Types Of Virus
The terms “virus” and “malware” are often used interchangeably, but they’re not the same thing. That is not true, a computer virus is a type of malware but not all malware are computer viruses. A virus lies dormant until it is activated due to its design. This contrasts with a worm, which can execute on its own with no human intervention. You can accidentally download a virus to your PC, but it will not do any harm until you run the file or open the document it’s embedded in. At that time when virus code is activated, it can execute payload, which might include stealing passwords, emailing itself to the contacts in your address book, or taking over your PC in a ransom attack. The pure computer viruses are very uncommon today, comprising less than 8% of all malwares. It is a good thing though as Viruses are the only type of malware that “infects” other files in the device. This trait makes them particularly hard to clean up because they get executed from a legitimate program. Even the best antivirus in the market struggle with doing it correctly and in most of the cases will simply quarantine or delete the infected file instead.
We don’t know what kind of challenges viruses of either type will cause in the future, but understanding how they infect, the symptoms they induce, how they spread, and the damage they can cause can help us fight both. Some viruses use different stealth strategies to avoid their detection from anti-virus software. For eg. some can infect files without increasing their sizes, while others try to evade detection by killing the tasks associated with the antivirus software itself before they can be detected. Some old viruses make sure that the “last modified” date of a host file stays the same when they infect the file. Pretty smart huh?
As promised we have covered important types of Virus and its behavior characteristics to understand attack vector and impact magnitude.
- Boot Sector Virus – It is one of the oldest forms of computer virus. At the time of your start up time of your PC, it infects the boot sector of floppy disks (I know..pretty old, who the hell uses them now?) or the Master Boot Record(MBR). Boot sector viruses infect the boot sector or the partition table of a disk. The Boot sector comprises all the files which are required to start the Operating system of the computer. A boot attempt does not have to be successful for the virus to infect the computer hard drive. Once a computer is infected, boot sector viruses usually attempt to infect every disk accessed on the infected device. Usually, a boot sector virus can be successfully removed. The virus either overwrites the existing program or copies itself to another part of the disk.
- Direct Action Virus – When a virus attaches itself directly to a .exe or .com file and enters the device while its execution is called a Direct-Action Virus. A direct action virus is a type of file infector virus that works by attaching itself to an .exe or .com file when installed or executed. Once this occurs, the virus can spread to other existing files and can make them un-usable. It gets installed when a user executes or launches a specific infected program. The direct-action virus can hinder your ability to access files on your computer, they are not usually able to delete files entirely and can be removed with an anti-virus program. If it gets installed in the memory, it keeps itself hidden. It is notorious as it can affect any number of other programs and files stored in the computer. It is also known as Non-Resident Virus.
- Resident Virus – A virus which saves itself in the memory of the computer and then infects other files and programs that is run by the computer, depending on the virus programming. Depending on the code, it can infect any file run by the computer. A resident virus will load its replication module onto memory partitions, so it does not have to be executed for it to infect other files in the device, rather it gets triggered whenever the operating system loads or operates a specific function. This virus may be one of the worst kind of virus as it even attaches itself to anti-virus applications, thereby allowing it to infect any file scanned by the program. This virus can easily infect other files because it is hidden in the memory and is hard to be removed from the system.
- Multipartite Virus – A hybrid virus which can attack both, the boot sector and the executable files simultaneously. It is a fast-moving virus that uses file infectors or boot infectors to attack the boot sector and executable files simultaneously of an already infected computer. When the boot sector is infected, simply turning on the computer will trigger a boot sector virus because it latches on to the hard drive that contains the data that is needed to start the computer. Once the virus has been triggered, destructive payloads are launched throughout the program files. If a multipartite virus attacks your system, you are at a risk of cyber threat. A multipartite virus infects computer systems multiple times and at different times. For it to be eradicated, the entire virus must be removed from the system.
- Overwrite Virus – One of the most harmful viruses, they are called “overwrite viruses” because they overwrite your computer’s original data. It is a malicious program which, after infection overwrite the existing code. The virus can completely remove the existing program and replace it with the malicious code causing irreparable damages to your computer system and files. If your computer is infected with an overwrite virus, you may lose some of the data stored on it. Whenever the overwrite virus replicates itself, it will delete some of your data. If an overwrite virus spreads to a file containing sensitive data about your business’s customers, you will lose that data. The data in file will be replaced with the virus’s code. Gradually it can completely replace the host’s data or programming code with the harmful code. The fact that this deadly virus can exploit DOS platforms including Windows, Linux, and Macintosh gives it more reach
- Polymorphic Virus – Imagine a threat that can adapt to every form of defence you throw at it, a threat that constantly keeps changing to avoid detection, a threat that is relentless and restless. This is the stark reality of the threat the polymorphic virus poses to your computing devices and personal data. Polymorphic viruses are complex file infectors that change physical forms (like literally a shapeshifter) after every infection and retains the same routine. These typically encrypt their codes during each infection, altering their physical file makeup by varying the encryption keys every time. This ability renders signature-based security useless, and the threat continues to increase in intensity Spread through spam and infected websites, the polymorphic virus are file infectors which are complex and are tough to detect. They create a modified or morphed version of the existing program and infect the system and retain the original code. It evades and outwit your computer’s defences and eventually sabotage your system
- File Infector Virus – As the name suggests, a file infector virus is a type of virus that typically attaches itself to a executable code, such as computer games and word processors. They generally copy their code onto executable programs such as .COM and .EXE files. Once the virus has infected a file, it can propagate itself to other programs, and even into other networks that utilize the infected files and programs. it first infects a single file and then later spreads itself to other executable files and programs. Moreover, a severe form of file-infecting virus can also completely reformat a hard drive. It infects executable files with the intent to cause permanent damage or make them unusable. A file-infecting virus overwrites code or inserts infected code into an executable file. This type of virus can infect a number of operating systems, including Macintosh, Windows, and Unix.
- Spacefiller Virus – A virus that tries to attack devices by filling the empty spaces present in various files. That’s why this rare form of computer virus is also addressed as a Cavity Virus. It is known as cavity virus. It will neither affect the size of the file nor can be detected easily. The working strategy of the Cavity virus is quite different from any other computer virus. A normal computer virus simply attaches a program code to a file which increases the file size, this also increases the chances of detection. However, on the other hand, a Spacefiller Virus strategically occupies the empty packets present in the files. Since the file size remains the same the virus can easily save itself from getting caught by antivirus software. Because of the difficulty of writing this type of virus and the limited number of possible hosts, cavity viruses are rare, however a new Windows file format known as Portable Executable (PE) is designed to make loading and running programs faster. While a great achievement, the implementation has the effect of leaving potentially large gaps in the program file. A spacefiller virus can find these gaps and insert itself into them easily.
- Macro Virus – A virus written in the same macro language as used in the software program and infects the computer if a word processor file is opened. Mainly the source of such viruses are via emails. Microsoft Word and Excel are two examples of applications that feature powerful macro languages. The languages are embedded in documents. This allows them to run automatically when the documents are open. A macro virus infects a software program and causes a series of actions to begin automatically when the program is opened. Macro viruses originate on the internet and infiltrate programs already stalled on a person’s computer. Unlike other virus types, macro viruses are not specific to an operating system and spread with ease via email attachments, Web downloads, file transfers, and cooperative applications.
Read the parent article about Computer Virus here.