Types of viruses and their actions

A computer virus is a program that multiplies and spreads by attacking other programs. This is done without the knowledge and permission of the user. A computer virus is a program that was created with the ability to reproduce itself by infecting other files. When it comes to the boot sector (boot sector) virus then infected the boot sector of the operating system on a floppy or hard disk. Although the primary function, which sets the viruses is that multiply, most of them are harmful, because they contain code that corrupts the information in the computer.The first computer virus was discovered in 1986 and since then in the world have registered tens of thousands of virus. In most cases, only a small fraction of them are active and dangerous as contemporary antivirus largely protect consumers against new computer virus, offering combined protection against Internet worms, viruses and Trojans.

When an infected program is run, the virus performs an action that can be:

1. Irritation - display a message on a specific date, slow system performance, change the screen resolution, making strange noises, etc..
2. Fatal - delete files, identity theft, system crash and others.

Malware spreads via email attached to the files; through P2P, LAN, WAN networks; through links to infected websites, files and more.
Not all malware are viruses. Here are some more famous:

1. Worms - A worm is a program that multiplies, but not infect other programs. It infects computers whether they are part of a network or not. The worm copies itself to and from floppy disks, CD, DVD, Blu-Ray and "sticks" as well as on different partitions on the hard disk. If the infected computer is part of a network, it can infect the other computers in it. Worms often steal and destroy data and distributed primarily through the Internet. Unlike viruses, computer worms are malicious programs that replicate themselves from one system to another, rather than infected files located in the computer. For example, a worm that razporostranyava mass email (mass-mailing email worm) and send copies to all email addresses that you can find recorded in the infected computer. Worms copied and distributed network, Internet worm spreads via the Internet, etc. To prevent this type of virus is necessary to never open attachments that you receive unexpectedly.

2. Trojans - Trojan horse is a malicious program that is hidden in a harmless one. When this program is started, launch and Trojan horse to perform a certain task. Trojans can steal personal information (passwords, user names), delete files, format the hard drive and more. The Trojan may be naskiran as a program that installs to do something completely normal (eg to perform mp3 music, but actually doing something malicious (eg sending numbers entered credit card set email address). Trojans often were used to obtain secret access to the system on which they are installed, ie someone to remotely control your computer. Trojans not multiply like viruses and worms spread. Unlike viruses, Trojan of horses do not need a host program, they themselves alone. Once completed, they distort-needed system functions to its own handler-and. Inhibits the local computer and have all the side effects and manifestations of viruses. problem with them coming, if your computer on a network of local or global type. has Trojans, who open a special network service that can be used by unscrupulous users to access the machine remotely.Depending on the hardware capabilities of the system and software capabilities of the trojan is possible even eavesdrop on conversations and record the situation in real time to the place where the computer is located. A common combination is a Trojan horse virus, so antivirus scan for this type of programs.

3. Droppers (containers) - "container" is a program which is designed to overcome the virus protection on your computer - usually by encryption, which prevents the antivirus program to detect it. It lurks in the computer to the occurrence of an event and then it infected with the virus, which contains, ie it acts as a "container for viruses." Hence the name of her

4. Bombs - Bomb harmful script or program which is activated in certain conditions. Some bombs are activated on specific dates using the system clock. For example, the bomb can be programmed to delete all *. Doc files New Year. Another bomb can not wait to open for 17 time and then be triggered. Logic bombs are a special type of Trojans that are activated or estimated in some point of time or the fulfillment of some external condition.

Viruses can be spread through "containers" or to breed worms. Can attack as Trojans by attaching themselves to other programs. Therefore are the most dangerous.

Viruses are divided into several types:

1. Boot sector virus - This type of virus infects the boot record on the hard disk. At first he moved or overwrite the original boot record by replacing it with an infected. The replaced an original track recorded in a sector virus marked as damaged, not to use more (antivirus applications will not scan because it is damaged). To catch with this virus should start your computer from an infected floppy disk, CD, DVD, Blu-Ray, flash drive or other data carrier. When checking the boot sector virus mislead antivirus as direct it to scan clean up contaminated instead. This type of virus is activated after when the system loader boot sector read from external memory and execute it. When you try to access a conventional boot sector often apply stealth techniques and operation is redirected to advance this original boot record. To boot sector viruses belong and Partition table (MBR) viruses. Distributed only on hard disks.

2. Virus File - This is one of the most common types of viruses.These viruses look for files with a certain extension (usually executable files such as *. Com and *. Exe) and infect them.When the program is opened, the virus started infecting more files. These viruses require the host program. Like biological viruses that multiply in certain host cells, these viruses can exist only in the so-called host-software. For this purpose they use a bootable files. In some cases, the operating system, the role of the host can play overlay and rarely swap files. Data files are attacked by small viruses. Along with the listed file viruses exists a large quantity of other file viral species. They are also mixed forms and occur much less frequently.

* Compiler and Link viruses - they use another method of manipulation. While previously listed species only attack executable files, these attack source code. Therefore, they are specialized for a specific programming language and version.Usually are nesting in one of the files, and libraries in connection is assembled with the remaining modules.Removed easily, because it is in the unlocked source code.

* Source viruses - essentially identical to the compiler and link viruses, but unlike them multiply and only directly in the source code of the program. By their nature are only applicable interpretive languages ​​such as Lisp, Prolog, XL ...

* XP and AI viruses - their hypothetical opening it in 1987. Related with experts and high-level artificial intelligence. It's software that solves its task not on the basis of program procedures and knowledge base and logical mechanism for retrieving information. Within these systems adopt the so-called metapravila not operate with files. Some rules are able to modify other syntactic rules. In certain circumstances, can be activated viral mechanism to attach his virulent code to other rules. This type of virus can damage the file system or to affect the computer's hardware, but can affect the result that the expert system returns, thereby affecting crucial in certain situations.

