Docs‎ > ‎

Virus FAQ

Introduction 



The term "computer virus" is sometimes used as a catch-all phrase to include all types of malware. Malware includes computer viruses, worms, trojan horses, most rootkits, spyware, dishonest adware, crimeware, and other malicious and unwanted software, including true viruses. Viruses are sometimes confused with computer worms and Trojan horses, which are technically different. A worm can exploit security vulnerabilities to spread itself to other computers without needing to be transferred as part of a host, and a Trojan horse is a program that appears harmless but has a hidden agenda. Worms and Trojans, like viruses, may cause harm to either a computer system's hosted data, functional performance, or networking throughput, when they are executed. Some viruses and other malware have symptoms noticeable to the computer user, but many are surreptitious. Most personal computers are now connected to the Internet and to local area networks, facilitating the spread of malicious code. Today's viruses may also take advantage of network services such as the World Wide Web, e-mail, Instant Messaging, and file sharing systems to spread.

What is a computer virus 

A computer virus is a computer program that can copy itself and infect a computer without the permission or knowledge of the owner. The term "virus" is also commonly but erroneously used to refer to other types of malware, adware, and spyware programs that do not have the reproductive ability. A true virus can only spread from one computer to another (in some form of executable code) when its host is taken to the target computer; for instance because a user sent it over a network or the Internet, or carried it on a removable medium such as a floppy disk, CD, DVD, or USB drive. Viruses can increase their chances of spreading to other computers by infecting files on a network file system or a file system that is accessed by another computer.

Types of Malware

Trojan horses / Backdoor programs 

They are surely the most famous type of viruses. They include a code, upon the execution of which, the host computer becomes valnerable to a malicious remote user. Hacker-wannabies and "lamers" usually use these viruses to "hack" :P other users. But that's not all … Some trojans and backdoors may even delete important files of the hard disk, or even format it. Fortunately, they cannot reproduce and for this reason many do not even consider them as "real" viruses.

Polymorphic 

We call polymorphic a virus that hides its destructive code within the infected file in several different ways. The particular type of viruses is more difficult for the antivirus programs to detect, since there barely is a same routine inside each virus sample.

Stealth viruses 

They use the memory interrupts of the computer. Once a program calls a memory interrupt, the virus gets activated instead of the program itself. Stealth viruses perform one more function. They are capable of hiding from antivirus programs. That means, whenever they detect a scan function by the antivirus program, they temporarily restore the original non-infected file, so that the antivirus program will believe that there is are no viruses inside the system. Once the antivirus has finished its scan, they infect the file again. The specific method of hiding is often called "tunneling”.

Parasitic a.k.a. Appending viruses 

They are called parasitic cause they infect the original file, copying the destructive code within it, without making the original file irrepairable. Once the user executes the infected file, the virus is activated without letting the original function of the file to be executed.

Overwriting viruses 

The simplest way for a virus to infect a computer is to merge itself with a well-known file. This way the original file CANNOT be restored. Some of these viruses have the ability not to alter the original filesize, so that some antivirus programs will not see the difference in the original file. Nevertheless, most coders do not make such type of viruses anymore.

Companion viruses 

They are viruses that are executed usually under MS-DOS. When the user types a DOS command (e.g. "edit") and the file edit.exe is not present, the OS will execute the file edit.com, which really is the virus itself. Still, if the user types "edit", the OS will execute the virus (edit.com) and not edit.exe, which is the real editing program!

Retro viruses 

They are viruses that do nothing but "fight" a specific antivirus program, meaning that if they detect it inside the hard disk, they will delete all components of it.

Logic bombs 

They are viruses that activate upon a certain trigger date, e.g. at 14.00 of 13 of September. They usually have a destructive payload, such as deleting files.

Droppers 

They are executable files that contain the proper commands to create a virus inside the pc but do not include a virus themselves. They are harder to detect than a normal virus.

Worms 

They are called worms because they are usually found in computer networks. They use the Internet as a medium to spread (emails, irc chat etc).

Boot sector viruses 

These viruses infect the boot area of the hard disk or diskette. They are the ones to blame for most infection worldwide. You do not have to have an MS-DOS based OS in your pc to activate such a virus, since they do not make such .. discriminations. E.g. although the Michelangelo virus cannot spread using Windows NT, he still can wipe out the contents of the hard disk on March 6th!

Direct action viruses 

These viruses just execute their destructive payload and are not memory resident.

Macro viruses 

They are the well-known viruses that infect using a macro-command. They harm only Word, Excel, Office, PowerPoint and Access files. They are very easy to spread. Most typical example you can find is Microsoft itself, who - is believed to - had a macro-virus inside the first edition of MS Office ‘97.

Multi Platform viruses 

They are viruses that affect on more that one operational systems. Usually, a virus that affects Windows OS, cannot harm an Apple pc.



Note : The above article was published in E-Net magazine (issue 06-2001) at an exclusive cooperation with the webmaster of www.virus.gr and naturally, all copyrights belong to him and not to the specific magazine.
Comments