Virus & it’s types

Enos Jeba
6 min readOct 11, 2020

--

A computer virus is a type of malicious code or program written to alter the way a computer operates and is designed to spread from one computer to another.

“Computers and mobile devices are becoming known for their inherent insecurities and the ability to damage the long term health of the users.”
― Steven Magee

What are the signs / symptoms of a computer virus?

  • Frequent pop-up windows.
  • Changes to your homepage.
  • Mass emails being sent from your email account.
  • Frequent crashes.
  • Unusually slow computer performance.
  • Unknown programs that start up when you turn on your computer.
  • Unusual activities like password changes. This could prevent you from logging into your computer.

What are the different types of computer viruses?

Boot sector virus

A boot sector virus is a type of virus that infects the boot sector of floppy disks or the Master Boot Record (MBR) of hard disks (some infect the boot sector of the hard disk instead of the MBR). The infected code runs when the system is booted from an infected disk, but once loaded it will infect other floppy disks when accessed in the infected computer. While boot sector viruses infect at a BIOS level, they use DOS commands to spread to other floppy disks. For this reason, they started to fade from the scene after the appearance of Windows 95 (which made little use of DOS instructions). Today, there are programs known as ‘bootkits’ that write their code to the MBR as a means of loading early in the boot process and then concealing the actions of malware running under Windows.

Note : They are not designed to infect removable media.

Web scripting virus

A web scripting virus is a type computer security vulnerability through websites that breaches your web browser security. This allowes the attackers to inject client-side scripting into the web page. It can bypass access controls, steal your information from your web browser. Web scripting viruses are usually used to attack sites with large populations such as social networking, user review, and email. Web scripting viruses are able to propagate a bit faster than other viruses. A common version of web scripting viruses are DDoS. It has to the potential to send spam, damage data and defraud users.

Browser hijacker

Browser hijacking is a form of unwanted software that modifies a web browser’s settings without a user’s permission, to inject unwanted advertising into the user’s browser. A browser hijacker may replace the existing home page, error page, or search engine with its own. These are generally used to force hits to a particular website, increasing its advertising revenue.

Some browser hijackers also contain spyware, for example, some install a software keylogger to gather information such as banking and e-mail authentication details. Some browser hijackers can also damage the registry on Windows systems, often permanently.

Note : Some browser hijacking can be easily reversed, while other instances may be difficult to reverse. Various software packages exist to prevent such modification.

Resident virus

A resident virus is a computer virus that stores itself within memory, allowing it to infect other files even when the originally infected program is no longer running.

Being stored in memory allows the virus to spread easier because it has more access to other parts of the computer. For example, a memory-resident virus could be in memory when a writable drive is connected, or a diskette is inserted into the computer. Once initialized, the virus could infect the drive or diskette and spread itself to any other computer that uses that drive or diskette.

Direct action virus

A file infector can be either a resident virus or direct action virus. A resident virus will install itself and hide somewhere in the memory of your computer. Upon execution, it seeks out other files or programs to infect. The direct action virus is considered to be “non-resident” and functions by selecting one or more files to infect each time the code is executed.

The primary intentions of a direct action virus is replication and to spread infection whenever the code is executed. When certain conditions have been met, the virus is set into action and begins to infect files in the directory or folder it’s located in. It also infects those in directories attached with the AUTOEXEC.BAT file path. This extension represents a batch file which is always found in the root directory of your hard drive, responsible for performing certain operations when the computer is booted up.

Polymorphic virus

Polymorphic viruses are complex file infectors that can create modified versions of itself to avoid detection yet retain the same basic routines after every infection. To vary their physical file makeup during each infection, polymorphic viruses encrypt their codes and use different encryption keys every time.

Polymorphic viruses rely on mutation engines to alter their decryption routines every time they infect a machine. This way, traditional security solutions may not easily catch them because they do not use a static, unchanging code. The use of complex mutation engines that generate billions of decryption routines make them even more difficult to detect.

Polymorphic viruses are usually distributed via spam, infected sites, or through the use of other malware. URSNIF, VIRLOCK, VOBFUS, and BAGLE or UPolyX are some of the most notorious polymorphic viruses in existence. When combined with other malicious routines, polymorphic viruses pose even greater risk to its victims. In March 2015, researchers found that VIRLOCK evolved to include ransomware routines, making it a challenge to detect and remove.

File infector virus

File infecting viruses, or file infectors, generally copy their code onto executable programs such as .COM and .EXE files. Most file infectors simply replicate and spread, but some inadvertently damage host programs. There are also file infectors that overwrite host files. Some file infectors carry payloads that range from the highly destructive, such as hard drive formatting, or the benign, such as the display of messages.

Multipartite virus

A multipartite virus is a computer virus that’s able to attack both the boot sector and executable files of an infected computer. If you’re familiar with cyber threats, you probably know that most computer viruses either attack the boot sector or executable files. Multipartite viruses, however, are unique because of their ability to attack both the boot sector and executable files simultaneously, thereby allowing them to spread in multiple ways.

According to Wikipedia, the first reported multipartite virus was identified in 1989. Known as Ghostball, it targeted the executable .com files and boot sectors of the infected computer. Being that the internet was still in its early years, Ghostball wasn’t able to reach many victims. With roughly half of the global population now connected to the internet, though, multipartite viruses pose a serious threat to businesses and consumers alike.

Macro virus

A macro virus is a computer virus written in the same macro language that is used for software applications, such as word processing programs.

Microsoft Word and Excel are two examples of applications that feature powerful macro languages. The languages are embedded in documents. This allows them to run automatically when the documents are open.

If a macro virus has infected these files, it has the potential to damage the document or other computer software. When an infected file is opened, the macro virus releases a sequence of actions that begin automatically. These actions cause damage to the computer and its applications.

Thank You. Do share it with your friends.

--

--

No responses yet