3. Macro viruses - These viruses use special programs and supported their files to reproduce. Macro viruses usually infect files of MS Excel, but can infect other files that use a programming language. They do not infect programs. When you open an infected document, the virus spreads to other documents. Macro viruses can cause severe damage to the documents contained in the infected computer. Downside is that it can be spread between different operating systems.Macro viruses are written in programming languages ​​(eg VisualBasic, supported by some products such as Microsoft Excel and Microsoft Word. Macros are small applications that are included in a document to automatically perform some actions for the user (eg, fast calculation of a formula given values). Macro viruses are a common form of viral infection that is surpassed only by Internet worms because of their easy distribution. Like any other virus, and macro viruses high risk of data loss. However, so far Microsoft have introduced several forms of protection against unwanted execution of macros, this form of the virus is widely spread. most common macro viruses infect a so-called "global template" (global template - eg Normal.dot in Word, to spread to all other documents in the computer.

4. Polymorphic viruses - These viruses change their code with any infection, making them difficult to detect.

5. Multiplayer polymorphic viruses - They infect boot records and executables. These viruses can combine the advantages of stealth and polymorphic viruses.

6. Stealth viruses - Easy avoid antivirus scans (by encrypting the program code or hiding memory) and prevent them identify changes in files infected by them, giving them the same old data files. This makes them difficult to detect. These viruses possess some special techniques to conceal, making detection very difficult. Some viruses of this type are distributed in a first computer system, and later to self-away to contaminate the new programs. Other types are reproduced by a native virus, so they can then be activated. Come to the establishment of viral families, elements of which individually do not endanger the system, but together make up the parent virus. Almost always, the number of stealth viruses is algorithmically locked by the cipher is changed for each multiplication of virus code. In addition, some resident viruses use stealth defenses that make it impossible for conventional search by verifying checksums. They can be deleted from memory.

7. Overwriting viruses - This is the simplest form of the virus. In their original program or part of it is overwritten by the virus.Thus destroying the original function of the program. From the author's perspective, the virus is a disadvantage, because the infection is detected very quickly. Thus, viruses are easily detected and isolated. However, there are programs that work flawlessly despite oversubscription. This is accomplished by the virus writes its code is not in the beginning of the host program, and at least parts used, for example in the sub-processing errors. In this case, however, the virus must know exactly infecting program, which in standard software is not a problem.

8. Neprezapisvashti viruses - as opposed overwriting viruses in neprezapisvashtite function of the original program remains preserved. Most often, the code is adhered to the end of the program. In cases where this type of virus copies in the middle of the program, the initial part of the host program is copied at the end. All this is connected with the old commands through transition. After the infection creates a new executable. In his first run virus code and only then - the real program.

9. Viruses System - a system viruses are particularly insidious because they accommodate more memory to load the operating system. In this way they are able to apply their impact on all activities of the operating system.

10. Live-and-Die and Seek-and-Hide viruses - It is about virus programs retained a certain time in a program or system and occasionally leave the attacked software. This makes them particularly insidious and difficult to find, but once located and studied, they are easily removed.

11. Viruses attacking shell - These viruses attack the program that takes care of the user interface to the operating system.This is called a command interpreter and used to analyze the input from the user commands and execute the corresponding handler functions and procedures. Normal user is not able to control the applications before loading the shell-and therefore the virus is already loaded and is able to hide. Therefore, when cleaning this type of viruses is essential to have guaranteed a clean copy of the operating system on which the computer works.

12. Drivers Viruses - This type of virus code using driver software for peripheral devices to spread from there to other files. They have no difference with regular file viruses, so special distinction is not necessary.

13. Mailbox Viruses - This type viruses have built affinity network daemon-and in particular those responsible for e-mail.Once infected, every program transmitted through them is infected and then being carried along. You should pay attention that infects as the source, so - and the input traffic.


1.Armored ("bulletproof")
These viruses have sophisticated techniques to conceal, such as encryption and moving the virus code to avoid detection and removal.

2.Boot - sector infector (BSI)
These viruses infect the boot sector of the disk. Viruses that infect master boot record (Master Boot Record - MBR), can infect the boot sector of floppy disks. Effectively remove viruses BSI is done formatting the infected drive. MBR viruses can not be removed by formatting the disk. Boot sector viruses are spread through infected floppy disks. This usually happens when the user left disk in the floppy drive. When the system is started the next time the computer attempts to boot from the first floppy. If the disk is infected with a boot sector virus, it will be saved in the boot sector-and the hard drive. To protect your computer from boot sector viruses, you should change the settings in the CMOS so as to allow boot only from the hard drive - C: \, but not floppy - A: \.

3.Encrypting (encrypted)
Some viruses use encryption data encryption or just as is observed in the polymorphic viruses. Monkey virus infects primary boot record on hard disks and encrypts data partitions (partition) of the device. The files on this device can be seen only when the virus is loaded into memory to decipher the data on the hard disk. The removal of virus Monkey removed and the possibility of reading the encrypted data on the allocation of the disc. Which actually deletes the contents of the device.Viruses such as Monkey must be removed using special tools and techniques.

4.File (file)
This type viruses infect files as executable (. Exe) programs or documents (. Doc) of Microsoft Word. When you open an infected file or running an infected program, the virus is carried along with the instructions in the file. 'Contaminate' the Microsoft Word document known as "macro viruses". Certain file types such as images (JPEG, GIF) or movies (MPEG) are not feasible and can not transmit infection. But, on the other hand, some viruses, such as masked "safe" files, for example - JPEG, to penetrate freely into the system. File viruses infect executable files by inserting code in some parts of the original file so that the code can be executed when a turn to the original file.

No comments:

Post a Comment