A computer virus is a computer program or code that can replicate itself and spread from one computer system to another system. A computer virus has the capacity to corrupt or to delete data on your computer and it can utilize an e-mail program to spread the virus to other computer systems. In the worst case scenario, it can even delete everything on your hard disk. The purpose of it to disrupt the operation of the computer or the program.
In the same way as viruses harm peoples’ bodies, computer viruses can do considerable damage to computer systems. Viruses are infections. Computer infections can come in several forms and your computer can “catch” one in several ways:
• An email virus is one type. An email virus can travel through attachments in email messages and can automatically replicate itself by mailing itself to dozens or even hundreds of people on your list of contacts found in your online address book. There are email viruses which don’t need to be double-clicked in order to install themselves as they can launch while you are simply viewing the message.
• A Trojan horse is not a virus. It is a computer program that claims to be a game but in actuality, will just do damage once you run it. It may even erase your hard disk. It cannot automatically replicate itself.
• A worm is a small type of software that utilizes security holes and computer networks in order to replicate itself. The worm will scan the network for machines that carry a particular security hole. It will then copy itself to the machine through the security hole and will start replicating itself.
• Spyware is a type of malware (malicious software) installed on computers that collects information about users without their knowledge. The presence of spyware is typically hidden from the user and can be difficult to detect. Typically, spyware is secretly installed on the user’s personal computer. However, some spyware such as keyloggers may be installed by the owner of a shared, corporate, or public computer on purpose in order to secretly monitor other users.
Viruses in general, start working and spreading once you start using the application or program to which the virus is attached. For instance, a program that has a virus in it will place the virus in the system’s memory each time that program is run.
With over 1000 different types of viruses, there is a variety of different parts of the computer they can attack e.g. boot sector. The most common symptoms that indicate your computer has been infected.
• Files and data is deleted
• The computer takes longer to load programs/applications
• Items and images on your screen are distorted and unusual images and text appears
• Unusual noises come from your keyboard, hard disk
• Hard disk operates excessively or is inaccessible
• Disk space and filenames change for no reason
• System tools such as Scandisk return incorrect values
Below is a list of the most common types of viruses,
• Polymorphic Viruses
A polymorphic virus is an encrypted virus that hides itself from anti-virus through encrypted (scrambled) data and then decrypts itself to be able to spread through the computer. The thing that makes it hard for anti-virus software to detect polymorphic viruses is that the virus generates an entirely new decryption routine each time it infects a new executable file, making the virus signature different in each signature.
• Stealth Viruses
A Stealth virus hides the modifications made to files and boot records by modifying and forging the results of calls to functions, therefore programs believe they are reading the original file and not the modified file. A good anti-virus software will probably detect a stealth virus due to the fact that a stealth virus attempts to hide itself in memory when a anti-virus software is launched.
• Slow Viruses
A Slow virus is a difficult virus to detect due to the fact it only modifies and infects files when they have been modified or copied. Therefore the original file will not be infected by the actual copied file. A good way to protect yourself against slow viruses is by using an integrity checker or shell.
• Retro Viruses
A Retro virus attacks the anti-virus software designed to delete it. The retro virus usually attempts to attack the anti-virus data files such as the virus signature store which disables the ability of the anti-virus software to detect and delete viruses. Otherwise the retro virus attempts to alter the operation of the anti-virus software.
• Multipartite Viruses
A Multipartite virus attempts to attack and infect both the boot sector and executable files at the same time.
• Armored Viruses
A Armored virus attempts to protect itself from anti-virus software by trying to make anti-virus software believe it is located somewhere else. Therefore the Armored virus has made itself more difficult to trace, disassemble and understand.
• Companion Viruses
A Companion virus creates a companion file for each executable file the virus infects. Therefore a companion virus may save itself as scandisk.com and everytime a user executes scandisk.exe, the computer will load scandisk.com and therefore infect the system.
• Phage Viruses
A Phage virus is a very destructive virus that re-writes a executable program with it’s own code, rather than just attaching itself to a file. Therefore a Phage virus will usually attempt to delete or destroy every program it infects.
• Revisiting Viruses
A Revisiting virus is a worm virus and attempts to copy itself within the computers memory and then copy itself to another linked computer using TCP/IP protocols. The Morris Worm virus in the late 1980’s was the first major virus threat to hit the Internet.
Dinesh Thakur holds an B.C.A, MCDBA, MCSD certifications. Dinesh authors the hugely popular