2010/10/06

Types of Viruses


  1. Resident Viruses
    • A terminated-and-stay resident virus permanently attaches to the host computer and operates in memory (RAM). It attempts to load before other mechanisms that attempt to analyse, detect and identify its purpose and origin and can bypass, interrupt or manipulate basic operating system functions.
  2. Stealth Viruses
    • A Stealth virus hides the modifications made to files and boot records by modifying and forging the results of calls to functions, therefore programs believe they are reading the original file and not the modified file. A good anti-virus software will probably detect a stealth virus due to the fact that a stealth virus attempts to hide itself in memory when a anti-virus software is launched.
  3. Macro Viruses
    • Certain applications contain embedded scripting or "macro" languages enabling users to automate long series of operations as single shorthand actions. A macro virus targets these applications by containing code that replicates and replaces other macros to launch the virus payload when common functions are called
  4. Slow Viruses
    • A Slow virus is a difficult virus to detect due to the fact it only modifies and infects files when they have been modified or copied. Therefore the original file will not be infected by the actual copied file. A good way to protect yourself against slow viruses is by using an integrity checker or shell.
  5. Direct Action Viruses
    • An aggressive form that replicates and takes direct action when triggered by some condition, date or event. The direct action virus typically resides in system folders or the root directory path where it can be readily accessed and activated and carry out its tasks when the system boots up.
  6. Revisiting Viruses
    • A Revisiting virus is a worm virus and attempts to copy itself within the computers memory and then copy itself to another linked computer using TCP/IP protocols. The Morris Worm virus in the late 1980's was the first major virus threat to hit the Internet.
  7. Retro Viruses
    • A Retro virus attacks the anti-virus software designed to delete it. The retro virus usually attempts to attack the anti-virus data files such as the virus signature store which disables the ability of the anti-virus software to detect and delete viruses. Otherwise the retro virus attempts to alter the operation of the anti-virus software.
  8. Armored Viruses
    • A Armored virus attempts to protect itself from anti-virus software by trying to make anti-virus software believe it is located somewhere else. Therefore the Armored virus has made itself more difficult to trace, disassemble and understand.
  9. Overwrite Viruses
    • A virus can partially or completely delete information contained in the files it infects, even replacing portions of application code with its own payload. Viruses of this kind are generally easy to identify with anti-virus software, as they generally tent to alter end-user and system applications in noticeable and identifiable ways.
  10. File Infector Viruses
    • The traditional virus is a file infector that targets executables to cause direct or indirect execution of its payload. Most viruses fall under this category and are further classified depending on what is targeted and the actions taken during the infection process.
  11. Companion Viruses
    • A Companion virus creates a companion file for each executable file the virus infects. Therefore a companion virus may save itself as scandisk.com and everytime a user executes scandisk.exe, the computer will load scandisk.com and therefore infect the system.
  12. Phage Viruses
    • A Phage virus is a very destructive virus that re-writes a executable program with it's own code, rather than just attaching itself to a file. Therefore a Phage virus will usually attempt to delete or destroy every program it infects.
  13. Polymorphic Viruses
    • A polymorphic virus is an encrypted virus that hides itself from anti-virus through encrypted (scrambled) data and then decrypts itself to beable to spread through the computer. The thing that makes it hard for anti-virus software to detect polymorphic viruses is that the virus generates an entirely new decryption routine each time it infects a new executable file, making the virus signature different in each signature.
  14. Multipartite Viruses
    • A Multipartite virus attempts to attack and infect both the boot sector and executable files at the same time.