Computer virus is a malware program that is written intentionally to gain entry into computer without owner’s permission. These kinds of programs are primarily written to steal or destroy the computer data. The main reasons of inception of viruses are Software bugs, vulnerability of OS, social engineering and poor security practices.
There are different types of computer viruses that can be categorized according to their origin, spreading capabilities, techniques, operating system, storage location, files they infect and destructive nature. Let’s elaborate these kinds of viruses along with their effects and protection.
Image credit: wikimedia
Grab the knowledge: The first ever computer virus (named Creeper) was an experimental self-replicating program written by Bob Thomas at BBN Technologies in 1971.
1. Boot Sector Virus
Boot Sector virus infects the storage device’s master boot record (MBR). Any media, whether it is bootable or not can trigger this virus. These viruses inject their code to hard disk’s partition table. It then gets into main memory once the computer restarts (boot). Booting problem, unstable system performance and inability to locate hard disk are common issues that may arise after getting infected. However, this virus has become rare since the decline in floppy disks. Modern operating system has inbuilt boot sector safeguard which make difficult to find the MBR.
Can affect: Any file after getting into the main memory
Examples: Form, Disk killer, Stone virus, Polyboot.B
Protection: Make sure that the disk you are using is write protected. Moreover, do not start/restart computer with unknown external disk connected.
2. Direct Action Virus
This virus quickly gets into the main memory, infect all programs/files/folder defined in Autoexec.bat path and then deletes itself. It can also destroy the data present in harddisk or USB attached to the computer. They keep changing their location on every execution and usually found in hard disk’s root directory. In most cases, they don’t delete system files or alter the system’s overall performance.
Can affect: All .exe and .com file extension
Example: VCL.428, created by the Virus Construction Laboratory
Protection: Use antivirus scanner. Direct action virus is easy to detect and all infected files can be restored completely.
3. Overwrite Virus
Overwrite viruses are very dangerous. They have affected a wide range of operating system including Windows, DOS, Macintosh and Linux. These viruses simply delete the data (partially or completely) and replace the old code with their own. They replace file/program content without changing its size. It is easy to detect as the original program stops working. Once the file gets infected, it can’t be restored and you will end up with losing all data.
Can affect: Any file
Examples: Grog.377, Grog.202/456, Way, Loveletter
Protection: The only way to get rid of this virus is to delete all the infected files.
4. Web Scripting Virus
A web scripting virus breaches web browser security and allows attacker to inject client side scripting into the web page. They propagate a bit faster than other usual viruses. It is used to attack large sites like social networking, user review or email. It has potential to send a large amount of spam, fraud activity and damaged data.
Can affect: Any web page by injecting hidden code in header, footer or root access file.
Examples: DDos, JS.fornight
Protection: Use malicious software removal tool in Windows, Disable scripts, Use cookie security or install real time protection software for web browser.
5. Directory Virus
Directory Virus (also known as Cluster virus) infects the file by changing the DOS directory information. In this case, DOS points to the virus code instead of original program. When you run a program, DOS first loads and executes the virus code before running the actual program code. It becomes very difficult to locate the original file after getting infected.
Can affect: The entire program in the directory
Example: Dir-2
Protection: Install the antivirus to relocate the misplaced files.
6. Polymorphic Virus
Polymorphic virus encodes themselves using different encryption key and algorithm each time they infect a program or create a copy of itself. Because of different encryption keys it becomes very difficult for the antivirus software to find them. In other words, it is a self-encrypted virus which is designed to avoid detection by scanners.
Can affect: Any file
Examples: Whale, Simile, SMEG engine, 1260
Protection: Install advanced, high end antivirus
7. Memory Resident Virus
These viruses lives in primary memory (RAM) and get activated whenever you switch on the computer. They affect all files currently running on desktop. Basically, it allocates memory blocks automatically and runs its own code when any program is executed.
Can affect: Any file running on PC and files that are being copied or renamed.
Examples: Randex, Meve, CMJ
Protection: Install strong antivirus software
8. Macro Virus
There are few softwares such as word processor that allows a macro program to embed in documents. This virus is written in macro language, so it may run automatically when the document is opened and it can easily spread to other files too. It depends on application rather than OS. They are generally hidden in documents which are more likely shared via email.
Can affect: .mdb, .PPS, .Doc, .XLs files
Examples: Bablas, Concept and Melissa virus
Protection: Disable macros and Don’t open emails from unknown sources. Alternatively, you can install modern antivirus software that can detect marco virus easily.
9. Companion Virus
Companion Viruses were more popular during MS-DOS era. Unlike traditional viruses they do not modify the existing file. It creates a copy of file with a different extension (usually .com) which runs in parallel with actual program. For example, if there is file named run.exe, this virus will create another hidden file named run.com. And when system calls a file run, the .com (higher priority extension) will run before .exe extension. It can perform malicious step such as deleting the original files.
Can affect: All .exe files
Examples: Stator, Terrax.1096
Protection: Can be easily detected because of the presence of additional .com file. Install reliable antivirus software and avoid downloading attachments of unsolicited emails.
10. Multipartite virus
The Multipartite virus infects and spreads in multiple ways depending on operating system. They usually stay in memory and infect the hard disk. No longer drive control in device manager, low virtual memory, continues change in application and file size, hard disk formats itself, program taking much longer time to execute are few common issues you might see after getting infected.
Can affect: Files and boot sector
Examples: Ghostball, Invader
Protection: Clean boot sector and entire disk before reloading the data. Do not open attachments from non-trusted internet source and install trusted quality antivirus software.
11. FAT Virus
FAT stands for file allocation table which is a section of storage disk that is used to store information like location of all files, total storage capacity, available space, used space etc. A FAT virus alters the index and makes it impossible for the computer to allocate the file. It is powerful enough to force you to format the whole disk.
Can affect: Any file
Example: The link virus
Protection: Avoid downloading files from non-trusted source especially identified as “attack site” by browser or search engine. Use robust antivirus software.
Other Malwares that are not Virus but are equally dangerous.
12. Trojan Horse
Image credit: wikimedia
Trojan Horse (or Trojan) is non-replicating type of malware that looks legitimate. Users are typically tricked into loading and executing it on the system. It can destroy/modify all the files, crash the computer, modify the registry and strong enough to give hackers remote access to your PC.
Examples: ProRat, ZeroAccess, Beast, Netbus, Zeus
Protection: Use reliable high end antivirus software and update it regularly
13. Worm
Image credit: wikimedia
Worm is a standalone malware program that replicates itself in order to spread to other computers. It relies on networks (mostly emails) and security holes to travel from one system to another. Unlike viruses, it overloads the network by replicating or sending too much data (overusing bandwidth) that possibly result in shutting the network down.
Example: Code red, ILOVEYOU, Morris, Nimda, Sober, WANK
Protection: Use antivirus and anti-spyware software.
Recommended: 15 Worst Computer Viruses of all time | Explained
Logic Bombs
They are not virus but inherently malicious like worms and viruses. It is a piece of code intentionally inserted (hidden) into as program or software. This code is executed after satisfying a certain criteria. For example a cracker can insert a Keylogger code inside any web browser extension. The malicious code gets activated whenever you visit any login page and captures your keystrokes such as username and passwords. These malicious codes are known as Logic Bombs.
