Types of Viruses

|

There are literally thousands different viruses. They generally fall in one of the three major groups: the boot sector viruses (BSV), the program viruses and the macro-viruses(Skardhamar 1966, pp13-27).

1. Boot sector viruses are most predominant viruses until the mid-90s.They infects boot sectors on diskettes and hard disks. On diskettes, the boot sector normally contains code to load the operating system files. The BSV replaces the original boot sector with itself and stores the original boot sector somewhere else on the diskette or simply replaces it totally. When a computer is then later booted from this diskette, the virus takes control and hides in RAM. It will then load and execute the original boot sector, and from then on everything will be as usual. Except, of course, that every diskette inserted in the computer will be infected with the virus, unless it is write-protected.

A BSV will usually hide at the top of memory, reducing the amount of memory that the DOS sees. Most BSVs are also able to infect hard disks, where the process is similar to that described above, although they usually infect the master boot
record instead of the DOS boot record.

2. Program viruses, the second type of computer viruses, infect executable programs, usually .COM and .EXE files, but they sometimes also infect overlay files, device drivers or even object files.

An infected program will contain a copy of the virus, usually at the end,in some cases at the beginning of the original program, and in a few cases the virus is inserted in the middle of the original program.

When an infected program is run, the virus may stay resident in memory and infect every program run. Viruses using this method to spread the infection are called "Resident Viruses".
Other viruses may search for a new file to infect, when an infected program is executed. The virus then transfers control to the original program. Viruses using this method to spread the infection recalled "Direct Action Viruses". It is possible for a virus to use both methods of infection.

Most viruses try to recognize existing infections, so they do not infect what has already been infected. This makes it possible to inoculate against specific viruses, by making the "victim" appear to be infected. However, this method is useless as a general defence, as it is not possible to inoculate the same program against multiple viruses.

3. The third type of viruses is Macro- viruses, which do not infect normal programs, but instead spread as "macros" in various types of files. This type of viruses can easily spread through E-mail, when users unknowingly exchange infected documents.
They are in fact programs written in macro-languages, built into some data-processing systems (text editor, electronic spreadsheet, etc.). To propagate, such viruses use the capabilities of macro-languages and with their help; transfer themselves from one infected file to another. Macro-viruses for Microsoft Word, Excel and Office 97 are the most common. There also exist macro-viruses infecting Ami Pro documents and Microsoft Access databases.

In these systems viruses take control when an infected file is being opened or closed; they intercept standard file functions and then infect files to which there is any kinds of call. The macro-viruses are memory resident, as in MS-DOS case: they are active not only when a file is open or closed, but during the entire runtime of the editor software. Then they replace or define other system macro, and hook the file accessing functions in such a way. When any hooked function is executed , the viruses obtain control and perform different branches of their code, including the infection routine.

While infecting a document, the virus converts it to the Template format, and copies all virus macro, including the Auto-macro, into the document. Being converted to Template format, the document cannot be converted in any other format. The presence of the Auto-macros allows the virus to infect other computers while reading just an infected document.

0 comments: