Просмотр полной версии : Different Types of Computer Viruses

Ultima Weapon
01.12.2007, 12:39
Different Types of Computer Viruses

There are Different Types of Computer Viruses could be classified in (origin, techniques, types of files they infect, where they hide, the kind of damage they cause, the type of operating system or platform they attack) etc

Computer Virus is a kind of malicious software written intentionally to enter a computer without the user’s permission or knowledge, with an ability to replicate itself, thus continuing to spread. Some viruses do little but replicate others can cause severe harm or adversely effect program and performance of the system. A virus should never be assumed harmless and left on a system. Most common types of viruses are mentioned below:

Resident Viruses
This type of virus is a permanent which dwells in the RAM memory. From there it can overcome and interrupt all of the operations executed by the system: corrupting files and programs that are opened, closed, copied, renamed etc.

Examples include: Randex, CMJ, Meve, and MrKlunky.

Direct Action Viruses
The main purpose of this virus is to replicate and take action when it is executed. When a specific condition is met, the virus will go into action and infect files in the directory or folder that it is in and in directories that are specified in the AUTOEXEC.BAT file PATH. This batch file is always located in the root directory of the hard disk and carries out certain operations when the computer is booted.

Overwrite Viruses
Virus of this kind is characterized by the fact that it deletes the information contained in the files that it infects, rendering them partially or totally useless once they have been infected.

The only way to clean a file infected by an overwrite virus is to delete the file completely, thus losing the original content.

Examples of this virus include: Way, Trj.Reboot, Trivial.88.D.

Boot Virus
This type of virus affects the boot sector of a floppy or hard disk. This is a crucial part of a disk, in which information on the disk itself is stored together with a program that makes it possible to boot (start) the computer from the disk.

The best way of avoiding boot viruses is to ensure that floppy disks are write-protected and never start your computer with an unknown floppy disk in the disk drive.

Examples of boot viruses include: Polyboot.B, AntiEXE.

Macro Virus
Macro viruses infect files that are created using certain applications or programs that contain macros. These mini-programs make it possible to automate series of operations so that they are performed as a single action, thereby saving the user from having to carry them out one by one.

Examples of macro viruses: Relax, Melissa.A, Bablas, O97M/Y2K.

Directory Virus
Directory viruses change the paths that indicate the location of a file. By executing a program (file with the extension .EXE or .COM) which has been infected by a virus, you are unknowingly running the virus program, while the original file and program have been previously moved by the virus.

Once infected it becomes impossible to locate the original files.

Metamorphic Virus
Metamorphic Viruses can reprogram itself. Often, it does this by translating its own code into a temporary representation, edit the temporary representation of itself, and then write itself back to normal code again. This procedure is done with the virus itself, and thus also the metamorphic engine itself undergoes changes. This is used by some viruses when they are about to infect new files, and the result is that the "children" will never look like their parents. The computer viruses that use this technique do this in order to avoid the pattern recognition of anti-virus software: the actual algorithm does not change, but everything else might.A metamorphic virus rewrites itself completely each time it infects a new executable. This strategy requires the virus to include a metamorphic engine, making it large and complex, but also very difficult to detect. An example of a metamorphic virus is Win95.Zmist.A.

Metamorphic code is more effective than polymorphic code. This is because most anti-virus software will try to search for known virus-code even during the execution of the code. Whether Heuretics & proactive defense & behavioral analysis can effectively stop these next generation of mallware, that remains to be seen. A metamorphic virus thwarts detection by signature-based(static)AVtechnologies by morphing its
code as it propagates. The virus can also thwart detection by emulation-based (dynamic) technologies.

There may be a chance that even HIPS cannot stop metamorphic viruses.To avoid being detected by emulation, some viruses rewrite themselves completely each time they are to infect new executables. Viruses that use this technique are said to be metamorphic. To enable metamorphism, a metamorphic engine is needed. A metamorphic virus is usually very large and complex. For example, W32/Simile consisted of over 14000 lines of Assembly language code, 90% of it is part of the metamorphic engine.[4]

Polymorphic Virus a polymorphic virus infects files with modified (usually encrypted) operational versions of itself, which it decrypts before executing. The virus and the decryption module are both modified on each execution, thus making it difficult to detect. The "Dark Avenger's Mutation Engine" (also known as MTE or DAME) has been released by virus writers to add this capability to any virus, but is now detectable by most antivirus tools.
Polymorphic viruses encrypt or encode themselves in a different way (using different algorithms and encryption keys) every time they infect a system.

This makes it impossible for anti-viruses to find them using string or signature searches (because they are different in each encryption) and also enables them to create a large number of copies of themselves.

Examples include: Elkern, Marburg, Satan Bug, and Tuareg.

File Infectors
This type of virus infects programs or executable files (files with an .EXE or .COM extension). When one of these programs is run, directly or indirectly, the virus is activated, producing the damaging effects it is programmed to carry out. The majority of existing viruses belong to this category, and can be classified depending on the actions that they carry out.

