What is Virus??
A virus is a self-replicating program that produces its own copy by attaching itself to another program, computer boot sector or document.
- It infects other programs,
- Alters Data
- Transforms itself
- Encrypts Itself
- Corrupt files and Programs
- Self Propagates
Different types of Viruses:
Boot sector virus
A boot sector virus is a type of virus that infects the boot sector of floppy disks or the Master Boot Record (MBR) of hard disks (some infect the boot sector of the hard disk instead of the MBR). The infected code runs when the system is booted from an infected disk, but once loaded it will infect other floppy disks when accessed in the infected computer. While boot sector viruses infect at a BIOS level, they use DOS commands to spread to other floppy disks. For this reason, they started to fade from the scene after the appearance of Windows 95 (which made little use of DOS instructions). Today, there are programs known as ‘bootkits’ that write their code to the MBR as a means of loading early in the boot process and then concealing the actions of malware running under Windows. However, they are not designed to infect removable media.
The only absolute criteria for a boot sector is that it must contain 0x55 and 0xAA as its last two bytes. If this signature is not present or is corrupted, the computer may display an error message and refuse to boot. Problems with the sector may be due to physical drive corruption or the presence of a boot sector virus.
File overwriting or cavity Virus
Viruses use different strategies to infect host files. This article explains these strategies so that the infection type of viruses can be identified during analysis.
Depending on the file infection strategy it is sometimes possible to remove or disable the malicious code from an infected file. This process is called disinfection and performed by antivirus software. Disinfection does not necessarily restore the file to its original form.
Depending on the file infection strategy it is sometimes possible to remove or disable the malicious code from an infected file. This process is called disinfection and performed by antivirus software. Disinfection does not necessarily restore the file to its original form.
Crypter
A crypter is a type of software that can encrypt, obfuscate, and manipulate malware, to make it harder to detect by security programs. It is used by cybercriminals to create malware that can bypass security programs by presenting itself as a harmless program until it gets installed.
Polymorphic virus
Polymorphic viruses are complex file infectors that can create modified versions of itself to avoid detection yet retain the same basic routines after every infection. To vary their physical file makeup during each infection, polymorphic viruses encrypt their codes and use different encryption keys every time.
Polymorphic viruses rely on mutation engines to alter their decryption routines every time they infect a machine. This way, traditional security solutions may not easily catch them because they do not use a static, unchanging code. The use of complex mutation engines that generate billions of decryption routines make them even more difficult to detect.
Polymorphic viruses are usually distributed via spam, infected sites, or through the use of other malware. URSNIF, VIRLOCK, VOBFUS, and BAGLE or UPolyX are some of the most notorious polymorphic viruses in existence. When combined with other malicious routines, polymorphic viruses pose even greater risk to its victims. In March 2015, researchers found that VIRLOCK evolved to include ransomware routines, making it a challenge to detect and remove.
Polymorphic viruses rely on mutation engines to alter their decryption routines every time they infect a machine. This way, traditional security solutions may not easily catch them because they do not use a static, unchanging code. The use of complex mutation engines that generate billions of decryption routines make them even more difficult to detect.
Polymorphic viruses are usually distributed via spam, infected sites, or through the use of other malware. URSNIF, VIRLOCK, VOBFUS, and BAGLE or UPolyX are some of the most notorious polymorphic viruses in existence. When combined with other malicious routines, polymorphic viruses pose even greater risk to its victims. In March 2015, researchers found that VIRLOCK evolved to include ransomware routines, making it a challenge to detect and remove.
Tunnelling Virus
One method of virus detection is an interception program which sits in the background looking for specific actions that might signify the presence of a virus. To do this it must intercept interrupts and monitor what’s going on. A tunneling virus attempts to backtrack down the interrupt chain in order to get directly to the DOS and BIOS interrupt handlers. The virus then installs itself underneath everything, including the interception program. Some anti-virus programs will attempt to detect this and then reinstall themselves under the virus. This might cause an interrupt war between the anti-virus program and the virus and result in problems on your system.
