Computer viruses are simply malicious programs or malware that “infect” other system files with the intention of modifying or damaging them. This type of infection generally consists of embedding its malicious code inside the “victim” file (usually an executable) so that from that moment said executable becomes the carrier of the virus and therefore, a new source of infection.
There are different types of computer viruses that can be classified according to their origin, the techniques they use, the types of files they infect, where they hide, the type of damage they cause, or the type of operating system or platform they attack.
1. System or Boot Sector Virus
These typically move the Master Boot Record (MBR) to some other location on the disk and copy their own code to the MBR and thus get executed first when the system boots. These are basically shell viruses which form a shell around the executable to which it is attached and gets executed first before the control is passed on to the executable.
Let’s have a brief intro to top 4 boot sector viruses:
- Elk Cloner virus is the first in-the-wild boot sector virus that spread & affected users in real-world setting for the first time. This virus was created by 15-year old Richard Skrenta in early 1981.
- Brain virus which infects only the boot sector of IBM PC floppy disks with a 360kb capacity. The originated country of this brain virus was Pakistan.
- Stoned virus which was intentionally non-malicious virus and only periodically printed the message “Your PC is now stoned!” on computer screen. The originated country of this stoned virus was New Zealand.
- Michelangelo virus which was first discovered in Feb 1991 was one of the dangerous boot sector virus that the world has ever seen. It was a variant of Stoned boot sector virus.
Other popular boot sector viruses are: Parity Boot Virus, Denzuko Virus, Noint Virus, Barrotes Virus, Angelina Virus, AntiEXE virus, Crazy_Boot virus, AntiCMOS, Lamer Exterminator and Ping Pong virus.
2. Macro Virus
These are usually written in Visual Basic Applications (VBA) and infect the files created by MS Office programs like Microsoft Word, Microsoft Excel. The first macro virus was discovered in July 1995 and was accidentally included on a CD-ROM called Microsoft Compatibility Test. The most common methods of spreading such macro viruses include:
- Email Attachments
- USB Drives
There are basically two types of macro viruses exist:
- Concept Virus – A first virus appearing in July 1995 and targeted MS Word.
- Melissa Virus – A first virus with email worm trait appearing in March 1999 which infects thousands of systems within hours.
3. File Virus
These infect files which are executed or interpreted, e.g., *.EXE, *.SYS, *.COM, *.PRG, *.BAT etc. These types of viruses basically overrides code or inserts infected code into an executable file. These type of viruses basically infect in a variety of ways and can be found in a large number of file types.
File infecting viruses have targeted a range of operating systems, including Mac, Unix, Windows, Linux, and DOS. With the help of VirusTotal, you can easily analyze the suspicious files and URLs.
4. Encryption Virus
These viruses encrypt themselves and use a different key each time they infect a new file. Encryption leads to difficulty in its being recognized as a virus. Encrypted viruses are very difficult to remove as they need a decrypter or a key to decode.
Without knowing more details, we recommend trying to identify the exact virus name by uploading an encrypted file and the ransom note here:
By simply uploading a ransom note, and/or an encrypted file (preferably both for best results), the site will use several techniques to help identify what ransomware may have encrypted the files. This includes assessing the ransom note name, file name patterns of the encrypted file, and in some cases, even byte patterns in the encrypted file itself.
5. Multipartite Virus
These viruses infect multiple parts of the system at the same time. Example: Boot Sector as well as *.EXE files. A hybrid virus usually combines the approaches of the two types (file infection virus and boot record virus) in order to maximize damage and resistance to removal.
Ghostball was the first multipartite virus, discovered by Fridrik Skulason in October 1989.
Although the effects of some infections are subtle and go unnoticed, a multipartite virus tends to work fast. Here is what you should look for:
- the controllers for your drives are no longer present in the “Device Manager”
- you receive constant messages stating that virtual memory is low
- the content on your screen looks as if it’s melting
- the size of your applications and files keep changing
- your hard drive reformats itself
- the extensions of your word processing documents are modified from DOC. to DOT.
- your programs take much longer to load than before or will not open at all
6. Stealth Virus
These escape anti-virus software by intercepting the anti-virus software calls to the OS and pointing it to the actual virus which provides a clean copy of the requested program to the anti-virus software. The term stealth virus is also used in medicine, to describe a biological virus that hides from the host immune system.
Virus coders mainly use the stealth approach to elude virus scanners. In general, a stealth virus will hide itself in system memory every time a program scanner is run. It employs various techniques to hide any changes so that when the scanner looks for altered sections, the virus redirects it to any area that contains the clean, uninfected data.
A stealth virus can infect a computer system in a number of ways, like:
- A stealth boot sector virus might overwrite systems master boot record with malicious code and modify the operating system’s log of any file modification tracks.
- The stealth viruses can also avoid detection by concealing the size of the file it has infected as some heuristic based anti-virus detection techniques use the difference in size as a parameter of identifying infected files.
7. Cluster Virus
These modify directory entries and point system processes to virus code, then the actual program, leading to the execution of the virus code. As usual, the virus executes itself first and then hands over the control to the file, the execution of which was requested.
One prominent example of a cluster virus is the Dir-2 virus. This is sometimes classified as a “stealth” virus because of some of its natural protections. This virus is commonly attributed to Bulgaria, and attacks various types of executable files.
This type of virus can cause serious problems if you don’t know it’s there. While the virus is in memory, it controls access to the directory structure on the disk. If you boot from a clean floppy disk, however, and then run a utility such as CHKDSK the utility will report serious problems with cross-linked files on your disk.
8. Polymorphic Virus
These are viruses which transform themselves while keeping the original intention intact. These have mutation engines which enable them to mutate to various forms.
The first known polymorphic virus was called 1260, or V2PX, and it was created in 1990 as part of a research project.
Other Examples of Polymorphic virus –
- The Storm Worm, which featured a backdoor Trojan, was first discovered in 2007.
- The Virlock ransomware family, which was first discovered in 2014, is considered the first instance of polymorphic ransomware.
Polymorphic viruses are usually distributed via spam, infected sites, or through the use of other malware. URSNIF, VIRLOCK, VOBFUS, and BAGLE or UPolyX are some of the most notorious polymorphic viruses in existence.
Best practices for protecting against polymorphic virus –
- Keep your software up to date
- Do not click any suspicious links or attachments
- Always use strong password and change them on regular basis
9. Metamorphic Virus
These are viruses which rewrite themselves before each infection. Notable examples of metamorphic viruses include Zmist, which was discovered in the early 2000s.
Virlock is another sub-type of Metamorphic virus, as per the experts this virus is a unique virus that comes with a unique code which assigns different codes to the viruses within the shell and because of it Virlock virus is very hard to detect.
As these types of viruses comes with a unique code which assigns different codes to the viruses within the shell that makes Metamorphic virus difficult to detect.
10. Sparse Infecting Virus
These infect less. They infect occasionally. Example: Some viruses infect when they are executed for the 100th time or the file length is between two values or conditions like Friday the 13th.
A wide variety of techniques can be used to help a virus avoid detection of its activity.
Step by step hacking tutorials about wireless cracking, kali linux, metasploit, ethical hacking, seo tips and tricks, malware analysis and scanning.