VIRUS TYPES AND VARIANTS by Lutz Stange
File viruses (Program viruses, COM viruses)
File viruses are the best known and most common
type of computer virus. They infect executable programs (COM-, EXE-, OVL-,
OBJ-, SYS-, BAT-, DRV-, DLL files) and can be activated when such programs
Boot sector virusesBoot sector
viruses (boot viruses) are concealed in the boot sector of hard disks and
disks as well as in the hard disk Master Boot Record (MBR). After booting
from this data carrier, they can relocate to the main memory and cause
Macro viruses Macro viruses
are found in macros (i.e. automatic program sequences) for documents,
tables, graphics, databases, etc. Such viruses may be activated when these
files are processed using the corresponding application programs (e.g.
Word for Windows).
Hybrid viruses (Multipartite viruses)
Hybrid viruses are combinations of several types of virus, in
particular document and boot sector viruses. This makes them equally
useful for a variety of propagation methods and consequently renders them
more difficult to remove from the system.
Script virusesA completely new
generation of viruses includes the harmful Java applets and in particular
script viruses, based on Visual Basic Script. These may not only be hidden
in VBS files but in the HTML code as well.
Link viruses/Directory viruses
Link viruses manipulate data carrier entries so that other
data carrier sections containing the actual virus code are started before
specific programs are queried.
Stealth virusesStealth viruses
have special mechanisms which enable them to hide from virus search
programs. A stealth virus can restore an infected file before it is
examined and thus ensure that the infection goes undetected.
viruses regularly alter their appearance, making it nearly if not entirely
impossible for virus scanners, which work by pattern recognition, to
Slow viruses Slow viruses are
viruses which remain unrecognised for a long period of time because their
manipulation of data is minimal. This increases the likelihood of their
being transferred to backup data carriers; as a result, the user has no
virus-free duplicates or older versions available.
Experimental viruses If they
occur at all, experimental viruses only appear within the scope of LSP
programming, infecting the source code. However, they are extremely
difficult to program and are paid little notice in the "normal" PC world.
Worms Worms, which are
self-copying, are technically not viruses at all as they do not require a
Trojan horsesSimilarly, Trojan
horses are not viruses in the classic sense (as they are not usually
self-copying) but rather software with viral capability concealed behind
the names of recognised (harmless) programs. They are capable of
implanting viruses or spying out data such as passwords.
Logical bombs Logical bombs
are programs which can cause damage under certain circumstances (reaching
a certain date, if a special database record is deleted, if a
specially-named file is created).
Direct-action viruses When an
infected program is run, direct-action viruses infect other program files
at once and immediately carry out any existing damage routine. The virus
then transfers control back to the original program and disappears from
the main memory.
ANSI viruses ANSI viruses are
not actually viruses, but merely unusually "charming" manipulations of
ANSI character string function keys. They cause no damage unless the
ANSI.SYS driver has been loaded.
Denial of service (E-mail bombing)
E-mail bombing entails overwhelming a target system with
e-mail messages to such an extent that in extreme cases normal e-mail use
is no longer possible.
E-mail viruses E-mail viruses
hide in e-mail attachments and are transmitted to the local computer when
these attachments are used.
Sendmail bugs Sendmail bugs
are Trojan horses which are smuggled into the critical Send Mail program,
where they then spy out passwords.
DNS attack A DNS attack causes
a user's Internet query to a given computer to be redirected to a third
computer. This is useful for such purposes as spying out passwords.
RIP attack All communication
between two computers is rerouted to an external attacker and spied out.
The data is then sent to the correct addressee.
Backdoors Backdoors permit
remote control of a computer. This allows an external attacker to
manipulate or spy out data via the network.
Keystroke reader Each
keystroke made by the user is secretly read and recorded by a program
which has been smuggled into the computer. Passwords may be spied out
using this method.
Packet sniffer Packet sniffers
are programs capable of reading data sent by users, recognising passwords
and collecting them.
IP spoofing An attacker
creates data packets with a falsified originator address; the receiver
computer assumes that this is an internal user and grants access rights.
ICMP attackICMP protocols are
used for error messages and automatic repairs of network problems.
Falsified ICMP protocols can impair network
[ Top ]