Some anti-virus programs also use tunneling techniques to bypass any viruses that might be active in memory when they load.
Metamorphic virus
A metamorphic virus is one that can transform based on the ability to translate, edit and rewrite its own code. It is considered the most infectious computer virus, and it can do serious damage to a system if it isn't detected quickly. Antivirus scanners have a difficult time detecting this type of virus because it can change its internal structure, rewriting and reprogramming itself each time it infects a computing system. This is different from a polymorphic virus, which encrypts its original code to keep from being detected. Because of their complexity, creating metamorphic viruses requires extensive programming knowledge.
Macro Virus
A macro virus is a computer virus that replaces a macro, which is what enables a program to work and instigates a designated group of actions and commands. When these actions and commands are replaced by a virus, this can cause significant harm to a computer.
Macro viruses can be built into sophisticated applications such as those present in word processors in order to run programs so that they can be launched automatically. Because macro viruses replace prompt commands, word processors are especially vulnerable to these types of viruses. The language is built into the macros in order to hijack the commands, including necessary actions like opening up a document. Thus, through the simple action of opening a document, a macro virus can be launched. Macro viruses may be spread through email attachments, modems and on the Internet, networks, and disks.
Macro viruses can be built into sophisticated applications such as those present in word processors in order to run programs so that they can be launched automatically. Because macro viruses replace prompt commands, word processors are especially vulnerable to these types of viruses. The language is built into the macros in order to hijack the commands, including necessary actions like opening up a document. Thus, through the simple action of opening a document, a macro virus can be launched. Macro viruses may be spread through email attachments, modems and on the Internet, networks, and disks.
Cluster Virus
A cluster virus is a type of virus that ties its own execution to the execution of various software programs. These viruses typically work by changing directory or registry entries so that when someone starts a program, the virus will start as well.
Experts call this type of virus a cluster virus partly because it can load various directory pointers that make it look like every program on a disk is infected with the virus, when in fact, only one copy of the virus exists.
Experienced users can sometimes get around a cluster virus using the checkdisk utility and other elements of the operating system to diagnose and remove the virus. However, less savvy users can end up erasing vital program information through the use of operating system prompts.
One prominent example of a cluster virus is the Dir-2 virus. This is sometimes classified as a "stealth" virus because of some of its natural protections. This virus is commonly attributed to Bulgaria, and attacks various types of executable files.
Stealth/ tunnelling virus
In computer security, a stealth virus is a computer virus that uses various mechanisms to avoid detection by antivirus software. Generally, stealth describes any approach to doing something while avoiding notice. Viruses that escape notice without being specifically designed to do so -- whether because the virus is new, or because the user hasn't updated their antivirus software -- are sometimes described as stealth viruses too. Stealth viruses are nothing new: the first known virus for PCs, Brain (reportedly created by software developers as an anti-piracy measure), was a stealth virus that infected the boot sector in storage.
Extension Virus
Incorrect file associations could be the result of underlying issues within your PC system. As such it is highly recommended to scan your PC for invalid registry entries, unused processes and other unfavourable system settings to identify slowdown issues.
The VIRUS file type is primarily associated with 'F-Secure' by F-Secure. The F-Secure rescue CD will scan all connected disks and rename any suspected infected files with a .VIRUS file extension.
Metamorphic Virus
A metamorphic virus is one that can transform based on the ability to translate, edit and rewrite its own code. It is considered the most infectious computer virus, and it can do serious damage to a system if it isn't detected quickly. Antivirus scanners have a difficult time detecting this type of virus because it can change its internal structure, rewriting and reprogramming itself each time it infects a computing system. This is different from a polymorphic virus, which encrypts its original code to keep from being detected. Because of their complexity, creating metamorphic viruses requires extensive programming knowledge.
No comments:
Post a Comment