojan.

Multi-partite - Also called dual infectors, these viruses use more than one mechanism to spread themselves and infect other systems. Earlier versions infected both the data on a disk as well as the Master Boot Record. Modern versions (such as MTX) spread as a Trojan, a file virus, and a non parasitic worm.

Polymorphic - A polymorphic virus alters its code and produces a functional variation of itself in the hope of escaping detection. The polymorphism concept has also been used by modern e-mail worms (such as LoveBug) that use variable subject lines and filenames in order to foil attempts to block them at mail gateways.

Retrovirus - A virus that attacks or disables antivirus programs.

Worms - Worms are computer programs that replicate themselves across network connections, without modifying or attaching themselves to a host program. Some experts consider worms as a special type of virus instead of giving them their own category, however the classifications that traditionally separate worms and viruses are beginning to blur. Many of the more modern variants that are commonly described as worms, can also be classified as viruses or worm/virus hybrids.

Trojans - Trojans are programs that claim to be one thing (usually appearing harmless), but carry an undesirable and often destructive payload. Just like the original wooden horse, Trojans are a delivery vehicle for other forms of malware and often rely on a bit of social engineering to trick a user into actually launching the program. In the past, Trojan programs were considered "non replicating malware" because they simply launched their payload and that was it. Modern variants blur this distinction and are used to launch worms and worm/virus hybrids that can quickly overwhelm corporate e-mail systems.

Other forms of Malware
As mentioned earlier, viruses, worms, and Trojans aren't the only forms of malicious software. There are a number of non-replicating forms of malware that are designed to destroy or steal data, open backdoors into systems, disable networks, or hijack remote systems. Many of the following bits of malware are used as the payload for a Trojan program, but may also be distributed manually by individuals with physical access to a PC or network, or inserted into an unprotected PC that operates with a full time internet connection.

DDoS Agents - A denial of service attack attempts to overwhelm a network or system resource in order to deny legitimate users access to that resource. In order to accomplish this goal on a large target (such as mainstream website), hundreds or even thousands of computers are required in what is known as a distributed denial of service attack or DDoS. Hackers "recruit" computer systems to help them in their attacks by sending out Trojan programs that install agents on the affected PC. These agents lay relatively dormant until they receive further instructions from the hacker's computer (usually a very small bit of code), and then begin flooding the network (or a specific target) with garbage traffic.

Logic Bombs - This type of malware waits for a specific trigger (such as a date or sequence of events) to launch and has been a common tactic of virus writers for years. For hackers and disgruntled employees, it is an effective way of delivering a destructive payload long after they've left and cleaned up their tracks.

Password Stealers and Keystroke Loggers - There are a number of third party programs that are written to capture a users keystrokes, write the data to a log and then send the log to a remote location or e-mail address. These are often difficult to locate, and may not be detected by anti-virus software (although many are).

Parasite Software / Spyware - Some shareware, freeware, and adware programs are being packaged with additional software that can monitor your browsing habits, and even sell your unused CPU time and unused disk space to other vendors which in the process also consumes your network resources. Of course the legal tools that allow these vendors to do this are buried in the end user license agreement that no one actually reads.

Remote Access Tools (RATs) - Also known as "backdoor agents", these tools give hackers a way into a trusted system that exists on a network. In addition, these programs often notify the controlling computer when they're active, provide information on what processes are running, and allow the intruder to install other malware such as password stealers. Not to be confused with remote desktop, remotescope or VNC used for administration by many companies.

[BACK]