Virus types and variants
File viruses (Program
viruses, COM viruses)
File viruses are the best known and most common type of computer virus.
They infect executable programs (COM-, EXE-, OVL-, OBJ-, SYS-, BAT-,
DRV-, DLL files) and can be activated when such programs are run.
Boot sector viruses
Boot sector viruses (boot viruses) are concealed in the boot sector
of hard disks and disks as well as in the hard disk Master Boot Record
(MBR). After booting from this data carrier, they can relocate to
the main memory and cause permanent damage.
Macro viruses
Macro viruses are found in macros (i.e. automatic program sequences)
for documents, tables, graphics, databases, etc. Such viruses may
be activated when these files are processed using the corresponding
application programs (e.g. Word for Windows).
Hybrid viruses (Multipartite
viruses)
Hybrid viruses are combinations of several types of virus, in particular
document and boot sector viruses. This makes them equally useful for
a variety of propagation methods and consequently renders them more
difficult to remove from the system.
Script viruses
A completely new generation of viruses includes the harmful Java applets
and in particular script viruses, based on Visual Basic Script. These
may not only be hidden in VBS files but in the HTML code as well.
Link viruses/Directory viruses
Link viruses manipulate data carrier entries so that other data carrier
sections containing the actual virus code are started before specific
programs are queried.
Stealth viruses
Stealth viruses have special mechanisms which enable them to hide
from virus search programs. A stealth virus can restore an infected
file before it is examined and thus ensure that the infection goes
undetected.
Polymorphic viruses
Polymorphic viruses regularly alter their appearance, making it nearly
if not entirely impossible for virus scanners, which work by pattern
recognition, to detect them.
Slow viruses
Slow viruses are viruses which remain unrecognised for a long period
of time because their manipulation of data is minimal. This increases
the likelihood of their being transferred to backup data carriers;
as a result, the user has no virus-free duplicates or older versions
available.
Experimental viruses
If they occur at all, experimental viruses only appear within the
scope of LSP programming, infecting the source code. However, they
are extremely difficult to program and are paid little notice in the
"normal" PC world.
Worms
Worms, which are self-copying, are technically not viruses at all
as they do not require a host program.
Trojan horses
Similarly, Trojan horses are not viruses in the classic sense (as
they are not usually self-copying) but rather software with viral
capability concealed behind the names of recognised (harmless) programs.
They are capable of implanting viruses or spying out data such as
passwords.
Logical bombs
Logical bombs are programs which can cause damage under certain circumstances
(reaching a certain date, if a special database record is deleted,
if a specially-named file is created).
Direct-action viruses
When an infected program is run, direct-action viruses infect other
program files at once and immediately carry out any existing damage
routine. The virus then transfers control back to the original program
and disappears from the main memory.
ANSI viruses
ANSI viruses are not actually viruses, but merely unusually "charming"
manipulations of ANSI character string function keys. They cause no
damage unless the ANSI.SYS driver has been loaded.
Denial of service (E-mail bombing)
E-mail bombing entails overwhelming a target system with e-mail messages
to such an extent that in extreme cases normal e-mail use is no longer
possible.
E-mail viruses
E-mail viruses hide in e-mail attachments and are transmitted to the
local computer when these attachments are used.
Sendmail bugs
Sendmail bugs are Trojan horses which are smuggled into the critical
Send Mail program, where they then spy out passwords.
DNS attack
A DNS attack causes a user's Internet query to a given computer to
be redirected to a third computer. This is useful for such purposes
as spying out passwords.
RIP attack
All communication between two computers is rerouted to an external
attacker and spied out. The data is then sent to the correct addressee.
Backdoors
Backdoors permit remote control of a computer. This allows an external
attacker to manipulate or spy out data via the network.
Keystroke reader
Each keystroke made by the user is secretly read and recorded by a
program which has been smuggled into the computer. Passwords may be
spied out using this method.
Packet sniffer
Packet sniffers are programs capable of reading data sent by users,
recognising passwords and collecting them.
IP spoofing
An attacker creates data packets with a falsified originator address;
the receiver computer assumes that this is an internal user and grants
access rights.
ICMP attack
ICMP protocols are used for error messages and automatic repairs of
network problems. Falsified ICMP protocols can impair network operability.
www.hu-berlin.de/rz/viren/arten.htm
- end -
GO
BACK
copyright
© 2004 digitalcraft.org