The continuing growth of the number of pc users over the last 25 years
triggered a small group of people to get down with something that today
many find foolish and dangerous : they decided to develop programs that
would make the computer "go crazy" or even mulfunction for a certain
period of time, either for the laugh of it, or, maybe, just to harm the
computer of someone they really dislike! Still, if you find out today
that your computer has a virus, you will probably panic .. And you will
be right, cause most of the 75-80,000 viruses these days are certainly
NOT something to laugh with!
What is a computer virus
A sequence (or a series of them) of symbols, that when executed
under certain circumstances or a certain operating system, they create
an exact replicate of the sequence, which they install into the hard
disk or diskette. The installation usually takes place inside a
directory commonly used. Of course, a virus may also have a payload
function, by which it will damage the infected computer.
TYPES OF MALWARE
Trojan horses / Backdoor programs
They are surely the most famous type of viruses. They include a
code, upon the execution of which, the host computer becomes valnerable
to a malicious remote user. Hacker-wannabies and "lamers" usually use
these viruses to "hack" :P other users. But that's not all … Some
trojans and backdoors may even delete important files of the hard disk,
or even format it. Fortunately, they cannot reproduce and for this
reason many do not even consider them as "real" viruses.
Polymorphic
We call polymorphic a virus that hides its destructive code within
the infected file in several different ways. The particular type of
viruses is more difficult for the antivirus programs to detect, since
there barely is a same routine inside each virus sample.
Stealth viruses
They use the memory interrupts of the computer. Once a program calls
a memory interrupt, the virus gets activated instead of the program
itself. Stealth viruses perform one more function. They are capable of
hiding from antivirus programs. That means, whenever they detect a scan
function by the antivirus program, they temporarily restore the
original non-infected file, so that the antivirus program will believe
that there is are no viruses inside the system. Once the antivirus has
finished its scan, they infect the file again. The specific method of
hiding is often called "tunnelingâ€
Parasitic a.k.a. Appending viruses
They are called parasitic cause they infect the original file,
copying the destructive code within it, without making the original
file irrepairable. Once the user executes the infected file, the virus
is activated without letting the original function of the file to be
executed.
Overwriting viruses
The simplest way for a virus to infect a computer is to merge itself
with a well-known file. This way the original file CANNOT be restored.
Some of these viruses have the ability not to alter the original
filesize, so that some antivirus programs will not see the difference
in the original file. Nevertheless, most coders do not make such type
of viruses anymore.
Companion viruses
They are viruses that are executed usually under MS-DOS. When the
user types a DOS command (e.g. "edit") and the file edit.exe is not
present, the OS will execute the file edit.com, which really is the
virus itself. Still, if the user types "edit", the OS will execute the
virus (edit.com) and not edit.exe, which is the real editing program!
Retro viruses
They are viruses that do nothing but "fight" a specific antivirus
program, meaning that if they detect it inside the hard disk, they will
delete all components of it.
Logic bombs
They are viruses that activate upon a certain trigger date, e.g. at
14.00 of 13 of September. They usually have a destructive payload, such
as deleting files.
Droppers
They are executable files that contain the proper commands to create
a virus inside the pc but do not include a virus themselves. They are
harder to detect than a normal virus.
Worms
They are called worms because they are usually found in computer
networks. They use the Internet as a medium to spread (emails, irc chat
etc).
Boot sector viruses
These viruses infect the boot area of the hard disk or diskette.
They are the ones to blame for most infection worldwide. You do not
have to have an MS-DOS based OS in your pc to activate such a virus,
since they do not make such .. discriminations. E.g. although the
Michelangelo virus cannot spread using Windows NT, he still can wipe
out the contents of the hard disk on March 6th!
Direct action viruses
These viruses just execute their destructive payload and are not memory resident.
Macro viruses
They are the well-known viruses that infect using a macro-command.
They harm only Word, Excel, Office, PowerPoint and Access files. They
are very easy to spread. Most typical example you can find is Microsoft
itself, who - is believed to - had a macro-virus inside the first
edition of MS Office ‘97.
Multi Platform viruses
They are viruses that affect on more that one operational systems.
Usually, a virus that affects Windows OS, cannot harm an Apple pc.
Note :
The above article was published in E-Net magazine (issue 06-2001) at an exclusive cooperation with the webmaster of virus.gr and naturally, all copyrights belong to him and not to the specific magazine.
