Types of Viruses

Viruses are classified according to two factors: what they infect and how they infect. A virus can infect the following components of a system:
  • System sectors
  • Files
  • Macros (such as Microsoft Word macros)
  • Companion files (supporting system files like DLL and INI files)
  • Disk clusters
  • Batch files (BAT files)
  • Source code
A virus infects through interaction with an outside system. Viruses need to be carried by another executable program. By attaching itself to the benign executable a virus can spread fairly quickly as users or the system runs the executable. Viruses are categorized according to their infection technique, as follows:
  • Polymorphic Viruses These viruses encrypt the code in a different way with each infection and can change to different forms to try to evade detection.
  • Stealth Viruses These viruses hide the normal virus characteristics, such as modifying the original time and date stamp of the file so as to prevent the virus from being noticed as a new file on the system.
  • Fast and Slow Infectors These viruses can evade detection by infecting very quickly or very slowly. This can sometimes allow the program to infect a system without detection by an antivirus program.
  • Sparse Infectors These viruses infect only a few systems or applications.
  • Armored Viruses These viruses are encrypted to prevent detection.
  • Multipartite Viruses These advanced viruses create multiple infections.
  • Cavity (Space-Filler) Viruses These viruses attach to empty areas of files.
  • Tunneling Viruses These viruses are sent via a different protocol or encrypted to prevent detection or allow it to pass through a firewall.
  • Camouflage Viruses These viruses appear to be another program.
  • NTFS and Active Directory Viruses These viruses specifically attack the NT file system or Active Directory on Windows systems.
An attacker can write a custom script or virus that won't be detected by antivirus programs. Because virus detection and removal is based on a signature of the program, a hacker just needs to change the signature or look of the virus to prevent detection. The virus signature or definition is the way an antivirus program is able to determine if a system is infected by a virus. Until the virus is detected and antivirus companies have a chance to update virus definitions, the virus goes undetected. Additional time may elapse before a user updates the antivirus program, allowing the system to be vulnerable to an infection. This allows an attacker to evade antivirus detection and removal for a period of time. A critical countermeasure to virus infection is to maintain up-to-date virus definitions in an antivirus program.
One of the most longstanding viruses was the Melissa virus, which spread through Microsoft Word Macros. Melissa infected many users by attaching to the Word doc and then when the file was copied or emailed, the virus spread along with the file.
Virus Hoaxes are emails sent to users usually with a warning about a virus attack. The Virus Hoax emails usually make outlandish claims about the damage that will be caused by a virus and then offer to download a remediation patch from well-known companies such as Microsoft or Norton. Other Hoaxes recommend users delete certain critical systems files in order to remove the virus. Of course, should a user follow these recommendations they will most certainly have negative consequences. Some of the most common virus hoaxes are shown in Table 5.1:
Table 5.1: Common Virus Hoaxes
 Open table as spreadsheet
This is a hoax that warned about a supposed virus discovered by Microsoft and McAfee named "Antichrist", telling the user that it is installed via an email with the subject line: "SURPRISE?!!!!!!!!!!" after which it destroys the zeroth sector of the hard disk, rendering it unusable.
Budweiser Frogs
Supposedly would erase the user's hard drive and steal the user's screen name and password.
Goodtimes virus
Warnings about a computer virus named "Good Times" began being passed around among Internet users in 1994. The Goodtimes virus was supposedly transmitted via an email bearing the subject header "Good Times" or "Goodtimes," hence the virus's name, and the warning recommended deleting any such email unread. The virus described in the warnings did not exist, but the warnings themselves, were, in effect, virus-like.
Invitation attachment (computer virus hoax)
Allright now/I'm just sayin
The invitation virus hoax involved an email spam in 2006 that advised computer users to delete an email, with any type of attachment that stated "invitation" because it was a computer virus.
The jdbgmgr.exe virus hoax involved an email spam in 2002 that advised computer users to delete a file named jdbgmgr.exe because it was a computer virus. jdbgmgr.exe, which had a little teddy bear-like icon (The Microsoft Bear), was actually a valid Microsoft Windows file, the Debugger Registrar for Java (also known as Java Debug Manager, hence jdbgmgr).
Life is beautiful
Life is wonderful
The hoax was spread through the Internet around January 2001 in Brazil. It told of a virus attached to an email, which was spread around the Internet. The attached file was supposedly called "Life is beautiful.pps" or "La vita รจ bella.pps".
Olympic Torch
Postcard or Postcard from Hallmark
Olympic Torch is a computer virus hoax sent out by email. The hoax emails first appeared in February 2006. The "virus" referred to by the email does not actually exist. The hoax email warns recipients of a recent outbreak of "Olympic Torch" viruses, contained in emails titled "Invitation," which erase the hard disk of the user's computer when opened.
SULFNBK.EXE (short for Setup Utility for Long File Name Backup) is an internal component of the Microsoft Windows operating system (in Windows 98 and Windows Me) for restoring long file names. The component became famous in the early 2000s as the subject of an email hoax. The hoax claimed that SULFNBK.EXE was a virus, and contained instructions to locate and delete the file. While the instructions worked, they were needless and (in some rare cases, for example, when the long file names are damaged and need to be restored) can cause disruptions, as SULFNBK.EXE is not a virus, but instead an operating system component.
To find out whether an email regarding a virus is legitimate, review the list of virus hoaxes on the website home.mcafee.com/virusinfo.

No comments:

Post a Comment

Popular Posts