A computer virus is a malware program that is written intentionally to gain access to a computer without its owner’s permission. These kinds of programs are primarily written to steal or destroy computer data. Most systems catch viruses due to program bugs, the vulnerability of operating systems, and poor security practices.
There are different types of computer viruses that can be categorized according to their origin, spreading capabilities, storage location, files they infect and destructive nature. Let’s elaborate on these kinds of viruses and see how they actually work.
Before we start, do you know the first-ever computer virus (named Creeper) was an experimental self-replicating program written by Bob Thomas at BBN Technologies in 1971?
1. Boot Sector Virus
Boot Sector virus infects the storage device’s master boot record (MBR). Any media, whether it is bootable or not can trigger this virus. These viruses inject their code to hard disk’s partition table. It then gets into the main memory once the computer restarts.
Booting problems, unstable system performance and inability to locate hard disk are common issues that may arise after getting infected. However, it has become rare since the decline in floppy disks. Modern operating systems come with an inbuilt boot sector safeguard which makes it difficult to find the MBR.
Can affect: Any file after getting into the main memory
Examples: Form, Disk Killer, Stone virus, Polyboot.B
Protection: Make sure that the disk you are using is write-protected. Do not start/restart the computer with unknown external disks connected.
2. Direct Action Virus
This virus quickly gets into the main memory, infects all programs/files/folder defined in Autoexec.bat path and then deletes itself. It can also destroy the data present in harddisk or USB attached to the computer.
While these viruses are found in hard disk’s root directory, they are capable of changing location on every execution. In most cases, they don’t delete system files but alter the system’s overall performance.
Can affect: All .exe and .com file extension
Example: VCL.428, created by the Virus Construction Laboratory
Protection: Use antivirus scanner. Direct action virus is easy to detect and all infected files can be restored completely.
3. Overwrite Virus
Overwrite viruses are very dangerous. They have affected a wide range of operating system including Windows, DOS, Macintosh, and Linux. They simply delete the data (partially or completely) and replace the old code with their own.
They replace the file content without changing its size. It is easy to detect as the original program stops working. Once the file gets infected, it can’t be restored and you will end up losing all data.
Can affect: Any file
Examples: Grog.377, Grog.202/456, Way, Loveletter
Protection: The only way to get rid of this virus is to delete all the infected files, so it’s better to keep your antivirus program updated, especially if you are using Windows.
4. Web Scripting Virus
A web scripting virus breaches web browser security and allows attackers to inject client-side scripting into the web page. They propagate quite faster than other conventional viruses.
It is used to attack large sites like social networking, user review or email. It has the potential to send a large amount of spam, fraud activity, and damage files on sever.
Can affect: Any web page by injecting hidden code in header, footer or root access file.
Examples: DDos, JS.fornight
Protection: Use malicious software removal tool in Windows, disable scripts, use cookie security or install real-time protection software for the web browser.
5. Directory Virus
Directory Virus (also known as Cluster virus) infects the file by changing the DOS directory information. In this case, DOS points to the virus code rather than pointing to the original program.
When you run a program, DOS first loads and executes the virus code before running the actual program code. It becomes very difficult to locate the original file after getting infected.
Can affect: The entire program in the directory
Protection: Install the antivirus to relocate the misplaced files.
6. Polymorphic Virus
The polymorphic virus encodes themselves using different encryption keys and algorithms each time they infect a program or create a copy of itself. Because of different encryption keys, it becomes very difficult for the antivirus software to find them. In other words, it is a self-encrypted virus which is designed to avoid detection by scanners.
Can affect: Any file
Examples: Whale, Simile, SMEG engine, 1260
Protection: Install advanced, high-end antivirus
7. Memory Resident Virus
These viruses live in primary memory (RAM) and get activated whenever you switch on the computer. They affect all files currently running on the desktop. Basically, it allocates memory, blocks original scripts, and runs its own code when any program is executed.
Can affect: Any file running on PC and files that are being copied or renamed.
Examples: Randex, Meve, CMJ
Protection: Install strong antivirus software
8. Macro Virus
There are a few software such as a word processor that allows a macro program to embed in documents. This virus is written in the macro language, so it may run automatically when the document is opened and it can easily spread to other files too.
It depends on the application rather than the operating system. They are generally hidden in documents that are more likely shared via email.
Can affect: .mdb, .PPS, .Doc, .XLs files
Examples: Bablas, Concept and Melissa virus
Protection: Disable macros and Don’t open emails from unknown sources. Alternatively, you can install modern antivirus software that can detect marco virus easily.
9. Companion Virus
Companion Viruses were more popular during the MS-DOS era. Unlike traditional viruses, they do not modify the existing file. It creates a copy of a file with a different extension (usually .com) which runs in parallel with the actual program.
For example, if there is a file named abc.exe, this virus will create another hidden file named abc.com. And when the system calls a file ‘abc’, the .com (higher priority extension) runs before the .exe extension. It can perform malicious steps such as deleting the original files.
Can affect: All .exe files
Examples: Stator, Terrax.1096
Protection: Can be easily detected because of the presence of additional .com file. Install reliable antivirus software and avoid downloading attachments of unsolicited emails.
10. Multipartite virus
The Multipartite virus infects and spreads in multiple ways depending on the operating system. They usually stay in memory and infect the hard disk.
Once it gets into the system, it infects all drives by altering applications’ content. You will soon start noticing performance lag and low virtual memory available for user applications.
Can affect: Files and boot sector
Examples: Ghostball, Invader
Protection: Clean boot sector and entire disk before reloading the data. Do not open attachments from a non-trusted internet source and install quality antivirus software.
11. FAT Virus
FAT stands for file allocation table which is a section of storage disk that is used to store information, such as the location of all files, total storage capacity, available space, used space etc. A FAT virus alters the index and makes it impossible for the computer to allocate the file. It is powerful enough to force you to format the whole disk.
Can affect: Any file
Example: The link virus
Protection: Avoid downloading files from non-trusted sources, especially those identified as “attack site” by browser or search engine. Use robust antivirus software.
Other malware that are not Virus but are equally dangerous –
12. Trojan Horse
Image credit: Wikimedia
Trojan Horse (or Trojan) is a non-replicating type of malware that looks legitimate. Users are typically tricked into loading and executing it on the system. It can destroy/modify all the files, crash the computer, modify the registry, and is strong enough to give hackers remote access to your PC.
Examples: ProRat, ZeroAccess, Beast, Netbus, Zeus
Protection: Use reliable high-end antivirus software and update it regularly
Worm is a standalone malware program that replicates itself in order to spread to other computers. It relies on networks (mostly emails) and security holes to travel from one system to another. Unlike viruses, it overloads the network by replicating or sending too much data (overusing bandwidth), forcing the hosts to shut down the server.
Example: Code red, ILOVEYOU, Morris, Nimda, Sober, WANK
Protection: Use antivirus and anti-spyware software.
They are not a virus but inherently malicious like worms and viruses. It is a piece of code intentionally inserted (hidden) into a software tool. This code is executed after certain criteria are met.
For example, a cracker can insert a Keylogger code inside any web browser extension. The code gets activated whenever you visit a login page and then captures the keystrokes that you entered while filling your username and passwords. These malicious codes are known as Logic Bombs.