Virus
Definitions - here are a few of the most common viruses that are likely to
affect your system
The Classic Virus -
The definition of a virus is simply a self replicating program that can
"infect" other computer programs. A virus's ability to replicate itself and
spread to other computers often relies on its ability to stay undetected.
The more malicious and destructive it is, the more attention it draws to
itself, and the more likely it is to be discovered and eradicated.
Successful viruses try to stay undetected and replicate themselves as much
as possible before actually delivering their final payload. Newer forms of
malware that spread rapidly via e-mail and the internet may be configured to
disable its host system immediately to prevent the user from warning the
people on their contact list not to open the e-mail that triggered their
infection.
Boot Sector Virus - These were common in the mid 1990's when floppy disks
were the primary method for sharing files. A boot sector virus infects the
master boot record (MBR) of a floppy disk, and then spreads to a users hard
drive whenever the floppy disk is accessed, or if the system is booted from
the infected disk. Once the users hard drive is infected, the virus
will infect every floppy disk that is inserted into the PC and continue
spreading itself until it is discovered.
Companion (Spawning) Viruses - Companion viruses take advantage of a
quirk in MS DOS based operating systems, and use malicious files with .COM
extension, instead of actually infecting .EXE or executable files. When you
type in a command by referencing its filename without specifying the
extension, the operating system "fills in" the extension for you and
executes any .COM file before using it's equivalent .EXE file. A companion
viruses creates copies of itself using the names of real .EXE files
found on the PC (for example PROGRAM.EXE), and renames the infected file
PROGRAM.COM. This tactic has also been used to create other forms of
non-viral (non replicating) malware.
File Infecting/Parasitic Viruses - These viruses infect programs files
such as those with .EXE, .SYS, .PRG, .BAT, and other extensions. Virus
writers may insert code at either the beginning or the end of a program so
that it is launched whenever the program is executed, or simply overwrite
code in an executable to avoid changing the size of the original file and
hopefully escape detection.
Macro and scripting viruses - Macro Viruses exploit the scripting
functionality that Microsoft built into its Office productivity suite,
including the popular Outlook mail program. Macros are small scripts
imbedded into Word or Excel that allow routine tasks to be automated. Once
an infected file is launched, the macro replicates itself to all similar
documents and spreads rapidly through the network. Variants have been known
to infect the document templates used to create new documents, or make
subtle (and hard to detect) changes in spreadsheets and other data fields.
Although the vast majority of macro viruses are written for Microsoft
Office, a few "proof of concept" viruses have also been written for AutoCAD
and Corel Office Suites. Scripting Viruses use the same programming
languages that are seen in Macro Viruses (Visual Basic for Applications,
JavaScript), however they are not embedded into a file and may be used as
Trojan.
Multi-partite - Also called dual infectors, these viruses use more than
one mechanism to spread themselves and infect other systems. Earlier
versions infected both the data on a disk as well as the Master Boot Record.
Modern versions (such as MTX) spread as a Trojan, a file virus, and a non
parasitic worm.
Polymorphic - A polymorphic virus alters its code and produces a
functional variation of itself in the hope of escaping detection. The
polymorphism concept has also been used by modern e-mail worms (such as
LoveBug) that use variable subject lines and filenames in order to foil
attempts to block them at mail gateways.
Retrovirus - A virus that attacks or disables antivirus programs.
Worms - Worms are computer programs that replicate themselves across
network connections, without modifying or attaching themselves to a host
program. Some experts consider worms as a special type of virus instead of
giving them their own category, however the classifications that
traditionally separate worms and viruses are beginning to blur. Many of the
more modern variants that are commonly described as worms, can also be
classified as viruses or worm/virus hybrids.
Trojans - Trojans are programs that claim to be one thing (usually
appearing harmless), but carry an undesirable and often destructive payload.
Just like the original wooden horse, Trojans are a delivery vehicle for
other forms of malware and often rely on a bit of social engineering to
trick a user into actually launching the program. In the past, Trojan
programs were considered "non replicating malware" because they simply
launched their payload and that was it. Modern variants blur this
distinction and are used to launch worms and worm/virus hybrids that can
quickly overwhelm corporate e-mail systems.
Other forms of Malware
As mentioned earlier, viruses, worms, and Trojans aren't the only forms of
malicious software. There are a number of non-replicating forms of malware
that are designed to destroy or steal data, open backdoors into systems,
disable networks, or hijack remote systems. Many of the following bits of
malware are used as the payload for a Trojan program, but may also be
distributed manually by individuals with physical access to a PC or network,
or inserted into an unprotected PC that operates with a full time internet
connection.
DDoS Agents - A denial of service attack attempts to overwhelm a network
or system resource in order to deny legitimate users access to that
resource. In order to accomplish this goal on a large target (such as
mainstream website), hundreds or even thousands of computers are required in
what is known as a distributed denial of service attack or DDoS. Hackers
"recruit" computer systems to help them in their attacks by sending out
Trojan programs that install agents on the affected PC. These agents lay
relatively dormant until they receive further instructions from the hacker's
computer (usually a very small bit of code), and then begin flooding the
network (or a specific target) with garbage traffic.
Logic Bombs - This type of malware waits for a specific trigger (such as
a date or sequence of events) to launch and has been a common tactic of
virus writers for years. For hackers and disgruntled employees, it is an
effective way of delivering a destructive payload long after they've left
and cleaned up their tracks.
Password Stealers and Keystroke Loggers - There are a number of third
party programs that are written to capture a users keystrokes, write the
data to a log and then send the log to a remote location or e-mail address.
These are often difficult to locate, and may not be detected by anti-virus
software (although many are).
Parasite Software / Spyware - Some shareware, freeware, and adware
programs are being packaged with additional software that can monitor your
browsing habits, and even sell your unused CPU time and unused disk space to
other vendors which in the process also consumes your network resources. Of
course the legal tools that allow these vendors to do this are buried in the
end user license agreement that no one actually reads.
Remote Access Tools (RATs) - Also known as "backdoor agents", these tools
give hackers a way into a trusted system that exists on a network. In
addition, these programs often notify the controlling computer when they're
active, provide information on what processes are running, and allow the
intruder to install other malware such as password stealers. Not to be
confused with remote desktop, remotescope or VNC used for administration by
many companies.
[BACK] |