Companion Viruses
Companion viruses can be considered file infector viruses like resident or direct action types. They are known as companion viruses because once they get into the system they "accompany" the other files that already exist. In other words, in order to carry out their infection routines, companion viruses can wait in memory until a program is run (resident viruses) or act immediately by making copies of themselves (direct action viruses).

Some examples include: Stator, Asimov.1539, and Terrax.1069

FAT Virus
The file allocation table or FAT is the part of a disk used to connect information and is a vital part of the normal functioning of the computer.
This type of virus attack can be especially dangerous, by preventing access to certain sections of the disk where important files are stored. Damage caused can result in information losses from individual files or even entire directories.

A worm is a program very similar to a virus; it has the ability to self-replicate, and can lead to negative effects on your system and most importantly they are detected and eliminated by antiviruses.

Examples of worms include: PSWBugbear.B, Lovgate.F, Trile.C, Sobig.D, Mapson.

Trojans or Trojan Horses
Another unsavory breed of malicious code are Trojans or Trojan horses, which unlike viruses do not reproduce by infecting other files, nor do they self-replicate like worms.

Logic Bombs
They are not considered viruses because they do not replicate. They are not even programs in their own right but rather camouflaged segments of other programs.

Their objective is to destroy data on the computer once certain conditions have been met. Logic bombs go undetected until launched, and the results can be destructive.

Source: http://www.buzzle.com/

Ultima Weapon
03.12.2007, 13:00
Antivirus Killer Virus or Retro Virus
Based on the biological term retrovirus, a computer retrovirus is one that actively seeks out an antivirus program on a computer system and attacks it. A retrovirus will attempt to disable and infect the antivirus software in order to avoid detection in the computer system. Also called anti-antivirus virus.

03.12.2007, 14:50
Antivirus Killer Virus or Retro Virus
Based on the biological term retrovirus, a computer retrovirus is one that actively seeks out an antivirus program on a computer system and attacks it. A retrovirus will attempt to disable and infect the antivirus software in order to avoid detection in the computer system. Also called anti-antivirus virus.
Haven't heard of this one. Anyone seen one?

Ultima Weapon
04.12.2007, 06:07
Stealth viruses: These viruses use certain techniques to avoid detection. They may either redirect the disk head to read another sector instead of the one in which they reside or they may alter the reading of the infected file’s size shown in the directory listing. For instance, the Whale virus adds 9216 bytes to an infected file; then the virus subtracts the same number of bytes (9216) from the size given in the directory.

Worms have the ability to easily and quickly duplicate themselves, occupying tremendous amounts of computer resources while it wreaks havoc on your computer and network.

If you want to protect yourself from computer viruses such as the types listed above. It is absolutely essential that you obtain the best protection software available. Money need not be an obstacle for effective protection; there are many high quality free programs available. It's important to make sure your anti-virus software is as up to date as possible, as new infections are discovered each day. You may also want to invest in a firewall that helps prevent other people accessing your computer. Once a computer is infected with a virus, it is unsafe to keep using this system; it can damage files and send to your contacts through email. You should also make regular backups of your data and keep this unconnected to your system, to restore your files if necessary.
Worms rapidly spreads through a Local Network Area (LAN), and sometimes throughout the internet. Generally, network viruses multiply through shared resources, i.e., shared drives and folders. When the virus infects a computer, it searches through the network to attack its new potential prey. When the virus finishes infecting that computer, it moves on to the next and the cycle repeats itself. The most dangerous network viruses are Nimda and SQLSlammer.

Multipartite Viruses

Multipartite viruses are spreaded through infected media and usually hides in the memory. Gradually, the virus moves to the boot sector of the hard drive and infects executable files on the hard drive and later across the computer system.

Script Viruses
A subset of file viruses these are written in a variety of script languages like Javascript, VBS, BAT, PHP etc… They are also able to infect other file formats such as HTML (if the file format allows script execution)

Email Viruses
Email viruses are different types of viruses, which uses email messages to transport, and can automatically send itself to hundreds, and thousands of people depending on whose email address they victimize. There are certain basic rules that you can follow which will help you to avoid email viruses. Some of them include never open any attachment unless you know the sender and you were expecting it. If you happen to receive a particular email message with an attachment from someone you don't know you should delete it immediately and never open it. Always use antivirus software and remember to constantly check f or updates.Always let someone know when you will be sending them an attachment in an email so that they can be expecting it; and always use spam filters to block unwanted and unrecognizable mail.

Ultima Weapon
05.12.2007, 05:32
Haven't heard of this one. Anyone seen one?

Read this article below for more details about this threat.It is old now & not updated.
I personally encountered this threat once it defeated nod32 v2.7. killing it. So I assure you it exist but quite rare & not common. Latest news I hear mallware makers are trying to create a hybrid " Metamorphic Antivirus Killer Virus" I think all security software vendors better be careful.


05.12.2007, 09:13
wow that's really old