Security Threats

Viruses

A virus is a program or code that replicates itself onto other files with which it comes in contact; that is, a virus can infect another program, a boot sector, a partition sector, or a document that supports macros by inserting itself or attaching itself to that medium. Most viruses only replicate, although many can do damage to a computer or to the user’s data as well. Unlike worms, which are discussed, viruses generally require human action to propagate.

Boot viruses:
Since the code in the boot sector is executed automatically, boot sectors have historically been a common attack vector for computer viruses.
These viruses infect floppy disk boot records or master boot records in hard disks. They replace the boot record program (which is responsible for loading the operating system in memory) copying it elsewhere on the disk or overwriting it. A Boot virus is loaded into memory when the system tries to read the disk while it is booting.
Examples: Form, Disk Killer, and Stone virus

Program viruses: 

These infect executable program files, such as those with extensions like .BIN, .COM, .EXE, .OVL, .DRV (driver) and .SYS (device driver). These programs are loaded in memory during execution, taking the virus with them. The virus becomes active in memory, making copies of itself and infecting files on disk.
Examples: Sunday, Cascade

Multipartite viruses:

A hybrid of Boot and Program viruses. They infect program files and when the infected program is executed, these viruses infect the boot record. When you boot the computer next time the virus from the boot record loads in memory and then starts infecting other program files on disk.
Examples: Invader, Flip, and Tequila

Stealth viruses:
These viruses use certain techniques to avoid detection. They may either redirect the disk head to read another sector instead of the one in which they reside or they may alter the reading of the infected file’s size shown in the directory listing. For instance, the Whale virus adds 9216 bytes to an infected file; then the virus subtracts the same number of bytes (9216) from the size given in the directory.
Examples: Frodo, Joshi, Whale

Polymorphic virus

A polymorphic virus is a piece of code that is characterized by the following behavior – Encryption, Self-multiplication and changing of one or more components of itself so that it remains elusive. It is designed to avoid detection as it is capable of creating modified, copies of itself.

Thus, a polymorphic virus is self-encrypted malicious software that has the tendency to change itself in more than one way before multiplying onto the system. Since it changes its components properly and is encrypted, the polymorphic virus can be said to one of the intelligent malware that is hard to detect. Because by the time your anti-virus detects it, the virus has already multiplied after changing one or more of its components

Examples: Involuntary, Stimulate, Cascade, Phoenix, Evil, Proud, Virus 101

Macro Viruses: 

A macro virus is a computer virus written in the same macro language used for software applications like word processors.  Because macro programs embedded in these documents run automatically when the document is opened, it is a likely mechanism to spread viruses.

When you open a word processing or spreadsheet document, the macro virus is activated .Since this virus attaches itself to documents, the infection can spread if such documents are opened on other computers.
Examples: Melissa, DMV, Nuclear, Word Concept.

Retrovirus:

Retrovirus is another type virus which tries to attack and disable the anti-virus application running on the computer or some other destroys the virus definition database.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s